TY - GEN
T1 - Advances in Security Maturity and Architecture Design in Critical Infrastructures
AU - Avila, Henry Paul Tigre
AU - Belesaca, Juan Diego
AU - Astudillo-Salinas, Fabian
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Critical infrastructures such as power grids, water treatment facilities, and gas production plants are increasingly reliant on Industrial Control Systems (ICS). However, these systems are subject to a growing array of sophisticated cyber threats. This paper presents a state-of-the-art review of security maturity frameworks and secure architecture designs tailored for IT/OT environments in critical infrastructure settings. The PRISMA methodology was employed to guide the selection of articles, and the AI-enhanced platform Elicit for peer-reviewed publications in the last 5 years. This yielded 60 pertinent studies. Our analysis identifies a clear preference for modular maturity models, such as the NIST Cybersecurity Framework and DOE's C2M2, to benchmark and advance security posture. At the architectural level, we emphasize fundamental controls, including network segmentation, access proxies, next-generation firewalls, and Zero Trust implemented via SDN. These are integrated with hierarchical layering and active-deception honeypots. We conclude by recommending continuous, context-aware, multidomain risk management schemes to enhance the resilience and reliability of critical infrastructure operations.
AB - Critical infrastructures such as power grids, water treatment facilities, and gas production plants are increasingly reliant on Industrial Control Systems (ICS). However, these systems are subject to a growing array of sophisticated cyber threats. This paper presents a state-of-the-art review of security maturity frameworks and secure architecture designs tailored for IT/OT environments in critical infrastructure settings. The PRISMA methodology was employed to guide the selection of articles, and the AI-enhanced platform Elicit for peer-reviewed publications in the last 5 years. This yielded 60 pertinent studies. Our analysis identifies a clear preference for modular maturity models, such as the NIST Cybersecurity Framework and DOE's C2M2, to benchmark and advance security posture. At the architectural level, we emphasize fundamental controls, including network segmentation, access proxies, next-generation firewalls, and Zero Trust implemented via SDN. These are integrated with hierarchical layering and active-deception honeypots. We conclude by recommending continuous, context-aware, multidomain risk management schemes to enhance the resilience and reliability of critical infrastructure operations.
KW - cybersecurity
KW - frameworks
KW - madurity
KW - security
UR - https://www.scopus.com/pages/publications/105032512842
U2 - 10.1109/ETCM67548.2025.11304365
DO - 10.1109/ETCM67548.2025.11304365
M3 - Contribución a la conferencia
AN - SCOPUS:105032512842
T3 - ETCM 2025 - 9th Ecuador Technical Chapters Meeting
BT - ETCM 2025 - 9th Ecuador Technical Chapters Meeting
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 9th Ecuador Technical Chapters Meeting, ETCM 2025
Y2 - 21 October 2025 through 24 October 2025
ER -