A multi-level approach to resilience of critical infrastructures and services

Attacks on critical infrastructures are beginning to increase in number and severity. They are often initiated by highly skilled attackers, who are capable of deploying advanced attacks to exfiltrate data or even to cause physical damage. In this paper, we re-visit the rationale for protecting against cyber attacks and propose a framework to monitor, detect and evaluate anomalous behaviour within critical infrastructures. Specifically, we describe a multi-level approach for assuring resilience in critical infrastructures and services, taking into account organisational, technological and individuals' (OTI) viewpoints. The framework supports detection of anomalies by using appropriate techniques at the different levels of infrastructure and service. As a proof of concept, we derive a set of suitable metrics by monitoring a European utility network, then we simulate a detection process and evaluate the results.