Authors : Janebel L. Baligasa; Sherdalyn S.Wahab; Alniza D. Radjaini; Benalyn A. Titing; Shermalyn N. Ahaja; Uzendra Jasmin J. Omar; Jendra J. Kamdad; Nur-aisa E. Abubakar; Ar-Jvhier R. Muhali; Darwina J. Nelson; Nureeza J. Latorre; Shernahar K. Tahil

Volume/Issue : Volume 9 - 2024, Issue 12 - December

Google Scholar : https://tinyurl.com/567y6kup

Scribd : https://tinyurl.com/3w6ukwmr

DOI : https://doi.org/10.5281/zenodo.14591208

Abstract : As a foundation of modern society, critical infrastructure is increasingly vulnerable to cyber attacks as it becomes more reliant on digital technology. A comprehensive information assurance approach must be set up to protect sensitive information and systems. This includes the establishment of policies, procedures, and technological measures. It also covers the constantly changing threat landscape. The report explores challenges with securing complex, interconnected systems. These include not only legacy infrastructure but operational technology environments as well. The areas will include risk assessment and management. Here, one can hear the clarion call for scouring weaknesses from vulnerability assessments and threat modeling processes. It also stresses the value of attentive information security practices like access control, network security, plus data protection to ensure that no one gains unauthorized entry into your systems. It also confirms how, in dealing with the impact caused by hacking attacks, one needs both incident response and long-term rehabilitation schemes, digital forensics, and collaborative cooperation between organizations. On the other hand, it discusses how AI, machine learning, and blockchain can contribute to IA and where quantum computing will challenge it. By adding the human perspective, the report also points out a need to raise people's understanding of security best practices, secure a cybersecurity-minded workplace atmosphere, and develop strict policies and governance structures to protect against staff malfeasance and social engineering attacks. The study shows the need to practice a holistic information assurance strategy where technology, human consciousness, and governance are combined into the structure of critical infrastructure to enable relevant services to continue in an interconnected world.

Keywords : Critical Infrastructure Security, Information Assurance, Cyber Threats, Risk Management.

References :

1. Toscano, B., Fernandes, A. D., Silva, M. M. D., & Santoro, F. M. (2022). A domain ontology on cascading effects in critical infrastructures based on a systematic literature review. International Journal of Critical Infrastructures, 18(1), 79-103.
2. Kouloufakos, T. (2023). Untangling the cyber norm to protect critical infrastructures. Computer Law & Security Review, 49, 105809.
3. Rinaldi, S. M., Peerenboom, J. P., & Kelly, T. K. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE control systems magazine, 21(6), 11-25.
4. Hossain, M. I., & Hasan, R. (2025). Smart Cities: Cybersecurity Concerns. In Computer and Information Security Handbook, 1397-1412 https://doi.org/10.1016/B978-0-443-13223-0.00089-8
5. A. Y. Al Hammadi, C. YeobYeun and E. Damiani (2020). Novel EEG Risk Framework to Identify Insider Threats in National Critical Infrastructure Using Deep Learning Techniques. 2020 IEEE International Conference on Services Computing (SCC), 69-471, https://doi.org/10.1109/SCC49832.2020.00071
6. M. Jutras, E. Liang, S. Leary, C. Ward and K. Manville (2022). Detecting Physical Adversarial Patch Attacks with Object Detectors. 2022 IEEE Applied Imagery Pattern Recognition Workshop (AIPR), 1-7, https://doi.org/10.1109/AIPR57179.2022.10092200
7. Tahil, S.K. (2024). Integrating Computer Science in Basic Education Curriculum: Enhancing Innovation and Sophistication for Global Competitiveness. International Journal of Learning, Teaching and Educational Research. 23(8), 203-221. https://doi.org/10.26803/ijlter.23.8.11
8. K. Touloumis, A. Michalitsi-Psarrou, A. Georgiadou and D. Askounis (2022). A tool for assisting in the forensic investigation of cyber-security incidents. 2022 IEEE International Conference on Big Data (Big Data). 2630-2636, https://doi.org/10.1109/BigData55660.2022.10020208
9. Michalec, O., Milyaeva, S., & Rashid, A. (2022). When the future meets the past:  Can safety and cyber security coexist in modern critical infrastructures? Big Data & Society, 9(1). https://doi.org/10.1177/20539517221108369
10. Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & security, 56, 1-27.
11. Clark-Ginsberg, A., & Slayton, R. (2019). Regulating risks within complex sociotechnical systems: Evidence from critical infrastructure cybersecurity standards. Science and Public Policy, 46(3), 339-346.
12. Dunn Cavelty, M. (2018). Cybersecurity research meets science and technology studies. Politics and Governance, 6(2), 22-30.
13. Renaud, K., Flowerday, S., Warkentin, M., Cockshott, P., & Orgeron, C. (2018). Is the responsibilization of the cybersecurity risk reasonable and judicious?. Computers & Security, 78, 198-211.
14. Chen, Z., Kang, Y., Li, L., Zhang, X., Zhang, H., Xu, H., ... & Lyu, M. R. (2020, November). Towards intelligent incident management: why we need it and how we make it. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 1487-1497).
15. González-Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security information and event management (SIEM): analysis, trends, and usage in critical infrastructures. Sensors, 21(14), 4759.
16. Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939-953.
17. Tahil, S. K., Alibasa, J. T., Tahil, S. R. K., Marsin, J., & Tahil, S. S. K. (2023). Preserving and Nurturing Tausug Language: The Bahasa Sug Mobile Learning Application Tool for Enhancing Mother Tongue Development for Toddlers. International Journal of Learning, Teaching and Educational Research, 22(11), 18-35.
18. Hamill, J. T., Deckro, R. F., & Kloeber, J. M. (2022). Evaluating information assurance strategies. In Handbook of Scholarly Publications from the Air Force Institute of Technology (AFIT), 1, 3-32.
19. Ani, U. D., He, H., & Tiwari, A. (2019). Human factor security: evaluating the cybersecurity capacity of the industrial workforce. Journal of Systems and Information Technology, 21(1), 2-35.
20. Chowdhury, N., & Gkioulos, V. (2021). Cyber security training for critical infrastructure protection: A literature review. Computer Science Review, 40, 100361.
21. Heaton, J., & Parlikad, A. K. (2019). A conceptual framework for the alignment of infrastructure assets to citizen requirements within a Smart Cities framework. Cities, 90, 32-41.
22. AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers & security, 99, 102030.
23. Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future generation computer systems, 92, 178-188.