Abstract
Information infrastructures for corporations and governments (information and automated systems, telecommunication networks, and other elements) have dramatically changed in the last decades due to the broad usage of IoT, AI, mobile internet, and other advanced technologies. Protection against cyberattacks requires new solutions that correspond to an increased level of complexity for these infrastructures. Important tasks for these new tools are forecasting cyberattacks, developing and applying preventive protective measures to reduce the risk of information security incidents. For the prediction of cyberattacks and the development of preventive protective measures, the authors propose to use one of the hybrid (or augmented) intelligence (HI) frameworks – evaluation and monitoring of complex processes. The mission of the chapter is to discuss the main issues, challenges, and opportunities related to HI applications for protection against cyberattacks to information infrastructures.
TopCritical Infrastructures And Cyberspace
Unified terminology and standards for critical infrastructures have not been adopted. But approaches to ensuring the security of critical infrastructures need to be coordinated, because the critical infrastructures of countries can affect each other's security. For example, the country's lack of a nuclear energy sector does not protect it from the spread of the consequences of incidents at nuclear power plants in other countries.
Here are some examples of national approaches to formulating critical infrastructures.
In the United States, critical infrastructure covers systems and assets from 16 sectors, the failure or destruction of which can lead to disastrous consequences in the field of defense, economy, health, and national security. Critical Infrastructure Sectors: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Public Health, Information Technology, Nuclear Reactors, Materials, and Waste, Transportation Systems, Water and Wastewater Systems (Executive Order Nº13636 (2013), Presidential Executive Order of USA (May 11, 2017), Critical Infrastructure. Threat (2016))
Critical infrastructure of an EU state means an asset or system that is necessary to maintain the vital functions of society, the health, protection, safety, economic or social well-being of people, the violation or destruction of which will have a significant impact in a Member State as a result of the failure to perform these functions.
European Critical Infrastructure means a critical infrastructure located in a Member State, the violation or destruction of which will have a significant impact on at least two Member States. The significance of the impact should be evaluated in terms of cross-cutting criteria. This includes effects resulting from cross-industry dependencies on other types of infrastructure. The initial composition of European Critical Infrastructure from 2 sectors (Energy, Transport) has changed significantly and expanded to 9 sectors: Energy, Information and Communication Technology, Traffic and transportation, Healthcare, Water supply, Finance and insurance, Government and administration, Nutrition and agriculture, Media and cultural assets (Council directive 2008/114/EC, Good Practices Guide (2013))
Critical National Infrastructure in the UK include 13 sectors: Chemicals, Civil Nuclear, Communications, Defence, Emergency Services, Energy, Finance, Food, Government, Health, Space, Transport and Water (Critical National Infrastructure (2020, cpni.gov.uk), Cabinet Office Strategic (2010), Guidance(gov.uk), Isle of Man Government (2018)).
Key Terms in this Chapter
Augmented Intelligence: Human-computer systems which allow us to combine strengths of human intelligence (for example, intuition) and computer’s computational power. Augmented intelligence enhances and scales human expertise; AI systems attempt to replicate human intelligence.
Information Sphere: It is a set of information, objects of informatization, information systems, sites in the information and telecommunication network of the Internet, communication networks, information technologies, subjects whose activities are related to the formation and processing of information, the development and use of these technologies, ensuring information security, as well as a set of mechanisms for regulating the relevant social relations.
Hierarchical Systems: It is a special type of systems where elements (objects, names, values, categories, etc.) are represented as being “above”, “below”, or “at the same level as” one another. A hierarchy can link elements either directly or indirectly, and either vertically or diagonally.
Information Space: It is the totality of information resources created by the subjects of the information sphere, the means of interaction of such subjects, their information systems and the necessary information infrastructure.
Fuzzy Logic: Fuzzy Logic is a form of mathematical logic in which the truth values of variables may be any real number between 0 and 1. It is employed to handle the concept of partial truth, where the truth value may range between completely true and completely false. By contrast, in Boolean logic, the truth values of variables may only be the integer values 0 or 1.
?yberspace: It is an integrated virtual environment (cyber environment) that does not have a physical embodiment, formed as a result of actions of people, programs and services on the Internet using appropriate network communication technologies/
Measurement: Measurement is the assignment of a value (number, symbol, etc.) to a characteristic of an object or event, which can be compared with other objects or events.
Evaluation and Monitoring: It is a process that helps improve performance and achieve results for particular process. Its goal is to improve current and future management of outputs, outcomes and impact. It establishes links between the past, present and future actions.
Cyber Environment: Cyber environment include users, networks, devices, all software, processes, stored or transit information, applications, services, and systems that can be directly or indirectly connected to networks.
Fuzzy Sets: It is a set of elements which have no strict boundaries. Examples of such sets are sets of “young people”, “expensive cars”, “successful companies”, etc.
Artificial Intelligence (AI): AI is the simulation of human intelligence processes by computer systems. Particular applications of AI include text and speech recognition, machine vision, learning by examples, etc.