Unlocking Cyber Resilience in Industrial Environments: Five Principles
The OT environment is fundamental for ensuring the continuation of industrial operations that keep global economies and infrastructures running. To improve OT environment security, the World Economic Forum in collaboration with partners from the electricity, manufacturing, and oil and gas industries, has developed a list of guiding principles. Combined with a set of best practices, these aim to help cyber leaders ensure a cyber resilient OT environment for uninterrupted and efficient business operations.
This paper provides guidelines to ensure cybersecurity in the operational technology (OT) environment, at a time of increasing digitalization and convergence of the OT and IT (information technology) environments. Free Access here.
"European Commission’s Cybersecurity Package - Commentary in light of recent sophisticated supply chain attacks" was published in June 2021 through the World Economic Forum.
In the light of a changing cyber threat landscape in Europe, the European Commisson proposed a new Cybersecurity package at the end of 2020.The new package contains proposals for 
Cyber Resilience in the Electricity Ecosystem: Playbook for Boards and Cybersecurity Officers in June 2020. The
Tasked by the Armed Forces of Germany, Guido Gluschke contributed to the final report of the NATO IST-152 research group on autonomous agents for cyber defense titled "Autonomous Intelligent Cyber-defense Agent (AICA) Reference Architecture". This report - a major revision of its previous release - describes a reference architecture for intelligent software agents performing active, largely autonomous cyber-defense actions on military networks of computing and communicating devices. The report is produced by the North Atlantic Treaty Organization (NATO) Research Task Group (RTG) IST-152 "Intelligent Autonomous Agents for Cyber Defense and Resilience".
The report evaluates existing information and academic literature regarding the attribution of cyber incidents. More precisely, it focuses on an appropriate framework for the creation of an international body tasked to perform independent, objective and transparent attribution of significant/major cyber-attacks on a global scale.
This report was sponsored by the German Federal Foreign Office and written by Marco Macori, ISS research fellow, with input provided by Guido Gluschke, ISS co-director. ISS’ publications do not necessarily reflect the opinions of its sponsors.
Guido Gluschke and Marco Macori contributed to a research paper on "Cybersecurity of NATO’s Space-based Strategic Assets" by Chatham House. Almost all modern military engagements rely on space-based assets, but cyber vulnerabilities can undermine confidence in the performance of strategic systems. The paper evaluates the threats, vulnerabilities and consequences of cyber risks to strategic systems.
Please visit this page for a report overview and the full report:
On 13 February 2019 the new WEF report on Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards was released. Guido Gluschke and Kristina Sander were part of the expert group at the WEF which worked on the report.
Marco Macori contributed to a new paper on Securing Democracy in Cyberspace by the Berlin-based think tank Stiftung neue Verantwortung (SNV). The paper analyses three aspects and based upon the results, it proposes specific recommendations to protect against election interference.
Those recommendations can be adopted by various countries and specifically applied to their unique modern election process and geopolitical situation.
Guido Gluschke, Prof. Dr. Mesut Hakkı Caşin, Marco Macori (Eds.)
This reader deals with cyber security policies in the context of critical infrastructure protection. Experts of various nationalities and backgrounds have contributed. Topics include cyber security for nuclear power plants, the future of nuclear energy security, cyber security education and training for CIP, threat intelligence for CIP, the importance of public-private partnerships in CIP, understanding NATO’s new CIP policies, as well as the threat of cyber terrorism.
The book can be downloaded for free using this link:
This paper by ISS research fellow Kristina Sander aims to elaborate the development of confidence- building measures (CBMs) in cyber after outlining traditional CBMs and their origin in the last century. Furthermore, the challenges for confidence-building in cyber, derived from the attribution of cyber-attacks, geographical linking of boundaries in cyber space, and the unequal capabilities of nation states are discussed.
Marco Macori, ISS research fellow, participated in the first Transatlantic Cyber Forum Workshop 
The report "Cyber Security in the Energy Sector" Recommendations for the European Commission on a European Strategic Framework and Potential Future Legislative Acts for the Energy Sector" by the Energy Expert Cyber Security-Expert Group of the European Commission (EESCP-Expert Group) was published. Guido Gluschke, ISS co-director, was part of the expert group. This report proposes a strategic framework for the energy sector with the target to address the challenges found in the energy sector and in nuclear energy. The overall objectives are to secure energy systems that are providing essential services to the European society and to protect the data in the energy systems and the privacy of the European citizens. The recommendations for the European Commission given in this report targets to provide the set-up and frameworks that allow an efficient, holistic and effective cyber security treatment in the European Union.
Guido Gluschke, ISS co-director, participated in the launch event for the new NTI Report "Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities" at the invitation of NTO on December 7, 2016, in Vienna/Austria. The report takes a fresh look at cybersecurity at nuclear facilities and offers a set of ambitious, forward-leaning priorities and recommendations. Mr. Gluschke was part of NTI's international experts group regarding the report.
Please visit this web page for a report overview and the full report:
Chatham House London, the Royal Institute of International Affairs, has published a report on the issue of cyber security at civil nuclear facilities. Mr. Guido Gluschke, ISS Co-Director, was a member of the report Steering Committee. The report finds that the trend to digitization, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks. The findings are drawn from 18 months of research and 30 interviews with senior nuclear officials at plants and in government in Canada, France, Germany, Japan, the UK, Ukraine and the US. The report cites 50 incidents globally of which only a handful have been made public.
Please visit this page for a report overview and the full report:
In 2013 the International Nuclear Security Education Network (INSEN) published the textbook "Cyber Security for Nuclear Security Professionals".
Guido Gluschke and several other ISS staff members co-authored it.
Copyright © 2013 INSEN
This IAEA publication provides guidance specific to nuclear facilities on implementing a computer security programme and evaluating existing programmes. The use of computer systems to cover an increasing range of functions at nuclear facilities introduces new vulnerabilities that could seriously endanger nuclear security if not addressed in a rigorous and balanced manner. Digital systems are increasingly being introduced in safety, safety related and security systems throughout facilities. Non-availability or malfunction of these systems can seriously impact nuclear safety and security, and potentially facilitate sabotage of the facility and/or theft of material. Computer security must, therefore, be a key component of overall facility security.
Please visit this page for the full publication:
