|
Sandra König, & Stefan Schauer. (2019). Cascading Threats in Critical Infrastructures with Control Systems. In Z. Franco, J. J. González, & J. H. Canós (Eds.), Proceedings of the 16th International Conference on Information Systems for Crisis Response And Management. Valencia, Spain: Iscram.
Abstract: Critical infrastructures (CIs) increase in complexity due to numerous dependencies on other CIs but also due to the ongoing digitalization in the industry sector. This yields an increased risk of failure of a single CI as the overall systems gets very fragile and sensitive to errors Failure of a single component may affect large parts of an infrastructure due to cascading effects. One way to support functionality of a CI is the use of Industrial Control Systems (ICS) that allow monitoring remote sites and controlling processes. However, this is an additional source for threats as recent cyber-attacks have shown. Further, the additional information for such cyber systems is often not efficiently combined with existing information on the physical infrastructure. We here propose a method to combine these two sources of information in order to estimate the impact of a security incident on CIs, taking into account cascading effects of threats. An implementation of the model allows simulation of the dynamics inside a CI and yields a record of the status of each asset of the CI. The way the assets change their states illustrates the consequences of an incident on the entire CI. Visualization of the results provides an overview on the situation of the entire CI at a certain point of time and a sequence of such visualization over an entire period of time illustrates the changes over time. The results from this analysis may be used to support security officers in analyzing the current (hybrid) state of their CI in case of an incident and thus increase the hybrid situational awareness.
|
|
|
Laura Petersen, Eva Horvath, & Johan Sjöström. (2019). Evaluating Critical Infrastructure Resilience via Tolerance Triangles: Hungarian Highway pilot case study. In Z. Franco, J. J. González, & J. H. Canós (Eds.), Proceedings of the 16th International Conference on Information Systems for Crisis Response And Management. Valencia, Spain: Iscram.
Abstract: While accepted as part of critical infrastructure (CI) resilience, no consensus exists on how to measure the exact
minimum level of service or the rapidity of rapidly restoring services. The H2020 European project IMPROVER
(Improved risk evaluation and implementation of resilience concepts to critical infrastructure) suggests to use the
public?s declared tolerance levels for both minimum level of service and rapidity of service restoration as criteria
with which to evaluate if the resilience of a given CI is resilient enough. This paper demonstrates the development
of a questionnaire-based methodology to determine public tolerance levels. It then tests this methodology via a
pilot case study at IMPROVER?s Hungarian Highway Living Lab. The paper argues that public tolerance levels
are a reasonable choice for resilience evaluation criteria and demonstrates that the questionnaire-based
methodology permits one to evaluate public perception in such a way as to compare it to technical resilience
analyses.
|
|
|
Axel Dierich, Katerina Tzavella, Neysa Jacqueline Setiadi, Alexander Fekete, & Florian Neisser. (2019). Enhanced Crisis-Preparation of Critical Infrastructures through a Participatory Qualitative-Quantitative Interdependency Analysis Approach. In Z. Franco, J. J. González, & J. H. Canós (Eds.), Proceedings of the 16th International Conference on Information Systems for Crisis Response And Management. Valencia, Spain: Iscram.
Abstract: Critical Infrastructure (CI) failures are aggravated by cascading effects due to interdependencies between
different infrastructure systems and with emergency management. Findings of the German, BMBF-funded
research project ?CIRMin? highlight needs for concrete assessments of such interdependencies. Driven by
challenges of limited data and knowledge accessibility, the developed approach integrates qualitative
information from expert interviews and discussions with quantitative, place-based analyses in three selected
German cities and an adjacent county.
This paper particularly discusses how the mixed methods approach has been operationalized. Based on
anonymized findings, it provides a comprehensive guidance to interdependency analysis, from survey and
categorization of system elements and interrelations, their possible mutual impacts, to zooming into selected
dependencies through GIS mapping. This facilitates reliably assessing the need for maintenance of critical
functionalities in crisis situations, available resources, auxiliary powers, and optimization of response time.
|
|
|
Sandra König. (2019). Choosing Ways to Increase Resilience in Critical Infrastructures. In Z. Franco, J. J. González, & J. H. Canós (Eds.), Proceedings of the 16th International Conference on Information Systems for Crisis Response And Management. Valencia, Spain: Iscram.
Abstract: Increasing resilience is a core interest in critical infrastructure (CI) protection that involves many challenges. It is necessary to agree on a common understanding of resilience and identify potential strategies to improve it.
Once this is done, the question arises how to choose among these strategies. We propose to decide based on a game-theoretic framework that allows identification of optimal actions under various scenarios. This framework considers different threat scenarios as attacks to the CI and the identified strategies to improve resilience as defense strategies for the CI. Since the payoff of the game, namely the resilience of the CI, can hardly be measured with certainty we choose an extension of classical game theory that allows taking uncertainty into account and still finds provably optimal solutions. This approach is especially useful in a situation where we aim to optimize a quantity that is difficult to measure (such as resilience). The result of this analysis is two-fold: it identifies an optimal defense but also provides information about the resilience in the worst case. The approach is illustrated with a small example using a publicly available implementation.
|
|
|
Aurélie Congès, Frédérick Bénaben, Olivier Pierre, Francis Savic, Olivier Chabiron, & Matthieu Lauras. (2019). On the usage of Virtual Reality for Crisis Management exercises in Critical Industrial Sites. In Z. Franco, J. J. González, & J. H. Canós (Eds.), Proceedings of the 16th International Conference on Information Systems for Crisis Response And Management. Valencia, Spain: Iscram.
Abstract: EGCERSIS is a starting research program aiming at defining a virtual collaborative training space for crisis management. It should provide the users (first and second aid, firefighters, etc.) with a way to virtually perform operational and strategic tasks of crisis management in digital twins of critical infrastructures. The training system is structured according to four main components: (i) protocol and tools for digital twins generation, (ii) scenario editor dedicated to defining crisis use-cases within the modeled digital twins, (iii) integration with the technological crisis management platform (RIO-Suite), and (iv) monitoring component in charge of the continuous edition of dashboards (real-time and afterward). The main expected benefit of the EGCERSIS program is to create a breakthrough in the way training and exercises are performed in critical sites.
|
|