Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastructures
1. !
Towards a Safe, Secure Society!
- Resilience and IT Risks in Social Infrastructures -
Contact: Dr. Sven WOHLGEMUTH – DAAD Postdoctoral Scholar at the Digital Content and Media Sciences Research Division
TEL : 03-4212-2594 FAX : 03-3556-1916 (c/o Prof. Dr. Echizen) E-mail : wohlgemuth@nii.ac.jp WWW: www.nii.ac.jp/jeisec
Social Infrastructures and ICT
ICT as a Basic Infrastructure of Social Infrastructures
• In 2050, 70% of the world population will live in cities (UN)
• Cities face major challenges like logistic bottlenecks, pollution,
employment, elderly society, education, public security, …
• ICT supports cities' social infrastructures by making service
processes, security measures, and coordination activities more
efficient: observe, evaluate, coordinate, and optimize status and
flows of a city (e.g. resources and people)
• Social infrastructures are protected against expected threats
from crime, terrorism, and natural disasters
But: What about risks from unexpected, inevitable threats?
Resilience and IT Risks in Social Infrastructures
Resilient ICT: Transparency by Evidences
Isao EchizenSven Wohlgemuth Noboru Sonehara
National Institute of Informatics, Tokyo, JP"
A Min Tjoa
Vienna University of Technology, A"
Social infrastructures
Securitydomain
ofEconomy
Securitydomain
ofEmployment
Securitydomain
ofEnergy
Securitydomain
ofElderlySociety
Securitydomain
ofEducation
Employment
Elderly
Society
Education
Energy
Criteria for Resilient ICT
Economy
Resilience: Resistance against attacks + Mitigate attacks
(prevent & protect + respond & recover)
Equilibrium
• ICT still has to provide its services and data according to the protection
goals of IT-Security (confidentiality, integrity, availability)
• Availability: Replace failed ICT services on-demand by similar ICT services
But: On-demand flexibility of ICT raises new risks due granting access
to "outsider" of a security domain
Günter Müller
University of Freiburg, D"
Transparency by Evidences
• Possibility to understand and restore all ICT states at anytime
• Enable to monitor ICT systems and to identify indirect
relationships between ICT services
• No central point of control/coordination
• Evidences indicates an ICT system's state transition differing from
target states
Research Areas
Resilient Risk Assessment (RA1)
Resilient ICT Services (RA2)
Resilient ICT Infrastructure (RA3)
Technical
Human Legal
et al.
Interferences
1. Identification of
basic services
2. Identification of
risk scenarios
3. Usage control
mechanisms
4. Evaluation of
evidences
Risks
Interferences Interferences
Risks RisksRisks
5. Process re-engineering
Approach
- New processes
- Modified processes
2) Consequences
Economy
Employment
Elderly
Society
Education
Energy
Social infrastructures
- Crime, terrorism, and natural disasters
- Damages/Failure of ICT services
1) Unexpected, inevitable Interferences by
- Cascading interferences
- Interoperability
3) Additional Risk: "Outsider" becomes "Insider"
- Controllability
- Non-availability of services/data
- Non-authorized access to
services/data
- Incorrect data
4) Resultant Interferences by
- Privacy violation
- Physical damages
ICT