Next Article in Journal
Accelerometer Measurements: A Learning Tool to Help Older Adults Understand the Importance of Soft-Landing Techniques in a Community Walking Class
Previous Article in Journal
Structural Monitoring Without a Budget—Laboratory Results and Field Report on the Use of Low-Cost Acceleration Sensors
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience

by
Muharman Lubis
1,*,
Muhammad Fakhrul Safitra
1,2,
Hanif Fakhrurroja
1,3 and
Alif Noorachmad Muttaqin
1
1
Master of Information System Study Program, School of Industrial Engineering, Telkom University, Main Campus (Bandung Campus), Jl. Telekomunikasi No. 1, Bandung 40257, West Java, Indonesia
2
Department of Network and Security, Pelayaran Nasional Indonesia, Jakarta 10130, Special Capital Region of Jakarta, Indonesia
3
Research Center for Smart Mechatronics, National Research and Innovation Agency, Bandung 40135, West Java, Indonesia
*
Author to whom correspondence should be addressed.
Sensors 2025, 25(15), 4545; https://doi.org/10.3390/s25154545
Submission received: 12 June 2025 / Revised: 14 July 2025 / Accepted: 14 July 2025 / Published: 22 July 2025
(This article belongs to the Section Internet of Things)

Abstract

The increased occurrence and severity of cyber-attacks on critical infrastructure have underscored the need to embrace systematic and prospective approaches to resilience. The current research takes as its hypothesis that the InfraGuard Cybersecurity Framework—a capability model that measures the maturity of cyber resilience through three functional pillars, Cyber as a Shield, Cyber as a Space, and Cyber as a Sword—is an implementable and understandable means to proceed with. The model treats the significant aspects of situational awareness, active defense, risk management, and recovery from incidents and is measured using globally standardized maturity models like ISO/IEC 15504, NIST CSF, and COBIT. The contributions include multidimensional measurements of resilience, a scored scale of capability (0–5), and domain-based classification enabling organizations to assess and enhance their cybersecurity situation in a formalized manner. The framework’s applicability is illustrated in three exploratory settings of power grids, healthcare systems, and airports, each constituting various levels of maturity in resilience. This study provides down-to-earth recommendations to policymakers through the translation of the attributes of resilience into concrete assessment indicators, promoting policymaking, investment planning, and global cyber defense collaboration.

1. Introduction

In an era of increasing globalization and digitalization dominance, critical infrastructure has undergone significant transformation, evolving into more than just a support system for modern life [1,2]. Today, critical infrastructure is no longer merely a supporting element but rather a complex system that serves as the vital artery, facilitating the life of the economy, maintaining social stability, and safeguarding national security [3,4,5]. These essential networks encompass transportation, energy, clean water, banking, and telecommunications systems, forming the foundation that supports fundamental daily life functions [6]. The security and resilience of critical infrastructure constitute the core driving forces behind the pulse of progress and the resilience of modern society [7,8]. The crucial role of this infrastructure not only influences societal well-being but also economic stability and national sovereignty [9,10]. Therefore, understanding and appreciating the essential role of critical infrastructure in daily life are imperative and cannot be ignored [11,12,13]. However, during an increasingly interconnected and automated modern era, critical infrastructure has become a vulnerable target for sophisticated and concerning cyber-attacks [14,15,16]. Cyber threats are no longer mere speculation; they manifest as real threats capable of disrupting the operations of our crucial infrastructure [17,18,19]. Their impact, akin to shockwaves, can propagate into the economic sector, threaten environmental integrity, and even endanger human lives [20,21,22].
Several notable incidents, such as the Stuxnet attack on Iran’s nuclear facilities [23,24], widespread power outages in Ukraine [25,26], and coordinated cyber-attacks in 2021 targeting water and waste systems in the United States [27,28], all underscore the increased risk to critical infrastructure [29,30]. Therefore, understanding and anticipating these threats are imperative, and the maximum efforts are required to protect critical infrastructure from cyber-attacks. Investment in advanced cybersecurity technologies and strategies is a necessity to safeguard our infrastructure and ultimately ensure the security and well-being of our society. In this context, the Thales 2022 Threat Report for Critical Infrastructure provides a deeper understanding of the impact of cyber-attacks on critical infrastructure [31,32,33]. This report summarizes key findings gathered from surveys of leaders and practitioners in critical infrastructure organizations, offering insights into mitigating risks such as ransomware and malware [34,35]. Interestingly, the survey notes that 79% of the respondents expressed concerns about the security risks of remote work, highlighting how changes in modern work patterns introduce new challenges into the security of critical infrastructure. Equally, 44 percent reported an increase in the volume, severity, and/or scope of cyber-attacks in the last 12 months, with 55% identifying malware as the most common cause of the rise in attacks [36,37]. This emphasizes the escalation of the threats faced by critical infrastructure worldwide.
As a concrete example, Australia reported 143 cyber-attacks on its critical infrastructure in the past year, up from 95 incidents the previous year. These attacks encompassed the energy, utilities, telecommunications, and transportation sectors [38]. Changes in the digital landscape in the last decade are also evident, with previously isolated Operational Technology (OT) systems becoming increasingly connected to the internet [39,40,41]. Smart IoT sensors power water and energy systems, and government operations are deeply rooted in data. Growing dependence on cloud platforms provides a vulnerable attack surface for threat actors and hostile nations [42,43]. In the face of these challenges, understanding and anticipating threats become crucial. The maximum efforts are required to protect critical infrastructure from cyber-attacks. Wise investment in advanced cybersecurity technologies and strategies is a necessity to ensure the security and well-being of our society. Continuous updates and adaptation to developments in technology and cyber threats are crucial steps in ensuring the resilience of critical infrastructure in this increasingly interconnected and automated era.

1.1. Research Contributions

Facing the challenges posed by the complexity of cyber threats and the unprecedented pace of technological change, protection and recovery from cyber-attacks have become urgent and inevitable needs. This research aims to design and implement structured strategies and organized methods for evaluating and enhancing cyber resilience in critical infrastructure. An innovative and data-driven resilience model is introduced in this study. Its goal is not only to effectively detect and respond to the impacts on critical infrastructure caused by adversaries but also to estimate and implement proactive preventive measures to prevent system failures and enhance service continuity. Additionally, this research proposes a comprehensive comparative analysis utilizing various cybersecurity metrics and in-depth analyses, leveraging limited features and available data. The objective is to provide better insights into the strengths and weaknesses of current cybersecurity systems and how they can be improved. This research strives to make a significant contribution to the efforts to protect critical infrastructure from increasing cyber threats, ensuring the survival and well-being of society. This includes not only maintaining the integrity and reliability of our infrastructure but also promoting sustainable economic growth and social stability. Therefore, this research contributes to global efforts to create a safer and more prosperous society in the digital era.

1.2. Research Questions

This research raises several key questions that are crucial to answer:
  • How can we design and implement an effective constructive resilience model to detect and respond to the impact of cyber-attacks on critical infrastructure?
  • How can we forecast and identify more effective preventive measures to prevent failures in vital infrastructure?
  • How can a comprehensive, in-depth comparative analysis using various metrics but limited features be conducted to measure and enhance the level of security in critical infrastructure?
  • How can this research provide practical and strategic guidance for decision-makers in companies managing critical infrastructure, as well as supporting global efforts to reduce negative impacts and respond to cyber-attacks?
This research aims to address these questions and provide deeper insights into the extent of critical infrastructure’s resilience to cyber threats and how to protect against them. Given the complexity and vulnerability of critical infrastructure to increasingly sophisticated cyber-attacks, this research encourages closer collaboration among various stakeholders, including companies, governments, industry bodies, and non-profit organizations, to strengthen cyber resilience comprehensively [29,44].

1.3. Implications and Innovations

In the context of critical infrastructure security, the applied security model plays a crucial role in ensuring comprehensive protection and detecting potential security issues [45,46]. Cyber threats can originate from various sources, including foreign nations attempting espionage operations, financially motivated hacking organizations, and malicious individuals aiming to cause harm [44,47,48]. With the advancement of technology, AI-supported cyber-attacks have become a reality, presenting new challenges and potential solutions to enhance the security of critical infrastructure [49,50]. Therefore, it is important for us to continue adapting and innovating in our security strategies and technologies to keep critical infrastructure safe amidst increasingly sophisticated and diverse cyber threats [51,52]. Overall, this research has very significant implications for efforts to enhance our critical infrastructure’s resilience to increasingly sophisticated cyber-attacks. This research also provides much-needed practical guidance on protecting our society and economy from cyber threats that can shake the foundations of our existence. This is a crucial step in maintaining quality of life, social stability, and economic sustainability in the face of cyber threats in this digital era. This research serves as a crucial pillar in building our defense against cyber threats and ensuring that our society and economy remain safe and thriving in this digital era. By leveraging the latest security technology and innovative defense strategies, this research aims to build a robust and adaptive security system that can respond to and counter increasingly complex and sophisticated cyber threats. Additionally, this research seeks to understand and anticipate the evolution of future cyber threats, ensuring that we can continue to protect our critical infrastructure and ensure the survival and well-being of our society.

2. Related Studies

2.1. A Journey Through Prior Works

In confronting escalating cyber threats to critical infrastructure, several studies have made significant contributions to understanding and addressing these challenges. These studies encompass various aspects, ranging from the utilization of artificial intelligence (AI) to detect and counter threats to the development of community sustainability models and practical tools that assist organizations in more effectively facing cyber threats. Therefore, it is crucial to be aware that diverse and innovative approaches are highly necessary to tackle increasingly complex and dynamic cybersecurity challenges.
One of the primary contributors to our understanding and handling of cyber threats to critical infrastructure is Abuhasel’s study [9]. In his work, Abuhasel proposed the Constructive Resilience Model Induced by Artificial Intelligence (AI-CRM) as a progressive step to enhance the cybersecurity of critical infrastructure. This model not only considers the potential influences that adversaries may have on infrastructure elements but also calculates probabilities based on the impact of previous attacks on infrastructure failures and responses to operational service. Through this approach, resilience can be improved by adding security measures that respond to the impact of attacks. Prokhorenko and Babar [53] also contribute by proposing a comprehensive architectural approach to enhancing the resilience of cloud-, Fog-, and Edge-based systems in the context of critical infrastructure. They introduce a capability-based framework designed to strengthen overall system resilience. Besides addressing trust issues in the context of resilience and system reliability, this research provides in-depth insights into existing solutions to enhance the resilience of distributed systems. Carías et al. [54] take a practical approach by developing a web-based operational tool to help organizations operationalize cyber resilience in critical infrastructure. This tool not only provides organizations with the ability to follow a comprehensive process, including the implementation of a cyber resilience framework, but also integrates a Cyber Resilience Self-Assessment Tool (CR-SAT) tested through case studies. Thus, this research highlights how web-based tools and technologies can facilitate and strengthen cyber resilience within organizations. Clark and Zonouz [55] discuss the robust operation of cyber-physical infrastructure in potentially adversarial environmental situations. They present a formal definition of resilience and assessment metrics that measure the system’s ability to recover from attacks within a specific time interval and the recovery cost. This approach illustrates how resilience assumes that sophisticated attacks can bypass protection and detection mechanisms, and thus, a robust system must be able to respond through reactive and proactive attack tolerance mechanisms. Valinejad and Mili [14] bring the concept of community sustainability into the understanding of resilience. They design a multi-agent model that integrates cyber, physical, and social aspects to understand readiness and adaptability in the face of threats. This research highlights that cooperation within a community can have a significant positive impact on individual behavior and that strong relationships within the community are a key factor in strengthening resilience. Domínguez-Dorado et al. [56] emphasize the importance of implementing a reference model in managing cybersecurity at a lower level in critical infrastructure. They propose a process which they call CyberTOMP for managing cybersecurity at this level and provide methodological elements supporting its implementation. This research indicates that cybersecurity management requires an integrated and holistic approach. Kumar, Alvarez, and Kumar [57] conducted relevant research on security resilience in commercial smart devices in the context of critical infrastructure. Their study discusses how cybersecurity attacks can affect the operations and data integrity of these smart devices, which play a central role in an increasingly important smart grid network. Ashley et al. [6] sound the alarm about the urgency of cybersecurity in critical infrastructure and introduce the Network Defense Training Game (NDTG) as a cybersecurity training platform. The NDTG uses scenario-based narratives based on historical cyber incidents and is designed to train users in their understanding of and skills in handling cybersecurity events and incidents in critical infrastructure. Makrakis et al. [45] provide a comprehensive survey of the threats and attacks on industrial control systems and critical infrastructure. This survey provides an in-depth understanding of the various threats and vulnerabilities faced by critical infrastructure. Simone et al. [58] present an innovative approach that combines the STAMP model with System-Theoretic Process Analysis for Security (STPA-Sec) and simulations to identify vulnerable controls across socio-technical systems in the context of critical infrastructure. This method has been applied in a case study on a water treatment plant and helped improve the resilience of that infrastructure to cyber threats.
Overall, these studies contribute significantly to understanding and enhancing resilience and cybersecurity in the context of critical infrastructure. With diverse approaches, ranging from the AI-CRM model to game-based cybersecurity training, as well as an analysis of cyber-attacks on smart meters and industrial control systems, these studies aim to strengthen the resilience of critical infrastructure against evolving threats. These studies play a key role in maintaining the continuity of operations and the security of systems vital to modern society and the economy. This demonstrates that research and innovation in this field are crucial to ensuring the security and resilience of our critical infrastructure.

2.2. Developing a Metric for Critical Infrastructure’s Cyber Resilience

Given the importance of maintaining the security and resilience of critical infrastructure in the face of increasingly complex cyber threats, the next step is to delve deeper into the development of a metric that can be used to measure the level of cyber resilience in critical infrastructure [59,60,61]. This metric plays a central role in assisting stakeholders, from companies to governments and non-profit organizations, in measuring the extent to which they have protected their infrastructure and how they can recover in emergency situations caused by increasingly complex cyber-attacks [62,63]. Additionally, this metric is crucial in evaluating the effectiveness of the strategies and tactics used to protect critical infrastructure, as well as in determining necessary improvement measures [64].

2.2.1. The Essence of a Critical Infrastructure Cyber Resilience Metric

A metric for measuring the cyber resilience of critical infrastructure should accurately reflect its complexity and vulnerability to evolving cyber threats [65,66]. Given the vital role of critical infrastructure in maintaining social and economic stability, this metric should provide a deep understanding of how stakeholders, including companies, governments, and non-profit organizations, can protect their infrastructure and to what extent they can recover in emergency situations [67]. This metric becomes a crucial cornerstone in ensuring that critical infrastructure continues to operate efficiently and securely, as well as in evaluating the effectiveness of the strategies and tactics used to protect critical infrastructure [68,69,70]. Furthermore, this metric serves as an objective and reliable evaluation tool for determining necessary improvement measures [71,72].

2.2.2. The Key Components of a Critical Infrastructure Cyber Resilience Metric

There are several key components of assessing critical infrastructure:
  • Risk Assessment and Vulnerability Assessment [73]: This metric should include a comprehensive risk assessment to identify potential vulnerabilities in critical infrastructure. This involves evaluating potential cyber threats that infrastructure may face, how often they may occur, and their potential impact [74]. In this context, providing vulnerability scores and risk levels may be necessary to help organizations prioritize actions and allocate resources [75]. Additionally, this assessment should also consider factors such as existing security policies, implemented security controls, and the organization’s level of readiness to face cyber threats [76].
  • Response and Recovery Capabilities [77]: This metric should reflect the extent to which critical infrastructure can respond to and recover from cyber-attacks. This includes assessing readiness for cyber incidents, including personnel training, emergency plans, and tools and systems supporting recovery [78]. The ability to respond quickly and effectively to attacks and recover efficiently is a key element in enhancing cyber resilience. Additionally, this metric should also consider factors such as response times, the effectiveness of response actions, and recovery process efficiency.
  • The Use of Advanced Technology [79]: The use of advanced technology, such as artificial intelligence, data analytics, and early detection systems, should be measured using this metric [80]. The implementation of these technologies can significantly enhance detection and response capabilities in the face of increasingly complex cyber threats. Therefore, evaluating the use of innovative technology is a key component of a metric of cyber resilience. Additionally, this metric should consider the extent to which these technologies have been integrated into the organization’s security system and their effectiveness in detecting and responding to cyber threats [81].
  • Collaboration and Information Sharing [82]: The level of collaboration with other stakeholders, both in the public and private sectors, should be a significant assessment factor in this metric [83]. The ability to share information and collaborate in protecting critical infrastructure collectively is a crucial element in ensuring optimal cyber resilience [84,85]. Additionally, this metric should also consider the extent to which organizations have built and maintained effective collaborative relationships with other stakeholders.
  • Impact Measurement and Recovery Times [86]: This metric should include measurement of the impact of cyber-attacks on critical infrastructure, including how quickly infrastructure can recover and resume operations after an attack [87,88]. This measurement provides insights into how much attacks affect operations and how long it takes for full recovery. Additionally, this metric should also consider factors such as the financial impact of attacks, the impact on the organization’s reputation, and the impact on customers or users of critical infrastructure.

2.2.3. The Metric Development Process

The process of developing this metric is a systematic and ongoing step that involves several crucial stages:
  • Analysis of Cyber Threat Trends and Patterns [89]: Focus on analyzing trends and patterns in cyber threats without having to collect specific data [90]. Identify common characteristics of previous attacks, frequently targeted infrastructure, and relevant performance indicators. By understanding these trends, strategic insights can be developed to enhance security without further data collection [89].
  • The Implementation of Security Metrics [91]: Focus on implementing security metrics by utilizing all previously identified information. This involves applying formulas or equations designed to measure security based on identified trends and patterns in cyber threats [92]. Additionally, the metric implementation should consider factors such as the metric’s consistency with organizational goals, the metric’s usability, and the metric’s capability to provide significant insights.
  • Contextual Analysis and Metric Assessment [66,93]: At this stage, the focus is on a contextual analysis and metric assessment. This involves exploring real-world situations without relying on testing [45]. The process may include narrative-based assessments related to the effectiveness of the metric in depicting potential cyber threats faced by organizations. Metric evaluation also needs to consider the reliability, consistency, and relevance of the metric to security environmental dynamics.
  • Advanced Development [94]: This stage involves reviewing and improving the metric based on testing results and feedback from users. This may involve adjusting formulas or equations, adding or subtracting metric components, or changes in the data collection processes. The goal is to ensure that the metric remains relevant and effective in measuring the cyber resilience of critical infrastructure [71].

2.2.4. Applications of the Metric

The metric of cyber resilience in critical infrastructure has several significant applications:
  • An Evaluation of Current Resilience Levels [95]: Organizations can use this metric to evaluate the current level of cyber resilience and identify areas where improvements are needed [96,97]. This helps organizations identify priorities for improvement actions and plan effective strategies for enhancing cyber resilience.
  • Comparison with Standards and Regulations [98]: This metric allows organizations to compare their level of resilience with industry standards or applicable regulations. This helps organizations ensure compliance with existing guidelines and regulations and determine areas where they may need to make improvements.
  • Planning and Resource Allocation [99]: This metric helps organizations plan efficient resource allocation efforts to improve cyber resilience [100]. With the data generated by the metric, organizations can prioritize their resource usage and plan effective strategies for improving cyber resilience.
  • Reporting and Accountability [101]: This metric can be used to provide reports on the status of cyber resilience to stakeholders and regulatory authorities [102]. This is a crucial step in maintaining transparency and accountability regarding the security of critical infrastructure.
  • Comparison with Other Organizations [103]: This metric allows for comparison with other organizations in the same sector or a similar sector. Through this comparison, organizations can identify the best practices and see how they compare with other organizations.
The development of a metric for cyber resilience in critical infrastructure is a crucial step in safeguarding increasingly interconnected critical infrastructure from complex cyber threats. This metric provides a clear insight into how well critical infrastructure is protected and can recover in emergency situations. Thus, this metric is not only a measurement tool but also a vital instrument in ensuring the continuity of operations of critical infrastructure crucial to the well-being and sustainability of our society and modern economy. In the face of evolving cyber threats, the development of this metric is a proactive step in ensuring the resilience of critical infrastructure crucial to our well-being and sustainability.

2.3. Fortifying Resilience in Critical Infrastructure

To comprehend the intricacies of critical infrastructure resilience and why it is crucial in an increasingly interconnected and complex world, we need to delve deeper into this concept [104,105]. In the context of critical infrastructure, resilience refers to a system’s ability to withstand and function in accordance with its primary objectives [106,107]. For instance, when considering backup solutions, the primary goal is to maintain the system’s reliability in the face of potential data losses, which could be a significant disaster if not handled properly. This is why resilience becomes key in safeguarding the operations of critical infrastructure, often under high pressure [54,108].

2.3.1. Resilience vs. Reliability: Differences and Interconnection

It is essential to differentiate between “resilience” and “reliability”, as these terms are often used interchangeably [109]. In the context of critical infrastructure, resilience is, in fact, a key element in achieving a high level of reliability. Therefore, while resilience is the process that enables infrastructure to continue operating even in challenging conditions, reliability is the desired outcome of that process [110]. We can view resilience as the foundation that enables reliability. In many ways, resilience is crucial to achieving the desired reliability of critical infrastructure systems.
While conceptually different, resilience and reliability also differ quantitatively. In this context, resilience may be defined as a function of the primary reliability measures. For instance, resilience (R) may be approximated as
R = ( 1 M T T R / M T B F )
where MTTR stands for the Mean Time to Recovery and MTBF stands for the Mean Time Between Failures. The equation suggests that decreased recovery times and increased operational stability contribute to greater overall resilience. Although no empirical evidence is included in this present study to validate this formula, the equation offers the basis for subsequent simulations and field testing. Follow-up research could analyze historical incident records with the aim of calibrating and implementing this measure for different kinds of infrastructure.

2.3.2. Addressing Diverse Challenges

Critical infrastructure faces various challenges that can impact its operations. Physical threats such as natural disasters, terrorist attacks, and increasingly sophisticated cyber threats are concrete examples of these challenges. In operational reality, resilience solutions often focus on groups of potential factors that may disrupt infrastructure. By understanding these factors deeply, we can develop more effective and reliable resilience strategies to address these diverse challenges.

2.3.3. Fault Tolerance Mechanisms: The Heart of Critical Infrastructure’s Resilience

In the context of critical infrastructure, fault tolerance mechanisms are a key element that enables reliable and continuous operations. These mechanisms consist of two main layers. First, there is the business logic layer responsible for maintaining the normal operation of the system, ensuring that all operations proceed as planned. Then, there is the meta-layer that handles errors and the recovery process in case of disruptions [53,111]. This concept allows for flexibility in implementing fault tolerance in existing or developing infrastructure [112]. Moreover, it is important not only to focus on the resilience of physical infrastructure but also on the resilience of agents or monitoring modules, often overlooked in resilience planning. Some approaches even emphasize what is referred to as “gray failure” rather than “hard failure”. This means that the primary focus is on resilience to specific service disruptions rather than just focusing on potential failures [113,114,115].

2.3.4. Categories of Resilience Solutions for Critical Infrastructure

If we categorize resilience solutions for critical infrastructure, we can classify them into three main categories, as depicted in Figure 1:
Cyber as a Shield [116]: This category includes various crucial aspects such as situational awareness, security assurance, and resilience principles. The focus of this category is to protect systems and data from various threats and attacks [117,118]. Situational awareness involves understanding and knowledge of the operational system environment and how changes in the environment can affect system operations. Security assurance involves a series of steps taken to ensure that the system is protected from various threats and attacks. Resilience principles refer to fundamental principles guiding the design and operation of systems to ensure their resilience to threats.
Cyber as a Space [116]: The second category includes aspects such as risk management, infrastructure resilience, and infrastructure readiness. The focus of this category is to ensure that critical infrastructure can operate effectively and efficiently in various conditions. Risk management involves identifying, assessing, and prioritizing risks, followed by resource allocation to minimize, monitor, and control risk impacts. Infrastructure resilience refers to the ability of infrastructure to withstand and recover from various threats and challenges. Infrastructure readiness involves pre-emptive steps to prepare infrastructure for potential threats and attacks.
Cyber as a Sword [116]: The third category includes aspects such as active defense, critical infrastructure awareness, infrastructure protection policies, and critical incident recovery. The focus of this category is to take proactive actions in detecting, preventing, and responding to attacks on systems. Active defense involves proactive actions taken to detect, prevent, and respond to attacks on systems. Critical infrastructure awareness involves an understanding of the importance of critical infrastructure and how vulnerabilities in that infrastructure can affect national security and the economy. Infrastructure protection policies involve policies and procedures designed to protect infrastructure from physical and cyber threats. Critical incident recovery involves the steps taken after an incident to restore normal system operations as quickly as possible.
A model known as the “InfraGuard Cybersecurity Framework” is formed by these three main categories of critical infrastructure resilience solutions (Table 1). This model provides a clear and comprehensive view of the framework’s overall structure. By reviewing this model, we can understand how each part of the framework interacts and works together to form a robust and efficient security system. Figure 2 displays this model. It is important to remember that critical infrastructure is the backbone of our daily lives, both economically and in terms of national security. With a profound understanding of resilience concepts in the context of critical infrastructure, we can prepare better to face various potential threats. With the increasing interconnectedness of the world and the growing complexity of cyber-attacks, effective resilience strategies have become increasingly vital in maintaining operational continuity and societal security. By continuously developing and implementing appropriate resilience solutions, we can enhance the resilience of our critical infrastructure and protect our future [119]. Furthermore, understanding the concept of resilience also helps us appreciate the role of critical infrastructure in maintaining the stability of our social and economic life, ultimately influencing our quality of life [120,121]. Therefore, preparing critical infrastructure well is a shared responsibility for all of us. As we move towards an increasingly complex future, resilience in critical infrastructure is a strong foundation that will help us face challenges with confidence and self-assurance [122,123].

3. Method

3.1. Charting Resilience Metrics

3.1.1. The Important of Process Evaluation Models in Resilience Measurement

To gain a deeper understanding of the concept of resilience in the context of critical infrastructure, it is necessary to explore process evaluation models [124,125]. Process evaluation models form a vital framework in the detailed understanding and measurement of resilience, and this becomes a key element in efforts to enhance the resilience of critical infrastructure [126,127]. This model consists of two main dimensions. The first dimension is the type of process. This dimension refers to various types of processes related to critical infrastructure. These processes are detailed and grouped into meaningful categories. For example, this includes cybersecurity processes, disaster recovery processes, or monitoring and response processes.
The “InfraGuard Cybersecurity Framework” visual model is newly synthesized by the authors to quantify and define cyber resilience for critical infrastructure contexts. The model offers a two-dimensional methodology through the crossing of capability maturity levels (Level 0 to Level 5) and functional domains categorized as Cyber as a Shield, Cyber as a Space, and Cyber as a Sword. These metaphorical spaces are referred to individually to encapsulate the individual strata of organizational protection across passive safeguarding and system robustness to active incident management. While the constituent components (for example, situational sensing, infrastructure robustness, incident restoration, etc.) are widely recognized in the cybersecurity literature, the nomenclature, configuration, and diagonal matrix representation are new to this research.
This framework takes conceptual cues from several recognized models and standards. These vertical maturity levels are based on concepts in capability maturity models such as ISO/IEC 15504 (now ISO/IEC 33000 series) and the COBIT Process Assessment Model, which outline process sophistication and institutionalization levels. The horizontal classification of elements reflects themes in the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover), rearranged under a new taxonomy. In addition, the model encourages the philosophy of use cases such as AI-CRM, STPA-Sec, and DHS’s Cyber Resilience Review, which emphasize the utilization of stacked, dynamic defense systems. By combining these backgrounds into one consistent and easy-to-understand model, this framework is an easy tool to employ to assess, communicate, and guide cyber resilience strategy enhancements.
The second dimension in this model is the level of competence. In this dimension, process attributes are grouped into several competence levels. These attributes are measurable characteristics that help us classify how effective and competent a process is in performing its tasks. These attributes may include the process’s ability to detect threats, respond to incidents, or plan for recovery.

3.1.2. Levels of Process Competence in the InfraGuard Cyber Resilience Framework

The “InfraGuard Cyber Resilience Framework” is a crucial tool that helps categorize security processes into six levels based on their progress and effectiveness. How resilience metrics are charted can be observed in the illustration in Figure 3.
  • Level 5—Security Process Enhancements: This is the highest level in the framework, where security processes have been fully optimized. At this stage, security processes not only run smoothly but are continually improved and perfected based on feedback and learning from previous experiences. Organizations at this level have achieved the highest maturity level in security processes, and each aspect is optimized for full effectiveness. Organizations at this level are leaders in cybersecurity practices.
  • Level 4—A Consistent Security Process: At this level, security processes run with consistency and predictability. The processes yield consistent results and meet established quality standards. Consistency is key here, meaning organizations can rely on security processes to deliver predictable results without much variation or uncertainty. Organizations at this level have achieved a very high level of resilience in maintaining cybersecurity.
  • Level 3—A Solidified Security Process: At this level, security processes have become robust and established. The processes have proven effective in practice and have become an integral part of daily operations. This indicates that organizations have successfully built a strong foundation for their security, and these processes are considered mature practices in their operations. Organizations at this level have achieved a high level of resilience in maintaining their critical infrastructure.
  • Level 2—A Supervised Security Process: At this level, security processes are closely monitored to ensure that all activities proceed according to the planned and established standards. Supervision is a crucial component here, and organizations ensure that security processes unfold as expected, although there may still be room for improvement. Organizations at this level are striving to enhance their resilience and planning the necessary steps to reach a higher level.
  • Level 1—An Executed Security Process: At this level, security processes are being executed. Basic security measures have been implemented, and the processes are running according to the basic plan. This is an initial step indicating that the organization has taken basic actions to protect its infrastructure. While work still remains, the first step towards resilience has been taken.
  • Level 0—An Unfinished Security Process: This is the lowest level in the framework, where the security processes are unfinished. Some aspects of the processes may not have been implemented or may not be functioning well. This indicates that significant work is needed to achieve a worthy level of resilience.

3.1.3. The Social Dimension in Resilience Measurements

Not only processes and technology influence the resilience of critical infrastructure. Social factors also play a crucial role in how people interact and collaborate in the face of threats [128]. The level of understanding and awareness in society about cybersecurity threats significantly impacts the ability to contribute to maintaining the security of critical infrastructure. The higher this level of understanding and awareness, the better society can participate in ensuring security [129]. This understanding includes knowledge of potential threats and the actions to be taken in emergency situations. Coordination and collaboration among various stakeholders also become crucial elements in resilience [130]. The ability to work together and share information effectively can enhance responses to threats and help ensure the continuity of critical infrastructure operations.

3.1.4. Integrating Process and Social Dimensions into Resilience Measurements

By combining process and social dimensions into resilience measurements, we can understand how complex critical infrastructure faces challenges [131,132]. Comprehensive measurement involves evaluating organizational processes and public understanding, as well as the readiness and coordination levels among various stakeholders. In this way, we can obtain a deeper insight into the level of resilience of critical infrastructure and identify areas where improvements are needed.

3.1.5. The Importance of a Multidimensional Approach

The conclusion that can be drawn is that measuring the resilience of critical infrastructure is a crucial step in ensuring cybersecurity. In an era of increasingly complex threats, there is no single solution that can guarantee resilience. Instead, a multidimensional approach that includes a deep understanding of organizational processes, the level of competence in performing security tasks, and the role and readiness of society is key to achieving higher resilience levels [133]. All parties involved in critical infrastructure, whether government, private organizations, or the public, need to contribute to these efforts to ensure uninterrupted operational continuity. By focusing on comprehensive measurement and understanding, we can build a safer future that is more resilient to evolving cybersecurity threats. Through joint efforts and collaboration, we can maintain the resilience of critical infrastructure, which, in turn, will help protect the social and economic stability we heavily depend on. In doing so, we can move forward in facing future challenges that are unseen but are sure to come.

3.2. The Resilience Spectrum

3.2.1. The Conceptual Structure of the Resilience Spectrum

In an era characterized by constant change and uncertainty in the cyber world, understanding the spectrum of resilience is a crucial obligation to secure critical infrastructure and processes. This involves evaluating the ability of a process to achieve business goals, both ongoing and expected in the future. The capability dimension is a key parameter in measuring the resilience level of processes or infrastructure. This model considers a set of process attributes grouped into various capability levels, following the guidelines provided by ISO/IEC 15504-2:2003 and COBIT 5. We will classify the capability indicators for each aspect: Cyber as a Shield, Cyber as a Space, and Cyber as a Sword [116].
Additionally, the resilience spectrum is represented in Figure 4, providing a visual depiction of the spectrum’s significance in enhancing the resilience of critical systems.
Cyber as a Shield [116]:
  • Situational Awareness: Situational awareness is crucial in enhancing resilience to cyber threats. Organizations and infrastructure need to actively monitor and detect changes in their operational environment that can affect security. This includes monitoring network traffic, analyzing suspicious activities, and understanding current trends in cyber-attacks.
  • Security Assurance: Security assurance involves the actions taken to ensure that systems are secure from threats and attacks. This includes periodic security risk assessments, the implementation of risk mitigation measures, and ensuring strict adherence to security standards.
  • Active Defense: The ability to conduct active defense is crucial. Organizations need to have strategies and tools that allow them to detect attacks as early as possible, respond quickly, and even take proactive actions to block or thwart attacks before they damage the system.
  • Risk Management: Effective risk management is a vital component of cyber defense. This involves identifying, assessing, and managing the risks associated with cyber-attacks. Risk management can help organizations prioritize risk mitigation and allocate appropriate resources.
Cyber as a Space [116]:
  • Infrastructure Resilience: The ability of infrastructure to withstand and recover from various threats is key to creating a safe space in the cyber context. This involves planning and implementing strategies to maintain infrastructure operability even in challenging situations.
  • Critical Infrastructure Awareness: Awareness of the importance of critical infrastructure is the first step in protecting it and mitigating risks. Organizations need to understand the vulnerabilities in critical infrastructure and how its vulnerabilities can impact national security and the economy.
  • Resilience Principles: Resilience principles should guide the design and operation of infrastructure. This includes fundamental principles that guide the design, implementation, and maintenance of infrastructure to remain resilient to threats.
  • Infrastructure Safeguarding Policy: Policies and procedures designed to protect infrastructure from physical and cyber threats are key steps in creating a safe space in the cyber context.
Cyber as a Sword [116]:
  • Infrastructure Preparedness: Infrastructure preparedness involves pre-emptive measures to prepare infrastructure for potential threats and attacks. This includes planning, personnel training, and security scenario testing.
  • Critical Incident Recovery: Taking steps after a cyber incident to restore normal system operations as quickly as possible is crucial. This involves system recovery, data recovery, and measures to avoid similar incidents in the future.
In the ever-changing cyber world, a deep understanding of the resilience spectrum is key to protecting infrastructure and ensuring business continuity. Organizations must continually adapt and innovate to face evolving challenges. With a deeper understanding of each aspect in the resilience spectrum, organizations can identify areas that need improvement and further investment, ensuring they can maintain their resilience in a dynamic cyber world. As cyber-attacks increase and risks continue to evolve, understanding the resilience spectrum is a valuable guide to keeping critical infrastructure and processes secure and high-performing.

3.2.2. A Quantitative Scoring Model for Resilience Components

To enable the proposed framework to be applied in practice, a quantitative scoring system is introduced for each element of the InfraGuard Cybersecurity Framework. The system enables organizations to measure their cyber resilience maturity in different functional areas in a structured and measurable way. By translating qualitative assessments into numerical scores, stakeholders can more readily understand existing gaps, monitor improvements over time, and support decision-making with evidence-based metrics. Each element in the model, from situational awareness to incident recovery, is assigned a set of definite indicators that reflect its operational maturity. It is rated on a 0 to 5 scale, which indicates increasing levels of maturity, from non-existent or ad hoc processes to fully integrated, automated, and optimized capabilities. The rating is based on definite criteria, such as monitoring coverage, system availability, policy enforcement, and recovery time, designed to be realistic and quantifiable. The framework allows technical teams, not to mention management, to align their measurement activities with global standards such as ISO/IEC 15504, NIST CSF, and COBIT. The scoring values assigned to each component in Table 2 are designed to reflect measurable indicators based on the available operational data. These values may be obtained through methods such as system log audits, uptime/downtime tracking, training records, and structured expert assessments, depending on the organization’s internal monitoring capacity. The resulting component-level scores contribute to the overall resilience evaluation, as illustrated in Table 3, which aggregates these scores into a total resilience level classification.
This quantitative model is not only a benchmarking tool but also a roadmap to incremental cybersecurity improvements for critical infrastructures. By identifying weak areas and defining measurable goals, organizations can prioritize actions based on their urgency and available resources. Furthermore, this scoring system can support internal auditing, policy reviews, and investment decision-making, as well as cross-organization comparisons and reporting to regulatory bodies. Last, the table offers a brief, adaptable template for translating complex notions of resilience into specific actions.

4. Results

Performance Metrics

Performance metrics, as shown in Figure 5, are used to evaluate whether process attributes have been achieved.
To measure an organization’s or infrastructure’s ability to face cyber threats according to three main aspects, Cyber as a Shield, Cyber as a Space, and Cyber as a Sword [116], the following are assessment indicators that can be used to provide a deeper understanding of how an organization or infrastructure assesses its readiness to face cyber threats:
Level 5—Security Process Enhancements: At Level 5, organizations have reached their peak readiness in facing increasingly complex cyber threats. “Enhanced Security Process”, as a central element at Level 5, reflects a high level of adoption of the latest technology. Organizations at this level not only keep up with the latest developments but also actively innovate. In addition to adopting the latest technology, they also implement continuous improvement measures, including comprehensive updates to technology, policies, and security practices. Security processes at Level 5 are a perfect blend of cutting-edge technology and continuous optimization. “Upgraded Security Process” emphasizes that security processes have been substantially enhanced in terms of their effectiveness, efficiency, and reliability. Organizations at Level 5 have successfully created security processes that operate with a high level of reliability, consistently and efficiently responding to threats. They have implemented technology updates and improved their security policies comprehensively. Furthermore, “Enriched Security Process” sharpens the focus on a deep understanding of cyber threats. Organizations at Level 5 not only rely on high-end technology but also deepen their understanding of various threats. They engage various stakeholders and apply a holistic approach to combating cyber-attacks. Their security processes not only mitigate risks but also provide valuable insights for executive decision- making. Organizations at Level 5 serve as examples of innovation, adaptation, and leadership in facing cyber threats.
Level 4—Consistent Security Processes: Level 4 emphasizes consistency and reliability in executing security processes. “Consistent Security Process” indicates that organizations can routinely carry out security actions and produce stable results. They can consistently respond to threats and predict their outcomes. Organizations at Level 4 have achieved remarkable discipline and alignment in executing security processes. They execute security actions routinely, creating a very high level of readiness. “Stable Security Process” indicates that security processes operate with stability and consistency. They have successfully maintained the reliability of their security processes in the face of changes in the operational environment. Organizations at Level 4 have reached a stage where their security processes remain effective even in the face of rapidly evolving cyber threats. “Regular Security Process” reflects an organization’s discipline in executing security processes according to the existing policies and guidelines. They have ensured that each step is closely followed according to established procedures. Additionally, Level 4 is a stage where organizations have successfully struck a balance between flexibility and discipline in executing security processes. They can adapt to new threats and respond with high consistency. Organizations at Level 4 are exemplars of discipline, consistency, and reliability in facing cyber threats.
Level 3—Solidified Security Processes: Level 3 is a stage where organizations have successfully solidified their security processes as an integral part of their day-to-day operations. “Solid Security Process” indicates that security processes have become solid and established. These processes have proven effective in protecting data, systems, and organizational operations. They have successfully created a strong and proactive security culture throughout the organization. Organizations at Level 3 have a very high level of readiness to face cyber threats. “Firm Security Process” indicates that security processes function securely and provide reliable protection against cyber-attacks. Organizations at Level 3 can confront attacks with confidence that their security processes will preserve the integrity, confidentiality, and availability of their information. They have built a strong foundation for maintaining cybersecurity throughout the organization. “Steady Security Process” is a stage where security processes operate stably and can handle threats effectively. They have achieved a balance between responding to cyber threats and day-to-day operations. Organizations at Level 3 are role models in integrating security into every aspect of their operations, resulting in strong resilience against cyber threats.
Level 2—Supervised Security Processes: At Level 2, tight supervision takes the spotlight. “Supervised Security Process” indicates that organizations ensure that all activities proceed according to established plans and standards. With strict supervision, organizations can ensure discipline in executing security processes. This supervision includes monitoring activities and ensuring that actions comply with established plans and standards. Organizations at Level 2 have a robust supervision system that ensures consistency in executing security processes. “Monitored Security Process” notes that security processes are regularly monitored to detect anomalies or policy violations that may occur. This active supervision allows organizations to detect issues quickly and respond accordingly. Organizations at Level 2 have achieved a high level of supervision, enabling them to identify and address potential risks effectively. “Controlled Security Process” emphasizes taking security measures with tight controls according to existing guidelines. In this context, control is crucial to ensuring that security processes run as expected. Organizations at Level 2 have achieved a high level of supervision and tight control in executing their security processes.
Level 1—Executed Security Processes: At Level 1, organizations have implemented basic security measures and executed them according to basic policies. This process represents the initial steps in building the foundation for higher levels of security. They have embarked on their journey toward higher security levels. “Executed Security Process” indicates that organizations at Level 1 have implemented basic security measures effectively. They execute security processes according to basic policies and established guidelines. Although they are still in the early stages of the journey towards higher readiness to face cyber threats, these initial steps demonstrate their commitment to protecting their assets and data. “Operated Security Process” reflects that organizations at Level 1 execute security processes according to basic policies, although they have not yet achieved a high level of consistency. This is the initial stage of building a strong foundation in executing security processes. They have started their journey to enhance their security, but more time and effort are needed to reach higher levels. “Run Security Process” shows that security processes are being executed, albeit still in the early stages of development and implementation. Organizations at Level 1 have taken the first steps in their journey toward higher security levels. They have initiated efforts to improve their security but still require further development and a deeper understanding of cyber threats.
Level 0—Unfinished Security Process: At Level 0, organizations are aware that their security processes are unfinished and require further planning and actions for implementation. This process is still in the early stages of design and needs a deeper understanding of the cyber threats faced. Organizations at Level 0 are aware that they need to start their journey to facing cyber threats and plan the steps they will take. “Unfinished Security Process” reflects that organizations at Level 0 have identified that further efforts are needed to enhance their security. Their security processes are still in the early stages of design and have not been fully implemented. This is a call for improvements and developments in executing security processes. “Incomplete Security Process” indicates that some aspects of security processes may not have been implemented or may not be functioning well. Organizations need more effort to address these weaknesses and ensure that their security processes are more complete. “Partially Done Security Process” suggests that some security steps may have been taken, but these processes are still far from the expected effectiveness. Organizations at Level 0 have initiated efforts to improve their security but still require further development and a deeper understanding of cyber threats.
The level of readiness to face cyber threats is an integral component in maintaining the security and continuity of organizational operations, infrastructure, and information systems in the current digital era. This readiness encompasses several crucial aspects that form the foundation of defense and resilience against increasingly complex cyber-attacks. One major aspect of readiness for cyber threats is technology adoption. Organizations at the forefront of readiness can adopt the latest technology in the context of cybersecurity. They implement cutting-edge security solutions and tools that help them identify, mitigate, and respond to threats effectively. The adoption of the latest technology also includes continuous updates and monitoring of new developments in security technology. Organizations that can follow security technology trends have an advantage in facing constantly evolving cyber threats. In addition to technology adoption, consistency in executing security processes is a key factor in readiness. Consistency involves the routine and predictable implementation of security actions. Organizations with consistent security processes execute them with a high level of order, producing stable results. Consistency also includes maintaining the reliability of security processes in the face of changes in the operational environment. High consistency in executing security processes creates a high level of trust in protecting assets and data.
Supervision is another crucial aspect of readiness for cyber threats. Organizations that implement strict supervision ensure that all activities proceed according to established plans and standards. With tight supervision, organizations can ensure that security processes are executed with discipline and in accordance with existing guidelines. This supervision includes monitoring security activities to detect anomalies or policy violations that may occur. Organizations that can detect issues quickly and respond accordingly have an advantage in facing cyber threats. The integrity of security processes is a key foundation in readiness for cyber threats. Organizations that ensure the integrity of security processes execute procedures and policies strictly, preventing violations or manipulations that attackers may attempt. Integrity also includes a deep understanding of cyber threats and the maintenance of strong security principles. Organizations with uncompromising security processes have a stronger defense against cyber-attacks [134,135].
Adaptation and innovation are also essential elements in readiness for cyber threats. Organizations that can adapt quickly to new threats and innovate their security solutions have an advantage in facing increasingly complex attacks [136,137]. The ability to respond to cyber threats with flexibility and creativity allows organizations to stay ahead in the battle against cyber-attackers. In addition to technical aspects, a security culture also plays a crucial role in readiness. Organizations that create a strong security culture encourage all team members to prioritize security in every action and decision they make. A security culture shapes a proactive attitude toward facing cyber threats and turns security into a shared responsibility. With a strong security culture, organizations can create more effective defenses against cyber-attacks. Periodic readiness evaluations are an important tool in helping organizations identify their level of readiness in facing cyber threats. By understanding how far they have progressed in each aspect of readiness, organizations can plan and implement continuous improvements. Periodic evaluations also allow organizations to monitor their progress in enhancing their level of cybersecurity readiness. A combination of technology adoption, consistency, supervision, integrity of security processes, adaptation, innovation, and a security culture forms a comprehensive framework in facing cyber threats [138,139]. Organizations that combine these elements well have a strong defense against constantly evolving cyber threats. Strong cybersecurity readiness not only secures organizational data and operations but also protects modern society and the economy from the detrimental impact of cyber-attacks.
In Figure 6 six-stage maturity model shown above is the one that has been used in the quantification of cyber resilience processes in critical infrastructure settings. The posture of each level specifies another operating position, from Level 0 (Unfinished), where no security processes have been formalized, to Level 5 (Enhancement), where security processes are proactively reactive and continuously optimized. These stages have been titled Reportive, Reactive, Preventive, Detective, Responsive, and Adaptive, following the progression from basic reporting and reaction to active defense, detection, and long-term resilience. This maturity transition allows organizations to identify where they are today and balance high-priority development in particular areas throughout security functions as a basis for the scoring model described in the following section.

5. Discussion

5.1. Resilience Grading

Security strength assessments are a crucial step in measuring an organization’s readiness to face cyber threats [140,141]. This assessment process utilizes a standard grading scale to measure the extent to which the organization has achieved its security goals. The following is a deeper explanation of the grading scale and its implementation:
  • D (Did Not Meet): If a security element or achievement receives a “D” grade, this indicates that the element has not yet reached its goal. A “D” grade indicates that the achievement of this element is in the range of 0% to 20%. This is a concerning point, as it signifies significant weaknesses in that element. Organizations should promptly identify and address these weaknesses to achieve an adequate level of security.
  • A (Approaching): When an element or achievement is graded as “A”, this indicates that the element is approaching its goal but still falls within the range of over 20% to 50%. This shows progress, but there is still work required to reach the desired level of security strength. Organizations need to make further improvements to achieve an adequate level of security.
  • M (Moderately Met): The “M” grade indicates that an element or achievement has been moderately met, with achievement in the range of more than 50% to 75%. This is a positive sign that the organization has made significant progress in achieving better security. However, there is room for further improvement to reach the optimal level of security.
  • W (Well Achieved): The “W” grade signifies that an element or achievement has been well achieved, with achievement in the range of more than 75% to 90%. This is a commendable level of security strength but still allows for minor improvements. Organizations need to monitor this element to maintain a good level of security.
  • E (Exceeds Expectations): When an element or achievement receives an “E” grade, this means that the element has not only reached but exceeded expectations, achieving a very high level of security in the range of more than 90% to 100%. This is an outstanding achievement that demonstrates an organization’s ability to maintain security at the highest level. It is essential to continue monitoring and maintaining this very high level of security.
Additionally, resilience grading is represented in Table 4, providing a visual depiction of the resilience assessment and the extent to which an organization has attained its security objectives.
The importance of security strength assessments lies in the fact that it is a continuous process. Organizations must periodically reassess to monitor changes in the cybersecurity environment and ensure that all security elements remain adequate. In this process, there should be no significant weaknesses related to the assessed attributes. Consistency is crucial in determining the assigned grades, as described in Table 4 regarding assessments in terms of the percentages achieved. Assessors use this scale to determine the level of capabilities achieved. By consistently applying these criteria, each assessment can be based on a structured formality level. This not only allows for comparisons across an organization but also across different companies. Thus, this assessment process becomes a crucial tool to ensure the security and efficiency of organizations.

5.2. The Future of Cyber Resilience

The future of cybersecurity stands at a challenging crossroads, where technology advances rapidly amid increasingly sophisticated cyber threats. Several key aspects, supported by research [142,143], will shape this future, including the integration of artificial intelligence (AI) and machine learning (ML) technologies into cybersecurity defense. These advancements enable real-time data analysis, pattern recognition, and high-accuracy anomaly detection, allowing organizations to rapidly detect and efficiently respond to threats. Enhanced collaboration, as highlighted by sources [144,145], is imperative in the face of global cyber threats. International cooperation, information exchange, and partnerships between the public and private sectors will play a crucial role in combating the ever-growing complexity of cyber threats. As threats become more diverse, continuous education and training for cybersecurity professionals [146] will be a priority, ensuring their knowledge aligns with the latest trends and technologies. The expanding deployment of the Internet of Things (IoT), as noted by sources [147,148], poses a significant challenge for cybersecurity. Securing connected devices and the data generated will be essential for protecting critical infrastructure and sensitive information. The leadership within organizations, as emphasized in studies [149,150], will also impact security culture, with C-suite executives and boards of directors needing to prioritize cybersecurity and foster a security-conscious environment. Remaining vigilant against emerging threats, as stressed by sources [151], is essential, requiring organizations to continuously monitor and understand the tactics used by cyber-attackers. Stricter regulations [98], emphasizing data protection and privacy, will further shape the future cybersecurity landscape. Quantum computing [152], while it offers great potential, presents unique challenges, requiring ongoing preparation for the post-quantum cryptography era. The increasing number of internet-connected devices, as highlighted in studies [153,154], makes the IoT a vulnerability point for cyber threats. Efforts to secure the IoT ecosystem will be crucial to protect user data and privacy. Ransomware threats [155] continue to evolve and become more sophisticated, necessitating stronger defenses and effective recovery plans.
The integration of artificial intelligence into cyber-attacks, as discussed by researchers in [156], poses a future battleground between protective and attacking AI. Cyber-attacks by foreign states [157] are becoming more complex and coordinated, emphasizing the importance of national and international cybersecurity defense. Post-quantum security measures [69,158] are essential to keep data and communication secure in the era of quantum computing. The future will demand more skilled human resources in cybersecurity, with investments in training employees [159,160] in threat recognition, security analysis, and attack tactics. Increasingly strict cybersecurity regulations [98,161] will require organizations to adhere to guidelines in different jurisdictions. The research and innovation in cybersecurity [161,162] will continue to evolve, requiring organizations to invest in understanding new threats and creating innovative solutions. Public awareness of cybersecurity [163,164] will increase, placing pressure on organizations to maintain their reputation and customer privacy. Collaboration and information sharing between organizations [165] will become increasingly important for early warnings and rapid responses. Cloud security [16,166,167] will be a significant focus as the use of cloud services continues to grow. In conclusion, the future of cybersecurity, supported by various studies and sources, demands a deep understanding of these trends and strategic planning. Investments in security technology, human resource training, and collaboration between the public and private sectors will be crucial for organizations to maintain their resilience against evolving cyber threats [168,169,170].
Meanwhile, the model depicts current standards like ISO/IEC 15504, COBIT, and NIST CSF, and its unique structure and classification offer a novel approach to visualizing and measuring cyber resilience capability. This paper is especially helpful to energy, transport, healthcare, and other vital industry stakeholders who wish to benchmark and improve their security measures. Additional research could include empirical verification of the framework through simulation or case studies and its use in sector specifications. Finally, this research forms the basis of a stronger and adaptive approach to protecting critical systems in the era of the internet. Post-quantum cryptography (PQC) implementation is a new requirement in response to quantum computer threats to current cryptographic algorithms such as RSA and ECC. In the InfraGuard system, PQC is the next security control to be introduced under the security assurance component at the upper maturity levels (Level 4 and 5). Quantum-resistant primitives approved by NIST, such as CRYSTALS-Kyber key encapsulation and Dilithium digital signatures, can be applied in secure communication protocols and data protection systems. Quantum-resistant systems also tend to require more processing power and memory, though, which will affect the system’s latency and computational overhead, especially in legacy or embedded systems. Therefore, PQC implementations must be piloted phase-wise under test conditions in tandem with the infrastructure capacity to ensure both the scope for recovery and operational capacity.

5.3. Exploratory Scenarios for the Framework’s Application

To illustrate the use of the InfraGuard Cybersecurity Framework in real practice, three exploratory case scenarios are presented, one for each discrete critical infrastructure sector. The fictional scenarios simulate high-impact cyber-attacks and show the use of the framework in assessing organizational resilience. While not realistic, the scenarios are worded based on extensively publicized attack methods and operational vulnerabilities seen in real-world infrastructure environments. All accounts emphasize the incident attributes, technical vulnerabilities, relevant dimensions of resilience, and normal levels of maturity. And in Table 5 summary of all scenarios.
Scenario 1: National Electrical Grid Disruption—A cyber-attack on an electric grid’s state-owned SCADA systems initiates widespread regional blackouts. Modbus TCP/IP-based SCADA systems have no encryption and authentication activity and thus are susceptible to command injections and session hijacking. Poor network segmentation design facilitates easy lateral movement between operating zones. There are no inventories of assets or Security Information and Event Management (SIEM) solutions, and the recovery is manual within 24 h. This falls within the terms of the technical vulnerabilities exploited in previous attacks such as the 2015 Ukraine grid attack.
  • Key Impacted Components: Situational awareness, risk management, active defense;
  • Indicative Resilience Level: Very low (Level 1).
Scenario 2: Ransomware in a Smart Hospital System—Infection of a metropolitan hospital network with ransomware encrypts electronic health records and cripples IoT-enabled medical equipment. The segmentation at the hospital is minimal, with shared access between administrative workstations and clinical systems. There is no active and functional incident response mechanism where endpoint protection is invoked. The 12 h recovery causes temporary disruption to critical care unit processes. This is the type of exposure that has been exploited in real attacks such as the WannaCry attacks against healthcare networks.
  • Key Impacted Components: Preparedness, infrastructure resilience, incident recovery;
  • Indicative Resilience Level: Developing (Level 2–3).
Scenario 3: An Airport Cyber Sabotage Incident—There is a cyber-attack on the flight coordination and baggage handling processes at an international airport. The ISO/IEC 27001 certified airport is being centrally monitored by a SOC (Security Operations Center) without live cyber exercises or red team exercises between departments. The baggage system operates legacy PLCs with proprietary, unpatched firmware and is under supply chain compromise or insider exploitation. It can be recovered within 5 h, but the after-incident analysis determines that there is no consolidation of the protocols between the IT and OT teams.
  • Key Impacted Components: Infrastructure preparedness, active defense, response integration;
  • Indicative Resilience Level: Strong (Level 3–4).
While conceptual in nature, these vignettes are representative of potential real-world situations and illustrate key technical deficiencies generic to critical infrastructure. Empirical confirmation through forensic analyses, red teaming, and formal interviewing with subject matter experts must be incorporated into follow-up research to verify the robustness and effectiveness of the framework in use.

5.4. Technological Integration and Practical Relevance

The proposed framework is centered on the strategic use of new technologies such as artificial intelligence (AI), machine learning (ML), and automated threat detection tools. These are the primary technologies that facilitate predictive monitoring, anomaly detection, and real-time incident response. For example, AI-driven analytics can be employed to analyze log data and identify potential threats based on behavioral patterns. The scoring framework of this model allows this through prioritizing above-average rankings to organizations that employ real-time monitoring and automated mitigation paradigms, thus allowing for flexibility towards dynamic threats. The employment of technologies such as AI-CRM and system-theoretic techniques such as STPA-Sec is natively built into the framework’s design, which aligns with models that possess proactive threat modeling and adaptive learning abilities.
Aside from technical value, the InfraGuard framework is of pragmatic and strategic use to critical infrastructure leaders in the public and private sectors. Through its breakdown of resilience into quantifiable elements and mapping against specific maturity levels, leaders can identify gaps, spend appropriately, and benchmark the performance against industry standards such as NIST CSF, ISO/IEC 27001, and COBIT. This structural approach offers channels for technical departments and management to communicate, through which cybersecurity policies are aligned with organizational objectives, as well as conformity needs. In this, the model is not just an assessment tool but also an indicator for policy development, budgeting, and cyber resilience capacity building. For the real-world application of threat detection within the InfraGuard system, different AI/ML models may be applied depending on the infrastructure situation. Anomaly detection from logs, for example, may employ Isolation Forests or Autoencoders, while time-series traffic forecasting in network analyses can operate with LSTM-based recurrent neural networks. The training data may include system event logs, IDS/IPS alert logs, and network packet captures which are normalized and cleansed of noise through preprocessing. Integration with existing infrastructure may be achieved via modular detection engines at the network edge or within SIEM platforms. Benchmark performance metrics such as the precision, recall, and false positive rate are critical to ensuring operational effectiveness, and countermeasures such as feedback loops, adaptive thresholding, and ensemble decision logic can be utilized to prevent spurious alarms and computational overload.

6. Conclusions

This study proposed a systematic approach to assessing the cyber resilience of critical infrastructure through the integration of capability maturity levels and domain-oriented security factors. In developing the InfraGuard Cybersecurity Framework, we offer a realistic model not only outlining the growth of security process maturity but also segmenting the measures of resilience into three strategic areas: Shield, Space, and Sword. These dimensions consist of levels that accommodate cybersecurity activities across a spectrum, ranging from monitoring and prevention through to readiness and recovery. The model offers conceptual definitions, as well as operational guidance, for organizations looking to enhance their resilience position in more complex threat environments.
By integrating multi-level security process maturity and functional areas reflective of different levels of cyber defense, a positive resilience model can be developed. The InfraGuard Cybersecurity Framework developed here enables organizations to score at six levels of maturity in terms of their resilience capability, from incomplete to highly sophisticated processes, considering different functions such as situational awareness, active defense, infrastructure readiness, and incident recovery. Ordering these parameters into a firm matrix, the model supports the proactive detection of threats, instantaneous responses, and a focused method to strengthen cyber resilience in an orderly fashion.
Predictions and decisions regarding preventive measures involve an analysis of historical threat trends, present process maturity, and social–technical preparedness, all of which are incorporated into the multilayered design of the framework. The inclusion of topics like “Cyber as a Shield” and “Cyber as a Space” lays particular focus on initial discovery, risk management, and infrastructure awareness, which are drivers of potential vulnerabilities. These can be used by organizations to give high priority to modernization, develop scenario-dependent backup plans, and implement technology like AI-based monitoring in an effort to avoid failures before a significant disruption occurs.
This study implies levels of resilience grading and performance goals drawn from an official evaluation of key indicators by geography. Each process is segmented into levels (0 to 5) and correlated with tangible, evident signs: the recovery period, technology take-up, and operational uniformity. Companies can measure themselves in their present status against leading-class examples and best practices like NIST CSF or AI-CRM. Even without much data, simulated conditions and qualitative analyses can be used within the model to enable comparative assessments that identify capability gaps and can be fed back to improve the desired domains.
This study provides a graphical and structured method that helps decision-makers attain organizational cyber resilience in both strategy and operations. By synchronizing the security capability across maturity levels and domains, managers can more effectively utilize resources, make policies, and plan for employee training. In addition, the framework’s capability to map across different slices of infrastructure and adherence to global standards ensures that it is an effective guide to global cooperation, encouraging a collective effort towards improving cyber defense and minimizing the broader societal and economic impacts of cyber-attacks.
Despite the formal process outlined in this study, there remain some limitations. Empirical testing of the model in various categories of critical infrastructure, i.e., energy, transportation, or health systems, has not been performed. Consequently, its transferability across domain-specific operating environments and applicability need to be explored further through cross-sector case studies or field tests. In addition, the model fails to adequately address the issues of deployment in real heterogenous systems, like technical interoperability, performance penalties, and resource needs—issues that would affect its deployment, particularly in legacy or hybrid environments. It is anticipated that follow-up studies would broaden the scope of this framework by experimentally validating its applicability in real environments and by incorporating deployment models that are system-compatibility- and operational-feasibility-aware. Another limitation lies in the practical implementation of this framework across heterogeneous environments. Legacy infrastructure, performance constraints, and complex integration can hinder real-time monitoring and automation. Future research should explore scalable solutions that balance security visibility with operational efficiency, particularly in latency-sensitive systems. This study sets the groundwork for a comprehensive validation process, which will involve empirical testing through domain-specific case studies and expert evaluations to confirm the framework’s practical applicability and technical soundness.

Author Contributions

Conceptualization, M.L. and M.F.S.; Methodology, M.L., M.F.S. and H.F.; Validation, M.L., M.F.S. and H.F.; Formal analysis, M.L., M.F.S. and H.F.; Investigation, M.F.S.; Resources, M.F.S. and H.F.; Data curation, M.F.S. and H.F.; Writing—original draft, M.L. and M.F.S.; Writing—review & editing, M.L. and A.N.M.; Visualization, M.L., M.F.S. and A.N.M.; Supervision, M.L.; Funding acquisition, M.L. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

The data can be made available on request.

Conflicts of Interest

Author Muhammad Fakhrul Safitra was employed by the company Pelayaran Nasional Indonesia. The remaining authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

References

  1. Lawhon, M.; Follmann, A.; Braun, B.; Cornea, N.; Greiner, C.; Guma, P.; Karpouzoglou, T.; Diez, J.R.; Schindler, S.; Schramm, S.; et al. Making heterogeneous infrastructure futures in and beyond the global south. Futures 2023, 154, 103270. [Google Scholar] [CrossRef]
  2. Kouloufakos, T. Untangling the cyber norm to protect critical infrastructures. Comput. Law Secur. Rev. 2023, 49, 105809. [Google Scholar] [CrossRef]
  3. Šarūnienė, I.; Martišauskas, L.; Krikštolaitis, R.; Augutis, J.; Setola, R. Risk Assessment of Critical Infrastructures: A Methodology Based on Criticality of Infrastructure Elements. Reliab. Eng. Syst. Saf. 2023, 243, 109797. [Google Scholar] [CrossRef]
  4. Pursiainen, C.; Kytömaa, E. From European critical infrastructure protection to the resilience of European critical entities: What does it mean? Sustain. Resilient Infrastruct. 2023, 8 (Suppl. S1), 85–101. [Google Scholar] [CrossRef]
  5. Broto, V.C.; Cortina-Oriol, M.; Durrant, D.; Griggs, S.; Guarneros-Meza, V.; Hayes, G.; Howarth, D.; Isunza-Vera, E.; Wong, M.T.; Zaremberg, G. Infrastructures, processes of insertion and the everyday: Towards a new dialogue in critical policy studies. Crit. Policy Stud. 2022, 16, 121–130. [Google Scholar] [CrossRef]
  6. Ashley, T.D.; Kwon, R.; Gourisetti, S.N.G.; Katsis, C.; Bonebrake, C.A.; Boyd, P.A. Gamification of Cybersecurity for Workforce Development in Critical Infrastructure. IEEE Access 2022, 10, 112487–112501. [Google Scholar] [CrossRef]
  7. Dafnos, T. Energy futures and present threats: Critical infrastructure resilience, accumulation, and dispossession. Stud. Political Econ. 2020, 101, 114–134. [Google Scholar] [CrossRef]
  8. Thekdi, S.A.; Chatterjee, S. Toward adaptive decision support for assessing infrastructure system resilience using hidden performance measures. J. Risk Res. 2019, 22, 1020–1043. [Google Scholar] [CrossRef]
  9. Abuhasel, K. A Linear Probabilistic Resilience Model for Securing Critical Infrastructure in Industry 5.0. IEEE Access 2023, 11, 80863–80873. [Google Scholar] [CrossRef]
  10. Barak, I. Critical infrastructure under attack: Lessons from a honeypot. Netw. Secur. 2020, 2020, 16–17. Available online: www.teiss.co.uk/ (accessed on 13 July 2025). [CrossRef]
  11. Klenk, T. Social services as critical infrastructure—Conceptualising and studying the operational core of the social investment state. Eur. J. Soc. Secur. 2023, 25, 115–138. [Google Scholar] [CrossRef]
  12. Furlong, K. Geographies of infrastructure III: Infrastructure with Chinese characteristics. Prog. Hum. Geogr. 2022, 46, 915–925. [Google Scholar] [CrossRef]
  13. Klenk, T.; Reiter, R. Introduction to the Special Issue on social services as critical infrastructure: Taking stock of the promises of the social investment state. Eur. J. Soc. Secur. 2023, 25, 107–114. [Google Scholar] [CrossRef]
  14. Valinejad, J.; Mili, L. Cyber-Physical-Social Model of Community Resilience by Considering Critical Infrastructure Interdependencies. IEEE Internet Things J. 2023, 10, 17530–17543. [Google Scholar] [CrossRef]
  15. Codetta-Raiteri, D.; Portinale, L. Decision networks for security risk assessment of critical infrastructures. ACM Trans. Internet Technol. 2018, 18, 29. [Google Scholar] [CrossRef]
  16. Chochliouros, I.P.; Spiliopoulou, A.S.; Stephanakis, I.M.; Arvanitozisis, D.N.; Sfakianakis, E.; Belesioti, M.; Georgiadou, E.; Mitsopoulou, N. Security and Protection of Critical Infrastructures: A Conceptual and Regulatory Overview for Network and Information Security in the European Framework, also focusing upon the Cloud Perspective. In Proceedings of the 16th International Conference on Engineering Applications of Neural Networks (INNS), Rhodes Island, Greece, 25–28 September 2015; Association for Computing Machinery: New York, NY, USA, 2015. [Google Scholar] [CrossRef]
  17. Gjesvik, L.; Szulecki, K. Interpreting cyber-energy-security events: Experts, social imaginaries, and policy discourses around the 2016 Ukraine blackout. Eur. Secur. 2023, 32, 104–124. [Google Scholar] [CrossRef]
  18. Emerson, R.G. Limits to a cyber-threat. Contemp. Politics 2016, 22, 178–196. [Google Scholar] [CrossRef]
  19. Backman, S. Normal cyber accidents. J. Cyber Policy 2023, 8, 114–130. [Google Scholar] [CrossRef]
  20. Cobilean, V.; Mavikumbure, H.S.; Mcbride, B.J.; Vaagensmith, B.; Singh, V.K.; Li, R.; Rieger, C.; Manic, M. A Review of Visualization Methods for Cyber-Physical Security: Smart Grid Case Study. IEEE Access 2023, 11, 59788–59803. [Google Scholar] [CrossRef]
  21. Papadopoulos, L.; Karteris, A.; Soudris, D.; Muñoz-Navarro, E.; Hernandez-Montesinos, J.J.; Paul, S.; Museux, N.; Kuenig, S.; Egger, M.; Schauer, S.; et al. PRAETORIAN: A Framework for the Protection of Critical Infrastructures from advanced Combined Cyber and Physical Threats. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES 2023), Benevento, Italy, 29 August–1 September 2023; Association for Computing Machinery: New York, NY, USA, 2023. [Google Scholar] [CrossRef]
  22. König, S.; Shaaban, A.M.; Hadjina, T.; Gregorc, K.; Kutej, A. Identification and Evaluation of Cyber-Physical Threats on Interdependent Critical Infrastructures. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES 2023), Benevento, Italy, 29 August–1 September 2023; Association for Computing Machinery: New York, NY, USA, 2023. [Google Scholar] [CrossRef]
  23. The International Institute for Strategic Studies. Stuxnet: Targeting Iran’s nuclear programme. Strateg. Comments 2011, 17, 1–3. [Google Scholar] [CrossRef]
  24. Maher, R. The covert campaign against Iran’s nuclear program: Implications for the theory and practice of counterproliferation. J. Strateg. Stud. 2021, 44, 1014–1040. [Google Scholar] [CrossRef]
  25. Kostyuk, N.; Zhukov, Y.M. Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events? J. Confl. Resolut. 2019, 63, 317–347. [Google Scholar] [CrossRef]
  26. Sullivan, J.E.; Kamensky, D. How cyber-attacks in Ukraine show the vulnerability of the U.S. power grid. Electr. J. 2017, 30, 30–35. [Google Scholar] [CrossRef]
  27. Sikder, M.N.K.; Nguyen, M.B.T.; Elliott, E.D.; Batarseh, F.A. Deep H2O: Cyber attacks detection in water distribution systems using deep learning. J. Water Process Eng. 2023, 52, 103568. [Google Scholar] [CrossRef]
  28. Sanders, M.C.; Sanders, C.E. A world’s dilemma ‘upon which the sun never sets’—The nuclear waste management strategy (part I): Western European Nation States and the United States of America. Prog. Nucl. Energy 2016, 90, 69–97. [Google Scholar] [CrossRef]
  29. Mavikumbure, H.S.; Wickramasinghe, C.S.; Marino, D.L.; Cobilean, V.; Manic, M. Anomaly Detection in Critical-Infrastructures using Autoencoders: A Survey. In Proceedings of the IECON 2022—48th Annual Conference of the IEEE Industrial Electronics Society, Brussels, Belgium, 17–20 October 2022; IEEE Computer Society: Washington, DC, USA, 2022. [Google Scholar] [CrossRef]
  30. Maulana, F.; Fajri, H.; Safitra, M.F.; Lubis, M. Unmasking log4j’s Vulnerability: Protecting Systems against Exploitation through Ethical Hacking and Cyberlaw Perspectives. In Proceedings of the 9th International Conference on Computer and Communication Engineering (ICCCE), Kuala Lumpur, Malaysia, 15–16 August 2023; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, USA, 2023; pp. 311–316. [Google Scholar] [CrossRef]
  31. Rahat, R.; Pradhananga, P.; ElZomor, M. A step toward nurturing infrastructure sustainability and rating systems through construction management curricula. Int. J. Sustain. High. Educ. 2023, 24, 1877–1896. [Google Scholar] [CrossRef]
  32. Osei-Kyei, R.; Almeida, L.M.; Ampratwum, G.; Tam, V. Systematic review of critical infrastructure resilience indicators. Constr. Innov. 2022, 23, 1210–1231. [Google Scholar] [CrossRef]
  33. Asiedu, R.O.; Manu, P.; Mahamadu, A.-M.; Booth, C.A.; Olomolaiye, P.; Agyekum, K.; Abadi, M. Critical skills for infrastructure procurement: Insights from developing country contexts. J. Eng. Des. Technol. 2021, 21, 1948–1974. [Google Scholar] [CrossRef]
  34. Koay, K.Y. Perceived risk and digital piracy: A moderated-moderation model. J. Inf. Commun. Ethics Soc. 2023, 21, 521–532. [Google Scholar] [CrossRef]
  35. Shaked, A.; Tabansky, L.; Reich, Y. Incorporating Systems Thinking into a Cyber Resilience Maturity Model. IEEE Eng. Manag. Rev. 2021, 49, 110–115. [Google Scholar] [CrossRef]
  36. Yemini, M.; Nedic, A.; Goldsmith, A.; Gil, S. Characterizing Trust and Resilience in Distributed Consensus for Cyberphysical Systems. IEEE Trans. Robot. 2022, 38, 71–91. [Google Scholar] [CrossRef]
  37. Tasooji, T.K.; Marquez, H.J. A Secure Decentralized Event-Triggered Cooperative Localization in Multi-Robot Systems under Cyber Attack. IEEE Access 2022, 10, 128101–128121. [Google Scholar] [CrossRef]
  38. Dart, M.; Ahmed, M. CYBER-AIDD: A novel approach to implementing improved cyber security resilience for large Australian healthcare providers using a Unified Modelling Language ontology. Digit. Health 2023, 9, 20552076231191095. [Google Scholar] [CrossRef]
  39. Staves, A.; Gouglidis, A.; Hutchison, D. An Analysis of Adversary-Centric Security Testing within Information and Operational Technology Environments. Digit. Threat. Res. Pract. 2023, 4, 14. [Google Scholar] [CrossRef]
  40. Ashley, T.; Gourisetti, S.N.G.; Brown, N.; Bonebrake, C. Aggregate attack surface management for network discovery of operational technology. Comput. Secur. 2022, 123, 102939. [Google Scholar] [CrossRef]
  41. Sell, M.; Dupuis, M. Designing an Industrial Cybersecurity Program for an Operational Technology Group. In Proceedings of the 24th Annual Conference on Information Technology Education (SIGITE 2023), Marietta, GA, USA, 11–14 October 2023; Association for Computing Machinery, Inc.: New York, NY, USA, 2023; pp. 125–130. [Google Scholar] [CrossRef]
  42. Chen, Q.; Wang, T.; Legunsen, O.; Li, S.; Xu, T. Understanding and discovering software configuration dependencies in cloud and datacenter systems. In Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020), Virtual, 8–13 November 2020; Association for Computing Machinery, Inc.: New York, NY, USA, 2020; pp. 362–374. [Google Scholar] [CrossRef]
  43. Xu, X.; Wang, C.; Wang, Z.; Lu, Q.; Zhu, L. Dependency tracking for risk mitigation in machine learning (ML) systems. In Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP 2022), Pittsburgh, PA, USA, 22–27 May 2022; Association for Computing Machinery (ACM): New York, NY, USA, 2022; pp. 145–146. [Google Scholar] [CrossRef]
  44. Selim, G.E.I.; Hemdan, E.E.D.; Shehata, A.M.; Fishawy, N.A.E. Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms. Multimed. Tools Appl. 2021, 80, 12619–12640. [Google Scholar] [CrossRef]
  45. Makrakis, G.M.; Kolias, C.; Kambourakis, G.; Rieger, C.; Benjamin, J. Industrial and Critical Infrastructure Security: Technical Analysis of Real-Life Security Incidents. IEEE Access 2021, 9, 165295–165325. [Google Scholar] [CrossRef]
  46. Kulugh, V.E.; Mbanaso, U.M.; Chukwudebe, G. Cybersecurity Resilience Maturity Assessment Model for Critical National Information Infrastructure. SN Comput. Sci. 2022, 3, 217. [Google Scholar] [CrossRef]
  47. Sadaf, M.; Iqbal, Z.; Javed, A.R.; Saba, I.; Krichen, M.; Majeed, S.; Raza, A. Connected and Automated Vehicles: Infrastructure, Applications, Security, Critical Challenges, and Future Aspects. Technologies 2023, 11, 117. [Google Scholar] [CrossRef]
  48. Saeed, S.; Suayyid, S.A.; Al-Ghamdi, M.S.; Al-Muhaisen, H.; Almuhaideb, A.M. A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience. Sensors 2023, 23, 7273. [Google Scholar] [CrossRef]
  49. Franchina, L.; Inzerilli, G.; Scatto, E.; Calabrese, A.; Lucariello, A.; Brutti, G.; Roscioli, P. Passive and active training approaches for critical infrastructure protection. Int. J. Disaster Risk Reduct. 2021, 63, 102461. [Google Scholar] [CrossRef]
  50. Zou, B.; Choobchian, P.; Rozenberg, J. Cyber resilience of autonomous mobility systems: Cyber-attacks and resilience-enhancing strategies. J. Transp. Secur. 2021, 14, 137–155. [Google Scholar] [CrossRef]
  51. Rao, Y. Discourse as infrastructure: How ‘New Infrastructure’ policies re-infrastructure China. Glob. Media China 2023, 8, 254–270. [Google Scholar] [CrossRef]
  52. Michalec; Milyaeva, S.; Rashid, A. When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures? Big Data Soc. 2022, 9, 20539517221108369. [Google Scholar] [CrossRef]
  53. Prokhorenko, V.; Babar, M.A. Architectural resilience in cloud, fog and edge systems: A survey. IEEE Access 2020, 8, 28078–28095. [Google Scholar] [CrossRef]
  54. Carias, J.F.; Arrizabalaga, S.; Labaka, L.; Hernantes, J. Cyber Resilience Self-Assessment Tool (CR-SAT) for SMEs. IEEE Access 2021, 9, 80741–80762. [Google Scholar] [CrossRef]
  55. Clark, A.; Zonouz, S. Cyber-physical resilience: Definition and assessment metric. IEEE Trans. Smart Grid 2019, 10, 1671–1684. [Google Scholar] [CrossRef]
  56. Manuel, D.D.; Carmona-Murillo, J.; Cortes-Polo, D.; Rodriguez-Perez, F.J. CyberTOMP: A Novel Systematic Framework to Manage Asset-Focused Cybersecurity from Tactical and Operational Levels. IEEE Access 2022, 10, 122454–122485. [Google Scholar] [CrossRef]
  57. Kumar, H.; Alvarez, O.A.; Kumar, S. Experimental Evaluation of Smart Electric Meters’ Resilience Under Cyber Security Attacks. IEEE Access 2023, 11, 55349–55360. [Google Scholar] [CrossRef]
  58. Simone, F.; Akel, A.J.N.; Di Gravio, G.; Patriarca, R. Thinking in Systems, Sifting Through Simulations: A Way Ahead for Cyber Resilience Assessment. IEEE Access 2023, 11, 11430–11450. [Google Scholar] [CrossRef]
  59. Trucco, P.; Petrenj, B. Characterisation of resilience metrics in full-scale applications to interdependent infrastructure systems. Reliab. Eng. Syst. Saf. 2023, 235, 109200. [Google Scholar] [CrossRef]
  60. Liu, B.; Xue, B.; Chen, X. Development of a metric system measuring infrastructure sustainability: Empirical studies of Hong Kong. J. Clean. Prod. 2021, 278, 123904. [Google Scholar] [CrossRef]
  61. Mounir, M.; Salah, A.; Kamel, A.; Moussa, H. Framework to Measure Agile Software Process Effectiveness in Critical Systems Development. In Proceedings of the 9th International Conference on Software and Information Engineering (ICSIE 2020), Cairo, Egypt, 11–13 November 2020; Association for Computing Machinery: New York, NY, USA, 2020; pp. 25–32. [Google Scholar] [CrossRef]
  62. Sachse, J. Do metrics matter?: The effect of indicators on scientific search behavior. In Proceedings of the Conference on Human Information Interaction and Retrieval (CHIIR 2019), Glasgow, UK, 10–14 March 2019; Association for Computing Machinery, Inc.: New York, NY, USA, 2019; pp. 417–420. [Google Scholar] [CrossRef]
  63. Stuart, D. Finding ‘good enough’ metrics for the UK’s Research Excellence Framework. Online Inf. Rev. 2015, 39, 265–269. [Google Scholar] [CrossRef]
  64. Ma, L. The steering effects of citations and metrics. J. Doc. 2021, 77, 420–431. [Google Scholar] [CrossRef]
  65. Schmitz, Y.; Vietz, D.; Wanke, E. A note on the complexity of K-metric dimension. Appl. Math. Comput. 2023, 457, 128204. [Google Scholar] [CrossRef]
  66. Kawamura; Steinberg, F.; Ziegler, M. Complexity theory of (functions on) compact metric spaces. In Proceedings of the 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS 2016), New York, NY, USA, 5–8 July 2016; Association for Computing Machinery (ACM): New York, NY, USA, 2016; pp. 837–846. [Google Scholar] [CrossRef]
  67. Jayapal, J.; Kumaraguru, S.; Varadarajan, S. A view similarity-based shape complexity metric to guide part selection for additive manufacturing. Rapid Prototyp. J. 2023, 29, 655–672. [Google Scholar] [CrossRef]
  68. Laghari, S.U.A.; Manickam, S.; Al-Ani, A.K.; Al-Shareeda, M.A.; Karuppayah, S. ES-SECS/GEM: An efficient security mechanism for SECS/GEM communications. IEEE Access 2023, 11, 31813–31828. [Google Scholar] [CrossRef]
  69. Gomes, J.; Khan, S.; Svetinovic, D. Fortifying the blockchain: A systematic review and classification of post-quantum consensus solutions for enhanced security and resilience. IEEE Access 2023, 11, 74088–74100. [Google Scholar] [CrossRef]
  70. Feng, S.; Cetinkaya, A.; Ishii, H.; Tesi, P.; De Persis, C. Networked Control under DoS Attacks: Tradeoffs between Resilience and Data Rate. IEEE Trans. Autom. Contr. 2021, 66, 460–467. [Google Scholar] [CrossRef]
  71. Thomas, B.S.; Chandar, P.; Hosey, C.; Diaz, F. Mixed Method Development of Evaluation Metrics. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD 2021), Singapore, 14–18 August 2021; Association for Computing Machinery: New York, NY, USA, 2021; pp. 4070–4071. [Google Scholar] [CrossRef]
  72. Afolabi, A.O.; Toivanen, P. Improving the design of a recommendation system using evaluation criteria and metrics as a guide. J. Syst. Inf. Technol. 2019, 21, 304–324. [Google Scholar] [CrossRef]
  73. Nirupama, N. Risk and vulnerability assessment: A comprehensive approach. Int. J. Disaster Resil. Built Environ. 2012, 3, 103–114. [Google Scholar] [CrossRef]
  74. Li, A.; Yan, W. Research on vulnerability assessment of physical protection system based on combined weighting-two-dimensional cloud model. In Proceedings of the 12th International Conference on Communication and Network Security (ICCNS 2022), Beijing, China, 1–3 December 2022; Association for Computing Machinery: New York, NY, USA, 2022; pp. 85–89. [Google Scholar] [CrossRef]
  75. Wang, Y.; Wang, W.; Bai, X.; Hu, B.; Ge, G.; Qian, K. RRDD: An ATT&CK-based ICS network security risk assessment method. In Proceedings of the 2nd International Conference on Networks, Communications and Information Technology (CNCIT 2023), Qinghai, China, 16–18 June 2023; Association for Computing Machinery: New York, NY, USA, 2023; pp. 186–192. [Google Scholar] [CrossRef]
  76. Segovia-Ferreira, M.; Rubio-Hernan, J.; Cavalli, R.; Garcia-Alfaro, J. Switched-based resilient control of cyber-physical systems. IEEE Access 2020, 8, 212194–212208. [Google Scholar] [CrossRef]
  77. Chowdhury, M.M.H.; Quaddus, M. Supply chain readiness, response and recovery for resilience. Supply Chain Manag. 2016, 21, 709–731. [Google Scholar] [CrossRef]
  78. Merkus, J.; Helms, R.; Kusters, R. Reference model for generic capabilities in maturity models. In Proceedings of the 12th International Conference on Information Management and Engineering (ICIME 2020), Amsterdam, The Netherlands, 16–18 September 2020; Association for Computing Machinery: New York, NY, USA, 2020; pp. 10–17. [Google Scholar] [CrossRef]
  79. Ahi, A.; Sinkovics, N.; Shildibekov, Y.; Sinkovics, R.R.; Mehandjiev, N. Advanced technologies and international business: A multidisciplinary analysis of the literature. Int. Bus. Rev. 2022, 31, 101967. [Google Scholar] [CrossRef]
  80. Capone, P.; Chiarella, P.; Sisto, R. Advanced technologies in genomic toxicology: Current trend and future directions. Curr. Opin. Toxicol. 2023, 37, 100444. [Google Scholar] [CrossRef]
  81. Mohlin, A. How to facilitate manufacturing industry learning from problems: A review on advanced technology problem-solving. J. Workplace Learn. 2023, 35, 470–489. [Google Scholar] [CrossRef]
  82. Dezeure, F. Real world information exchange: Challenges and insights. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security (WISCS 2015), Denver, CO, USA, 12–16 October 2015; Association for Computing Machinery: New York, NY, USA, 2015; p. 1. [Google Scholar] [CrossRef]
  83. Li, Y.; Ye, F.; Sheu, C. Social capital, information sharing and performance: Evidence from China. Int. J. Oper. Prod. Manag. 2014, 34, 1440–1462. [Google Scholar] [CrossRef]
  84. Chernykh; Volodin, D. The principle of international cooperation and sharing of information under international space law: Towards synergy. Space Policy 2023, 67, 101593. [Google Scholar] [CrossRef]
  85. Evensen, K.B.; Hansen, H. Cooperation and information sharing in institutional food chains. Br. Food J. 2016, 118, 2388–2403. [Google Scholar] [CrossRef]
  86. Sonnentag, S.; Geurts, S.A.E. Methodological issues in recovery research. Res. Occup. Stress Well Being 2009, 7, 1–36. [Google Scholar] [CrossRef]
  87. Vo, T.; Christie, C.A. Where Impact Measurement Meets Evaluation: Tensions, Challenges, and Opportunities. Am. J. Eval. 2018, 39, 383–388. [Google Scholar] [CrossRef]
  88. Wu, Y.M.; Li, Z.; Sun, C.; Wang, Z.B.; Wang, D.S.; Yu, Z. Measurement and control of system resilience recovery by path planning based on improved genetic algorithm. Meas. Control 2021, 54, 1157–1173. [Google Scholar] [CrossRef]
  89. Staheli, D.; Yu, T.; Crouser, R.J.; Damodaran, S.; Nam, K.; O’GWynn, D.; McKenna, S.; Harrison, L. Visualization evaluation for cyber security: Trends and future directions. In Proceedings of the Visualization for Cyber Security (VizSec 2014), Paris, France, 10 November 2014; Association for Computing Machinery: New York, NY, USA, 2014; pp. 49–56. [Google Scholar] [CrossRef]
  90. Yosifova, V.; Trifonov, R.; Tasheva, A.; Nakov, O. Trends review of the contemporary security problems in the cyberspace. In Proceedings of the 9th Balkan Conference in Informatics (BCI 2019), Sofia, Bulgaria, 26–28 September 2019; Association for Computing Machinery: New York, NY, USA, 2019. [Google Scholar] [CrossRef]
  91. Bodeau, D. Cyber Resilience Metrics: Key Observations; The MITRE Corporation: McLean, VA, USA, 2016. [Google Scholar]
  92. Bodeau, D.J.; Graubart, R.D.; Mcquaid, R.M.; Woodill, J. Cyber Resiliency Metrics, Measures of Effectiveness, and Scoring; The MITRE Corporation: Bedford, MA, USA, 2013. [Google Scholar]
  93. Linkov; Eisenberg, D.A.; Plourde, K.; Seager, T.P.; Allen, J.; Kott, A. Resilience metrics for cyber systems. Environ. Syst. Decis. 2013, 33, 471–476. [Google Scholar] [CrossRef]
  94. Benyahya, M.; Collen, A.; Kechagia, S.; Nijdam, N.A. Automated city shuttles: Mapping the key challenges in cybersecurity, privacy and standards to future developments. Comput. Secur. 2022, 122, 102904. [Google Scholar] [CrossRef]
  95. Fikri, M.; Atrinawati, L.H.; Putra, M.G.L. Cyber Resilience Evaluation Using Cyber Resilience Review Framework at University XYZ. Int. J. Educ. Manag. Innov. 2022, 3, 155–168. [Google Scholar] [CrossRef]
  96. Segovia, M.; Rubio-Hernan, J.; Cavalli, A.R.; Garcia-Alfaro, J. Cyber-Resilience Evaluation of Cyber-Physical Systems. In Proceedings of the 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA 2020), Cambridge, MA, USA, 24–27 November 2021; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2020. [Google Scholar] [CrossRef]
  97. Almajali; Viswanathan, A.; Neuman, C. Resilience evaluation of demand response as spinning reserve under cyber-physical threats. Electronics 2017, 6, 2. [Google Scholar] [CrossRef]
  98. Meng, M.; Liu, L.; Feng, G. Adaptive output regulation of heterogeneous multiagent systems under Markovian switching topologies. IEEE Trans. Cybern. 2018, 48, 2962–2971. [Google Scholar] [CrossRef]
  99. Doan, X.V.; Shaw, D. Resource allocation when planning for simultaneous disasters. Eur. J. Oper. Res. 2019, 274, 687–709. [Google Scholar] [CrossRef]
  100. Santhiapillai, F.P.; Ratnayake, R.M.C. Risk-based prioritization method for planning and allocation of resources in public sector. TQM J. 2022, 34, 829–844. [Google Scholar] [CrossRef]
  101. Bidgoli, M.; Grossklags, J. End user cybercrime reporting: What we know and what we can do to improve it. In Proceedings of the 2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF), Vancouver, BC, Canada, 2–14 June 2016; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, USA, 2016. [Google Scholar] [CrossRef]
  102. Dang, L.N.; Kahsay, E.T.; James, L.T.N.; Johns, L.J.; Rios, I.E.; Mezuk, B. Research utility and limitations of textual data in the National Violent Death Reporting System: A scoping review and recommendations. Inj. Epidemiol. 2023, 10, 23. [Google Scholar] [CrossRef]
  103. Sukmana, M.; Meinel, C. E-government and security evaluation tools comparison for Indonesian e-government system. In Proceedings of the 4th International Conference on Information and Network Security (ICINS 2016), Kuala Lumpur, Malaysia, 28–31 December 2016; Association for Computing Machinery: New York, NY, USA, 2016; pp. 96–103. [Google Scholar] [CrossRef]
  104. Nguyen, T.; Wang, S.; Alhazmi, M.; Nazemi, M.; Estebsari, A.; Dehghanian, P. Electric Power Grid Resilience to Cyber Adversaries: State of the Art. IEEE Access 2020, 8, 87592–87608. [Google Scholar] [CrossRef]
  105. Ratasich, D.; Khalid, F.; Geissler, F.; Grosu, R.; Shafique, M.; Bartocci, E. A Roadmap Toward the Resilient Internet of Things for Cyber Physical Systems. IEEE Access 2019, 7, 13260–13283. [Google Scholar] [CrossRef]
  106. Bhusal, N.; Abdelmalak, M.; Kamruzzaman, M.; Benidris, M. Power system resilience: Current practices, challenges, and future directions. IEEE Access 2020, 8, 18064–18086. [Google Scholar] [CrossRef]
  107. Carías, J.F.; Borges, M.R.S.; Labaka, L.; Arrizabalaga, S.; Hernantes, J. Systematic approach to cyber resilience operationalization in SMEs. IEEE Access 2020, 8, 174200–174221. [Google Scholar] [CrossRef]
  108. Zhang, J.; Li, L.; Lin, G.; Fang, D.; Tai, Y.; Huang, J. Cyber Resilience in Healthcare Digital Twin on Lung Cancer. IEEE Access 2020, 8, 201900–201913. [Google Scholar] [CrossRef]
  109. Björck, F.; Henkel, M.; Stirna, J.; Zdravkovic, J. Cyber resilience—Fundamentals for a definition. In New Contributions in Information Systems and Technologies; Advances in Intelligent Systems and Computing; Springer: Cham, Switzerland, 2015; pp. 311–316. [Google Scholar] [CrossRef]
  110. Vogel, E.; Dyka, Z.; Klann, D.; Langendörfer, P. Resilience in the Cyberworld: Definitions, Features and Models. Future Internet 2021, 13, 293. [Google Scholar] [CrossRef]
  111. Stoicescu, M.; Fabre, J.C.; Roy, M. Architecting resilient computing systems: A component-based approach for adaptive fault tolerance. J. Syst. Archit. 2017, 73, 6–16. [Google Scholar] [CrossRef]
  112. Span, M.; Mailloux, L.O.; Mills, R.F.; Young, W. Conceptual systems security requirements analysis: Aerial refueling case study. IEEE Access 2018, 6, 46668–46682. [Google Scholar] [CrossRef]
  113. Huang, P.; Guo, C.; Zhou, L.; Lorch, J.R.; Dang, Y.; Chintalapati, M.; Yao, R. Gray Failure: The Achilles’ Heel of Cloud-Scale Systems. In Proceedings of the Workshop on Hot Topics in Operating Systems (HotOS), Whistler, BC, Canada, 7–10 May 2017; IEEE Computer Society: Washington, DC, USA, 2017; pp. 150–155. [Google Scholar] [CrossRef]
  114. Ligo, K.; Kott, A.; Linkov, I. How to measure cyber-resilience of a system with autonomous agents: Approaches and challenges. IEEE Eng. Manag. Rev. 2021, 49, 89–97. [Google Scholar] [CrossRef]
  115. Patel; Roy, S.; Baldi, S. Wide-area damping control resilience towards cyber-attacks: A dynamic loop approach. IEEE Trans. Smart Grid 2021, 12, 3438–3447. [Google Scholar] [CrossRef]
  116. Safitra, M.F.; Lubis, M.; Fakhrurroja, H. Counterattacking cyber threats: A framework for the future of cybersecurity. Sustainability 2023, 15, 13369. [Google Scholar] [CrossRef]
  117. Bouk, S.H.; Ahmed, S.H.; Hussain, R.; Eun, Y. Named data networking’s intrinsic cyber-resilience for vehicular CPS. IEEE Access 2018, 6, 60570–60585. [Google Scholar] [CrossRef]
  118. Draǧoicea, M.; Léonard, M.; Ciolofan, S.N.; Militaru, G. Managing data, information, and technology in cyber-physical systems: Public safety as a service and its systems. IEEE Access 2019, 7, 92672–92692. [Google Scholar] [CrossRef]
  119. Moura, J.; Hutchison, D. Resilience enhancement at edge cloud systems. IEEE Access 2022, 10, 45190–45206. [Google Scholar] [CrossRef]
  120. Phillips, T.; Marinovici, L.D.; Rieger, C.; Orrell, A. Scalable resilience analysis through power systems co-simulation. IEEE Access 2023, 11, 18205–18214. [Google Scholar] [CrossRef]
  121. Laghari, S.U.A.; Manickam, S.; Al-Ani, A.K.; Rehman, S.U.; Karuppayah, S. SECS/GEMsec: A mechanism for detection and prevention of cyber-attacks on SECS/GEM communications in Industry 4.0 landscape. IEEE Access 2021, 9, 154380–154394. [Google Scholar] [CrossRef]
  122. Ziegler, V.; Schneider, P.; Viswanathan, H.; Montag, M.; Kanugovi, S.; Rezaki, A. Security and trust in the 6G era. IEEE Access 2021, 9, 142314–142327. [Google Scholar] [CrossRef]
  123. ElMarady, A.; Rahouma, K. Studying cybersecurity in civil aviation, including developing and applying aviation cybersecurity risk assessment. IEEE Access 2021, 9, 143997–144016. [Google Scholar] [CrossRef]
  124. Xin, X.; Keoh, S.L.; Sevegnani, M.; Saerbeck, M.; Khoo, T.P. Adaptive model verification for modularized Industry 4.0 applications. IEEE Access 2022, 10, 125353–125364. [Google Scholar] [CrossRef]
  125. He, J.; Yuan, Z.; Yang, X.; Huang, W.; Tu, Y.; Li, Y. Reliability modeling and evaluation of urban multi-energy systems: A review of the state of the art and future challenges. IEEE Access 2020, 8, 98887–98909. [Google Scholar] [CrossRef]
  126. Zheng, Z.; Yang, C.; Yang, W. Resilience analysis of discrete-time networked system in the presence of information disclosure. IEEE Access 2019, 7, 180147–180154. [Google Scholar] [CrossRef]
  127. Sahoo, S.; Dragicevic, T.; Blaabjerg, F. Multilayer resilience paradigm against cyber attacks in DC microgrids. IEEE Trans. Power Electron. 2021, 36, 2522–2532. [Google Scholar] [CrossRef]
  128. Pieters, W.; Hadžiosmanović, D.; Dechesne, F. Cyber security as social experiment. In Proceedings of the New Security Paradigms Workshop (NSPW 2014), Victoria, BC, Canada, 15–18 September 2014; Association for Computing Machinery: New York, NY, USA, 2014; pp. 15–24. [Google Scholar] [CrossRef]
  129. Fu, S.; Yao, Z. Privacy risk estimation of online social networks. In Proceedings of the 2022 International Conference on Networking and Network Applications (NaNA), Urumqi, China, 3–5 December 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 144–151. [Google Scholar] [CrossRef]
  130. Yüksel, S.; Yüksel, M.E.; Zaim, A.H. An approach for protecting privacy on social networks. In Proceedings of the 5th International Conference on Systems and Networks Communications, Nice, France, 22–27 August 2010; IEEE: Piscataway, NJ, USA, 2010; pp. 154–159. [Google Scholar] [CrossRef]
  131. Barbeau, M.; Cuppens, F.; Cuppens, N.; Dagnas, R.; Garcia-Alfaro, J. Resilience estimation of cyber-physical systems via quantitative metrics. IEEE Access 2021, 9, 46462–46475. [Google Scholar] [CrossRef]
  132. Qurashi, J.M.; Jambi, K.M.; Eassa, F.E.; Khemakhem, M.; Alsolami, F.; Basuhail, A.A. Toward attack modeling technique addressing resilience in self-driving car. IEEE Access 2023, 11, 2652–2673. [Google Scholar] [CrossRef]
  133. Prislan, K.; Mihelič, A.; Bernik, I. A real-world information security performance assessment using a multidimensional socio-technical approach. PLoS ONE 2020, 15, e0238739. [Google Scholar] [CrossRef]
  134. Asgari, H.; Haines, S.; Rysavy, O. Identification of threats and security risk assessments for recursive internet architecture. IEEE Syst. J. 2018, 12, 2437–2448. [Google Scholar] [CrossRef]
  135. Amani, M.; Jalili, M. Power grids as complex networks: Resilience and reliability analysis. IEEE Access 2021, 9, 119010–119031. [Google Scholar] [CrossRef]
  136. Akbarian, F.; Tarneberg, W.; Fitzgerald, E.; Kihl, M. Attack resilient cloud-based control systems for Industry 4.0. IEEE Access 2023, 11, 27865–27882. [Google Scholar] [CrossRef]
  137. Rieger; Schultz, K.; Carroll, T.; McJunkin, T. Resilient Control Systems—Basis, Benchmarking and Benefit. IEEE Access 2021, 9, 57565–57577. [Google Scholar] [CrossRef]
  138. Guzman, R.E.P.; Rivera, M.; Wheeler, P.W.; Mirzaeva, G.; Espinosa, E.E.; Rohten, J.A. Microgrid Power Sharing Framework for Software Defined Networking and Cybersecurity Analysis. IEEE Access 2022, 10, 111389–111405. [Google Scholar] [CrossRef]
  139. Marino, L.; Wickramasinghe, C.S.; Singh, V.K.; Gentle, J.; Rieger, C.; Manic, M. The Virtualized Cyber-Physical Testbed for Machine Learning Anomaly Detection: A Wind Powered Grid Case Study. IEEE Access 2021, 9, 159475–159494. [Google Scholar] [CrossRef]
  140. Mouelhi, S.; Laarouchi, M.E.; Cancila, D.; Chaouchi, H. Predictive Formal Analysis of Resilience in Cyber-Physical Systems. IEEE Access 2019, 7, 33741–33758. [Google Scholar] [CrossRef]
  141. Soikkeli, J.; Casale, G.; Munoz-Gonzalez, L.; Lupu, E.C. Redundancy Planning for Cost Efficient Resilience to Cyber Attacks. IEEE Trans. Dependable Secur. Comput. 2023, 20, 1154–1168. [Google Scholar] [CrossRef]
  142. Borges, F.S.; Laurindo, F.J.B.; Spínola, M.M.; Gonçalves, R.F.; Mattos, C.A. The Strategic Use of Artificial Intelligence in the Digital Era: Systematic Literature Review and Future Research Directions. Int. J. Inf. Manag. 2021, 57, 102225. [Google Scholar] [CrossRef]
  143. Olowononi, F.O.; Rawat, D.B.; Liu, C. Resilient Machine Learning for Networked Cyber Physical Systems: A Survey for Machine Learning Security to Securing Machine Learning for CPS. IEEE Commun. Surv. Tutor. 2021, 23, 524–552. [Google Scholar] [CrossRef]
  144. Murdoch, S.; Leaver, N. Anonymity vs. Trust in Cyber-Security Collaboration. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security (WISCS 2015), Denver, CO, USA, 12 October 2015; pp. 27–29. [Google Scholar] [CrossRef]
  145. Nykänen, R.; Kärkkäinen, T. Supporting Cyber Resilience with Semantic Wiki. In Proceedings of the 12th International Symposium on Open Collaboration (OpenSym 2016), Berlin, Germany, 17–19 August 2016. [Google Scholar] [CrossRef]
  146. Hernández-Bejarano, M.; Rodríguez, R.J.; Merseguer, J. A Vision for Improving Business Continuity through Cyber-Resilience Mechanisms and Frameworks. In Proceedings of the 16th Iberian Conference on Information Systems and Technologies (CISTI), Chaves, Portugal, 23–26 June 2021. [Google Scholar]
  147. Carías, J.F.; Labaka, L.; Sarriegi, J.M.; Hernantes, J. Defining a Cyber Resilience Investment Strategy in an Industrial Internet of Things Context. Sensors 2019, 19, 138. [Google Scholar] [CrossRef]
  148. Sukiasyan; Badikyan, H.; Pedrosa, T.; Leitao, P. Secure Data Exchange in Industrial Internet of Things. Neurocomputing 2022, 484, 183–195. [Google Scholar] [CrossRef]
  149. Sánchez-Gordón, M.; Colomo-Palacios, R. Security as Culture: A Systematic Literature Review of DevSecOps. In Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops (ICSEW 2020), Seoul, Republic of Korea, 27 June–19 July 2020; pp. 266–269. [Google Scholar] [CrossRef]
  150. Alfawaz, S.; Nelson, K.; Mohannak, K. Information Security Culture: A Behaviour Compliance Conceptual Framework. In Proceedings of the 8th Australasian Information Security Conference (AISC 2010), Perth, Australia, 30 November 2010; pp. 47–55. [Google Scholar]
  151. Schweitzer, J. Security Awareness. In Proceedings of the Northeast ACM Symposium on Personal Computer Security (PCS), Waltham, MA, USA, 1 September 1986; pp. 13–20. [Google Scholar]
  152. Zimmer, H.G. Computers and Computations in Algebraic Number Theory. In Proceedings of the 2nd ACM Symposium on Symbolic and Algebraic Manipulation (SYMSAC), Los Angeles, CA, USA, 23–25 March 1971; pp. 172–179. [Google Scholar]
  153. Alhazmi, H.; Malaiya, Y.K.; Ray, I. Measuring, analyzing and predicting security vulnerabilities in software systems. Comput. Secur. 2007, 26, 219–228. [Google Scholar] [CrossRef]
  154. Kotenko; Izrailov, K.; Buinevich, M.; Saenko, I.; Shorey, R. Modeling the Development of Energy Network Software, Taking into Account the Detection and Elimination of Vulnerabilities. Energies 2023, 16, 5111. [Google Scholar] [CrossRef]
  155. Beerman, J.; Berent, D.; Falter, Z.; Bhunia, S. A Review of Colonial Pipeline Ransomware Attack. In Proceedings of the 23rd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW 2023), Bangalore, India, 1–4 May 2023; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2023; pp. 8–15. [Google Scholar] [CrossRef]
  156. Thiagarajan, K.; Dixit, C.K.; Panneerselvam, M.; Madhuvappan, C.A.; Gadde, S.; Shrote, J.N. Analysis on the Growth of Artificial Intelligence for Application Security in Internet of Things. In Proceedings of the 2nd International Conference on Artificial Intelligence and Smart Energy (ICAIS 2022), Coimbatore, India, 23–25 February 2022; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2022; pp. 6–12. [Google Scholar] [CrossRef]
  157. Building Cyber Resilience Threats, Enablers and Anticipation. 2021. Available online: www.axa-research.org (accessed on 13 July 2025).
  158. Nosouhi, M.R.; Shah, S.W.; Pan, L.; Zolotavkin, Y.; Nanda, A.; Gauravaram, P.; Doss, R. Weak-Key Analysis for BIKE Post-Quantum Key Encapsulation Mechanism. IEEE Trans. Inf. Forensics Secur. 2023, 18, 2160–2174. [Google Scholar] [CrossRef]
  159. Kesswani, N.; Kumar, S. Maintaining cyber security: Implications, cost and returns. In Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research (SIGMIS-CPR 2015), Newport Beach, CA, USA, 4–6 June 2015; Association for Computing Machinery, Inc.: New York, NY, USA, 2015; pp. 161–164. [Google Scholar] [CrossRef]
  160. Anang; Gandhi, A.; Sucahyo, Y.G. The Design of Information Security Risk Management: A Case Study Human Resources Information System at XYZ University. In Proceedings of the 4th International Conference on Computer and Informatics Engineering: IT-Based Digital Industrial Innovation for the Welfare of Society (IC2IE 2021), Depok, Indonesia, 14–15 September 2021; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2021; pp. 198–203. [Google Scholar] [CrossRef]
  161. Mirtsch, M.; Blind, K.; Koch, C.; Dudek, G. Information security management in ICT and non-ICT sector companies: A preventive innovation perspective. Comput. Secur. 2021, 109, 102383. [Google Scholar] [CrossRef]
  162. Zhang, K.; Li, S. Research on The Integration of Business Intelligence and Innovation and Entrepreneurship Education for Computer Science. In Proceedings of the 5th International Conference on Big Data and Education (ICBDE 2022), Shanghai, China, 26–28 February 2022; Association for Computing Machinery: New York, NY, USA, 2022; pp. 212–216. [Google Scholar] [CrossRef]
  163. Thinyane, M.; Christine, D. SMART Citizen Cyber Resilience (SC2R) Ontology. In Proceedings of the 13th International Conference on Security of Information and Networks (SIN 2020), Merkez, Turkey, 4–7 November 2020; Association for Computing Machinery: New York, NY, USA, 2020. [Google Scholar] [CrossRef]
  164. Johnson, F. Democracy, prosperity, citizens and the state. Can. Foreign Policy J. 2002, 10, 23–40. [Google Scholar] [CrossRef]
  165. Liang, K.; Liu, J.K.; Lu, R.; Wong, D.S. Privacy Concerns for Photo Sharing in Online Social Networks. IEEE Internet Comput. 2015, 19, 58–63. [Google Scholar] [CrossRef]
  166. Abdullayeva, F. Cyber resilience and cyber security issues of intelligent cloud computing systems. Results Control. Optim. 2023, 12, 100268. [Google Scholar] [CrossRef]
  167. Ahlan, A.R.; Lubis, M. Information Security Awareness in University: Maintaining Learnability, Performance and Adaptability Through Roles of Responsibility. In Proceedings of the 2011 7th International Conference on Information Assurance and Security (IAS), Melacca, Malaysia, 5–8 December 2011; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2011; pp. 246–250. [Google Scholar] [CrossRef]
  168. Lubis, A.R.; Fachrizal, F.; Lubis, M.; Tahir, H.M. Wireless Service at Public University: A Survey of Users Perception on Security Aspects. In Proceedings of the 2018 International Conference on Information and Communications Technology (ICOIACT), Yogyakarta, Indonesia, 6–7 March 2018; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2018; pp. 78–83. [Google Scholar] [CrossRef]
  169. Safitra, M.F.; Lubis, M.; Widjajarto, A. Security Vulnerability Analysis Using Penetration Testing Execution Standard (PTES): Case Study of Government’s Website. In Proceedings of the 2023 6th International Conference On Electronics, Communications and Control Engineering, Fukuoka, Japan, 24–26 March 2023; Association for Computing Machinery: New York, NY, USA, 2023; pp. 139–145. [Google Scholar] [CrossRef]
  170. Safitra, M.F.; Lubis, M.; Kurniawan, M.T. Cyber resilience: Research opportunities. In Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering, Fukuoka, Japan, 24–26 March 2023; Association for Computing Machinery: New York, NY, USA, 2023; pp. 99–104. [Google Scholar] [CrossRef]
Figure 1. Classification of cybersecurity approaches [116].
Figure 1. Classification of cybersecurity approaches [116].
Sensors 25 04545 g001
Figure 2. InfraGuard Cybersecurity Framework [116].
Figure 2. InfraGuard Cybersecurity Framework [116].
Sensors 25 04545 g002
Figure 3. Charting resilience metrics.
Figure 3. Charting resilience metrics.
Sensors 25 04545 g003
Figure 4. The resilience spectrum.
Figure 4. The resilience spectrum.
Sensors 25 04545 g004
Figure 5. Performance metrics.
Figure 5. Performance metrics.
Sensors 25 04545 g005
Figure 6. Maturity levels in cyber resilience process development.
Figure 6. Maturity levels in cyber resilience process development.
Sensors 25 04545 g006
Table 1. Domains and components in the cybersecurity framework for critical infrastructure.
Table 1. Domains and components in the cybersecurity framework for critical infrastructure.
DomainComponentIndicatorDescriptionReference
Cyber as a ShieldSituational AwarenessThreat detection and monitoring capabilitiesThe organization can proactively observe operational changes and identify potential cyber threats.[30,95,96,116,117,118]
Security AssuranceRisk assessments and security controlsIncludes routine evaluations and the enforcement of strict standards to ensure system protection.
Active DefenseRapid response to threatsInvolves using tools and strategies to detect and prevent attacks before system damage occurs.
Risk ManagementRisk identification and mitigationA systematic process to assess threats and prioritize mitigation actions.
Cyber as a SpaceInfrastructure ResilienceSystem robustness and recovery capabilitiesInfrastructure can sustain operation and recover during or after cyber incidents.[30,89,90,91,92,93,94,116]
Critical Infrastructure AwarenessOrganizational awareness of vital systemsA deep understanding of the infrastructure’s national significance and associated risks.
Resilience PrinciplesResilient design and operational philosophyFoundational principles for building systems that can withstand disruptions.
Infrastructure Safeguard PolicyProtective policies and proceduresFormal documents and procedures to secure physical and digital infrastructure from threats.
Cyber as a SwordInfrastructure PreparednessPre-emptive readiness and trainingThe presence of incident response plans, personnel training, and scenario simulations.[30,111,112,113,114,115,116]
Critical Incident RecoveryRecovery speed and continuity measuresThe ability to restore system functions quickly and efficiently after disruptions.
Table 2. Quantitative indicators and scoring for each framework component.
Table 2. Quantitative indicators and scoring for each framework component.
ComponentIndicatorMeasurement CriteriaDescription
Situational Awareness
-
% of systems with real-time monitoring
-
Mean detection time (MTTD)
Based on coverage of monitoring and average time to detect anomalies0: No monitoring system
1: Manual observation only
2: Partial system monitoring
3: Full system monitored periodically
4: Real-time monitoring
5: Real-time + automated anomaly detection with alerting
Security Assurance
-
Number of security controls implemented
-
Certification status
Refer to implemented frameworks (e.g., ISO 27001) and documented controls0: No controls or certifications
1: Basic firewall/AV only
2: Partial controls implemented
3: Formal internal policy with controls
4: Certification in progress
5: Full certification (e.g., ISO 27001) and up-to-date controls
Active Defense
-
Mean Time to Detect/Respond (MTTD/MTTR)
-
Number of false positives
Based on system responsiveness and detection accuracy0: No response capability
1: A delayed manual response (>72 h)
2: Manual monitoring, reactive response
3: Semi-automated alerts and mitigation
4: Full incident response plan with automation
5: Automated detection and active defense with <2% false positives
Risk Management
-
Frequency of risk assessments
-
% of mitigated high-risk items
Based on risk governance process and follow-up0: No risk assessment
1: Ad hoc assessments only
2: Annual risk assessments
3: Quarterly assessments
4: Documented mitigation tracking
5: Continuous risk analysis with >90% risk mitigation execution
Infrastructure Resilience
-
System uptime (% availability)
-
Maximum downtime per year
Based on service continuity and fault tolerance0: Unstable system, frequent failures
1: Downtime of >48 h/year
2: Downtime of 24–48 h/year
3: Downtime of 8–24 h/year
4: Downtime of <8 h/year
5: High-availability setup with <1 h/year downtime
Critical Infrastructure Awareness
-
% of critical assets identified and classified
-
Availability of critical asset inventory
Based on documentation and prioritization0: No asset classification
1: Initial asset list only
2: Incomplete inventory
3: Full classification but outdated
4: An up-to-date list of critical systems
5: Inventory integrated with risk and threat modeling tools
Resilience Principles
-
Implementation of redundancy, backup, and failover systems
Based on architectural design and redundancy coverage0: No resilience mechanisms
1: Manual backups only
2: Periodic backups and isolated recovery plans
3: Redundant systems in core infrastructure
4: Partial failover capability
5: Full redundancy and automated failover across systems
Infrastructure Safeguard Policy
-
Number of security-related policies
-
Frequency of policy updates
Based on comprehensiveness and relevance of official policy documents0: No formal policies
1: Single general policy
2: Multiple but outdated policies
3: Up-to-date, role-specific policies
4: Policies reviewed annually
5: Integrated, reviewed biannually and aligned with national/international standards
Infrastructure Preparedness
-
Frequency of cyber drills
-
% of trained personnel
Based on preparedness programs and regular testing0: No training or drills
1: Basic training for some staff
2: Annual training for IT team
3: Annual drills across departments
4: Semi-annual simulations
5: Full organization involved in quarterly simulations with >90% personnel trained
Critical Incident Recovery
-
Mean Time to Recovery (MTTR)
-
% of services restored within SLA
Based on recovery performance and SLA compliance0: Recovery not defined
1: MTTR of >72 h
2: MTTR of 48–72 h
3: MTTR of 24–48 h
4: MTTR of 4–24 h
5: MTTR of <4 h, 100% SLA compliance
Table 3. Total resilience score.
Table 3. Total resilience score.
ScoreInterpretation
0–20Low Resilience
21–35Developing Resilience
36–45Strong Resilience
46–50Optimized and Adaptive Resilience
Table 4. Resilience grading.
Table 4. Resilience grading.
Resilience Grading
AbbreviationDescription% Achieved
DDid Not Meet0–20% achievement
AApproaching>20–50% achievement
MModerately Met>50–75% achievement
WWell Achieved>75–90% achievement
EExceeds Expectations>90–100% achievement
Table 5. Summary of scenario-based framework application.
Table 5. Summary of scenario-based framework application.
ScenarioSectorMain IncidentTechnical NotesKey ComponentsResilience Level
Electrical Grid DisruptionEnergy (Power Grid)SCADA-targeted cyber-attackModbus TCP/IP, no encryption, flat network, manual recoverySituational Awareness, Risk Management, Active DefenseVery Low (Level 1)
Smart Hospital RansomwareHealthcareRansomware and medical IoT disruptionWeak segmentation, no IR coordination, outdated backupsPreparedness, Resilience, Incident RecoveryDeveloping (Level 2–3)
Airport System SabotageTransportationSystem outage via OT compromiseLegacy PLCs, SOC present, no unified IT-OT drillsPreparedness, Defense, Response CoordinationStrong (Level 3–4)
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Lubis, M.; Safitra, M.F.; Fakhrurroja, H.; Muttaqin, A.N. Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience. Sensors 2025, 25, 4545. https://doi.org/10.3390/s25154545

AMA Style

Lubis M, Safitra MF, Fakhrurroja H, Muttaqin AN. Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience. Sensors. 2025; 25(15):4545. https://doi.org/10.3390/s25154545

Chicago/Turabian Style

Lubis, Muharman, Muhammad Fakhrul Safitra, Hanif Fakhrurroja, and Alif Noorachmad Muttaqin. 2025. "Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience" Sensors 25, no. 15: 4545. https://doi.org/10.3390/s25154545

APA Style

Lubis, M., Safitra, M. F., Fakhrurroja, H., & Muttaqin, A. N. (2025). Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience. Sensors, 25(15), 4545. https://doi.org/10.3390/s25154545

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop