Next Article in Journal
Maintain a Better Balance between Performance and Cost for Image Captioning by a Size-Adjustable Convolutional Module
Next Article in Special Issue
FLRAM: Robust Aggregation Technique for Defense against Byzantine Poisoning Attacks in Federated Learning
Previous Article in Journal
Hybrid Model Predictive Control with Penalty Factor Based on Image-Based Visual Servoing for Constrained Mobile Robots
Previous Article in Special Issue
Better Safe Than Sorry: Constructing Byzantine-Robust Federated Learning with Synthesized Trust
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 12
Issue 14
10.3390/electronics12143185
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Vulnerability Identification and Assessment for Critical Infrastructures in the Energy Sector

Electronics 2023, 12(14), 3185; https://doi.org/10.3390/electronics12143185
by Nikolaos Nikolaou 1, Andreas Papadakis 1,2,*, Konstantinos Psychogyios 1,* and Theodore Zahariadis 1,3
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Reviewer 4:
Denis V. Makarov
Electronics 2023, 12(14), 3185; https://doi.org/10.3390/electronics12143185
Submission received: 26 June 2023 / Revised: 13 July 2023 / Accepted: 20 July 2023 / Published: 22 July 2023
(This article belongs to the Special Issue Recent Advances and Challenges in IoT, Cloud and Edge Coexistence)

Round 1

Reviewer 1 Report

This paper concerns cybersecurity of critical infrastructure and hence is needed and timely. The authors have considered vulnerability management in energy sector. I generally support publication of this paper subject to following  minor revision:

1. The authors mention in a number of places CVSS. However, in the text I could not find any actual application of CVSS. Have I overlooked something or is it really the case? If it is so then I would suggest that the authors a bit more careful with how in the text they refer to CVSS not to make a wrong impression that CVSS is a part of the work. Otherwise, the authors need to give more details on how and where CVSS was implemented. Which version of CVSS was considered 2.0 or 3.x? Was only base score considered? Was a standard CVSS vulnerability scanner used? If so then which one?

2. English requires a minor revision. For instance in conclusions the first sentence is very long and its grammar is questionable. 

English requires a minor revision. For instance in conclusions the first sentence is very long and its grammar is questionable. 

Author Response

Pls see uploaded doc. 

Author Response File: Author Response.pdf

Reviewer 2 Report

A summary 

The manuscript presents a current topic of ongoing research in the field of vulnerability identification and assessment in the specific energy sector.

But the goal of the article is not formulated for the readers.

The main contribution and strength of the article are in the description of an innovative proposal, the Cybersecurity Vulnerability Identification and Assessment Tool (CVIAT). This article complements the efforts of professionals to address vulnerability issues within risk management in the researched area.

General concept comments

The manuscript is very well prepared, it is clear and relevant to the field of Identification and assessment of weaknesses in the risk assessment process for the energy sector.

The manuscript is scientifically based on the design of the Cybersecurity Vulnerability Identification and Assessment Tool (CVIAT), which is suitable for testing the proposed solution for vulnerability identification and assessment.

The authors processed a detailed search of the relevant literature to solve the problem 30 cited references are current and relevant.

The problem-solving methodology and results of the manuscript are reproducible based on the details provided in the manuscript for other users. The authors present the design, model data, and STIX-based interoperability functionality.

The results are supported by 13 figures and 5 tables that are convenient and present the data. Data are interpreted throughout the manuscript in a reasonable and comprehensible manner. The authors also appropriately used knowledge from the reference base and the current state of the art in the investigated area of critical infrastructure protection.

In my opinion, the conclusions of the solution to the problem are consistent with the presented evidence and arguments. The manuscript presents the results and demonstrates an innovative shift in favor of the further development of the concept in the energy sector.

I found no ethical misconduct.

The results of the study contribute to the solution of the agenda. Modeled data and results demonstrate the feasibility of the proposed concept.

I recommend the manuscript for MINOR revisions and subsequent finalization for publication in a journal.

Minor revisions

I have no significant comments. To improve the quality of the study, I recommend:

In the Abstract section, line 22:

Write the full text of the abbreviation: Research and Technology Development (RTD) projects.

In the Introduction, line 41:

Formulate the aim of the article and research questions to which the authors seek and verify answers, or hypotheses to be confirmed or rejected.

In the Conclusion, line 580:

I recommend supplementing the authors' statement about the advantage of the proposed solution and tool compared to previous scientific studies and works by other authors.

 

Author Response

Pls see uploaded doc. 

Author Response File: Author Response.pdf

Reviewer 3 Report

In my opinion authors should modify/clarify the following issues:

 

#1) Page 2. Line 81. Please do not use acronyms in the section title

#2) Page 3. Line 93. For the sake of clarity, please discuss the Figure 1 in the main text

#3)  Page 6. Line 264. For the sake of clarity, please discuss the Figure 3 in the main text

#4) Page 7. Line 303. Please place equations numbers at the right edge.

#5) Page 8. Line 330. CVIAT acronym was defined in line 49. Please use the always the acronym after the first definition.

#6) Page 9. Line 374. The size of text in figures is so small, for the sake of clarity, please increase it.

 

#7) Page 18. Line 641. Reference section. This section must be carefully revised according to journal template instructions. For instance, the journal name must be in italics and authors must use the journal abbreviation name, the year must be in bold and the journal volume in italics. In addition, delete “Volume” and “pg”. 

 

  

Author Response

Pls see uploaded doc. 

Author Response File: Author Response.pdf

Reviewer 4 Report

The authors study the problem of vulnerability identification and assessment in energy systems. It is a definitely actual problem. They develop a classification scheme for vulnerabilities that could serve as a base for an integrated system of risk assessment and mitigation. In the author's approach, all vulnerabilities are divided into three classes referred to as Physical, Cyber and Human/Organisational. All the identified vulnerabilities are associated with certain asset classes.
In my opinion, the paper can be published after the following issues are addressed:

1. The paper lacks proper survey on existing approaches.

2. The author's analysis is too abstract. In fact the efficiency of any risk management system is mainly determined by how it functions under critical conditions. Without testing the system in critical situations, it is very difficult to judge whether it provides a suitable basis or not.

3. The vulnerability "Insifficiently trained personnel" looks too indefinite.

Author Response

Pls see uploaded doc. 

Author Response File: Author Response.pdf

Round 2

Reviewer 4 Report

The manuscript can be published.

Back to TopTop