Your SlideShare is downloading. ×
Towards a methodology for a Quantitative (Risk) Assessment of Critical Infrastructures Roberto Filippini, Marcelo Masera I...
Outline <ul><li>Introduction </li></ul><ul><li>Challenges </li></ul><ul><li>Modeling Issues </li></ul><ul><li>Final Remark...
Introduction Critical Infrastructures Assessment? Integration/Operation? Decision making?
Introduction Critical infrastructures  –  Networked – Systems of Systems  Service-oriented   -   available anytime, anywhe...
A Few Features of CI Layered structure Technical-organization-management Decision making Local versus global Failure patho...
Challenges <ul><li>Holism versus Reductionism – which model?  </li></ul><ul><ul><li>The divide and conquer approach vs. th...
Challenges (2) <ul><li>Layered vertical structure – which actors? </li></ul><ul><ul><li>CI are operated at various levels ...
Challenges (3) <ul><li>Diverse attributes – which assessment? </li></ul><ul><ul><li>Conflict of goals: e.g. business vs. s...
Challenges (4) <ul><li>Risk/Emergency management - which inter-dynamics? </li></ul><ul><ul><li>Need to master the full cyc...
“ Building” Knowledge on CI <ul><li>Data    Models    Behavior inference/forecasting </li></ul><ul><ul><li>Operation – h...
Priority Issues <ul><li>The CI behavior under  out-of-normal conditions </li></ul><ul><ul><li>Failure pathologies </li></u...
Modeling Insights 2 1 4 System 1 – Failure at system level 2 – Protection measures  3 – Local diagnostics 4 – Emergency ma...
Modeling Insights (2) Local measures TE Triggering event End states of the infrastructure Emergency management propagation...
Modeling Insights (3) x1 x2 x3 y1 y2 System states may be more or less relevant depending on the perspectives System x Sys...
Final Remarks <ul><li>Overcoming the dualism – reductionism vs. holism </li></ul><ul><li>Overcoming sector-oriented approa...
Final Remarks <ul><li>Need for a modeling formalism (within a solid conceptual framework) which is able to… </li></ul><ul>...
Conclusions <ul><li>Interconnections at large scale of critical infrastructures    risks  </li></ul><ul><ul><li>Poor unde...
Upcoming SlideShare
Loading in...5
×

Towards a methodology for a Quantitative (Risk) Assessment of Critical Infrastructures

506

Published on

Towards a methodology for a Quantitative (Risk) Assessment of Critical Infrastructures

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
506
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • 10/06/10 04:29 PM Page
  • Transcript of "Towards a methodology for a Quantitative (Risk) Assessment of Critical Infrastructures"

    1. 1. Towards a methodology for a Quantitative (Risk) Assessment of Critical Infrastructures Roberto Filippini, Marcelo Masera Institute of Protection and Security of Citizens Joint Research Centre, European Commission Ispra, Italy
    2. 2. Outline <ul><li>Introduction </li></ul><ul><li>Challenges </li></ul><ul><li>Modeling Issues </li></ul><ul><li>Final Remarks and Conclusions </li></ul>
    3. 3. Introduction Critical Infrastructures Assessment? Integration/Operation? Decision making?
    4. 4. Introduction Critical infrastructures – Networked – Systems of Systems Service-oriented - available anytime, anywhere production distribution information technology communications Control Monitoring Data Power supply INTERDEPENDENCIES Society production distribution information technology communications Control Monitoring Data Power supply INTERDEPENDENCIES Society production distribution information technology communications Control Monitoring Data Power supply INTERDEPENDENCIES Society
    5. 5. A Few Features of CI Layered structure Technical-organization-management Decision making Local versus global Failure pathologies Escalation - cascade Diverse metrics Diverse dynamics Cross - borders A pool of diverse branches or a new standalone discipline? Multi-disciplinary System of Systems Networked Service oriented Available anytime-anywhere production distribution information technology communications Society
    6. 6. Challenges <ul><li>Holism versus Reductionism – which model? </li></ul><ul><ul><li>The divide and conquer approach vs. the “emerging behavior” </li></ul></ul>? The single system … Scope : internal dynamics with inputs from “outside” The system of systems Scope : Dependencies and Interdependencies
    7. 7. Challenges (2) <ul><li>Layered vertical structure – which actors? </li></ul><ul><ul><li>CI are operated at various levels </li></ul></ul>Upper levels Scope : managements, business, legal, etc. Slower dynamics Lower levels Scope : physical processes, controls, services Faster dynamics Field System Operation Corporate Inter-corporate Infrastructure x Field System Operation Corporate Inter-corporate Infrastructure y
    8. 8. Challenges (3) <ul><li>Diverse attributes – which assessment? </li></ul><ul><ul><li>Conflict of goals: e.g. business vs. safety </li></ul></ul>Field System Operation Corporate x Infrastructure Field System Operation Corporate y Inter-corporate Dependability Risk Business continuity Service Technical Business National Cross-borders
    9. 9. Challenges (4) <ul><li>Risk/Emergency management - which inter-dynamics? </li></ul><ul><ul><li>Need to master the full cycle from the triggering event to the recovery </li></ul></ul>Recovery Failure Field System Operation Corporate Inter-corporate Infrastructure x Field System Operation Corporate Inter-corporate Infrastructure y Field System Operation Corporate Inter-corporate Infrastructure z
    10. 10. “ Building” Knowledge on CI <ul><li>Data  Models  Behavior inference/forecasting </li></ul><ul><ul><li>Operation – historical data – accidents </li></ul></ul><ul><ul><li>Simulation and experiments </li></ul></ul><ul><ul><li>Analytic Modeling </li></ul></ul>Regulations Policies Procedures Controls Governance framework DATA Modeling Observing Reproducing
    11. 11. Priority Issues <ul><li>The CI behavior under out-of-normal conditions </li></ul><ul><ul><li>Failure pathologies </li></ul></ul><ul><ul><li>Propagation mechanisms </li></ul></ul><ul><ul><li>Cascading/Escalation failures </li></ul></ul><ul><ul><li>Protection measures </li></ul></ul><ul><ul><li>Emergency propagation </li></ul></ul><ul><ul><li>Risk/Emergency management </li></ul></ul><ul><ul><li>“ Disservice” under diverse perspectives </li></ul></ul><ul><ul><li>Technical-operational-organizational </li></ul></ul><ul><ul><li>Resilience </li></ul></ul>How CI reacts Metrics How CI fails
    12. 12. Modeling Insights 2 1 4 System 1 – Failure at system level 2 – Protection measures 3 – Local diagnostics 4 – Emergency management, cross-levels Field 3 Infrastructure TE triggering event Service interruption Operation The failure scenario may affect several levels of the infrastructure
    13. 13. Modeling Insights (2) Local measures TE Triggering event End states of the infrastructure Emergency management propagation throughout the network Local measures TE Triggering event Emergency management Restore End states of the system y Restore End states of the system x Infrastructure x Infrastructure y TIME A failure propagates throughout the network and triggers other events
    14. 14. Modeling Insights (3) x1 x2 x3 y1 y2 System states may be more or less relevant depending on the perspectives System x System y 11 21 31 12 22 32 1) Compound states space : path independent 11 21 31 12 22 32 32 22 32 2) Compound states space: path sensitive
    15. 15. Final Remarks <ul><li>Overcoming the dualism – reductionism vs. holism </li></ul><ul><li>Overcoming sector-oriented approaches </li></ul><ul><ul><li>Filling the gap among technical and organizational views </li></ul></ul><ul><li>Address vulnerabilities </li></ul><ul><ul><li>Focus on interdependencies </li></ul></ul><ul><li>Quantify system attributes </li></ul><ul><ul><li>Operations related – service related – business related </li></ul></ul><ul><li>Support decision making </li></ul><ul><ul><li>Support decisions with data/evidences </li></ul></ul><ul><ul><li>Accommodate “conflicting” strategies </li></ul></ul>
    16. 16. Final Remarks <ul><li>Need for a modeling formalism (within a solid conceptual framework) which is able to… </li></ul><ul><ul><li>Describe the problem </li></ul></ul><ul><ul><li>Account for all the actors </li></ul></ul><ul><ul><li>Provide both static (topological) and dynamic view </li></ul></ul><ul><ul><li>Make it possible abstraction and specialization </li></ul></ul><ul><ul><li>Returning results suited to the decision makers </li></ul></ul>
    17. 17. Conclusions <ul><li>Interconnections at large scale of critical infrastructures  risks </li></ul><ul><ul><li>Poor understanding of overall implications </li></ul></ul><ul><ul><li>Poor coordination of risk/emergency management </li></ul></ul><ul><li>A comprehensive modeling framework is necessary </li></ul><ul><ul><li>Definition of a modeling formalism for infrastructures </li></ul></ul><ul><ul><li>Definition of a framework for the integration of specialized tools </li></ul></ul><ul><li>Basis for R&D roadmap </li></ul><ul><ul><li>Modeling </li></ul></ul><ul><ul><li>Simulation </li></ul></ul><ul><ul><li>Data sets </li></ul></ul><ul><ul><li>Assessment </li></ul></ul><ul><ul><li>Experimental work </li></ul></ul>

    ×