A Multi-Layered Cybersecurity Model for ERP Systems Supporting National Critical Infrastructure: Threats, Challenges, and Solutions
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V5I1P110Keywords:
ERP Security, National Critical Infrastructure, Cybersecurity Framework, Zero Trust Architecture, Blockchain, Intrusion Detection Systems (IDS)Abstract
Enterprise resources Planning (ERP) systems have become essential infrastructural pillars of transactions in both governmental and commercial industries, but particularly among components of the national critical infrastructure (NCI), which entail energy, defence, transportation, and healthcare. ERP digitalization and its combination with the IoT, cloud, and AI technology have only increased their exposure to advanced cyber threats. The following paper would suggest a multi-tier cybersecurity framework in NCI domains, which would target ERP-based systems. The model also combines preventive, detective, and corrective controls at the physical, network, application, and data layers. Due to the comprehensive analysis, it categorizes the threat vectors, looks at the legacy ERP security challenges, and gives the solutions utilizing Zero Trust Architecture, anomaly detection using AI, blockchain integrity to ensure access security, and role-based access controls. We test the model within simulated environments of attacks and represent the results, showing noticeable advancements in threat mitigation. The paper concludes by stating that there should be constant surveillance and security measures that are dynamically modified. This multilayered strategy will guarantee the system and business sustainability, operational resilience, and international cybersecurity regulations
Downloads
References
[1] Nurse, J. R., Buckley, O., Legg, P. A., Goldsmith, M., Creese, S., Wright, G. R., & Whitty, M. (2014, May). Understanding insider threat: A framework for characterizing attacks. In 2014, IEEE Security and Privacy Workshops (pp. 214-228). IEEE.
[2] Maglaras, L., Janicke, H., & Ferrag, M. A. (2022). Cybersecurity of critical infrastructures: Challenges and solutions. Sensors, 22(14), 5105.
[3] González-Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security information and event management (SIEM): analysis, trends, and usage in critical infrastructures. Sensors, 21(14), 4759.
[4] Stafford, V. (2020). Zero trust architecture. NIST special publication, 800(207), 800-207.
[5] Saltzer, J. H., & Schroeder, M. D. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278-1308.
[6] Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19-31.
[7] National Institute of Standards and Technology (NIST). Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1). NIST, April 16, 2018.
[8] Nwafor, M. C., Okezie, C. C., & Azubogu, A. C. O. (2018). Design and Implementation of a Multi-Layered Security Enterprise Resource Planning (ERP) System for Mission Critical Applications. J. Comp. ICT, 11, 71-84.
[9] Chinta, P. C. R. (2020). A Deep Learning Architecture for Enhancing Cyber Security Protocols in Big Data Integrated ERP Systems. Journal of Artificial Intelligence and Big Data, 1(1), 10-31586.
[10] Goel, S., Kiran, R., & Garg, D. (2012). Vulnerability management for an enterprise resource planning system. arXiv preprint arXiv:1209.6484.
[11] Moore, C. (2023). AI-powered big data and ERP systems for autonomous detection of cybersecurity vulnerabilities. Nanotechnology Perceptions, 19, 46-64.
[12] Ashraf, H., Alenezi, M., Nadeem, M., & Javid, Y. (2019). Security Assessment Framework for Educational ERP Systems. International Journal of Electrical and Computer Engineering, 9(6), 5570.
[13] Hong, J. B., & Kim, D. S. (2016). Towards scalable security analysis using multi-layered security models. Journal of Network and Computer Applications, 75, 156-168.
[14] Khan, M., Naz, T., & Medani, M. A. H. (2019). A multi-layered security model for a learning management system. International Journal of Advanced Computer Science and Applications, 10(12).
[15] Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero trust architecture (ZTA): A comprehensive survey. IEEE Access, 10, 57143-57179.
[16] Ruefle, R., Dorofee, A., Mundie, D., Householder, A. D., Murray, M., & Perl, S. J. (2014). Computer Security Incident Response Team Development and Evolution. IEEE Security & Privacy, 12(5), 16-26.
[17] Chen, L. (2011). Analyzing and developing role-based access control models (Doctoral dissertation, Royal Holloway, University of London).
[18] Mishra, A. P., Dublish, M., & Kumar, D. (2022). Cybersecurity application in ERP implementation. J. Pharm. Negat. Results, 13, 2507-2522.
[19] Khan, S., Parkinson, S., & Crampton, A. (2017, December). A multi-layered cloud protection framework. In Companion Proceedings of the 10th International Conference on Utility and Cloud Computing (pp. 233-238).
[20] ISO/IEC. ISO/IEC 27001:2022 — Information technology — Security techniques — Information security management systems — Requirements. ISO, 2022.
[21] Thirunagalingam, A. (2022). Enhancing Data Governance through Explainable AI: Bridging Transparency and Automation. Available at SSRN 5047713.
