{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T22:45:19Z","timestamp":1772577919753,"version":"3.50.1"},"reference-count":31,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,11,7]],"date-time":"2024-11-07T00:00:00Z","timestamp":1730937600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,11,7]],"date-time":"2024-11-07T00:00:00Z","timestamp":1730937600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Blavatnik Interdisciplinary Cyber Research Center, Tel Aviv University"},{"DOI":"10.13039\/501100004375","name":"Tel Aviv University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100004375","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Each critical infrastructure and vital service represents a unique instance of a complex socio-technical\u2013economic system. Resilience in complex systems is an emergent behaviour that occurs from interactions between components and is not easily predictable from understanding each component in isolation. Yet, cybersecurity practice and maturity models still focus on the robustness of separate components: organizational units, firms, or IT applications. Such a fundamental mismatch between theory and tools is among the causes of pervasive cyber insecurity. We introduce the sectoral capability maturity model to enable a comprehensive improvement of systemic resilience. The promoting global cyber resilience for sectors cyber-capability maturity model incorporates the science of complex systems, cybersecurity frameworks, and two decades of CIP operations experience. The model was successfully applied in resilience assessment projects in a dozen countries. Real-life experience emphasizes the benefits of the sectoral approach to cyber resilience: creating feedback loops within the sector, integrating supply chain and third-party risks, facilitating information flows between stakeholders, enabling cooperation with and among ministries, departments and other authorities, weighting in the links and processes between actors in cybersecurity issues. The established value of the sectoral approach calls for applications that will improve the resilience of essential services while lowering sector-wide cybersecurity expenditures.<\/jats:p>","DOI":"10.1007\/s10207-024-00910-3","type":"journal-article","created":{"date-parts":[[2024,11,7]],"date-time":"2024-11-07T18:32:00Z","timestamp":1731004320000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["PROGRESS: the sectoral approach to cyber resilience"],"prefix":"10.1007","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5198-233X","authenticated-orcid":false,"given":"Lior","family":"Tabansky","sequence":"first","affiliation":[]},{"given":"Eynan","family":"Lichterman","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,11,7]]},"reference":[{"key":"910_CR1","unstructured":"Allen, J., Mehravari, N.: How to be a better consumer of security maturity models. In: Carnegie Mellon University, Software Engineering Institute (SEI). (2014) https:\/\/apps.dtic.mil\/sti\/tr\/pdf\/ADA614299.pdf"},{"issue":"6","key":"910_CR2","doi-asserted-by":"publisher","first-page":"068701","DOI":"10.1103\/PhysRevLett.93.068701","volume":"93","author":"M Argollo de Menezes","year":"2004","unstructured":"Argollo de Menezes, M., Barab\u00e1si, A.L.: Separating internal and external dynamics of complex systems. Phys. Rev. Lett. 93(6), 068701 (2004). https:\/\/doi.org\/10.1103\/PhysRevLett.93.068701","journal-title":"Phys. Rev. Lett."},{"issue":"2","key":"910_CR3","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1038\/s42254-023-00676-y","volume":"6","author":"O Artime","year":"2024","unstructured":"Artime, O., Grassia, M., De Domenico, M., Gleeson, J.P., Makse, H.A., Mangioni, G., Perc, M., Radicchi, F.: Robustness and resilience of complex networks. Nat. Rev. Phys. 6(2), 114\u2013131 (2024). https:\/\/doi.org\/10.1038\/s42254-023-00676-y","journal-title":"Nat. Rev. Phys."},{"issue":"5439","key":"910_CR4","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1126\/science.286.5439.509","volume":"286","author":"A-L Barab\u00e1si","year":"1999","unstructured":"Barab\u00e1si, A.-L., Albert, R.: Emergence of scaling in random networks. Science 286(5439), 509\u2013512 (1999). https:\/\/doi.org\/10.1126\/science.286.5439.509","journal-title":"Science"},{"issue":"7291","key":"910_CR5","doi-asserted-by":"publisher","first-page":"1025","DOI":"10.1038\/nature08932","volume":"464","author":"SV Buldyrev","year":"2010","unstructured":"Buldyrev, S.V., Parshani, R., Gerald Paul, H., Stanley, E., Havlin, S.: Catastrophic cascade of failures in interdependent networks. Nature 464(7291), 1025\u20131028 (2010). https:\/\/doi.org\/10.1038\/nature08932","journal-title":"Nature"},{"key":"910_CR6","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1093\/oxfordhb\/9780198800682.013.16","volume-title":"The Oxford Handbook of Cyber Security","author":"P Cornish","year":"2021","unstructured":"Cornish, P.: The deterrence and prevention of cyber conflict. In: Cornish, P. (ed.) The Oxford Handbook of Cyber Security, pp. 273\u2013294. Oxford University Press (2021). https:\/\/doi.org\/10.1093\/oxfordhb\/9780198800682.013.16"},{"issue":"11","key":"910_CR7","doi-asserted-by":"publisher","first-page":"2441","DOI":"10.1111\/risa.13166","volume":"38","author":"C Curt","year":"2018","unstructured":"Curt, C., Tacnet, J.-M.: Resilience of critical infrastructures: review and analysis of current approaches. Risk Anal. 38(11), 2441\u20132458 (2018). https:\/\/doi.org\/10.1111\/risa.13166","journal-title":"Risk Anal."},{"key":"910_CR8","unstructured":"Fell, J., de Vette, N., Gard\u00f3, S., Klaus, B., Wendelborn, J.: Towards a Framework for Assessing Systemic Cyber Risk. November. (2022) https:\/\/www.ecb.europa.eu\/press\/financial-stability-publications\/fsr\/special\/html\/ecb.fsrart202211_03~9a8452e67a.en.html"},{"issue":"7590","key":"910_CR9","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1038\/nature16948","volume":"530","author":"J Gao","year":"2016","unstructured":"Gao, J., Barzel, B., Barab\u00e1si, A.-L.: Universal resilience patterns in complex networks. Nature 530(7590), 307\u2013312 (2016). https:\/\/doi.org\/10.1038\/nature16948","journal-title":"Nature"},{"key":"910_CR10","unstructured":"Hathaway, M., Demchak, C., McArdle, J., Spidalieri, F.: Cyber Readiness Index (CRI) 2.0. In: Great Falls, VA: Potomac Institute for Policy Studies. (2015)"},{"key":"910_CR11","unstructured":"Hathaway, M E., Spidalieri, F.: Global overview of existing cyber capacity assessment tools (GOAT). In: Global Forum on Cyber Expertise (GFCE). (2021)"},{"key":"910_CR12","unstructured":"Hathaway, M E., Spidalieri, F.: Integrating cyber capacity into the digital development agenda. In: Global Forum on Cyber Expertise (GFCE). (2021)"},{"issue":"1","key":"910_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11424-006-0001-z","volume":"19","author":"JH Holland","year":"2006","unstructured":"Holland, J.H.: Studying complex adaptive systems. J. Syst. Sci. Complex. 19(1), 1\u20138 (2006). https:\/\/doi.org\/10.1007\/s11424-006-0001-z","journal-title":"J. Syst. Sci. Complex."},{"issue":"4","key":"910_CR14","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1504\/IJCIS.2015.07384","volume":"11","author":"PF Katina","year":"2015","unstructured":"Katina, P.F., Keating, C.B.: Critical infrastructures: a perspective from systems of systems. Int. J. Crit. Infrastruct. 11(4), 316\u2013344 (2015). https:\/\/doi.org\/10.1504\/IJCIS.2015.07384","journal-title":"Int. J. Crit. Infrastruct."},{"issue":"5","key":"910_CR15","doi-asserted-by":"publisher","first-page":"1201","DOI":"10.1016\/j.respol.2018.12.010","volume":"48","author":"AA Lashitew","year":"2019","unstructured":"Lashitew, A.A., van Tulder, R., Liasse, Y.: Mobile phones for financial inclusion: What explains the diffusion of mobile money innovations? Res. Policy 48(5), 1201\u20131215 (2019). https:\/\/doi.org\/10.1016\/j.respol.2018.12.010","journal-title":"Res. Policy"},{"key":"910_CR16","doi-asserted-by":"publisher","unstructured":"Mcjunkin, T., Rieger, C G.:Electricity distribution system resilient control system metrics. In: Conference: 2017 Resilience Week (RWS). (2017) https:\/\/doi.org\/10.1109\/RWEEK.2017.8088656","DOI":"10.1109\/RWEEK.2017.8088656"},{"key":"910_CR17","unstructured":"Miller, J H., Page. S E.: Complex adaptive systems: an introduction to computational models of social Life. In: STU-Student edition. Princeton University Press. (2007) https:\/\/www.jstor.org\/stable\/j.ctt7s3kx"},{"key":"910_CR18","doi-asserted-by":"publisher","DOI":"10.1093\/oso\/9780198805090.001.0001","volume-title":"Networks","author":"M Newman","year":"2018","unstructured":"Newman, M.: Networks. Oxford University Press, Oxford (2018). https:\/\/doi.org\/10.1093\/oso\/9780198805090.001.0001"},{"key":"910_CR19","doi-asserted-by":"publisher","unstructured":"OECD: Digital Security and Resilience in Critical Infrastructure and Essential Services. (2019) https:\/\/doi.org\/10.1787\/a7097901-en.","DOI":"10.1787\/a7097901-en"},{"key":"910_CR20","unstructured":"Oxford Cybersecurity Capacity Maturity Model for Nations (CMM). In. 2021. University of Oxford, Global Cyber Security Capacity Centre. (2021)"},{"issue":"11","key":"910_CR21","doi-asserted-by":"publisher","first-page":"2688","DOI":"10.1016\/j.physa.2013.01.023","volume":"392","author":"GA Pagani","year":"2013","unstructured":"Pagani, G.A., Aiello, M.: The power grid as a complex network: a survey. Physica A 392(11), 2688\u20132700 (2013). https:\/\/doi.org\/10.1016\/j.physa.2013.01.023","journal-title":"Physica A"},{"issue":"2","key":"910_CR22","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1093\/icc\/dtz049","volume":"29","author":"A Pelletier","year":"2019","unstructured":"Pelletier, A., Khavul, S., Estrin, S.: Innovations in emerging markets: the case of mobile money. Ind. Corp. Chang. 29(2), 395\u2013421 (2019). https:\/\/doi.org\/10.1093\/icc\/dtz049","journal-title":"Ind. Corp. Chang."},{"key":"910_CR23","doi-asserted-by":"publisher","unstructured":"Rieger, C G.: Resilient control systems: practical metrics basis for defining mission impact. In: Conference: 7th International Symposium on Resilient Control Systems. (2014). https:\/\/doi.org\/10.1109\/ISRCS.2014.6900108","DOI":"10.1109\/ISRCS.2014.6900108"},{"issue":"2","key":"910_CR24","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1109\/EMR.2020.3046533","volume":"49","author":"A Shaked","year":"2021","unstructured":"Shaked, A., Tabansky, L., Reich, Y.: Incorporating systems thinking into a cyber resilience maturity model. IEEE Eng. Manage. Rev. 49(2), 110\u2013115 (2021). https:\/\/doi.org\/10.1109\/EMR.2020.3046533","journal-title":"IEEE Eng. Manage. Rev."},{"key":"910_CR25","doi-asserted-by":"publisher","first-page":"e6105872","DOI":"10.1155\/2020\/6105872","volume":"2020","author":"AF Siegenfeld","year":"2020","unstructured":"Siegenfeld, A.F., Bar-Yam, Y.: An introduction to complex systems science and its applications. Complexity 2020, e6105872 (2020). https:\/\/doi.org\/10.1155\/2020\/6105872","journal-title":"Complexity"},{"issue":"1","key":"910_CR26","doi-asserted-by":"publisher","first-page":"16124","DOI":"10.1038\/s41598-020-72771-4","volume":"10","author":"A Smolyak","year":"2020","unstructured":"Smolyak, A., Levy, O., Vodenska, I., Buldyrev, S., Havlin, S.: Mitigation of cascading failures in complex networks. Sci. Rep. 10(1), 16124 (2020). https:\/\/doi.org\/10.1038\/s41598-020-72771-4","journal-title":"Sci. Rep."},{"issue":"10","key":"910_CR27","doi-asserted-by":"publisher","first-page":"945","DOI":"10.1016\/j.telpol.2016.03.001","volume":"40","author":"SL Su\u00e1rez","year":"2016","unstructured":"Su\u00e1rez, S.L.: Poor people's money: the politics of mobile money in Mexico and Kenya. Telecommun. Policy 40(10), 945\u2013955 (2016). https:\/\/doi.org\/10.1016\/j.telpol.2016.03.001","journal-title":"Telecommun. Policy"},{"issue":"2","key":"910_CR28","first-page":"61","volume":"3","author":"L Tabansky","year":"2011","unstructured":"Tabansky, L.: Critical infrastructure protection from cyber threats. Milit. Strateg. Affairs 3(2), 61\u201378 (2011)","journal-title":"Milit. Strateg. Affairs"},{"key":"910_CR29","volume-title":"Cyber-physical Security: Protecting Critical Infrastructure at the State and Local Level","year":"2016","unstructured":"Clark, R.M., Hakim, S. (eds.): Cyber-physical Security: Protecting Critical Infrastructure at the State and Local Level, vol. 3. Springer, Berlin (2016)"},{"key":"910_CR30","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-319-18986-4_5","volume-title":"Cybersecurity in Israel","author":"L Tabansky","year":"2015","unstructured":"Tabansky, L., Israel, I.B.: The Israeli national cybersecurity policy focuses on critical infrastructure protection (CIP). In: Tabansky, L., Israel, I.B. (eds.) Cybersecurity in Israel, pp. 35\u201341. Springer International Publishing, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-18986-4_5"},{"key":"910_CR31","doi-asserted-by":"publisher","DOI":"10.1093\/oso\/9780198821939.001.0001","volume-title":"Introduction to the Theory of Complex Systems","author":"S Thurner","year":"2018","unstructured":"Thurner, S., Klimek, P., Hanel, R.: Introduction to the Theory of Complex Systems. Oxford University Press, Oxford (2018). https:\/\/doi.org\/10.1093\/oso\/9780198821939.001.0001"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00910-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00910-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00910-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T05:16:40Z","timestamp":1739337400000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00910-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,7]]},"references-count":31,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["910"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00910-3","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,7]]},"assertion":[{"value":"16 October 2024","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 November 2024","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"The authors declare full compliance with ethical standards promoted by the journal.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}],"article-number":"18"}}