MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas

MoRCiTO: Towards a Cybersecurity Reference Model for Operation Technology in Preparation for the Quantum Era to Prevent Network Attacks on Cyber-Physical Systems in Critical Infrastructures

Authors

Keywords:

Modelo de referencia, Ciberseguridad, Sistemas ciber-físicos, Era cuántica, Amenazas, Vulnerabilidades, Infraestructuras críticas, Tecnología de la operación, Criptografía, QKD, MoRCiTO (es).

Keywords:

critical infrastructures, cryptography, cyber-physical systems, cybersecurity, operation technology, quantum era, Quantum Key Distribution, reference model, threats, vulnerabilities (en).

Abstract (es)

En esta publicación se propone un modelo de referencia de ciberseguridad para la tecnología de la operación (MoRCiTO) como preparación para la era cuántica para prevenir ataques de red a sistemas ciber-físicos (SCF) en
infraestructuras críticas (IC). El modelo propuesto es el resultado de una revisión de estudios primarios que abordan diferentes aspectos como, entre otros, las amenazas de los equipos cuánticos contra los sistemas criptográficos actuales (así como las que aún están por aparecer), permitiendo caracterizar el modelo de referencia propuesto. Este trabajo contribuye significativamente al campo de la ciberseguridad, proporcionando un modelo de referencia adaptado a la inminente llegada de la era cuántica. Es un paso crucial hacia la preparación de IC contra amenazas avanzadas y establece una base sólida para investigaciones futuras en el área de la ciberseguridad cuántica. Además, el modelo puede ser adoptado por entidades gubernamentales y organizaciones encargadas de la gestión de IC para fortalecer su resiliencia ante posibles ataques cuánticos. Su implementación ayudará a garantizar la continuidad operativa y la protección de sistemas vitales en un entorno de amenazas en constante evolución.

Abstract (en)

This publication proposes a cybersecurity reference model for operation technology (MoRCiTO) as preparation for the quantum era to prevent network attacks on cyber-physical systems (CPS) in critical infrastructures (CI). The proposed model is the result of a review of primary studies that address different aspects such as, among others, the threats of quantum equipment against current cryptographic systems (as well as those that are yet to appear), enabling the characterization of the proposed reference model. This work contributes significantly to the field of cybersecurity, providing a reference model tailored to the imminent arrival of the quantum era. It is a crucial step towards CI preparedness against advanced threats and establishes a solid foundation for future research in quantum cybersecurity area. In addition, the model can be adopted by government entities and organizations in charge of CI management to strengthen their resilience against potential quantum attacks. Its implementation will help to ensure operational continuity and the protection of vital systems in a constantly evolving threat environment.

References

Abdi, F., Chen, C.-Y., Hasan, M., Liu, S., Mohan, S., Caccamo, M. (2018). Guaranteed physical security with restart-based design for cyber-physical systems [Artículo de conferencia]. ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS). https://doi.org/10.1109/ICCPS.2018.00010

Adam, A., Rivlin, E., Shimshoni, I., Reinitz, D. (2008). Robust real-time unusual event detection using multiple fixed-location monitors. IEEE Transactions on Pattern Analysis and Machine Intelligence, 30(3), 555-560. https://doi.org/10.1109/TPAMI.2007.70825

Aguado, A., López, V., Martinez-Mateo, J., Peev, M., López, D., Martin, V. (2018). Virtual network function deployment and service automation to provide end-to-end quantum encryption. Journal of Optical Communications and Networking, 10(4), e421. https://doi.org/10.1364/JOCN.10.000421

Ahn, J., Chung, J., Kim, T., Ahn, B., Choi, J. (2021). An overview of quantum security for distributed energy resources [Artículo de conferencia]. IEEE 12th International Symposium on Power Electronics for Distributed Generation Systems (PEDG). https://doi.org/10.1109/PEDG51384.2021.9494203

Akter, M. S. (2023). Quantum cryptography for enhanced network security: A comprehensive survey of research, developments, and future directions. https://doi.org/10.48550/arXiv.2306.09248

Alagic, G., Alperin-Sheriff, J., Apon, D., Cooper, D., Dang, Q., Liu, Y.-K., Miller, C., Moody, D., Peralta, R., Perlner, R., Robinson, A., Smith-Tone, D. (2019). Status report on the first round of the NIST post-quantum cryptography standardization process. https://doi.org/10.6028/NIST.IR.8240

Albataineh, H., Nijim, M. (2021). Enhancing the cybersecurity education curricula through quantum computation. En K. Daimi, H. R. Arabnia, L. Deligiannidis, M. S. Hwang & F. G. Tinetti (Eds.), Advances in Security, Networks, and Internet of Things (pp. 223-231). Springer International Publishing. https://doi.org/10.1007/978-3-030-71017-0_16

Alcaraz, C. (2018). Cloud-assisted dynamic resilience for cyber-physical control systems. IEEE Wireless Communications, 25(1), 76-82. https://doi.org/10.1109/MWC.2018.1700231

Alcaraz, C., Zeadally, S. (2015). Critical infrastructure protection: Requirements and challenges for the 21st century. International Journal of Critical Infrastructure Protection, 8, 53-66. https://doi.org/10.1016/j.ijcip.2014.12.002

Ali, A. (2021). A pragmatic analysis of pre- and post-quantum cyber security scenarios [Artículo de conferencia]. International Bhurban Conference on Applied Sciences and Technologies (IBCAST). Https://doi.org/10.1109/IBCAST51254.2021.9393278

Al-Mohammed, H. A., Al-Ali, A., Yaacoub, E., Qidwai, U., Abualsaud, K., Rzewuski, S., Flizikowski, A. (2021). Machine learning techniques for detecting attackers during quantum key distribution in IoT networks with application to railway scenarios. IEEE Access, 9, 136994-137004. https://doi.org/10.1109/ACCESS.2021.3117405

Amador Donado, S., Pardo Calvache, C. J., Mazo Peña, R. (2024). Revisión preliminar: ciberseguridad para tecnología de la operación en la era cuántica contra ataques de red a infraestructuras críticas. Revista INGE CUC, 20(2), por publicar.

Antoliš, K., Mišević, P., Miličević, A. (2015). Vulnerabilities of new technologies and the protection of CNI. https://hrcak.srce.hr/file/206704

Axelrod, C. W. (2013). Managing the risks of cyber-physical systems [Artículo de conferencia]. IEEE Long Island Systems, Applications and Technology Conference (LISAT). https://doi.org/10.1109/LISAT.2013.6578215

Baracaldo, N., Joshi, J. B. D. (2009). Mitigating insider threats to database security: A role-based approach. ACM Transactions on Information and System Security (TISSEC), 12(4), 1-29.

Baykara, M., Gurturk, U., Das, R. (2018). An overview of monitoring tools for real-time cyber-attacks [Artículo de conferencia]. 6th International Symposium on Digital Forensic and Security (ISDFS). Https://doi.org/10.1109/ISDFS.2018.8355339

Bernstein, D. J., Lange, T. (2017). Post-quantum cryptography. Nature, 549(7671), 188-194. https://doi.org/10.1038/nature23461

Bililign, S. (2013). The need for interdisciplinary research and education for sustainable human development to deal with global challenges. International Journal of African Development, 1(1), e18. https://scholarworks.wmich.edu/ijad/vol1/iss1/8

Bruß, D., Lütkenhaus, N. (2000). Quantum key distribution: From principles to practicalities. Applicable Algebra in Engineering, Communication and Computing, 10(4-5), 383-399. https://doi.org/10.1007/s002000050137

Busby, D. J. (2000). Peacetime use of computer network attack. https://doi.org/https://doi.org/10.21236/ada377624

Caicedo, D. S. (2017). Global critical infrastructure: Attacking the vulnerability of global cyber networks to create societal collapse. https://api.semanticscholar.org/CorpusID:55418315

Campagna, M., Chen, L., Dagdelen, O., Ding, J., Fernick, J., Gisin, N., Zhang, Z. (2015). Quantum Safe Cryptography and Security: An introduction, benefits, enablers and challenges. European Telecommunications Standards Institute.

Campbell Sr., R. E. (2020). The need for cyber resilient enterprise distributed ledger risk management framework. The Journal of The British Blockchain Association, 3(1), 1-9. https://doi.org/10.31585/jbba-3-1-(5)2020

Cao, Y., Zhao, Y., Colman-Meixner, C., Yu, X., Zhang, J. (2017). Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD). Optics Express, 25(22), e26453. https://doi.org/10.1364/OE.25.026453

Carle, G., Debar, H., Dressler, F., König, H. (2012). Network attack detection and defense early warning systems - Challenges and perspectives (Dagstuhl Seminar 12061). Dagstuhl Reports, 2(2), 1-20. https://doi.org/10.4230/DagRep.2.2.1

Cerf, N. J., Bourennane, M., Karlsson, A., Gisin, N. (2002). Security of quantum key distribution using d-level systems. Physical Review Letters, 88(12), e127902. https://doi.org/10.1103/PhysRevLett.88.127902

Choi, J.-W., Kang, M.-S., Heo, J., Hong, C., Yoon, C.-S., Han, S.-W., Moon, S., Yang, H.-J. (2020). Quantum challenge-response identification using single qubit unitary operators. Physica Scripta, 95(10), e105104. https://doi.org/10.1088/1402-4896/abaf8e

CISA (2021). Critical Infrastructure Sectors. https://www.cisa.gov/sites/default/files/publications/21-0860_EOY_REPORT_508c.pdf

Clark-Ginsberg, A., Slayton, R. (2019). Regulating risks within complex sociotechnical systems: Evidence from critical infrastructure cybersecurity standards. Science and Public Policy, 46(3), 339-346. https://doi.org/10.1093/scipol/scy061

Cook, A., Nicholson, A., Janicke, H., Maglaras, L., Smith, R. (2016). Attribution of cyber-attacks on industrial control systems. EAI Endorsed Transactions on Industrial Networks and Intelligent Systems, 3(7), e151158. https://doi.org/10.4108/eai.21-4-2016.151158

Cruz, T., Simões, P. (2021). Down the rabbit hole: Fostering active learning through guided exploration of a SCADA cyber range. Applied Sciences, 11(20), e23. https://doi.org/10.3390/app11209509

Dacier, M., Kargl, F., König, H., Valdes, A. (2014). Network attack detection and defense: Securing industrial control systems for critical infrastructures (Dagstuhl Seminar 14292). Dagstuhl Reports, 4(7), 62-79. https://doi.org/10.4230/DagRep.4.7.62

Diffie, W., Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644-654.

Dixon, A. R., Dynes, J. F., Lucamarini, M., Fröhlich, B., Sharpe, A. W., Plews, A., Tam, W., Yuan, Z. L., Tanizawa, Y., Sato, H., Kawamura, S., Fujiwara, M., Sasaki, M., Shields, A. J. (2017). Quantum key distribution with hacking countermeasures and long-term field trial. Scientific Reports, 7(1), e1978. https://doi.org/10.1038/s41598-017-01884-0

Dutta, H., Bhuyan, A. K. (2024). Quantum communication: From fundamentals to recent trends, challenges and open problems. http://arxiv.org/abs/2406.04492

European Commission (2017). Critical infrastructures – Enhancing preparedness & resilience for the security of citizens and services supply continuity [Artículo de conferencia]. Proceedings of the 52nd ESReDA Seminar Hosted by the Lithuanian Energy Institute & Vytautas Magnus University.

European Union (2018). General Data Protection Regulation (GDPR). https://gdpr-info.eu/

European Union Agency for Network, ENISA (2018). Good practices for security of internet of things in the context of smart manufacturing. https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot/@@download/fullReport

Fehr, S., Salvail, L. (2017). Quantum authentication and encryption with key recycling [Artículo de conferencia]. Advances in Cryptology – EUROCRYPT 2017. https://doi.org/10.1007/978-3-319-56617-7_11

Fernández-Carames, T. M., Fraga-Lamas, P. (2020). Towards post-quantum blockchain: A review on blockchain cryptography resistant to quantum computing attacks. IEEE Access, 8, 21091-21116. https://doi.org/10.1109/ACCESS.2020.2968985

Flowers, A., Zeadally, S., Murray, A. (2013). Cybersecurity and US legislative efforts to address cybercrime. Journal of Homeland Security and Emergency Management, 10(1), 29-55. https://doi.org/10.1515/jhsem-2012-0007

Fu, H. (2015). Legal protection of cyberspace infrastructure and information safety in china-a response to cyberspace challenges to china’s national security. https://doi.org/10.2991/meita-15.2015.6

Gatto, A., Ferrari, M., Brunero, M., Gagliano, A., Tarable, A., Bodanapu, D., Giorgetti, A., Andriolli, N., Paganelli, R., Strambini, L., Martelli, P., Martinelli, M. (2022). Integration of QKD technologies in advanced optical networks [Artículo de conferencia]. IEEE 15th Workshop on Low Temperature Electronics (WOLTE). Https://doi.org/10.1109/WOLTE55422.2022.9882652

Gisin, N., Ribordy, G., Tittel, W., Zbinden, H. (2002). Quantum cryptography. Reviews of Modern Physics, 74(1), 145-195.

Goorden, S. A., Horstmann, M., Mosk, A. P., Škorić, B., Pinkse, P. W. H. (2014). Quantum-secure authentication of a physical unclonable key. Optica, 1(6), e421. https://doi.org/10.1364/OPTICA.1.000421

Goy, M., Berlich, R., Kržič, A., Rieländer, D., Kopf, T., Sharma, S., Steinlechner, F. O. (2021). High performance optical free-space links for quantum communications. En Z. Sodnik, B. Cugny & N. Karafolas (Eds.), International Conference on Space Optics — ICSO 2020 (p. 18). SPIE. https://doi.org/10.1117/12.2599163

Gras, G., Rusca, D., Zbinden, H., Bussières, F. (2021). Countermeasure against quantum hacking using detection statistics. Physical Review Applied, 15(3), e034052. https://doi.org/10.1103/PhysRevApplied.15.034052

Haber, E., Zarsky, T. Z. (2017). Cybersecurity for infrastructure: A critical analysis. Information Privacy Law eJournal. https://api.semanticscholar.org/CorpusID:158139470

Hahn, A. (2016). Operational technology and information technology in industrial control systems. En E. Colbert 7 A. Kott (Eds.), Advances in Information Security (vol. 66, pp. 51-68). Springer New York. https://doi.org/10.1007/978-3-319-32125-7_4

Hamza, A., Gharakheili, H. H., Sivaraman, V. (2020). IoT network security: Requirements, threats, and countermeasures. http://arxiv.org/abs/2008.09339

Haney, M. (2019). Leveraging cyber-physical system honeypots to enhance threat intelligence. En J. Staggs & S. Shenoi (Eds.), IFIP Advances in Information and Communication Technology (vol. 570 IFIP, pp. 209-233). Springer International Publishing. https://doi.org/10.1007/978-3-030-34647-8_11

Hartman, S. M. (2012). Protecting accelerator control systems in the face of sophisticated cyber-attacks. https://api.semanticscholar.org/CorpusID:55389350

Holdsworth, J., Apeh, E. (2017). An effective immersive cyber security awareness learning platform for businesses in the hospitality sector [Artículo de conferencia]. IEEE 25th International Requirements Engineering Conference Workshops (REW). https://doi.org/10.1109/REW.2017.47

Holley, K. A. (2009). Special issue: Understanding interdisciplinary challenges and opportunities in higher education. Ashe Higher Education Report, 35, 1-131. https://api.semanticscholar.org/CorpusID:146511487

Hoschek, M. (2021). Quantum security and 6G critical infrastructure. Serbian Journal of Engineering Management, 6(1), 1-8. https://doi.org/10.5937/SJEM2101001H

Hossain Faruk, M. J., Tahora, S., Tasnim, M., Shahriar, H., Sakib, N. (2022). A review of quantum cybersecurity: Threats, risks and opportunities [Artículo de conferencia]. 1st International Conference on AI in Cybersecurity (ICAIC). https://doi.org/10.1109/ICAIC53980.2022.9896970

Huang, K., Zhou, C., Tian, Y. C., Yang, S., Qin, Y. (2018). Assessing the physical impact of cyberattacks on industrial cyber-physical systems. IEEE Transactions on Industrial Electronics, 65(10), 8153-8162. https://doi.org/10.1109/TIE.2018.2798605

Hughes, R. J., Nordholt, J. E., McCabe, K. P., Newell, R. T., Peterson, C. G., Somma, R. D. (2013). Network-centric quantum communications. Frontiers in Optics, 2013, FW2C.1. https://doi.org/10.1364/FIO.2013.FW2C.1

Hui, P., Bruce, J., Fink, G., Gregory, M., Best, D., McGrath, L., Endert, A. (2010). Towards efficient collaboration in cyber security [Artículo de conferencia]. International Symposium on Collaborative Technologies and Systems. https://doi.org/10.1109/CTS.2010.5478473

International Organization for Standardization (ISO) (2018). Risk management – Guidelines (número ISO 31000:2018). International Organization for Standardization.

ISO/IEC 27001 (2013). Information technology – Security techniques – Information security management systems – Requirements (número ISO/IEC 27001:2013). International Organization for Standardization.

Jahanian, F. (2011). Reflections on the evolution of internet threats [Artículo de conferencia]. 18th ACM Conference on Computer and communications security. https://doi.org/10.1145/2046707.2046709

Jain, N., Stiller, B., Khan, I., Elser, D., Marquardt, C., Leuchs, G. (2016). Attacks on practical quantum key distribution systems (and how to prevent them). Contemporary Physics, 57(3), 366-387. https://doi.org/10.1080/00107514.2016.1148333

Kalra, M., Poonia, R. C. (2017). Design a new protocol for quantum key distribution. Journal of Information and Optimization Sciences, 38(6), 1047-1054. https://doi.org/10.1080/02522667.2017.1374723

Kanamori, Y., Seong-Moo Yoo, Gregory, D. A., Sheldon, F. T. (2005). On quantum authentication protocols [Artículo de conferencia]. GLOBECOM ’05. IEEE Global Telecommunications Conference. https://doi.org/10.1109/GLOCOM.2005.1577930

Kanamori, Y., Yoo, S.-M., Gregory, D. A., Sheldon, F. T. (2009). Authentication protocol using quantum superposition states. International Journal of Network Security, 9(2), 101-108.

Käppler, S. A., Schneider, B. (2021). Post-quantum cryptography: An introductory overview and implementation challenges of quantum-resistant algorithms. En K. Hinkelmann & A. Gerber (Eds.), Proceedings of the Society 5.0 Conference 2022 - Integrating Digital World and Real World to Resolve Challenges in Business and Society (pp. 61-49). EasyChair. https://doi.org/10.29007/2tpw

Karim, M. E., Phoha, V. V. (2014). Cyber-physical systems security. En S. Suh, U. Tanik, J. Carbone, & A. Eroglu (Eds.), Applied Cyber-Physical Systems (pp. 75-83). Springer New York. https://doi.org/10.1007/978-1-4614-7336-7_7

Karol, M., Życzkowski, M. (2015). Quantum technology in critical infrastructure protection. Safety and Security Engineering VI, 1, 109-119. https://doi.org/10.2495/SAFE150101

Khan, A. A., Ahmad, A., Waseem, M., Liang, P., Fahmideh, M., Mikkonen, T., Abrahamsson, P. (2022). Software architecture for quantum computing systems - Asystematic review. SSRN Electronic Journal, por publicar. https://doi.org/10.2139/ssrn.4040490

Khan, I. (2018). Quantum communication in space – Challenges and opportunities. Imaging and Applied Optics, 2018, AM5A.2. https://doi.org/10.1364/AIO.2018.AM5A.2

Knapp, E. D., Langill, J. T. (2015). Standards and regulations. En E. D. Knapp & J. T. Langill (Eds.), Industrial Network Security (pp. 387-407). Elsevier. https://doi.org/10.1016/B978-0-12-420114-9.00013-7

Kneller, V. Yu., Fayans, A. M. (2019). Solving interdisciplinary tasks: The challenge and the ways to surmount it. Journal of Physics: Conference Series, 1379(1), e012011. https://doi.org/10.1088/1742-6596/1379/1/012011

Kumar, A., Dadheech, P., Singh, V., Raja, L., Poonia, R. C. (2019). An enhanced quantum key distribution protocol for security authentication. Journal of Discrete Mathematical Sciences and Cryptography, 22(4), 499-507. https://doi.org/10.1080/09720529.2019.1637154

Kumar Rao, S., Mahto, D., Kumar Yadav, D., Ali Khan, D. (2017). The AES-256 cryptosystem resists quantum attacks. International Journal of Advanced Research in Computer Science, 8(3), 404-408. https://doi.org/https://doi.org/10.26483/ijarcs.v8i3.3025

Lancho, D., Martinez, J., Elkouss, D., Soto, M., Martin, V. (2010). QKD in standard optical telecommunications networks. En A. Sergienko, S. Pascazio, & P. Villoresi (Eds.), Quantum Communication and Quantum Networking (pp. 142-149). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-11731-2_18

Laughlin, C. (2016). Cybersecurity in critical infrastructure sectors: a proactive approach to ensure inevitable laws and regulations are effective. Colorado Technology Law Journal, 14(2), 2871452. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2871452

Linke, N. M., Maslov, D., Roetteler, M., Debnath, S., Figgatt, C., Landsman, K. A., Wright, K., Monroe, C. (2017). Experimental comparison of two quantum computing architectures. Proceedings of the National Academy of Sciences, 114(13), 3305-3310. https://doi.org/10.1073/pnas.1618020114

Liu, W., Peng, J., Huang, P., Huang, D., Zeng, G. (2017). Monitoring of continuous-variable quantum key distribution system in real environment. Optics Express, 25(16), 19429. https://doi.org/10.1364/OE.25.019429

Liu, Y., Cao, Z., Curty, M., Liao, S.-K., Wang, J., Cui, K., Yin, J., Li, Y., Chen, K., , Peng, C.-Z. (2014). Experimental demonstration of quantum authentication. Physical Review Letters, 113(4), e40505.

Lloyd, S., Mohseni, M., Rebentrost, P. (2010). Quantum algorithms for solving linear systems of equations. Physical Review Letters, 105(15), e150502.

Lu, K.-C., Liu, I.-H., Liao, J.-W., Wu, S.-C., Liu, Z.-C., Li, J.-S., Li, C.-F. (2019). Evaluation and build to honeypot system about scada security for large-scale IoT devices. Journal of Robotics, Networking and Artificial Life, 6(3), e157. https://doi.org/10.2991/jrnal.k.191202.008

Ludvigsen, K. R., Nagaraja, S. (2022). The opportunity to regulate cybersecurity in the EU (and the World): Recommendations for the cybersecurity resilience act. http://arxiv.org/abs/2205.13196

Luo, Y., Li, Q., Mao, H.-K. (2023). How to achieve end-to-end key distribution for QKD Networks in the presence of untrusted nodes. https://doi.org/https://doi.org/10.48550/arXiv.2302.07688

Majumder, S. R., Giani, A., Shen, W., Neculaes, B., Zhu, D., Johri, S. (2023). Quantum computation: Efficient network partitioning for large scale critical infrastructures. http://arxiv.org/abs/2302.02074

Malina, L., Dobias, P., Hajny, J., Choo, K.-K. R. (2023). On deploying quantum-resistant cybersecurity in intelligent infrastructures [Artículo de conferencia]. 18th International Conference on Availability, Reliability and Security. https://doi.org/10.1145/3600160.3605038

Mao, S., Zhang, H., Wu, W., Liu, J., Li, S., Wang, H. (2014). A resistant quantum key exchange protocol and its corresponding encryption scheme. China Communications, 11(9), 124-134. https://doi.org/10.1109/CC.2014.6969777

Mao, Y., Huang, W., Zhong, H., Wang, Y., Qin, H., Guo, Y., Huang, D. (2020). Detecting quantum attacks: A machine learning based defense strategy for practical continuous-variable quantum key distribution. New Journal of Physics, 22(8), 083073. https://doi.org/10.1088/1367-2630/aba8d4

Martelli, P., Gatto, A., Brunero, M., Bodanapu, D., Rapisarda, M., Comi, P. M., Martinelli, M. (2021). Integration of QKD in WDM networks [Artículo de conferencia]. 2021 International Conference on Optical Network Design and Modeling (ONDM). https://doi.org/10.23919/ONDM51796.2021.9492394

McMurdo, J. (2014). Cybersecurity firms cyber mercenaries. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.2556412

Microsoft (2018). Security development lifecycle (SDL). https://www.microsoft.com/en-us/securityengineering/sdl

Microsoft (2021). Security update guide. https://msrc.microsoft.com/update-guide

Mihalache, S. F., Pricop, E., Fattahi, J. (2019). Resilience enhancement of cyber-physical systems: A review. En N. Mahdavi Tabatabaei, S.

Najafi Ravadanegh N. Bizon (Eds.), Power Systems Resilience (pp. 269-287). Springer. https://doi.org/10.1007/978-3-319-94442-5_11

Mink, A., Frankel, S., Perlner, R. (2010). Quantum key distribution (QKD) and commodity security protocols: Introduction and integration. http://arxiv.org/abs/1004.0605

Mistry, N. R., Dholakiya, A. Y., Prajapati, J. P., Mistry, N. R., Dholakiya, A. Y., Prajapati, J. P. (2021). Security and privacy aspects using quantum internet. En N. Kumar, A. Agrawal, B. Chaurasia & R. Khan (Eds.), Limitations and Future Applications of Quantum Cryptography (pp. 62-81). IGI Global Scientific Publishing. https://doi.org/10.4018/978-1-7998-6677-0.ch004

Mosca, M. (2018). Cybersecurity in an era with quantum computers: Will we be ready? IEEE Security & Privacy, 16(5), 38-41. https://doi.org/10.1109/MSP.2018.3761723

Nair, P., Patil, S. (2020). Quantum computing in data security: A critical assessment. SSRN Electronic Journal, 2020, e3565438. https://doi.org/10.2139/ssrn.3565438

National Institute of Standards (NIST) (2002). Risk Management guide for information technology systems: Vol. SP 800-30. https://doi.org/10.6028/NIST.SP.800-30

National Institute of Standards (NIST) (2008a). Performance measurement guide for information security. https://doi.org/10.6028/NIST.SP.800-55r1

National Institute of Standards (NIST) (2008b). Technical guide to information security testing and assessment. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=152164

National Institute of Standards (NIST) (2012). Computer security incident handling guide: Vol. Revision 2. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

National Institute of Standards (NIST) (2015). Guide to industrial control systems (ICS) Security: Vol. Revision 2. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf

National Institute of Standards (NIST) (2016). Post-quantum cryptography: NIST’s plan for the future. https://nvlpubs.nist.gov/nistpubs/ir/2016/nist.ir.8105.pdf

National Institute of Standards (NIST) (2020). Security and privacy controls for information systems and organizations. https://doi.org/10.6028/NIST.SP.800-53r5

NIST SP 800-30 (2012). Guide for conducting risk assessments. https://doi.org/10.6028/NIST.SP.800-30r1

Nkongolo, M., Van Deventer, J. P., Kasongo, S. M., Van Der Walt, W., Kalonji, R., Pungwe, M. (2022). Network policy enforcement: An intrusion prevention approach for critical infrastructures [Artículo de conferencia]. 6th International Conference on Electronics, Communication and Aerospace Technology. https://doi.org/10.1109/ICECA55336.2022.10009524

Olofinbiyi, S. A. (2022). A reassessment of public awareness and legislative framework on cybersecurity in South Africa. ScienceRise: Juridical Science, 2(20), 34-42. https://doi.org/10.15587/2523-4153.2022.259764

Pătraşcu, P. (2021). Emerging technologies and national security: The impact of IoT in critical infrastructures protection and defence sector. Land Forces Academy Review, 26(4), 423-429. https://doi.org/10.2478/raft-2021-0055

Paul, S., Scheible, P., Wiemer, F. (2022). Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial M2M communication. Journal of Computer Security, 30(4), 623-653. https://doi.org/10.3233/JCS-210037

Payares, E., Martínez-Santos, J. C. (2021). Quantum machine learning for intrusion detection of distributed denial of service attacks: A comparative overview. https://doi.org/10.1117/12.2593297

Pérez-Castillo, R., Serrano, M. A., Piattini, M. (2021). Software modernization to embrace quantum technology. Advances in Engineering Software, 151, e102933. https://doi.org/10.1016/j.advengsoft.2020.102933

Perlner, R. A., Cooper, D. A. (2009). Quantum resistant public key cryptography [Artículo de conferencia]. 8th Symposium on Identity and Trust on the Internet. https://doi.org/10.1145/1527017.1527028

Pirandola, S., Andersen, U. L., Banchi, L., Berta, M., Bunandar, D., Colbeck, R., Englund, D., Gehring, T., Lupo, C., Ottaviani, C., Pereira, J. L., Razavi, M., Shamsul Shaari, J., Tomamichel, M., Usenko, V. C., Vallone, G., Villoresi, P., Wallden, P. (2020). Advances in quantum cryptography. Advances in Optics and Photonics, 12(4), 1012. https://doi.org/10.1364/AOP.361502

Pitwon, R. C. A., Lee, B. H. L. (2021). Harmonising international standards to promote commercial adoption of quantum technologies. En K. Bongs, M. J. Padgett, A. Fedrizzi, & A. Politi (Eds.), Quantum Technology: Driving Commercialisation of an Enabling Science II (vol. 11881, p. 16). SPIE. https://doi.org/10.1117/12.2602888

Pohasii, S., Milevskyi, S., Tomashevsky, B., Yoropay, N. (2022). Development of the double-contour protection concept in socio-cyberphysical systems. Advanced Information Systems, 6(2), 57-66. https://doi.org/10.20998/2522-9052.2022.2.10

Ponemon Institute (2020). The importance of training and awareness programs. https://www.entrust.com/es/resources/reports/global-encryption-trends-study

Ponnusamy, V., Regunathan, N. D., Kumar, P., Annur, R., Rafique, K. (2020). A review of attacks and countermeasures in Internet of Things and cyber physical systems. En P. Kumar, V. Ponnusamy, & V. Jain (Eds.), Industrial Internet of Things and Cyber-Physical Systems: Transforming the Conventional to Digital (pp. 1-24). IGI Global Scientific Publishing. https://doi.org/10.4018/978-1-7998-2803-7.ch001

Popescu, L. (2019). The cyber security of critical infrastructures in an increasingly connected world. https://revista.unap.ro/index.php/bulletin/article/view/616/570

Project Management Institute (2017). A guide to the Project Management Body of Knowledge (PMBOK® Guide). Project Management Institute.

Raheman, F. (2022). The future of cybersecurity in the age of quantum computers. Future Internet, 14(11), 335. https://doi.org/10.3390/fi14110335

Rajamaki, J. (2018). Industry-university collaboration on IoT cyber security education: Academic course: «Resilience of Internet of Things and cyber-physical systems» [Artículo de conferencia]. IEEE Global Engineering Education Conference (EDUCON). https://doi.org/10.1109/EDUCON.2018.8363477

Rajna, G. (2015). Quantum computing and cybersecurity. https://vixra.org/pdf/1505.0109v1.pdf

Ramírez, R., Choucri, N. (2016). Improving interdisciplinary communication with standardized cyber security terminology: A literature review. IEEE Access, 4, 2216-2243. https://doi.org/10.1109/ACCESS.2016.2544381

Rieffel, E. G., Venturelli, D., O’Gorman, B., Do, M. B., Prystay, E. M., Smelyanskiy, V. N. (2015). A case study in programming a quantum annealer for hard operational planning problems. Quantum Information Processing, 14(1), 1-36. https://doi.org/10.1007/s11128-014-0892-x

Rodríguez, A. (2023). A quantum cybersecurity agenda for Europe. Governing the transition to post-quantum cryptography. https://api.semanticscholar.org/CorpusID:260055338

Sandhu, R., Coyne, E. J., Feinstein, H. L., Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38-47.

SANS Institute (2019). Collaborative defense: Lessons from the ICS cybersecurity conference. https://www.sans.org/

Scarani, V., Bechmann-Pasquinucci, H., Cerf, N. J., Dušek, M., Lütkenhaus, N., Peev, M. (2009). The security of practical quantum key distribution. Reviews of Modern Physics, 81(3), 1301-1350.

Schneider, F. B. (2013). Cybersecurity education in universities. IEEE Security & Privacy, 11(4), 3-4. https://doi.org/10.1109/MSP.2013.84

Schneier, B. (2018). Click here to kill everybody: Security and survival in a hyper-connected world. WW Norton & Company.

Schwalb, M. (2007). Exploit derivatives & national security. https://heinonline.org/HOL/LandingPage?handle=hein.journals/yjolt9&div=6&id=&page=

Serrano, M. A., Cruz-Lemus, J. A., Pérez-Castillo, R., Piattini, M. (2023). Quantum software components and platforms: Overview and quality assessment. ACM Computing Surveys, 55(8), 1-31. https://doi.org/10.1145/3548679

Shane, P. M. (2012). Texas law review see also response cybersecurity: Toward a meaningful policy framework. https://doi.org/https://doi.org/10.31228/osf.io/b8hms

Sharevski, F., Trowbridge, A., Westbrook, J. (2018). Novel approach for cybersecurity workforce development: A course in secure design [Artículo de conferencia]. IEEE Integrated STEM Education Conference (ISEC). https://doi.org/10.1109/ISECon.2018.8340471

Simonov, M., Bertone, F., Goga, K., Terzo, O. (2019). Cyber kill chain defender for smart meters. Advances in Intelligent Systems and Computing, 772, 386-397. https://doi.org/10.1007/978-3-319-93659-8_34

Singh, H., Gupta, D. L., Singh, A. K. (2014). Quantum key distribution protocols: A review. IOSR Journal of Computer Engineering, 16(2), 01-09. https://doi.org/10.9790/0661-162110109

Sperotto, A., Hofstede, R., Dainotti, A., Schmitt, C., Rodosek, G. D. (2015). Special issue on measure, detect and mitigate–challenges and trends in network security. International Journal of Network Management, 25(5), 261-262. https://doi.org/10.1002/nem.1905

Ståhl, B. (2013). Monitoring infrastructure affordances [Tesis de doctorado, Blekinge Institute of Technology]. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-00544

Stoneburner, G., Goguen, A., Feringa, A. (2002). Risk management guide for information technology systems. https://sites.pitt.edu/~dtipper/2825/NIST_Risk.pdf

Streich, G. (2023). (Re-)configuring federal cybersecurity regulation: From critical infrastructures to the whole-of-the-nation. Indiana Law Review, 55(4), 733-766. https://doi.org/10.18060/27133

Sturgeon, J. G. (2012). Taking a quantum leap in cyber-deterrence. https://api.semanticscholar.org/CorpusID:114567315

Taiber, J. (2020). Unsettled topics concerning the impact of quantum technologies on automotive cybersecurity. https://doi.org/10.4271/EPR2020026

Tao, Y., Xu, W., Li, H., Ji, S. (2019). Experience and lessons in building an ICS security testbed [Artículo de conferencia]. 1st International Conference on Industrial Artificial Intelligence (IAI), level 0. https://doi.org/10.1109/ICIAI.2019.8850804

Taylor, J. M., Sharif, H. R. (2017). Security challenges and methods for protecting critical infrastructure cyber-physical systems [Artículo de conferencia]. International Conference on Selected Topics in Mobile and Wireless Networking (MoWNeT). https://doi.org/10.1109/MoWNet.2017.8045959

Teodoraș, D.-A., Popovici, E.-C., Suciu, G., Sachian, M.-A. (2023). Quantum technology’s role in cybersecurity. En M. Vladescu, I. Cristea & R. D. Tamas (Eds.), Advanced Topics in Optoelectronics, Microelectronics, and Nanotechnologies XI (vol. 12493, p. 99). SPIE. https://doi.org/10.1117/12.2643300

Tian, W., Ji, X., Liu, W., Liu, G., Zhai, J., Dai, Y., Huang, S. (2020). Prospect theoretic study of honeypot defense against advanced persistent threats in power grid. IEEE Access, 8, 64075-64085. https://doi.org/10.1109/ACCESS.2020.2984795

Tomita, A. (2019). Implementation security certification of Decoy‐BB84 quantum key distribution systems. Advanced Quantum Technologies, 2(5-6), e1900005. https://doi.org/10.1002/qute.201900005

Tummala, V. M. R., Schoenherr, T. (2011). Assessing and managing risks using the supply chain risk management process (SCRMP). Supply Chain Management, 16(6), 474-483.

Tyshyk, I. (2022). Testing the organization’s corporate network for unauthorized access. Cybersecurity: Education, Science, Technique, 2(18), 39-48. https://doi.org/10.28925/2663-4023.2022.18.3948

Vermeer, M. J. D., Heitzenrater, C., Parker, E., Moon, A., Lumpkin, D., Awan, J., Stapleton, P. A. (2023). Evaluating cryptographic vulnerabilities created by quantum computing in industrial control systems. RAND Corporation. https://doi.org/10.7249/RRA2427-1

Walenta, N., Soucarros, M., Stucki, D., Caselunghe, D., Domergue, M., Hagerman, M., Hart, R., Hayford, D., Houlmann, R., Legré, M., McCandlish, T., Page, J.-B., Tourville, M., Wolterman, R. (2015). Practical aspects of security certification for commercial quantum technologies. En D. A. Huckridge, R. Ebert, M. T. Gruneisen, M. Dusek, & J. G. Rarity (Eds.), Electro-Optical and Infrared Systems: Technology and Applications XII; and Quantum Information Science and Technology (vol. 9648, p. 96480U). SPIE. https://doi.org/10.1117/12.2193776

Whitman, M. E., Mattord, H. J. (2018). Principles of information security. Cengage Learning.

Witteman, H. O., Stahl, J. E. (2013). Facilitating interdisciplinary collaboration to tackle complex problems in health care: Report from an exploratory workshop. Health Systems, 2(3), 162-170. https://doi.org/10.1057/hs.2013.3

Woo, H., Yi, J., Browne, J. C., Mok, A. K., Atkins, E., Xie, F. (2008). Design and development methodology for resilient cyber-physical systems [Artículo de conferencia]. 2008 The 28th International Conference on Distributed Computing Systems Workshops. https://doi.org/10.1109/ICDCS.Workshops.2008.62

Xu, F., Ma, X., Zhang, Q., Lo, H.-K., Pan, J.-W. (2020). Secure quantum key distribution with realistic devices. Reviews of Modern Physics, 92(2), 025002. https://doi.org/10.1103/RevModPhys.92.025002

Xu, G., Chen, X.-B., Dou, Z., Yang, Y.-X., Li, Z. (2015). A novel protocol for multiparty quantum key management. Quantum Information Processing, 14(8), 2959-2980. https://doi.org/10.1007/s11128-015-1021-1

Xu, W., Tao, Y., Yang, C., Chen, H. (2019). MSICST: Multiple-scenario industrial control system testbed for security research. Computers, Materials & Continua, 60(2), 691-705. https://doi.org/10.32604/cmc.2019.05678

Yao, D. D., Almohri, H. M. J. (2013). High assurance models for secure systems. https://api.semanticscholar.org/CorpusID:110786313

Yesina, M. V., Ostrianska, Ye. V., Gorbenko, I. D. (2022). Status report on the third round of the NIST post-quantum cryptography standardization process. Radiotekhnika, 3(210), 75-86. https://doi.org/10.30837/rt.2022.3.210.05

Yesina, M. V., Potii, O. V., Gorbenko, Yu. I., Ponomar, V. A. (2022). Risk estimation methodology in the post-quantum period. Radiotekhnika, 209, 7-15. https://doi.org/10.30837/rt.2022.2.209.01

Zavitsanos, D., Ntanos, A., Toumasis, P., Raptakis, A., Kouloumentas, C., Stathopoulos, T., Setaki, F., Theodoropoulou, E., Lyberopoulos, G., Giannoulis, G., Avramopoulos, H. (2022). Coexistence studies for DV-QKD integration in deployed RAN infrastructure [Artículo de conferencia]. International Workshop on Fiber Optics in Access Networks (FOAN). https://doi.org/10.1109/FOAN56774.2022.9939691

Zhang, L., Wang, Q., Tian, B. (2013). Security threats and measures for the cyber-physical systems. Journal of China Universities of Posts and Telecommunications, 20(Suppl. 1), 25-29. https://doi.org/10.1016/S1005-8885(13)60254-X

Zhao, Y., Fung, C.-H. F., Qi, B., Chen, C., Lo, H.-K. (2008). Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems. Physical Review A, 78(4), 0e42333. https://doi.org/10.1103/PhysRevA.78.042333

Zhao, W., White, G. (2014). Designing a Formal Model Facilitating Collaborative Information Sharing for Community Cyber Security [Artículo de conferencia]. 47th Hawaii International Conference on System Sciences, Waikoloa, HI, USA. https://doi.org/10.1109/HICSS.2014.252

Zobel, C. W., Khansa, L. (2012). Quantifying cyberinfrastructure resilience against multi‐event attacks. Decision Sciences, 43(4), 687-710. https://doi.org/10.1111/j.1540-5915.2012.00364.x

How to Cite

APA

Amador-Donado, S., Pardo-Calvache, C.-J., and Mazo-Peña, R. (2024). MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas. Revista Científica, 51(3), 22–46. https://doi.org/10.14483/23448350.22581

ACM

[1]
Amador-Donado, S. et al. 2024. MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas. Revista Científica. 51, 3 (Dec. 2024), 22–46. DOI:https://doi.org/10.14483/23448350.22581.

ACS

(1)
Amador-Donado, S.; Pardo-Calvache, C.-J.; Mazo-Peña, R. MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas. Rev. Cient. 2024, 51, 22-46.

ABNT

AMADOR-DONADO, Siler; PARDO-CALVACHE, César-Jesús; MAZO-PEÑA, Raúl. MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas. Revista Científica, [S. l.], v. 51, n. 3, p. 22–46, 2024. DOI: 10.14483/23448350.22581. Disponível em: https://revistas.udistrital.edu.co/index.php/revcie/article/view/22581. Acesso em: 13 jan. 2025.

Chicago

Amador-Donado, Siler, César-Jesús Pardo-Calvache, and Raúl Mazo-Peña. 2024. “MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas”. Revista Científica 51 (3):22-46. https://doi.org/10.14483/23448350.22581.

Harvard

Amador-Donado, S., Pardo-Calvache, C.-J. and Mazo-Peña, R. (2024) “MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas”, Revista Científica, 51(3), pp. 22–46. doi: 10.14483/23448350.22581.

IEEE

[1]
S. Amador-Donado, C.-J. Pardo-Calvache, and R. Mazo-Peña, “MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas”, Rev. Cient., vol. 51, no. 3, pp. 22–46, Dec. 2024.

MLA

Amador-Donado, Siler, et al. “MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas”. Revista Científica, vol. 51, no. 3, Dec. 2024, pp. 22-46, doi:10.14483/23448350.22581.

Turabian

Amador-Donado, Siler, César-Jesús Pardo-Calvache, and Raúl Mazo-Peña. “MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas”. Revista Científica 51, no. 3 (December 3, 2024): 22–46. Accessed January 13, 2025. https://revistas.udistrital.edu.co/index.php/revcie/article/view/22581.

Vancouver

1.
Amador-Donado S, Pardo-Calvache C-J, Mazo-Peña R. MoRCiTO: hacia un modelo de referencia de ciberseguridad para la tecnología de la operación como preparación para la era cuántica, a fin de prevenir ataques de red a sistemas ciber-físicos en infraestructuras críticas. Rev. Cient. [Internet]. 2024 Dec. 3 [cited 2025 Jan. 13];51(3):22-46. Available from: https://revistas.udistrital.edu.co/index.php/revcie/article/view/22581

Download Citation

Visitas

35

Dimensions


PlumX


Downloads

Download data is not yet available.

Most read articles by the same author(s)

Publication Facts

Metric
This article
Other articles
Peer reviewers 
2
2.4

Reviewer profiles  N/A

Author statements

Author statements
This article
Other articles
Data availability 
N/A
16%
External funding 
No
32%
Competing interests 
No
11%
Metric
This journal
Other journals
Articles accepted 
36%
33%
Days to publication 
109
145

Indexed in

Editor & editorial board
profiles
Loading...