This volume contains the proceedings of the 4th International Workshop on Critical Information Infrastructures Security (CRITIS 2009). The workshopwas held from September 30 to October 2 in the Gunnewig .. Hotel Bristol in Bonn, Germany. TheworkshopwasorganizedbytheFraunhoferInstituteforIntelligent Analysis and Information Systems (IAIS), Sankt Augustin, Germany. CRITIS 2009 continued the series of successful CRITIS Workshops. Com- nies,researchinstitutions,andgovernmentalorganizationsfromallmainareasof critical infrastructures took an active part in supporting CRITIS and we found CRITIS 2009 both exciting and informative. The selected papers addressed a range of key issues and demonstrated the ubiquity and global importance of - formation infrastructures. Each paper had at least three independent technical reviews and we accepted 13 full papers out of 34 submissions. We were very fortunate in having a range of invited speakers that c- ered policy, research and industry perspectives. James Smith from Los Alamos National Laboratory addressed the challenges and achievements in their work on "Large-Scale Modeling and Simulation of Critical Infrastructure.
" Orestis Terzidis, Vice President SAP AG, talked on the "The Internet for Energy: P- spectives and Challenges. " Continuing with the energy theme, Alla Heidenreich, from SIEMENS AG, Corporate Research and Technologies (Germany) provided her insights on the "Secure ICT Infrastructure for the Future Power Grid. " Critical infrastructure protection is an area where an e?ective private-public partnership is required. A government perspective was provided by Michael P- germann, German Ministry of the Interior, who talked on German strategy - garding CIIP.
On Modelling of Inter-dependent Network Infrastructures by Extended Leontief Models.- Critical Infrastructure Protection in Brazil - Threat Identification and Analysis.- Development of Information Security-Focused Incident Prevention Measures for Critical Information Infrastructure in Japan.- Design of a Mobile Agent-Based Adaptive Communication Middleware for Federations of Critical Infrastructure Simulations.- An Alternate Topology Generator for Joint Study of Power Grids and Communication Networks.- Trouble Brewing: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Control Systems.- Optimisation of Critical Infrastructure Protection: The SiVe Project on Airport Security.- Cyber-Critical Infrastructure Protection Using Real-Time Payload-Based Anomaly Detection.- Decision Aid Tool and Ontology-Based Reasoning for Critical Infrastructure Vulnerabilities and Threats Analysis.- Application Filters for TCP/IP Industrial Automation Protocols.- Web Browser Security Update Effectiveness.- State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept.- Towards Early Warning Systems - Challenges, Technologies and Architecture.- CII Protection - Lessons for Developing Countries: South Africa as a Case Study.- Energy Theft in the Advanced Metering Infrastructure.- Current Capabilities, Requirements and a Proposed Strategy for Interdependency Analysis in the UK.- Stochastic Modelling of the Effects of Interdependencies between Critical Infrastructure.