The document discusses challenges in ensuring resilient business services during crises. It proposes the ARTSS approach, which uses capability modeling, digital twins, and pattern management to dynamically adapt services. A conceptual model represents how capabilities are defined and adjusted based on contexts. An example use case applies this to securely govern a campus network. Capabilities are specified and alternative response strategies tested through a digital twin simulation. The approach aims to limit pandemic impacts and facilitate broad adoption of resilient service solutions.

1. 1
VPP: Covid-19 seku mazināšana
16.10.2020
VPP-COVID-2020/1-0009
ARTSS: Advanced
Resilience Technologies
for Secure Service
RTU IEEE Information Technology and
Management Science Conference 2020

2. 2
Outline
• Challenges, principles and objective
• Overview
• Conceptual model
• Use case example
• Conclusion

3. 3
Challenges
• Modern organizations have difficulties in coping with
unforeseen business contexts and their information
systems struggle to provide undisrupted support in
situations for which they have not been initially
designed such as new types of adverse cyber-events,
societal crises or pandemics
• Management of resilient business services requires
the runtime information to continuously react on
external challenges and threats, which cannot be
accomplished in the traditional analyze-design-deploy
cycles of system development
• Broad adoption of such a novel approach to fostering
organizational resilience and capability development
needs to be efficiently supported by knowledge
transfer technologies

4. 4
Principles
• Business ecosystem modeling to map the diverse
actors and their contributions involved in the service
delivery
• Capability management to design and run context
dependent adjustment and management of services
• Digital twins to ensure that the adjustments are
propagated to the service delivery including advanced
visualization of the service ecosystem
• Large volumes of contextual data processing and
management
• Accumulation of reusable crisis response knowledge
in a form of pattern
• Secure and resilient service adoption approach
supported by digital learning material to facilitate
broad-scale adoption of the results

5. 5
Objective
• To elaborate a method extension and
technological solutions for dynamic adaption and
securing of services to limit the impact of the
COVID-19 pandemic and similar crisis situations
by combining big data analysis, digital twins,
knowledge management, and e-learning solutions
• Based on the Capability Driven Development approach
Bērziša et al. (2015) and Sandkuhl & Stirna (2018)

6. 6
Overview

7. 7
Use Cases
• Secure foundational services
• Secure telemedicine service
• Secure remote workplace service
• Secure business services

8. 8
Conceptual Model of the
Approachclass concepts
Service
Adjustment
Pattern
Digital twin
GoalContext Element
Measurable
property
Security concernCapability
Network Node
KPI
*
uses
*
*
uses
*
*
provides
*
*
fulfils
1..*
Has
1..*
Measures
1..*
0..*
Supports
*
*
used for
* *
possesse
*
Adapts
1..*
Provides
data
*
*
Optimizes
*
*
Supports
1..*
0..*
represents
1
1..*
used for
1..*
*

9. 9
Development Procedure
1. Specify capability
1.1. Define capability
1.2. Identify goals and context
1.3. Identify services
2. Identify security and resilience concerns
2.1. Search relevant patterns
2.2. Perform expert analysis
3. Specify resilient response
3.1. Define context ranges and KPI thresholds
3.2. Select adjustments
3.3. Specify twinning concerns
4. Manage resilience
4.1. Set-up digital twin
4.2. Evaluate resilience response
4.3. Invoke adjustments
4.4. Monitor capability delivery

10. 10
Digital Twin

11. 11
Foundational Services
Use Case
Secure Campus Area Network Governance Example

12. 12
Capability Modeling
Goal 3.1
To provide
secure IT
environment
Capability 1
Secure campus
area network
governance
is affected by
Context element 4.1
Device threat
level
Measurable
Property 4.1.1
DNS request
measured by
Measurable
Property 4.1.2
Device log data
measured by
Measurable
Property 4.2.1
Number of online
nodes
Measurable
Property 4.2.2
Global threat level
Measurable
Property 4.3.1
Authorization log
measured by
measured by
measured by
Service 1
Malicious
activity
identification
Measurable
Property 4.1.3
Traffic flow data
measured by
Context element 4.2
Urgency
Context element 4.3
User threat level
Service 2
Incident
resolution
Goal 3.3
To minimize
warnings by
CERT
Goal 3.2
To prevent
security
incidents
KPI 3.3.1
Number of
warnings per
month
KPI 3.4.1
Number of connectivity
related helpdesk
inquiries per month
Goal 3.4
To provide
high
connectivity
KPI 3.4.2
Number of failed
connections per
month
KPI 3.2.2
Incident
resolution
time
KPI 3.2.1
Number
of
incidents
per month
Measurable
Property 4.2.3
Calendarl
measured by
is affected by
is affected by

13. 13
Capability Development
• Services
• Malicious activity identification
• Incident resolution
• Adjustments
• Select response
• Select notification type
• Urgency update
• Digital Twin
Incident resolution digital twin
Device threat level
Urgency
Expected number of
incidents
Urgency update
DOE - range
definition
alternatives
Model –
incident
resolution by
adjustment
Simulator –
Monte-Carlo
simulator
Analysis
dashboard
Number of incidents

14. 14
Digital Twin Based
Experimentation
• Evaluation of alternative ways to evaluate the Urgency context
element as follows:
• The Urgency is set to High for most of the incidents (U1)
• The Urgency levels are uniformly distributed (U2)
• The Urgency is set to Low for most of the incidents (U3)
• A network fragment of 1000 nodes is simulated over a fixed
time period:
1. Start with the first period;
2. Infection of a fraction of the nodes is simulated;
3. The Malicious activity identification service is used to discover the infection.
It can be discovered immediately or in one of the forthcoming time periods.
4. The infected node can infect a random number of other nodes as long as
the incident is not resolved.
5. If the incident is discovered, the Select response adjustment is invoked to
determine the response type;
6. Application of the response mechanism is represented as simulated time
needed to resolve the incident;
7. The expected value of the Number of incidents KPI is evaluated;
8. The process is repeated from Step 2 till the end of the planning horizon.

15. 15
Experimental Results

16. 16
Conclusion
• Capability modeling enables participative
exploration of the problem area
• Digital twin allows fine-tuning and enacting
capability delivery policies
• Patterns are identified by analysing the use cases
• Resuse of the patterns lead to formation of the
ecosystem

17. 17
https://artss.rtu.lv