This volume contains the proceedings of the 4th International Workshop on Critical Information Infrastructures Security (CRITIS 2009). The workshopwas held from September 30 to October 2 in the Gunnewig Hotel Bristol in Bonn, Germany. TheworkshopwasorganizedbytheFraunhoferInstituteforIntelligent Analysis and Information Systems (IAIS), Sankt Augustin, Germany. CRITIS 2009 continued the series of successful CRITIS Workshops. Com- nies,researchinstitutions,andgovernmentalorganizationsfromallmainareasof critical infrastructures took an active part in supporting CRITIS and we found CRITIS 2009 both exciting and informative. The selected papers addressed a range of key issues and demonstrated the ubiquity and global importance of - formation infrastructures. Each paper had at least three independent technical reviews and we accepted 13 full papers out of 34 submissions. We were very fortunate in having a range of invited speakers that c- ered policy, research and industry perspectives. James Smith from Los Alamos National Laboratory addressed the challenges and achievements in their work on Large-Scale Modeling and Simulation of Critical Infrastructure. Orestis Terzidis, Vice President SAP AG, talked on the The Internet for Energy: P- spectives and Challenges. Continuing with the energy theme, Alla Heidenreich, from SIEMENS AG, Corporate Research and Technologies (Germany) provided her insights on the Secure ICT Infrastructure for the Future Power Grid. Critical infrastructure protection is an area where an e?ective private public partnership is required. A government perspective was provided by Michael P- germann, German Ministry of the Interior, who talked on German strategy - garding CIIP.
Inhaltsverzeichnis
On Modelling of Inter-dependent Network Infrastructures by Extended Leontief Models. - Critical Infrastructure Protection in Brazil - Threat Identification and Analysis. - Development of Information Security-Focused Incident Prevention Measures for Critical Information Infrastructure in Japan. - Design of a Mobile Agent-Based Adaptive Communication Middleware for Federations of Critical Infrastructure Simulations. - An Alternate Topology Generator for Joint Study of Power Grids and Communication Networks. - Trouble Brewing: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Control Systems. - Optimisation of Critical Infrastructure Protection: The SiVe Project on Airport Security. - Cyber-Critical Infrastructure Protection Using Real-Time Payload-Based Anomaly Detection. - Decision Aid Tool and Ontology-Based Reasoning for Critical Infrastructure Vulnerabilities and Threats Analysis. - Application Filters for TCP/IP Industrial Automation Protocols. - Web Browser Security Update Effectiveness. - State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept. - Towards Early Warning Systems Challenges, Technologies and Architecture. - CII Protection - Lessons for Developing Countries: South Africa as a Case Study. - Energy Theft in the Advanced Metering Infrastructure. - Current Capabilities, Requirements and a Proposed Strategy for Interdependency Analysis in the UK. - Stochastic Modelling of the Effects of Interdependencies between Critical Infrastructure.