Call Girls in Dwarka Mor Delhi Contact Us 9654467111
European critical infrastructures: which analysis framework for supporting effective decision making?
1. European Critical Infrastructures: Which analysis
framework for supporting effective decision
making? Sala Flüela, Wednesday 28/08, 8:30-10:00
• A resilience based analysis framework for critical infrastructures
protection, Georgios Giannopoulos, EU-JRC, Ispra, Italy
• Critical infrastructure disruptions: a generic system dynamic
approach for decision support, Thomas Münzberg, KIT, Institute for
Nuclear and Power Technology, Karlsruhe, Germany
• Security and safety of cross border infrastructure, Sergio Olivero,
SiTI, Instituto Superiore sui Sistemi Territoriali per l’innovazione, Torino,
Italy
• Decision making for resilience in critical infrastructure
governance, Center for Security Studies, ETH, Zurich, Switzerland
2. A resilience based analysis framework
for critical infrastructures protection
Georgios Giannopoulos – Roberto Filippini
European Commission
Joint Research Centre
Institute for the Protection and Security of the Citizen
Security Technology Assessment Unit
ISPRA, Italy Serving society
Stimulating innovation
www.jrc.ec.europa.eu Supporting legislation
3. Directive 2008/114/EC
Council Directive of 8 December 2008 on the
identification and designation of European critical
infrastructures and the assessment of the
need to improve their protection
European Critical Infrastructure (ECI)
….means critical infrastructure located in Member States the
destruction or disruption of which would have a significant
impact on at least two Member States
ECI must satisfy both:
Cross-cutting criteria: casualties, economic effects, public
effects
Sectoral Criteria have been established for Transport and
Energy sectors
4. From policy to research
• Scope
• Interconnected systems => large-scale engineering, socio-technical
systems => modern infrastructures (ICT, power grids, transport, etc…)
• Features
Geographically distributed, cross-borders
Multi sectors, heterogeneous
Aggregated rather than designed on purpose
Evolving/adjusting to demand
…
=> from complex systems to… systems of systems
5. High level requirements of analysis
framework
• Which user?
Operators and decision makers
• Which system analysis?
comprehensive, overcoming sector specific boundaries, at affordable
computation overhead
• Which outcome?
Criticalities and vulnerabilities
System response and resilience
Trade-off local versus global risks
Synergies with other analysis tools
6. A resilience based analysis framework:
Why?
Resilience is the ability of a system of • Resilience Vs. reliability
preventing, withstanding, reacting and Broader scope => the
recovering from failures. system may fail and then
recover
Prevention => state awareness + preparedness • Resilience Vs. control
Reaction => activate defenses and resources More encompassing =>
Recovery => restore back to initial conditions Controls are also of non-
functional nature
• Resilience Vs. risk
Failure
assessment
Complementary =>
resilience may (or not)
Prevent React Recover Time
meet risk requirements
7. 5 6
4 3
5 6
4 3
2
2
1 1
System architecture The dependency graph
Gas + PS + Controls + TX + Functional dependencies
Distribution + Communication
8. Why functional dependencies
• Account for general relationships
Producer/consumer, provider/user, controller/controlled
• Overcome specific sector diversities
A functional dependency is a-dimensional
• Capture essential network semantic
Representing nominal operation set-up
Support failure analysis => provide directions of failures
9. Structural analysis
• Structural properties => Criticalities and vulnerabilities
How to identify most critical nodes?
How to identify most vulnerable nodes?
How many interdependencies are established for a given node?
• Structural metrics => Coupling factors
How strict a node is coupled to the others (average distance)?
…
11. Resilience analysis
• Qualitative analysis => model checking
Do they exist failure scenarios that cannot be recovered?
• Quantitative analysis => deterministic or probabilistic
Is a system resilient to disturbance?
Is a network resilient to disturbance?
Are the measures in place sufficient to resist/recover?
…
12. Qualitative Resilience Analysis
• Concurrent event sequence diagram
1. Initiating event -> the node failure
2. Next event within the set of failure (F) and recovery (R) enabled events
3. Scenario building up to the end state
Recoverable scenarios
Recoverable/time bounded
Non recoverable scenarios
Transient behavior
13. Concurrency and
indeterminism
5 6
4 3
2
1
5 6
Example of concurrent event diagram 4 3
Concurrency among events and indeterminism 2
Two possible scenarios are identified
1
14. Quantitative Resilience Analysis
1. Deterministic
System response to a given disturbance profile
2. Stochastic
Distribution of system response for a given disturbance profile
=> Sensitivity analysis to 1 and 2
Sensitivity to a single node failure
Sensitivity to model parameters
Sensitivity to more node failures => attack scenarios!
15. Quantitative Resilience Analysis (2)
• The model => discrete event system
Every node is given a binary state variable X = [0,1]
• Model parameters
Operation drift
Service thresholds
Buffering and time to recovery
Disturbance profile => which node and duration
16. Failure 4 and recovery 6 are
r = x1 + x2 + x3 + x4
concurrent
Simulation of scenarios (deterministic)
Resilience is the sum of the node’s states (1 is functioning) in the loop 3, 4, 5 and 6.
Timing of concurrent events matters! Is this matter of design, or coordination (control)
17. Resilience and Risk assessment
• Estimate of consequences
• Evaluation of the likelihood
Transient behavior
Estimate costs for the duration of
the service disruption, for each
node affected
18. System of systems
5 6
1 Modeling language
4 3
2 2 Dependency network
1
3 Structural analysis 4 Resilience analysis Risk assessment
Deterministic Stochastic
5 Resilience informed design
6 Integrate…
Other analyses
19. Conclusions
• The basic ideas
Develop a methodology in which all relevant players in a interconnected
infrastructure are included within the same analysis framework
Focus on functional dependencies -> dependency network
Define simple mechanisms of failure/recovery
Analysis of structural properties and resilience
• The way forward => Resilience informed design
Reduce/control system variability
Resilience control paradigm, cross-sector and intra-dependencies
Decision making at high level through resilience scenarios prioritization