Critical infrastructure and industrial security 2100-CB-M-D2INKR

This class is designed to present a broad spectrum of critical infrastructure and industrial security issues in the context of:
1. recommendations and good practices for CI protection
2. the responsibilities of the CI operator
3. threats to CI
4. ensuring physical security
5. ensuring technical security
6. ensuring personal security
7. ensuring information and communication security
8. ensuring legal security
9. business continuity and recovery plans
10. hybrid threats to CI
11 Critical Infrastructure Protection Plans
12. mandatory physical protection plans
13 Anti-Terrorism Annex
14. the CER Directive
15. the NIS Directive2
16. transposition of the CER Directive into Polish legislation
17 Stress Testing of key CI sectors
18 Stress Testing methodologies - UNDRR and DG HOME
19 Self Assesment Survey and its results
20 A case study of a cyber attack on IT Infrastructure
21 Case Study of a Cyber Attack on OT Infrastructure
22. case study of loss of critical services based on the energy sector
23 Case study of an attack on the Colonial Pipeline
24. case study of attack on Nord Streem
25. case study of an attack on the Baltic Connector
26. loss of key services case study based on the water sector
27. loss of critical services case study based on transport sector
28. the Critical Incident Team - lessons learned - practical and legal aspects
29 Cyber attack as a threat to business continuity
30 The experience of the war in Ukraine in terms of ensuring CI security
As part of the course, students also learn about basic documents of a strategic and normative nature both in the RP and internationally.

Term 2024L:

This class is designed to present a broad spectrum of critical infrastructure and industrial security issues in the context of:
1. Recommendations and good practices for CI protection
2. The responsibilities of the CI operator
3. Threats to CI
4. Ensuring physical security
5. Ensuring technical security
6. Ensuring personal security
7. Ensuring information and communication security
8. Ensuring legal security
9. Business continuity and recovery plans
10. Hybrid threats to CI
11 Critical Infrastructure Protection Plans
12. mandatory physical protection plans
13 Anti-Terrorism Annex
14. the CER Directive
15. the NIS Directive2
16. transposition of the CER Directive into Polish legislation
17 Stress Testing of key CI sectors
18 Stress Testing methodologies - UNDRR and DG HOME
19 Self Assesment Survey and its results
20 A case study of a cyber attack on IT Infrastructure
21 Case Study of a Cyber Attack on OT Infrastructure
22. case study of loss of critical services based on the energy sector
23 Case study of an attack on the Colonial Pipeline
24. case study of attack on Nord Streem
25. case study of an attack on the Baltic Connector
26. loss of key services case study based on the water sector
27. loss of critical services case study based on transport sector
28. the Critical Incident Team - lessons learned - practical and legal aspects
29 Cyber attack as a threat to business continuity
30 The experience of the war in Ukraine in terms of ensuring CI security
As part of the course, students also learn about basic documents of strategic and normative nature both in Poland and internationally.

Prerequisites (description)

The subject prepares you to carry out security analyses of critical infrastructure services and facilities and industrial security.

Course coordinators

Jarosław Pudzianowski

Type of course

obligatory courses

Mode

Classroom

Learning outcomes

K_W04 - organisational, economic and technical solutions for developing cyber security policies at company, national and EU level
K_W06 - information security policies and plans, including physical, software and network controls, and monitoring and securing databases against breaches of confidentiality, integrity and availability, ways to protect data, database management systems and applications that access and use data
K_W12 - notions and principles of industrial property protection and copyright and understands the necessity of intellectual property resources management
K_U03 - independently explain and use basic techniques and technologies to ensure the cyber security of IT systems and infrastructures, define basic elements of both hardware, P7S_UK 5 and software computer systems from the point of view of reliable operation and cyber security
K_K01 - Promote the need to reduce risk of threats and develop responsible attitudes regarding the use of cyberspace, disseminate the importance of knowledge in critically addressing IT security issues in social and economic life
K_K02 - Maintain a professional, responsible and ethical attitude in the performance of professional duties
K_K03 - use the acquired knowledge in shaping responsible attitudes in society concerning the use of cyberspace

Assessment criteria

Project

Bibliography

The following literature is suggested for students wishing to pass the subject. However, it is not necessary to have knowledge of the entire content of the items indicated:
C. Banasiński, M. Rojszczak (eds.), Cyber security, 2020.
A. Nowak, W. Scheffs, Management of information security, AON, Warsaw 2009.
F. Wołowski, J. Zawiła-Niedźwiecki, Bezpieczeństwo systemów informacyjnych. A practical guide in accordance with Polish and international standards, edu-Libri, Kraków-Warsaw 2012.
T. Sasor, Risk and security policy in an enterprise [in:] Informatyka i współczesne zarządzanie, J. Kisielnicki, J.K. Grabara, J.S. Nowak (ed.), PTI, Katowice 2015.
M. Plechawska-Wójcik, Wdrażanie i eksploatacja systemów informatycznych, Faculty of Management, Warsaw University of Technology Warsaw 2020.
Ł. Kufel, Monitoring system events and security in a distributed systems environment, Poznan University of Technology, Poznan 2017.
P. Mazurek, Implementation of risk estimation in a selected enterprise [in:] Wybrane problemy zarządzania bezpieczeństwa informacji, J. Brdulak (ed.), SGH, Warsaw 2014.
Andress J., Fundamentals of information security. A practical introduction, Helion, Gliwice. 2021.
Białas A., Information security and services in a modern institution and company, Wyd. Naukowe PWN, Warszawa. 2017.
Dotson C., Security in the cloud, Wyd. Naukowe PWN, Warszawa. 2020.
Galaj-Emiliańczyk K., Implementing an information security management system in accordance with ISO/IEC 27001:2019, Wyd. ODDK, Gdańsk. 2021.
Kacprzyk J., Korbicz J., Kulczycki P., Automation robotics and information processing, Wyd. Naukowe PWN, Warsaw. 2021.
Hofmann T., Wybrane aspekty cyberbezpieczeństwa w Polsce, 2018.
TrubalskaJ.,Wojciechowski Ł., Bezpieczeństwo państwa w cyberprzestrzeni. Lublin 2017.
Krawiec J., Cyber security. A systemic approach. Warsaw 2019.
Nossowski M., Prawne aspekty cyberbezpieczeństwa. Warsaw 2019.
Ciekanowski Z., Wojciechowska - Filipek S., Bezpieczeństwo funkcjonowania w cyberprzestrzeni. Warsaw 2019.
Cyber Security Strategy of the Republic of Poland for 2017 - 2022.
National Cyber Security Policy Framework of the Republic of Poland for 2017 - 2022.
Kowalewski J., Ochrona informacji i systemów teleinformatycznych w cyberprzestrzeni, Ibook, Oficyna wydawnicza Politechniki Warszawskiej, 2018.
Lidermann K., Information security, Wyd. Naukowe PWN, Warsaw. 2018.
Szelerski M.W., Industrial automation in practice. Design, modernization and repair, Wyd. KaBe, Krosno. 2016.
Zych J., ICT for security 2.0, Foundation for Clean Energy, Komorniki. 2019.
European Banking Authority ‘EBA Guidelines on outsourcing arrangements’, 25 February 2019.
DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2022/2555 of 14 December 2022 on measures for a high common level of cyber-security within the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972 and repealing Directive (EU) 2016/1148 (NIS Directive 2).
Resolution No. 97 of the Council of Ministers of 11 September 2019 on the Common State Information Infrastructure Initiative.
Communication from the Office of the Financial Supervision Authority on the processing of information by supervised entities in public or hybrid cloud computing of 23 January 2020.

Online sources:
Grzelak K., Liedl K., Security in cyberspace. Zagrożenia i wyzwania dla Polski - zarys problemu. www.bbn.gov.pl https://mc.bip.gov.pl/
https://niebezpiecznik.pl/
https://cyberustawa.pl/?gclid=EAIaIQobChMI66H-2b6s7AIVhPuyCh2rBwizEAAYAyAAEgJWf_D_BwE
NIST 800-145, https://www.nist.gov/publications/nist-definition-cloud-computing
NIST Special Publication 800-207 ‘Zero Trust Architecture’. 2020. https://doi.org/10.6028/NIST.SP.800-207
‘VLAN Security Guidlines’ http://www.corecom.com/external/livesecurity/vlansec.htm
National Critical Infrastructure Protection Programme
https://www.gov.pl/web/rcb/narodowy-program-ochrony-infrastruktury-krytycznej

Term 2024L:

The following literature is suggested for students wishing to pass the subject. However, it is not necessary to have knowledge of the entire content of the items indicated:
C. Banasiński, M. Rojszczak (eds.), Cyber security, 2020.
A. Nowak, W. Scheffs, Management of information security, AON, Warsaw 2009.
F. Wołowski, J. Zawiła-Niedźwiecki, Bezpieczeństwo systemów informacyjnych. A practical guide in accordance with Polish and international standards, edu-Libri, Kraków-Warsaw 2012.
T. Sasor, Risk and security policy in an enterprise [in:] Informatyka i współczesne zarządzanie, J. Kisielnicki, J.K. Grabara, J.S. Nowak (ed.), PTI, Katowice 2015.
M. Plechawska-Wójcik, Wdrażanie i eksploatacja systemów informatycznych, Faculty of Management, Warsaw University of Technology Warsaw 2020
Ł. Kufel, Monitoring system events and security in a distributed systems environment, Poznan University of Technology, Poznan 2017.
P. Mazurek, Implementation of risk estimation in a selected enterprise [in:] Wybrane problemy zarządzania bezpieczeństwa informacji, J. Brdulak (ed.), SGH, Warsaw 2014.
Andress J., Fundamentals of information security. A practical introduction, Helion, Gliwice. 2021.
Białas A., Information security and services in a modern institution and company, Wyd. Naukowe PWN, Warszawa. 2017.
Dotson C., Security in the cloud, Wyd. Naukowe PWN, Warszawa. 2020.
Galaj-Emiliańczyk K., Implementing an information security management system in accordance with ISO/IEC 27001:2019, Wyd. ODDK, Gdańsk. 2021.
Kacprzyk J., Korbicz J., Kulczycki P., Automation robotics and information processing, Wyd. Naukowe PWN, Warsaw. 2021.
Hofmann T., Wybrane aspekty cyberbezpieczeństwa w Polsce, 2018.
TrubalskaJ.,Wojciechowski Ł., Bezpieczeństwo państwa w cyberprzestrzeni. Lublin 2017.
Krawiec J., Cyber security. A systemic approach. Warsaw 2019.
Nossowski M., Prawne aspekty cyberbezpieczeństwa. Warsaw 2019.
Ciekanowski Z., Wojciechowska - Filipek S., Bezpieczeństwo funkcjonowania w cyberprzestrzeni. Warsaw 2019.
Cyber Security Strategy of the Republic of Poland for 2017 - 2022.
National Cyber Security Policy Framework of the Republic of Poland for 2017 - 2022.
Kowalewski J., Ochrona informacji i systemów teleinformatycznych w cyberprzestrzeni, Ibook, Oficyna wydawnicza Politechniki Warszawskiej, 2018.
Lidermann K., Information security, Wyd. Naukowe PWN, Warsaw. 2018.
Szelerski M.W., Industrial automation in practice. Design, modernization and repair, Wyd. KaBe, Krosno. 2016.
Zych J., ICT for security 2.0, Foundation for Clean Energy, Komorniki. 2019.
European Banking Authority ‘EBA Guidelines on outsourcing arrangements’, 25 February 2019.
DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2022/2555 of 14 December 2022 on measures for a high common level of cyber-security within the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972 and repealing Directive (EU) 2016/1148 (NIS Directive 2).
Resolution No. 97 of the Council of Ministers of 11 September 2019 on the Common State Information Infrastructure Initiative.
Communication from the Office of the Financial Supervision Authority on the processing of information by supervised entities in public or hybrid cloud computing of 23 January 2020.

Notes

Term 2024L:

None

Additional information

Additional information (registration calendar, class conductors, localization and schedules of classes), might be available in the USOSweb system:

Description of 2100-CB-M-D2INKR in USOSweb