Authors: Arniyati Ahmad, Christopher Johnson, Timothy Storer

Abstract:

Cyber exercises used to assess the preparedness of a community against cyber crises, technology failures and Critical Information Infrastructure (CII) incidents. The cyber exercises also called cyber crisis exercise or cyber drill, involved partnerships or collaboration of public and private agencies from several sectors. This study investigates Organisation Cyber Resilience (OCR) of participation sectors in cyber exercise called X Maya in Malaysia. This study used a principal based cyber resilience survey called CSuite Executive checklist developed by World Economic Forum in 2012. To ensure suitability of the survey to investigate the OCR, the reliability test was conducted on C-Suite Executive checklist items. The research further investigates the differences of OCR in ten Critical National Infrastructure Information (CNII) sectors participated in the cyber exercise. The One Way ANOVA test result showed a statistically significant difference of OCR among ten CNII sectors participated in the cyber exercise.

Keywords: Critical Information Infrastructure, Cyber Resilience, Organisation Cyber Resilience, Reliability Test.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1107786

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2176

References:

[1] Hashim, M. S. Malaysia’s National Cyber Security Policy
[2] Bodeau, D., & Graubart, R. (2013, November). Intended effects of cyber resiliency techniques on adversary activities. In Technologies for Homeland Security (HST), 2013 IEEE International Conference on (pp. 7-11). IEEE.
[3] Bodeau, D., & Graubart, R. (2011). Cyber Resiliency Engineering Framework.
[4] Boin, A., & McConnell, A. (2007). Preparing for critical infrastructure breakdowns: the limits of crisis management and the need for resilience. Journal of Contingencies and Crisis Management, 15(1), 50-59
[5] Caralli, R. A., Allen, J. H., Curtis, P. D., White, D. W., & Young, L. R. (2010, August). Improving Operational Resilience Processes: The CERT Resilience Management Model. In Social Computing (SocialCom), 2010 IEEE Second International Conference on (pp. 1165-1170). IEEE.
[6] Cavelty, M. D. (2007). Critical information infrastructure: vulnerabilities, threats and responses. In Disarmament Forum (Vol. 3, pp. 15-22).
[7] Conklin, A., & White, G. B. (2006, January). E-government and cyber security: the role of cyber security exercises. In System Sciences, 2006. HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on (Vol. 4, pp. 79b-79b). IEEE.
[8] Dzazali, S., Sulaiman, A., & Zolait, A. H. (2009). Information security landscape and maturity level: Case study of Malaysian Public Service (MPS) organizations. Government Information Quarterly, 26(4), 584- 593.
[9] Glorioso, A., & Servida, A. (2012). Infrastructure sectors and the information infrastructure. In Critical Infrastructure Protection (pp. 39- 51). Springer Berlin Heidelberg.
[10] Government Launches National Cyber Crisis Management Policy and Mechanism, http://vsdaily.com/tag/x-maya-5/.Accessed January 18, 2013).
[11] Hernantes, J., Lauge, A., Labaka, L., Rich, E., Sveen, F. O., Sarriegi, J. M., & Gonzalez, J. J. (2011, January). Collaborative modeling of awareness in Critical Infrastructure Protection. In System Sciences (HICSS), 2011 44th Hawaii International Conference on (pp. 1-10). IEEE.
[12] Kwak, Y. H., Chih, Y., & Ibbs, C. W. (2009). Towards a comprehensive understanding of public private partnerships for infrastructure development. California Management Review, 51(2), 51-78.
[13] Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), 471-476.
[14] Pallant, J. (2013). SPSS survival manual. McGraw-Hill International.
[15] Santos, J. R. A. (1999). Cronbach’s alpha: A tool for assessing the reliability of scales. Journal of extension, 37(2), 1-5.
[16] Setola, R., De Porcellinis, S., & Sforna, M. (2009). Critical infrastructure dependency assessment using the input–output inoperability model. International Journal of Critical Infrastructure Protection, 2(4), 170-178.
[17] Solansky, S. T., & Beck, T. E. (2009). Enhancing community safety and security through understanding interagency collaboration in cyberterrorism exercises. Administration & Society, 40(8), 852-875.
[18] White, G. B., Dietrich, G., & Goles, T. (2004, January). Cyber security exercises: testing an organization's ability to prevent, detect, and respond to cyber security events. In System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on (pp. 10-pp). IEEE.
[19] World Economic Forum, Partnering for Cyber Resilience, Risk and Responsibility in a Hyper connected World, March 2012
[20] X Maya 3: Benchmarking the National Cyber Crisis Management Plan. http://www.cybersecurity.my/en/knowledge_bank/news/2010/main/detai l/1906/index.htm. (Accessed in February 12, 2013).
[21] Yunos, Z., Hafidz Suid, S., Ahmad, R., & Ismail, Z. (2010, August). Safeguarding Malaysia's critical national information infrastructure (CNII) against cyber terrorism: Towards development of a policy framework. In Information Assurance and Security (IAS), 2010 Sixth International Conference on (pp. 21-27). IEEE.