Skip to main content

Research Repository

Advanced Search

Security Threats to Critical Infrastructure: The Human Factor

Ghafir, Ibrahim; Saleem, Jibran; Hammoudeh, Mohammad; Faour, Hanan; Prenosil, Vaclav; Jaf, Sardar; Jabbar, Sohail; Baker, Thar

Security Threats to Critical Infrastructure: The Human Factor Thumbnail


Ibrahim Ghafir

Jibran Saleem

Mohammad Hammoudeh

Hanan Faour

Vaclav Prenosil

Sardar Jaf

Sohail Jabbar

Thar Baker


In the 21st century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g., nurses in healthcare, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g., firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, amongst others.

Journal Article Type Article
Acceptance Date Mar 20, 2018
Online Publication Date Mar 26, 2018
Publication Date Oct 31, 2018
Deposit Date Mar 21, 2018
Publicly Available Date Mar 29, 2018
Journal Journal of Supercomputing
Print ISSN 0920-8542
Electronic ISSN 1573-0484
Publisher Springer
Peer Reviewed Peer Reviewed
Volume 74
Issue 10
Pages 4986-5002
Keywords Critical Infrastructure Security, Security Awareness, Cyber Security Training, Work Based Security Training, Security Threats Against Critical Infrastructure
Public URL
Related Public URLs


Published Journal Article (Advance online version) (1.1 Mb)

Publisher Licence URL

Copyright Statement
Advance online version © The Author(s) 2018. This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (, which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

You might also like

Downloadable Citations