This briefing discusses the challenge of infrastructure resilience. Security threats to modern societies are significant. How to organizations and societies respond to collapse?
2. 2 / The context
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
Very general, and diverse, definitions of resilience
Confusion between dependability, BCM, …, and resilience
Burgeoning standardisation initiatives in relation to resilience
The idea of extreme shocks is now fully accepted :
«A recent OECD study* analysed whether cyber-incidents could lead to a ‘global shock’ as devastating as
e.g. large-scale pandemics. They concluded that there are a very few cyberevents with the capacity to
provoke a global shock. Although they state that there are many examples where cyber-incidents have
caused a great deal of harm and financial loss, they conclude that the greatest concern for policy makers
are large scale events caused by two different cyber-incidents taking place at the same time or a
cyber-event taking place during another form of disaster or attack. »
P Théron / CRITIS 2011 / Luzern 09-09-2011
In European Parliament (2011) Study Report on “The role of ENISA in contributing to a coherent and enhanced structure of network and information
security in the EU and internationally”. Directorate General for Internal Policies ; Policy Department A: Economic and Scientific Policy ; Industry,
Research and Energy, p21
* OECD (2011) Reducing Systemic Cybersecurity Risk. P. Sommer, I. Brown, IFP/WKP/FGS(2011)
So, the question is : Can we better define the notion of resilience ?
Thales Security Solutions & Services
3. 3 / REST : The REsilience Studies Team
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
P Théron / CRITIS 2011 / Luzern 09-09-2011
REsilience Studies Team (REST) Cyber REsilience Studies Team (CREST)
Goals : To elicit the theoretical underpinnings of resilience in order to build resilient socio-technical systems
Approach : Phenomena dynamics, Social-Ecological Systems, Organisation, Computing Science, Cognition/Psychology
Scope : National, Societal / Territorial, Business, and Critical Infrastructure Resilience
Methods : Literature review, Case studies, Action research, EU & Collaborative projects, Dual experiments, Workshops
Fields : Telecommunications, Energy, Communities, Business, Political regimes, Work collectives, Fire-fighters
Thales Security Solutions & Services
4. 4 / Katrina (August 2005, New Orleans)
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
Alerte Après coup
Evacuation Sécurisation
Refuge Déploiement Incidents
Dernières précautions Préparation des secours
P Théron / CRITIS 2011 / Luzern 09-09-2011
Choc Survie
Dévastation
Paul Théron 2007
Thales Security Solutions & Services
5. 5 / Mann Gulch (August 1949, USA, Montana)
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
Le feu est à 150/200 yards Récupération
Incident
Le feu rattrape les hommes
Défense échec
Dodge ordonne de Le feu va « exploser »
remonter le canyon
Manoeuvre échec
Dodge ordonne de jeter les outils Dodge, Sallee et
Rumsey ont survécu
Dodge “invente” le “contre-feu” ; Survie échec
Sallee et Rumsey se sont réfugiés dans
une crevasse
Effondrement
P Théron / CRITIS 2011 / Luzern 09-09-2011
D’autres Smokejumpers sont très
grièvement blessés
Sauvetage échec
On tente de les secourir…
Destruction
Mais les 12 Smokejumpers ont succombé
Thales Security Solutions & Services
7. P Théron / CRITIS 2011 / Luzern 09-09-2011
7 /
Thales Security Solutions & Services
FEAR
TRAUMA
STRESS
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
First finding on resiliency : what it has to do with
8. 8 / Second finding on resiliency : what it is
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
Fragile pressure
more
pressure pressure
Robust
P Théron / CRITIS 2011 / Luzern 09-09-2011
more
Resilient pressure pressure
surprise
Thales Security Solutions & Services
Yushi Fujita - Resilience Engineering Symposium, October 25-29, 2004, Soderkoping Brunn, Sweden
9. 9 / Third finding on resiliency : why it is needed
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
A crisis-prone
society
Davos report 2011
P Théron / CRITIS 2011 / Luzern 09-09-2011
Rinaldi IEEE Control System Magazine 2001
Complexity from
interdependencies
Thales Security Solutions & Services
10. 10 / Fourth finding on resiliency : how it works
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
Prev / Prot* Preparation
fails Learning
Recovery
Incident
Destabilising circumstances
Planned
fails
response
Overwhelming circumstances
Post-traumatic
Navigation fails
RESILIENCE
Crushing circumstances
Vulnerability Survival fails
P Théron / CRITIS 2011 / Luzern 09-09-2011
Peritraumatic
Collapse RESILIENCE
Fate
Rescue fails
Surprise
Destruction
CRISIS
P Théron (2007-2011) Resilience V-Model
Thales Security Solutions & Services
* Prevention / Protection
11. 11 / Fifth finding on resiliency : How it can be defined
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
« A crisis is an experience of collapse »
Of a socio-technical system’s pillars
Skills & Knowledge #
Crisis
What gives it its capacity to deliver Range of
Control
Modes
Management
Capabilities
Shift in the
Commandment
paradigm
Under the effect of a major shock Creative
adaptation
to
1 4 5
Minor Severe Extreme
Tactical
Incident Shock Shock
Surprise reasoning
Procedured
0 2 3
Defences
Minor Major Severe EMERGENCY : situation in
Defencelessness to
Incident
Management
Event Incident Incident which a socio-technical
Negligible Tolerable Untolerable
Impacts system has to cope with a
Consciousness of a fatal issue situation ranging from a
major incident up to an
Incident
Response Business / System extreme shock (2 5)
Procedures Continuity
Plans Domain of
Business a Usual Emergencies
« Resilience is the aptitude of a socio-technical system to
P Théron / CRITIS 2011 / Luzern 09-09-2011
surmount a crisis »
Getting-by “The ability of a system to provide & maintain an acceptable level of service, in
“The ability of a system to provide & maintain an acceptable level of service, in
face of faults (unintentional, intentional, or naturally caused) affecting normal
face of faults (unintentional, intentional, or naturally caused) affecting normal
Resisting operation”
operation” http://www.enisa.europa.eu/act/res/files/glossary
http://www.enisa.europa.eu/act/res/files/glossary
Resuming “the ability of a system to recover from adversity, either back to its original
“the ability of a system to recover from adversity, either back to its original
state or an adjusted state based on new requirements. Building resilience
state or an adjusted state based on new requirements. Building resilience
Rebounding requires a long-term effort involving reengineering fundamental processes,
requires a long-term effort involving reengineering fundamental processes,
both technical and social.” EC COM(2009)149
both technical and social.” EC COM(2009)149
Thales Security Solutions & Services
# EC - JLS/2008/D1/018 : A study on measures to analyse and improve European emergency preparedness in the field of fixed and mobile telecommunications and Internet
12. 12 / Sixth finding on resiliency : How it is obtained
Awareness
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
Action TR
Resilience requires Decision
Rules & Resource :
-O1: Intelligence See what’s
Manage -O2: Surveillance going on Understand & Anticipate
Trust & Risk on situation
-O3: Reconnaissance
Rules & Resource : Observation Rules & Resource :
-C1: Pre-Crisis Com -I1: Interpretation
-C2: Influence Network -I2: Reckoning & Anticipation
Theory of resilience based on a -C3: CrisCom Design Com&Legal Interpretation -I3: Options Analysis
-C4: MediaCom & HRCom
-C5: Legal Action & Advice TR Rules & Resource :
Model of incidents dynamics Rules & Resource : -M1: Time Margins
-F1: Urgentists Forces Margins -M2: Reserve Infrastructures
-F2: Evacuation & Victims -M3: Reserve Logistics
Model of resilience production -F3: Clearing & Reconstruction
-F4: Emergency Fund
Direction -M4: Support Social Networks
-M5: Intrinsic Robustness
Rules & Resource : -M6: Creativity & Know-How
Act upon -D1: Alarm & Mobilisation -M7: Publics’ Sensitivity & Tolerance
Situation -D2: Strategies & Plans -M8: Publics’ Trust & Liking
-D3: Decision-Making Procedures -M9: Financial & Legal Freedom
-D4: Chain of Command
Pilot
Emergency Preparation Process TR : Tactical Reasoning
Action
-D5: Chain of Control
-D6: Communications & Interoperability
Manoeuvre to regain
Initiative
Collaborative
GOVERNM ENT SERVICES
#
Continuous Improvement Loop 1
Incident
P Théron / CRITIS 2011 / Luzern 09-09-2011
infos STKs coordination 8
infos Alarm
4
Emergency Response Organisation NSIE
5
RAS /
TERC
6
Alarm 5
CIWIN
Tactical Decision Making Alarm
infos
Report Alarm
NSM DB
Co-operative Processes 2 IRM
3
3 EP
7 CERTs / TIERSs
11 NFEP
Measures 9
Resilience Capabilities infos
REGULATOR 10 Report
12
ENISA
Thales Security Solutions & Services
# EC - JLS/2008/D1/018 : A study on measures to analyse and improve European emergency preparedness in the field of fixed and mobile telecommunications and Internet
13. 13 / Seventh finding on resiliency : frameworks that could yield it
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
DIRECTIONS
EPGM
Requirements Needs
RESPONSE ERFW EEPC GUIDANCE & SUPPORT
Strategic collaboration
Lessons Guidelines level
EPFW
STANDARDISATION
PREPARATION
Emergency Preparation
GOVERNMENTS Guidelines
Activities
(re-)Assessment
Lesson Learning
Certification
P Théron / CRITIS 2011 / Luzern 09-09-2011
and sharing
& AS Policy Making
&
Monitoring
Strategy
LL PO
Exercising PG
&
Programme
Elaboration Programme Management
of
Testing
EX Management EL level
Measures
STAKEHOLDERS
ED EC - JLS/2008/D1/018 : A study on measures to analyse
Education &
and improve European emergency preparedness in the
Dissemination of good practices field of fixed and mobile telecommunications and Internet
Governance : Emergency Preparedness Governance Model (EPGM)
Achievement targets : Emergency Response Framework (ERFW)
Process : Emergency Preparation Framework (EPFW)
Thales Security Solutions & Services
15. 15 / Conclusions of the time…
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
Progress in the industry is currently led by a deficit of knowledge
A burgeoning field of research but…
A new, still ill-understood, topic in a complex context
A silo mentality not helped by…
A fundamental institutional inertia
A window of opportunity for the most active lobbies leading to…
A burst of standardisation initiatives despite…
A fundamental lack of proper underlying models of resilience
This may lead authorities and the industry to take inappropriate decisions
We need more inter-disciplinary, cross-industry, research
P Théron / CRITIS 2011 / Luzern 09-09-2011
Analysis of major incidents and lesson learning in relation to resilient responses
Characterisation of major cyber shocks
Resilience Management Frameworks
Synergies between RM disciplines : safety, security, BCM, crisis management
More real-world studies based on new models (ex for modelling interdependencies :
new factors, real-life / real-size systems, real-life incident fine grained data)…
Thales Security Solutions & Services
16. Thank you for your attention !
paul.theron@thalesgroup.com
Thales Security Solutions & Services
17. 17 / Recent Bibliography
Informations confidentielles / propriété de Thales. Tous droits réservés. / Thales confidential / proprietary information. All rights reserved
Theron P. (2009c) Resilience, Incident Reporting and Exercises. Measuring Resilience – the Next Challenge. ENISA
Quarterly Review Vol. 5, No. 4, December 2009
European Commission - DG JLS (2011) Study EC JLS/2008/D1/018: A study on measures to analyse and improve
European emergency preparedness in the field of fixed and mobile telecommunications and Internet.
http://ec.europa.eu/information_society/policy/nis/strategy/prep_study/index_en.htm
ENISA (2011) Enabling and managing end-to-end resilience. ENISA's website
ENISA (2011) National Risk Management Preparedness. http://www.enisa.europa.eu/act/rm/working-
group/WG%20NRPM%202010
Théron P (2011) Un nouveau paradigme pour l’étude des crises et de la résilience sociétale. Cahiers de la sécurité –
n°15 – janvier - mars 2011
P Théron / CRITIS 2011 / Luzern 09-09-2011
Thales Security Solutions & Services