Cybersecurity and Critical Infrastructure Protection:

Challenges, Solutions and Sector Specific Strategies

Nejira Subašića, Dželila Halilovićb, Mia Salmanb, Edin Klapića

a International University of Sarajevo, Faculty of Engineering and Natural Sciences, Software Engineering
b International University of Sarajevo, Faculty of Engineering and Natural Sciences, Computer Science

ABSTRACT
Critical infrastructure, including energy, water, health, transportation and finance, are deeply important in maintaining
social stability and economic activities. But it has the disadvantage that it is comprised of interlocking systems and legacy
technology, which is a tempting target for growing sophistication of cyberattack. In this systematic literature review, the
dynamics of attack and assets of critical infrastructure is analyzed, and some of the important examples discussed such as the
2015 Ukraine power grid incident, and the 2017 WannaCry ransomware incident. Major contributors to vulnerability are
legacy systems, underfunding, and exponential growth of Internet of Things (IoT) and Industrial Control Systems (ICS). This
review also works on global cybersecurity architectures and new technologies (e.g., AI, blockchain and quantum
cryptography) as countermeasures for these risks. Through the analysis of issue-specific barriers and real-world events, this
work emphasizes the critical need for a holistic, multidisciplinary strategy with regard to maintaining the security of critical
infrastructure against the ever-changing set of threat modalities.

1. Introduction vulnerability of the healthcare sector to digital

Critical infrastructure is the pillar for modern attacks [2]. Reliance on legacy systems, insufficient
societies. Daily essential services such as energy investment in the area of cybersecurity, and the
and water supply, sanitation, transport, healthcare, lack of an overall framework increase these
and financial institutions depend on it. But, these weaknesses.
sectors are increasingly dependent upon Growing incidence and sophistication of
networked systems - Cyber-Physical Systems cyberattacks demand a cybersecurity strategy that
(CPS), Internet of Things (IoT) sensors, and is both resilient, adaptive and cooperative now
Supervisory Control and Data Acquisition (SCADA) more than ever. This systematic literature review
networks - to provide their services in an optimised investigates the main challenges, future
way. Nevertheless, this digitalization has also technologies, and industry-based solutions
generated new weaknesses that are susceptible to necessary to protect critical infrastructure. Based
cyber-criminals/n.s.a.at.,as demonstrated by on an analysis of real-world examples and the
various studies [1], [8], [9]. Critical infrastructure global landscape of frameworks, this review
attacks cyberattacks have wide implications, highlights the need for a comprehensive solution to
affecting public services, endangering lives and protecting these critical systems.
undermining economies. For example, the 2015
2. Critical Infrastructure as a Primary Target
Ukraine power grid attack illustrated the
for Cyber Threats
possibility of large-scale infrastructure breakdown
at a national level [1], and the WannaCry Critical infrastructure (energy, water, health, rail
ransomware attack in 2017 unveiled the and mobile transport, and finance) forms the
structural base of the societal stability and of the 3. Factors Contributing to Vulnerabilities
economic activity. That means it is an obvious goal
The vulnerability of critical infrastructure sectors
for cyber criminals who intend to abuse these
to cyber attacks is further compounded by a
vulnerabilities for financial reasons, disruption, or
number of factors. Background Systems legacy,
geopolitical gain. In the energy industry,
built for operational effectiveness instead of
cyberattacks targeting power grids can result in
security, still pose a major issue. Obsolete
large scale power outages, as shown by 2015
technologies in the energy and water industries are
Ukraine power grid attack. This nation-state actor-
especially susceptible to attacks by the modern age
organized incident showed us the devastating
[6]. Lack of investment in the field of cybersecurity
possibility of national infrastructure chaos and
worsens the situation, because insufficient funding
underscored the importance of sophisticated
and emphasis create a scenario where even the
monitoring and anticipatory defenses [1]. For
most critical systems remain vulnerable to evolving
example, water systems are also highly vulnerable
risks [7].
to cyberattacks, such as injecting false data into
storage tanks. These advanced attacks can With the growth of the interconnectedness of IT
manipulate existing measurements, leading to and OT systems, it increases the attack surface
cascading outages such as spills or resource most notably when vulnerability to the network
exhaustion. Overcoming these threats is of critical segmentation and secure communication protocols
importance to improving state-estimation methods is neglected at an organizational level [8]. In
and detection systems [11]. The healthcare field addition, the exponential growth of Internet of
continues to be a high-value target because (i) it is Things (IoT) and Industrial Control Systems (ICS)
built around networked medical devices and IT (ii) as part of critical infrastructure creates new attack
health data share is often susceptible to attacks. surfaces. Compromised IoT devices, for example, in
Ransomware attacks, e.g., the 2017 WannaCry water utility or power grids, may afford access to
attack, led to disruption of essential medical larger operational infrastructure that necessitates
services and patient care, highlighting dramatic strong security measures on these IoT devices [9,
vulnerabilities in the preparedness and response to 10].
cybersecurity threats [2]. Transportation is also
susceptible, as attacks on traffic control systems, These challenges highlight the critical need for
connected vehicles, and other infrastructure can improved cybersecurity infrastructures, inter-
have immediate and lasting effects ranging from sector collaboration, and ongoing funding for
schedule delays, supply chain disruption, to mass cutting-edge technology to defend critical
hysteria. These events emphasize the importance infrastructure against the ever-changing threat
of robust and reliable transportation environment.
infrastructures [3]. The financial industry is 4. Major Cybersecurity Challenges Faced by
exposed to sophisticated cyberattacks such as Critical Infrastructure Sectors
ransomware attack, insider attack and Advanced
Persistent Threat (APT). These attacks can cause Critical infrastructure sectors face an evolving
not only great economic damage, but also eroded landscape of cybersecurity challenges driven by
consumer trust and shaky overall economic technological advancements, digitalization, and
systems. The Colonial Pipeline ransomware attack increasingly sophisticated cyberattacks. In all
underscored the vulnerabilities of interconnected areas, such as maritime, energy, health, and finance,
sectors and the cascading consequences of weaknesses are found in the association between
successful cyber intrusions [4, 5]. inter-connected systems, including Cyber-Physical
Systems (CPS), Internet of Things (IoT), and SCADA
networks. The GPS and automation dependence
within the maritime industry leaves it especially
vulnerable to spoofing attacks and jam attacks [12] utility infrastructure and amplifying the threats
and by means of the aging of the platform and thus [21, 22, 30].
to the inaccurate data (ECDIS, Electronic Chart
Practical examples, including the 2012 Saudi
Display and Information System) which are
Aramco incident, the Colonial Pipeline ransomware
assimilated by the user. In addition, the lack of
attack, and the compromised Wheel Slide
cybersecurity expertise among personnel and the
Protection system in Italian railways, highlight the
lack of cybersecurity connectivity between ports
devastating consequences of a cyberattack on
and supply chains increase maritime sector
critical infrastructure, impacting not only the
weaknesses, highlighting the imperative for both
functioning but also confidence in the public and
targeted training and revised security
the economic stability [18, 32]. These cases
infrastructure [14].
highlight the need for an integrated solution that
The energy sector’s dependence on CPS and smart takes technical, organizational, and human factors
grids introduces vulnerabilities to cyber-physical into account.
attacks that can disrupt power plants and
5. Cybersecurity Strategies and Frameworks
transmission networks [19]. Also, the financial
Used for Protecting Critical Infrastructure
industry has a number different challenges
Globally
including downplaying cyber incidents to avoid
damage to a company’s reputation which hampers Different frameworks and strategies are
synchronized global efforts to reduce cybercrime established to protect critical infrastructure.
[26]. Moreover, the growing operating costs of the Among them is NIST Cybersecurity Framework
financial sector in terms of cybersecurity after outlining five key functions: identify, protect,
intensive investments is revealing persistent detect, respond, and recover. Its focus on risk-
weaknesses as demonstrated in the SWIFT attack driven solutions brings the agenda of cybersecurity
of 2016 [37]. into line with other aspects of the enterprise, and is
scalable to various industry [18]. In addition, the
Cybersecurity risks also extend to the domain of
focus on strict access control in Zero Trust
cryptocurrency markets. Cyberattacks targeting
Architecture (ZTA) with dynamic policy
Bitcoin, Ethereum, and Litecoin platforms generate
enforcement in response to identity verification
substantial volatility spillovers that limit portfolio
greatly mitigates insider threat and policy
diversification potential for investors and increase
subversion vulnerabilities [35].
cryptocurrency interdependencies. These
tendencies point to the difficulties of risk Machine learning and artificial intelligence (AI)
management and the critical need for increased form the bedrock of today's cybersecurity
resilience of the digital financial system [17]. architectures. Applications involving
reinforcement learning, hybrid IDS architectures
Fragmentation of cybersecurity frameworks (CSFs)
and anomaly-based systems also enhance intrusion
therefore exacerbates the scenario when working
detection capabilities by addressing changing
globally, where different organizational objectives
threat actors. This is especially important in the
and areas of use bring difficulties in harmonizing
context of energy and transportation industries,
cybersecurity strategies [16]. For instance, the
where such technologies allow for real-time
aviation sector’s rapid digitization increases its
anomaly identification and ancillary threat
exposure to cyberattacks, emphasizing the
prevention [31]. Blockchain and quantum
criticality of compliance with standards like GDPR
cryptography additionally encrypt
and the adoption of advanced measures such as AI
communications channels, offering tamper-evident
and machine learning [29]. Human factors,
records and uncrackable cryptography for
particularly lack of cybersecurity expertise and
instance, healthcare and finance [12, 38].
awareness, continue to be major impediments in all
industries, from aviation to health care to water
Collaboration and policy harmonization are critical The energy industry is dealing with illusiveness of
for effective cybersecurity. The European NIS CPS and smart grids on the matter of security
Directive and the ENISA guidance are both against cyber-physical attacks. Smart Grid 2.0 uses
examples of successful regulatory measures, which blockchain to ensure tamper-evidence and AI to
have shifted the emphasis from information control provide adaptive threat detection for resistance to
to information sharing and cross-sectoral changing cyber-attack [19]. Similar, water
cooperation [28]. Training and awareness distribution systems are also subject to threats
programs, including simulation exercises, augment emanating from scmda systems and plc's attacks.
preparedness within multiple sectors and focus the These limitations are overcome by model-based
human factors aspect of computer security [21 . For detection mechanisms that detect hidden
example, specific frameworks such as the Multi- anomalies by real-time comparison of SCADA data
Layered Threat Intelligence Framework (MLTIF) and of hydraulic simulations [22].
provide a more advanced solution that combines Health care has gone towards Healthcare 5.0, which
machine learning with real-time threat intelligence includes wearables, blockchain, and quantum
for better performance than conventional methods cryptography. These technologies improve the
with MITRE ATT&CK [13]. Advances concepts like security of data while at the same time are resilient
Healthcare 5.0 are exemplified with cutting-edge to inbuilt dangers, such as database breaches or
technologies such as Artificial Intelligence, impersonation attacks. Nevertheless, piecemeal
blockchain, and quantum cryptography being introduction of GDPR and other regulation is
incorporated into the security architectures in restrained to the uniform adaptation of these
order to control future threats such as structures within the field [28, 38]. Specifically, in
eavesdropping, malware, and impersonation [38]. the transport industry, there are risks in traffic
Particularly, Smart Grid 2.0 in the energy field uses control systems and V2X communications.
blockchain and distributed energy resources to Deepening the domain [20, 32] by using
address cyber-physical attacks and further blockchain-based solutions and state-of-the-art
increase operational efficiency [19]. attack-fault tree methods provide more robustness.

These approaches highlight the need for a broader The digital platforms that the financial ecosystem
approach including the adept use of innovative has come all too accustomed to its dangerous
technologies, legal regulations, and international symbiotic relationship creates its particular
cooperation to protect critical infrastructures from fragility, including the underreporting of
more complex cyberattacks. cyberattacks and ongoing risks as exemplified by
the SWIFT hack. AI and blockchain have been used
6. Cybersecurity Challenges Addressed by
to advance detection of fraud and transparency in
Specific Sectors
their respective domains (digital banking and
A cybersecurity approach needs to be tailored for cryptocurrency markets) [17, 37]. Secure-by-
each critical infrastructure sector, due to the design principles, intersectorial collaboration, and
specific cybersecurity threats they are exposed to. human-factor principles continue to be vital across
In the maritime domain, cyber threats are all sectors.
represented by security holes in navigation
Egreat sector-specific resilience, there are tailored
systems such as AIS and GPS that are susceptible to
mitigation that accounts for technological and
spoofing and jamming attacks. Legacy systems e.g.,
human values. The application of AI, blockchain,
ECDIS increase risks and thus have demands to be
and other advanced technologies has
separated into IT and OT systems and to provide
demonstrated significant promise in mitigating
better cybersecurity education for maritime
risks and safeguarding critical operations globally.
personnel [12, 14]. Ports also remain critical points
of vulnerability due to gaps in supply chain
integration [14].
7. Lessons to Be Learned from Real-World fragility, including the underreporting of
Cyber-Incidents in Securing Critical cyberattacks and ongoing risks as exemplified by
Infrastructure the SWIFT hack. AI and blockchain have been used
to advance detection of fraud and transparency in
A cybersecurity approach needs to be tailored for
their respective domains (digital banking and
each critical infrastructure sector, due to the
cryptocurrency markets) [17, 37]. Secure-by-
specific cybersecurity threats they are exposed to.
design principles, intersectorial collaboration, and
In the maritime domain, cyber threats are
human-factor principles continue to be vital across
represented by security holes in navigation
all sectors. Egreat sector-specific resilience, there
systems such as AIS and GPS that are susceptible to
are tailored mitigation that accounts for
spoofing and jamming attacks. Legacy systems e.g.,
technological and human values. The application of
ECDIS increase risks and thus have demands to be
AI, blockchain, and other advanced technologies
separated into IT and OT systems and to provide
has demonstrated significant promise in mitigating
better cybersecurity education for maritime
risks and safeguarding critical operations globally.
personnel [12, 14]. Ports also remain critical points
of vulnerability due to gaps in supply chain 8. Conclusion
integration [14].
Critical infrastructure sectors continue to be
The energy industry is dealing with illusiveness of extremely susceptible to cyberattacks because of
CPS and smart grids on the matter of security the necessity of interconnectedness, older
against cyber-physical attacks. Smart Grid 2.0 uses technologies, and the increasing sophistication of
blockchain to ensure tamper-evidence and AI to cyber threats. Attack incidents such as the 2015
provide adaptive threat detection for resistance to Ukraine power grid exploitation and the WannaCry
changing cyber attack [19]. Similar, water ransomware attack demonstrate the destructive
distribution systems are also subject to threats capabilities of such attacks [1], [2]. Problems of
emanating from scmda systems and plc's attacks. industry-specific nature e.g., those related to
These limitations are overcome by model-based maritime navigation security [12], [14] or
detection mechanisms that detect hidden reporting of cyber incidents by financial sector
anomalies by real-time comparison of SCADA data [37], point out the timely request for sector-specific
and of hydraulic simulations [22]. solutions and intersectoral cooperation.

Health care has gone towards Healthcare 5.0, which Emerging technologies such as artificial
includes wearables, blockchain, and quantum intelligence, blockchain, and quantum
cryptography. These technologies improve the cryptography offer promising avenues for
security of data while at the same time are resilient enhancing cybersecurity [12], [38]. Frameworks
to inbuilt dangers, such as database breaches or such as the NIST Cybersecurity Framework [18]
impersonation attacks. Nevertheless, piecemeal and the European NIS Directive [28] show the
introduction of GDPR and other regulation is significance of risk-based approaches and
restrained to the uniform adaptation of these international collaboration. Yet, unresolved
structures within the field [28, 38]. Specifically, in problems such as human factors [21], limited
the transport industry, there are risks in traffic resources, and piecemeal policies [16] require
control systems and V2X communications. ongoing investment in research, training, and
Deepening the domain [20, 32] by using harmonized international regulation.
blockchain-based solutions and state-of-the-art
Through the application of the lessons of the past
attack-fault tree methods provide more robustness.
and the utilization of new and disruptive
The digital platforms that the financial ecosystem technologies, key infrastructure sectors can create
has come all too accustomed to its dangerous resilience to profusely changing cyber threats.
symbiotic relationship creates its particular Maintaining the stability and security of these
systems is not a priori technical problem or a social Related-Issues-On-Legacy-Systems-A-
duty, but demands collective action among Review.pdf
governments, enterprises, and academia to
[7] A. J. Cartwright, “The elephant in the room:
guarantee the health and safety of the modern
cybersecurity in healthcare,” Journal of Clinical
world.
Monitoring and Computing, vol. 37, no. 5, Apr.
References: 2023, doi: https://doi.org/10.1007/s10877-
023-01013-5.
[1] None Afra Ansaria, “Analysis of Ukraine
power grid cyber-attack 2015,” World Journal [8] T. Ashley, S. N. G. Gourisetti, N. Brown, and
of Advanced Engineering Technology and C. Bonebrake, “Aggregate attack surface
Sciences, vol. 11, no. 1, pp. 410–412, Feb. 2024, management for network discovery of
doi: operational technology,” Computers & Security,
https://doi.org/10.30574/wjaets.2024.11.1.0 vol. 123, p. 102939, Dec. 2022, doi:
024. https://doi.org/10.1016/j.cose.2022.102939.

[2] Kaspersky, “What is WannaCry [9] I. Makhdoom, M. Abolhasan, J. Lipman, R. P.

ransomware?,” Kaspersky.com, 2024. Liu, and W. Ni, “Anatomy of Threats to the
https://www.kaspersky.com/resource- Internet of Things,” IEEE Communications
center/threats/ransomware-wannacry Surveys & Tutorials, vol. 21, no. 2, pp. 1636–
1675, 2019, doi:
[3] T. Wang et al., “Impact Evaluation of
https://doi.org/10.1109/comst.2018.287497
Cyberattacks on Connected and Automated
8.
Vehicles in Mixed Traffic Flow and Its Resilient
and Robust Control Strategy,” Sensors, vol. 23, [10] T. T. Nguyen and F. Mohammadi, “Cyber-
no. 1, p. 74, Dec. 2022, doi: Physical Power and Energy Systems with
https://doi.org/10.3390/s23010074. Wireless Sensor Networks: A Systematic
Review,” Journal of Electrical Engineering &
[4] J. Umoga, E. Oluwademilade, None
Technology, Apr. 2023, doi:
Olukunle Oladipupo Amoo, and None Akoh
https://doi.org/10.1007/s42835-023-01482-
Atadoga, “A critical review of emerging
3.
cybersecurity threats in financial
technologies,” International Journal of Science [11] F. Moazeni and J. Khazaei, “Sequential false
and Research Archive, vol. 11, no. 1, pp. 1810– data injection cyberattacks in water
1817, Feb. 2024, doi: distribution systems targeting storage tanks; a
https://doi.org/10.30574/ijsra.2024.11.1.028 bi-level optimization model,” Sustainable Cities
4. and Society, vol. 70, p. 102895, Jul. 2021, doi:
https://doi.org/10.1016/j.scs.2021.102895.
[5] C. Makridis and D. R. Desai, “Identifying
Critical Infrastructure in a World with Network [12] F. Akpan, G. Bendiab, S. Shiaeles, S.
Cybersecurity Risk,” SSRN Electronic Journal, Karamperidis, and M. Michaloliakos,
2021, doi: “Cybersecurity Challenges in the Maritime
https://doi.org/10.2139/ssrn.3898193. Sector,” Network, vol. 2, no. 1. Multidisciplinary
Digital Publishing Institute (MDPI), pp. 123–
[6] M. Ali, S. Hussain, M. Ashraf, and K.
138, Mar. 01, 2022. doi:
Paracha, “Addressing Software Related Issues
10.3390/network2010009.
On Legacy Systems -A Review.” Available:
https://www.ijstr.org/final- [13] M. Alazab, R. A. Khurma, M. García-Arenas,
print/mar2020/Addressing-Software- V. Jatana, A. Baydoun, and R. Damasevicius,
“Enhanced threat intelligence framework for
advanced cybersecurity resilience,” Egyptian [21] V. Gkioulos and N. Chowdhury, “Cyber
Informatics Journal, vol. 27, Sep. 2024, doi: security training for critical infrastructure
10.1016/j.eij.2024.100521. protection: A literature review,” Computer
Science Review, vol. 40. Elsevier Ireland Ltd,
[14] J. I. Alcaide and R. G. Llave, “Critical
May 01, 2021. doi:
infrastructures cybersecurity and the
10.1016/j.cosrev.2021.100361.
maritime sector,” in Transportation Research
Procedia, Elsevier B.V., 2020, pp. 547–554. doi: [22] M. Housh and Z. Ohar, “Model-based
10.1016/j.trpro.2020.03.058. approach for cyber-physical attack detection in
water distribution systems,” Water Research,
[15] M. Asmar and A. Tuqan, “Integrating
vol. 139, pp. 132–143, Aug. 2018, doi:
machine learning for sustaining cybersecurity
10.1016/j.watres.2018.03.039.
in digital banks,” Heliyon, vol. 10, no. 17, Sep.
2024, doi: 10.1016/j.heliyon.2024.e37571. [23] Y. Jiang, M. A. Jeusfeld, M. Mosaad, and N.
Oo, “Enterprise architecture modeling for
[16] R. Azmi, W. Tibben, and K. T. Win, “Review
cybersecurity analysis in critical
of cybersecurity frameworks: context and
infrastructures — A systematic literature
shared concepts,” Journal of Cyber Policy, vol. 3,
review,” International Journal of Critical
no. 2, pp. 258–283, May 2018, doi:
Infrastructure Protection, vol. 46. Elsevier B.V.,
10.1080/23738871.2018.1520271.
Sep. 01, 2024. doi:
[17] G. M. Caporale, W. Y. Kang, F. Spagnolo, and 10.1016/j.ijcip.2024.100700.
N. Spagnolo, “Cyber-attacks, spillovers and
[24] S. Khalid Khan, N. Shiwakoti, P.
contagion in the cryptocurrency markets,”
Stasinopoulos, and M. Warren, “Modelling
Journal of International Financial Markets,
cybersecurity regulations for automated
Institutions and Money, vol. 74, Sep. 2021, doi:
vehicles,” Accident Analysis and Prevention,
10.1016/j.intfin.2021.101298.
vol. 186, Jun. 2023, doi:
[18] Inc. Cisco Systems and The Chertoff Group, 10.1016/j.aap.2023.107054.
“Addressing Critical Infrastructure Cyber
[25] S. K. Khan, N. Shiwakoti, P. Stasinopoulos,
Threats for State and Local Governments
Y. Chen, and M. Warren, “Cybersecurity
Application of a Threat-Centric Approach
framework for connected and automated
through the NIST Cybersecurity Framework,”
vehicles: A modelling perspective,” Transport
2015. [Online]. Available:
Policy, vol. 162, pp. 47–64, Mar. 2025, doi:
https://www.cisco.com/c/dam/global/en_sg/
10.1016/j.tranpol.2024.11.019.
assets/pdfs/govt_n_critical_infra_2169_cistcg_
cisco_white_paper_v4-1.pdf

[19] S. Y. Diaba, M. Shafie-khah, and M. [26] M. Lagazio, N. Sherif, and M. Cushman, “A

Elmusrati, “Cyber-physical attack and the multi-level approach to understanding the
future energy systems: A review,” Energy impact of cyber crime on the financial sector,”
Reports, vol. 12, pp. 2914–2932, Dec. 2024, Computers and Security, vol. 45, pp. 58–74,
doi: 10.1016/j.egyr.2024.08.060. 2014, doi: 10.1016/j.cose.2014.05.006.

[20] Z. El-Rewini, K. Sadatsharan, D. F. Selvaraj, [27] Lawrence Damilare Oyeniyi, Chinonye

S. J. Plathottam, and P. Ranganathan, Esther Ugochukwu, and Noluthando
“Cybersecurity challenges in vehicular Zamanjomane Mhlongo, “DEVELOPING
communications,” Vehicular Communications, CYBERSECURITY FRAMEWORKS FOR
vol. 23. Elsevier Inc., Jun. 01, 2020. doi: FINANCIAL INSTITUTIONS: A
10.1016/j.vehcom.2019.100214. COMPREHENSIVE REVIEW AND BEST
PRACTICES,” Computer Science & IT Research [33] K. Raissouni, Z. Errabih, S. Bourekkadi,
Journal, vol. 5, no. 4, pp. 903–925, Apr. 2024, and R. Raissouni, “Cyber-attack crisis
doi: 10.51594/csitrj.v5i4.1049. management in the context of energy
companies,” in E3S Web of Conferences, EDP
[28] D. Markopoulou and V. Papakonstantinou,
Sciences, Aug. 2023. doi:
“The regulatory framework for the protection
10.1051/e3sconf/202341201076.
of critical infrastructures against cyberthreats:
Identifying shortcomings and addressing [34] H. Riggs et al., “Impact, Vulnerabilities, and
future challenges: The case of the health sector Mitigation Strategies for Cyber-Secure Critical
in particular,” Computer Law and Security Infrastructure,” Sensors, vol. 23, no. 8. MDPI,
Review, vol. 41, Jul. 2021, doi: Apr. 01, 2023. doi: 10.3390/s23084060.
10.1016/j.clsr.2020.105502.
[35] S. Rose, O. Borchert, S. Mitchell, and S.
[29] F. Mizrak and G. Reyhan Akkartal, Connelly, “Zero Trust Architecture,”
“Prioritizing cybersecurity initiatives in Gaithersburg, MD, Aug. 2020. doi:
aviation: A dematel-QSFS methodology,” 10.6028/NIST.SP.800-207.
Heliyon, vol. 10, no. 16, Aug. 2024, doi:
[36] M. Schmitt, “Securing the digital world:
10.1016/j.heliyon.2024.e35487.
Protecting smart infrastructures and digital
[30] S. Mohebbi et al., “Cyber-physical-social industries with artificial intelligence (AI)-
interdependencies and organizational enabled malware and intrusion detection,”
resilience: A review of water, transportation, Journal of Industrial Information Integration,
and cyber infrastructure systems and vol. 36, Dec. 2023, doi:
processes,” Sustainable Cities and Society, vol. 10.1016/j.jii.2023.100520.
62. Elsevier Ltd, Nov. 01, 2020. doi:
[37] M. H. Uddin, M. H. Ali, and M. K. Hassan,
10.1016/j.scs.2020.102327.
“Cybersecurity hazards and financial system
[31] A. Pinto, L. C. Herrera, Y. Donoso, and J. A. vulnerability: a synthesis of literature,” Risk
Gutierrez, “Survey on Intrusion Detection Management, vol. 22, no. 4, pp. 239–309, Dec.
Systems Based on Machine Learning 2020, doi: 10.1057/s41283-020-00063-2.
Techniques for the Protection of Critical
[38] M. Wazid, A. K. Das, N. Mohd, and Y. Park,
Infrastructure,” Sensors, vol. 23, no. 5. MDPI,
“Healthcare 5.0 Security Framework:
Mar. 01, 2023. doi: 10.3390/s23052415.
Applications, Issues and Future Research
[32] G. Pizzi, “Cybersecurity and its integration Directions,” IEEE Access, vol. 10, pp. 129429–
with safety for transport systems: Not a formal 129442, 2022, doi:
fulfillment but an actual commitment,” in 10.1109/ACCESS.2022.3228505.
Transportation Research Procedia, Elsevier
B.V., 2020, pp. 250–257. doi:
10.1016/j.trpro.2020.03.014.