Securing critical infrastructure has emerged in recent years not only as a result of the threat of cyber war, but also due to real attacks that targeted, for example, Estonia, Russia, Georgia and other countries, and even malware outbreaks such as Stuxnet and Duku. Nonetheless, the focus of the security community in terms of protecting nation-critical assets is traditionally placed mainly on the network perimeter, ignoring to a large extent the increased risk of insecure software. In addition, during the past years a number of Fortune 100 companies, including Defense Contractors, faced severe industrial espionage attacks and consecutive data leakage of classified information.
Recent surveys indicate that government applications demonstrate increased vulnerabilities and at the same time elevated risk, as they store and process critical information such as PII, health information and national security data, and furthermore operate critical systems. Moreover, most SCADA (supervisory control and data acquisition) systems are Internet-connected and thus vulnerable to a wide range of network attacks. Latest theoretical evidence and vast amounts of empirical data indicate a rise in similar attacks in both quantity and sophistication. Therefore most modern societies characterise the protection of e-goverment sites and SCADA systems as critical to their national security.
This special issue aims to focus on the resilience and assurance of e-government applications, services and procedures, and to report relevant research and experiences from operational case studies.
More specifically, original unpublished research articles and case studies are sought covering various disciplines pertinent to security and privacy of e-government applications and relevant cross-domain research, including risks, threats and countermeasures. The focus of the special issue will be on research papers, case studies, experience reports and impact/efficiency assessments based on operational findings from secure e-government implementations with considerable impact and learning potential.
Suitable contributions include but are not limited to:
- Research papers on security and privacy of e-government applications and services, based on (but not limited to) the following themes:
- Cyberwar, cyberterrorism and cyber-defence
- Security and privacy concerns regarding e-government applications, services and data storage
- Threat modelling, vulnerability analysis and security and privacy testing of e-government applications and services
- Countermeasures for e-government security and privacy vulnerabilities
- e-Government application and service development for security and privacy
- Security and privacy aspects of new/emerging online, mobile and offline technologies and paradigms for e-government applications and services
- Intrusion detection/prevention systems for e-government applications and services
- Business risks of e-government application and service security and privacy
- Social and economic aspects of e-government security and privacy
- Security and privacy metrics for e-government applications and services
- e-Government security and privacy awareness and education
- Operational case studies of security and privacy for e-government applications and services with considerable impact. For each case, the following information should be provided: description of case; problem addressed and solution achieved; policy context and strategy; security and privacy aspects of the solution; evaluation of effectiveness and impact assessment; results and lessons learnt.
Deadline for paper submission: 10 December, 2012
Notification of review results: 30 January, 2013
Submission of revised manuscripts: 30 March, 2013