Beyond SolarWinds: The systemic risks of critical infrastructures, state of play, and future directions

Simone Raponi, Maurantonio Caprolu, Roberto Di Pietro

Research output: Chapter in Book/Report/Conference proceedingConference contribution


The just concluded 16th edition of the World Economic Forum's Global Risks Report has ranked Cybersecurity failure as a significant global threat. This awakening is not surprising, maybe even late, as witnessed by the reliance of large part of critical sectors on the cyber infrastructure during the undergoing pandemic, or like shown by the recent and devastating SolarWinds attacks, whose implications and aftermaths are still to be completely understood. In this paper, we provide several contributions towards the provisioning of a comprehensive, robust, and reliable framework for the cybersecurity of critical infrastructures. In particular, we first revise the scope and definition of critical infrastructures. Later, we expand the introduced concept to capture the modern deployment and operations of critical infrastructures, highlighting their interconnectedness and dependency with the software supply chain. Then, we show how the SolarWinds attack has exploited the defined model to perform one of the most devastating black hat operations ever seen. Finally, we also show some research directions to secure the software supply chain, calling for an approach that necessarily requires the interplay of sound theory, viable solutions, and legislation interventions.
Original languageEnglish (US)
Title of host publicationCEUR Workshop Proceedings
Number of pages12
StatePublished - Jan 1 2021
Externally publishedYes


Dive into the research topics of 'Beyond SolarWinds: The systemic risks of critical infrastructures, state of play, and future directions'. Together they form a unique fingerprint.

Cite this