European critical infrastructures: which analysis framework for supporting effective decision making?


Published on


Joint Research Centre, European Commission

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

European critical infrastructures: which analysis framework for supporting effective decision making?

  1. 1. European Critical Infrastructures: Which analysis framework for supporting effective decision making? Sala Flüela, Wednesday 28/08, 8:30-10:00• A resilience based analysis framework for critical infrastructures protection, Georgios Giannopoulos, EU-JRC, Ispra, Italy• Critical infrastructure disruptions: a generic system dynamic approach for decision support, Thomas Münzberg, KIT, Institute for Nuclear and Power Technology, Karlsruhe, Germany• Security and safety of cross border infrastructure, Sergio Olivero, SiTI, Instituto Superiore sui Sistemi Territoriali per l’innovazione, Torino, Italy• Decision making for resilience in critical infrastructure governance, Center for Security Studies, ETH, Zurich, Switzerland
  2. 2. A resilience based analysis frameworkfor critical infrastructures protectionGeorgios Giannopoulos – Roberto FilippiniEuropean CommissionJoint Research CentreInstitute for the Protection and Security of the CitizenSecurity Technology Assessment UnitISPRA, Italy Serving society Stimulating Supporting legislation
  3. 3. Directive 2008/114/ECCouncil Directive of 8 December 2008 on theidentification and designation of European criticalinfrastructures and the assessment of theneed to improve their protectionEuropean Critical Infrastructure (ECI)….means critical infrastructure located in Member States thedestruction or disruption of which would have a significantimpact on at least two Member StatesECI must satisfy both:Cross-cutting criteria: casualties, economic effects, publiceffectsSectoral Criteria have been established for Transport andEnergy sectors
  4. 4. From policy to research• Scope • Interconnected systems => large-scale engineering, socio-technical systems => modern infrastructures (ICT, power grids, transport, etc…)• Features  Geographically distributed, cross-borders  Multi sectors, heterogeneous  Aggregated rather than designed on purpose  Evolving/adjusting to demand  … => from complex systems to… systems of systems
  5. 5. High level requirements of analysisframework• Which user?  Operators and decision makers• Which system analysis?  comprehensive, overcoming sector specific boundaries, at affordable computation overhead• Which outcome?  Criticalities and vulnerabilities  System response and resilience  Trade-off local versus global risks  Synergies with other analysis tools
  6. 6. A resilience based analysis framework: Why?Resilience is the ability of a system of • Resilience Vs. reliabilitypreventing, withstanding, reacting and Broader scope => therecovering from failures. system may fail and then recoverPrevention => state awareness + preparedness • Resilience Vs. controlReaction => activate defenses and resources More encompassing =>Recovery => restore back to initial conditions Controls are also of non- functional nature • Resilience Vs. risk Failure assessment Complementary => resilience may (or not) Prevent React Recover Time meet risk requirements
  7. 7. 5 6 4 3 5 6 4 32 2 1 1System architecture The dependency graphGas + PS + Controls + TX + Functional dependenciesDistribution + Communication
  8. 8. Why functional dependencies• Account for general relationships  Producer/consumer, provider/user, controller/controlled• Overcome specific sector diversities  A functional dependency is a-dimensional• Capture essential network semantic  Representing nominal operation set-up  Support failure analysis => provide directions of failures
  9. 9. Structural analysis• Structural properties => Criticalities and vulnerabilities  How to identify most critical nodes?  How to identify most vulnerable nodes?  How many interdependencies are established for a given node?• Structural metrics => Coupling factors  How strict a node is coupled to the others (average distance)?  …
  10. 10. Structural properties 5 6 5 6 5 6 4 3 4 3 4 3 2 2 2 1 1 1Criticality Vulnerability InterdependencyNode 2 is critical Node 2 is Loop 3,4,5,6to 3,4 directly vulnerable from 15,6 indirectly
  11. 11. Resilience analysis• Qualitative analysis => model checking  Do they exist failure scenarios that cannot be recovered?• Quantitative analysis => deterministic or probabilistic  Is a system resilient to disturbance?  Is a network resilient to disturbance?  Are the measures in place sufficient to resist/recover?  …
  12. 12. Qualitative Resilience Analysis• Concurrent event sequence diagram1. Initiating event -> the node failure2. Next event within the set of failure (F) and recovery (R) enabled events3. Scenario building up to the end state Recoverable scenarios Recoverable/time bounded Non recoverable scenarios Transient behavior
  13. 13. Concurrency and indeterminism 5 6 4 3 2 1 5 6Example of concurrent event diagram 4 3Concurrency among events and indeterminism 2Two possible scenarios are identified 1
  14. 14. Quantitative Resilience Analysis1. Deterministic  System response to a given disturbance profile2. Stochastic  Distribution of system response for a given disturbance profile=> Sensitivity analysis to 1 and 2  Sensitivity to a single node failure  Sensitivity to model parameters  Sensitivity to more node failures => attack scenarios!
  15. 15. Quantitative Resilience Analysis (2)• The model => discrete event system  Every node is given a binary state variable X = [0,1]• Model parameters  Operation drift  Service thresholds  Buffering and time to recovery  Disturbance profile => which node and duration
  16. 16. Failure 4 and recovery 6 are r = x1 + x2 + x3 + x4 concurrentSimulation of scenarios (deterministic)Resilience is the sum of the node’s states (1 is functioning) in the loop 3, 4, 5 and 6.Timing of concurrent events matters! Is this matter of design, or coordination (control)
  17. 17. Resilience and Risk assessment• Estimate of consequences• Evaluation of the likelihood Transient behavior Estimate costs for the duration of the service disruption, for each node affected
  18. 18. System of systems 5 6 1 Modeling language 4 3 2 2 Dependency network 13 Structural analysis 4 Resilience analysis Risk assessment Deterministic Stochastic 5 Resilience informed design 6 Integrate… Other analyses
  19. 19. Conclusions• The basic ideas  Develop a methodology in which all relevant players in a interconnected infrastructure are included within the same analysis framework  Focus on functional dependencies -> dependency network  Define simple mechanisms of failure/recovery  Analysis of structural properties and resilience• The way forward => Resilience informed design  Reduce/control system variability  Resilience control paradigm, cross-sector and intra-dependencies  Decision making at high level through resilience scenarios prioritization