Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi

More documents

Recommendations

Info

CRITICAL INFRASTRUCTURE PROTECTION IN THE BALTIC SEA REGION Figure III—29 Security investment gap for CIIP observed under the vulnerability based approach. Getting an agreement by stakeholders to close the CIIP investment gap is a huge challenge. But rather than wait for market forces to drive security investment to CIIP levels, a restructuring and clear definition of persuasive arguments is needed to create the necessary willingness to take this important step. To that end, the promotion of better understanding of the interdependencies and the far reaching consequences of CII disruptions by caused high-impact events may influence investment decisions and fuel necessary efforts for the mobilization of sufficient financial resources, possibly within a PPP framework. Perhaps inspiration or lessons could be drawn from the approaches employed in other sectors. For instance, Andersson and Malm point out that many governments consider the PPPs in the energy sector as being bodies that define the government role in closing the gap between the desired and market-achievable security, but they caution on the resulting over-reliance on government bailouts (Andersson and Malm 2006). Other alternatives explored include the use of insurance not only to cover for losses incurred due to high-impact events but also induce information security investments required for CIIP (Auerswald et al 2006). Recently, the ARECI study conducted for the European Commission (EC), 93 surveyed over 150 key European expert CII stakeholders, and found that only 7% of the respondents thought security investment was at an acceptable level, but also 85% believed that government incentives are necessary to close the CIIP investment gap. Such trends 93 The Availability and Robustness of Electronic Communications Infrastructures (ARECI) study for the EC was completed in early 2007. Comprehensive reports on its findings and recommendations see (ARECI 2007). 132 NORDREGIO REPORT 2007:5
CHAPTER III: INFORMATION AND COMMUNICATION TECHNOLOGY and opinions indicate that the economic dimension may present extremely formidable but surmountable challenges that require truly committed and decisive strategic actions. Social dimension The relative influence of the social dimension on the functional state of information infrastructures is arguably more pronounced compared to other infrastructure types. For instance, in utility infrastructure the commodity (e.g., electricity, water, gas etc.) is mostly delivered on a one-way path from the source or point of generation to the end users, thus limiting the way in which the end user couldinfluence the functional state the infrastructure. By comparison, the information infrastructure affords end users bidirectional connectivity to both receive and send the primary commodity (payload or information), the ability to interact with infrastructure elements anywhere around the globe, and the increasing capability to customize their own services, profiles and so forth. Signs abound of increased confidence within these empowered users, from the proliferation of feature-rich Smartphones to the thriving Web 2.0 hosted applications and communities. 94 However, the mass adoption of ICT devices provides an increasing security challenge, as each user terminal not only presents a sitting target for threat actors but may also serve as a launching point for attacks on the networks to which they are connected. For instance, personal computers connected to the Internet could have their computing power harnessed to perform some useful computationally intensive calculations (e.g., for the design of life-saving drugs) (Buyya et al 2003). Unfortunately, cyber criminals may use similar principles to form a ‘botnet’ comprised of thousands of compromised computers or zombies that launch e-mail spam, malware, identity theft attempts and many other nefarious schemes (Goth 2007) 95 . To that end, individual users should also be considered as one of the key security factors when addressing overall CIIP strategy. As some IT security experts note, humans tend to be the weakest link in the security chain (Granger 2006). This calls for an intensification of strategic actions by relevant actors in both the public and private sectors that specifically target individual users of ICTs. These actions may include: • Increasing Security Awareness: Threat actors are always looking to capitalize on user ignorance, negligence and susceptibility to social engineering attempts. Awareness of the risks involved in routine actions, such as: surfing the World Wide Web with a browser’s security level set to ‘Low’; opening emails received from unknown sources; or leaving a mobile handset default PIN code of 0000 or 1234 unchanged, is a significant step in countering security threats. A user who is reasonably 94 The latest (August 2007) figures from the web monitoring company Alexa indicate that the Web 2.0 websites such as YouTube, MySpace, Baidu, Orkut and Facebook feature prominently in the list of top 10 most popular sites (ALEXA 2007). 95 Goth (2007) quotes an industry insider stating “Now I think of botnets as grid computing gone bad — they have infinite free computer power and free bandwidth. There is no way to stop this problem if you’re trying to do it yourself. Your costs will scale with the amount of attacks you’re receiving.” NORDREGIO REPORT 2007:5 133
Page 1:
Towards a Baltic Sea Region Strateg
Page 4 and 5:
Nordregio Report 2007:5 ISSN 1403-2
Page 6 and 7:
5.4 Impacts caused by terrorism, na
Page 8 and 9:
CRITICAL INFRASTRUCTURE PROTECTION
Page 11 and 12:
PREFACE PREFACE With the Commission
Page 13:
PREFACE The study includes tens of
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 39:
CHAPTER I: INTRODUCTION CHAPTER I:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 95 and 96:
CHAPTER II: ELECTRICITY 2 ELECTRIC
Page 97 and 98:
CHAPTER II: ELECTRICITY electricity
Page 99 and 100:
CHAPTER II: ELECTRICITY Recent clim
Page 101 and 102:
CHAPTER II: ELECTRICITY Figure II
Page 103 and 104:
CHAPTER II: ELECTRICITY possibiliti
Page 105 and 106:
CHAPTER II: ELECTRICITY continental
Page 107 and 108:
CHAPTER II: ELECTRICITY Indirect Im
Page 109 and 110:
CHAPTER II: ELECTRICITY fire depart
Page 111 and 112:
CHAPTER II: ELECTRICITY • Local c
Page 113 and 114:
CHAPTER II: ELECTRICITY these, syst
Page 115 and 116:
CHAPTER II: ELECTRICITY • long in
Page 117 and 118:
CHAPTER II: ELECTRICITY • The net
Page 119: CHAPTER II: ELECTRICITY centres etc
Page 123 and 124: CHAPTER III: INFORMATION AND COMMUN
Page 169: CHAPTER III: INFORMATION AND COMMUN
Page 177: CHAPTER III: INFORMATION AND COMMUN
Page 181 and 182: CHAPTER IV: OIL TRANSPORTATION AND
Page 193 and 194: CHAPTER IV: OIL TRANSPORTATION ANDM
Page 203: CHAPTER V: GAS CHAPTER V: GAS Sven
Page 206 and 207: CRITICAL INFRASTRUCTURE PROTECTION
Page 220 and 221:
Page 222 and 223:
Page 225:
CHAPTER VI: WATER CHAPTER VI: WATER
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276:
show all

Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi

Create successful ePaper yourself

Delete template?

Save as template?