Information published on 24 September 2013 in the UIC electronic newsletter "UIC eNews" Nr 365.

2013 CRITIS Conference on Critical Information Infrastructures Security

Critical infrastructure (CI) and Critical Information Infrastructures (CII) Security

“Critical infrastructure is an asset or system which is essential for the maintenance of vital societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact on the security of the EU and the well-being of its citizens.” (Source: CI(s) definition by EC DG Home Affairs).

“Critical information infrastructures, such as electricity generation plants, transportation systems and manufacturing facilities are controlled and monitored by Industrial Control Systems (ICS), including SCADA (Supervisory Control and Data Acquisition) systems. Today ICS products are mostly based on standard embedded systems platforms and they often use commercial off-the-shelf software. This results in the reduction of costs and improved ease of use but at the same time increases the exposure to computer network-based attacks.” (Source: CII(s) context ENISA – European Network and Information Security Agency ).

Aware of this new reality, Rail Infrastructure Managers are today looking closely at the best strategies and methods to ensure an effective protection of their assets and services.

Above all, the transportation systems need to be safe and secure. Users and service consumers need to rely on the different infrastructure components resilient to crime, natural disasters, accidents or terrorism.

An optimisation of the transportation infrastructure models in particular for the railways, within the urban (smart cities), regional and international context, requires a high degree of complexity from traffic management, information flows, users and asset protection to avoid severe disruptions. These can be result of malicious intent or simply caused by an earthquake. Hence this is a topic that requires deep contextual knowledge that the UIC has sought to collect the maximum of information on the subject such as participate in a wide number of initiatives (i.e. on NIS Public-Private Platform see UIC E-News n°351).

2013 CRITIS Conference on Critical Information Infrastructures Security

UIC, represented by Mr José Pires (Security Division), attended the eighth CRITIS Conference on Critical Information Infrastructures Security. CRITIS is set to continue a tradition of presenting innovative research and exploring new challenges for the protection of critical information-based infrastructures.

This year the conference focused on the resilience aspects of future smart cities, a topic that was highlighted by visionary keynote speeches.

Also there was special attention and debate on the need to enhance the dialogue between the critical (information-based) infrastructure operators/stakeholders of government and industry and research sector.

The academic research community explained that it is critical to understand the infrastructure operators/stakeholders’ short and long term R&D needs in order to be able to provide an efficient answer.

It was therefore agreed that collaborative actions such as exchange of information, sharing of best practice, dedicated discussion forums are needed to address these needs by providing original research contributions which aim to bridge existing gaps between R&D and operational/business needs.

On the last day of the conference there was heavy focus on the academic innovations in Critical Information Infrastructures Security research. A wide number of solutions and tools were presented covering all aspects of the CI and CII protection.

Also, special attention was given to the creation of the “Young CRITIS” platform. Young CRITIS is an initiative that aims to build-up a (virtual) strong community of young researchers and experts in the field of CI and CII development and protection. Young CRITIS will enable the young researchers to find access to earlier research and lessons identified at other research institutes, universities, CI and CII stakeholders and their experts, and nations. Somehow it can be seen as one of CRITIS’ first collaborative tools. UIC supported this initiative, which opens an opportunity to its member experts in CI and CII, to participate and benefit from a wide range of contacts, information and expertise in the topic.

With the creation of Young CRITIS the collaborative goal was achieved. It is now possible to keep and develop a collaborative flow of contacts (networking) and information exchanges at all times and not just once a year at CRITIS conferences. [Young CRITIS can be found at Twitter and/or on LinkedIn.]

CRITIS 2013 aimed to stimulate the international CI and CII community by bringing together young researchers, bachelors, master and PhD students, public and private critical infrastructure operators/stakeholders, governmental and industry entities. The objective was achieved!

The next CRITIS conferences are planned to take place in Cyprus 2014, Germany 2015 and possibly Paris 2016 having UIC as co-organiser/host.

For further information on the Critical infrastructure Protection (CIP) and Critical Information Infrastructures Protection (CIIP) Security, please contact José Pires: pires@uic.org