A Hybrid Risk Management Process for Interconnected Infrastructures

Similar documents
MULTIPLEX Foundational Research on MULTIlevel complex networks and systems

How a common solution for emerging risk management will look like and be applied? - C. Duval G. Deleuze (EDF-R&D, France) V. Cozzani (CONPRICI,

Proposed Curriculum Master of Science in Systems Engineering for The MITRE Corporation

Expression Of Interest

NATO-CCMS PILOT STUDY

MSc(CompSc) List of courses offered in

Foresight Security Scenarios for Prepared Response to the Unplanned: Results from an EU Security Research Project and its Transatlantic Dimension

The SONNETS Innovation Identification Framework

ICT Foresight and Roadmap towards Innovative Applications in the Nordic Countries. Mika Naumanen VTT Technology studies

To be published by IGI Global: For release in the Advances in Computational Intelligence and Robotics (ACIR) Book Series

PRIMATECH WHITE PAPER COMPARISON OF FIRST AND SECOND EDITIONS OF HAZOP APPLICATION GUIDE, IEC 61882: A PROCESS SAFETY PERSPECTIVE

HOMELAND SECURITY & EMERGENCY MANAGEMENT (HSEM)

Network Equilibrium Balancing Act Conference Thursday 8th September 2016

Measuring the Performance of Smart Cities in Europe

Social Innovation 2015: Pathways to Social Change Vienna, November 18 th, Maria Schwarz-Woelzl (ZSI) & Wolfgang Haider (ZSI)

Our position in 2010: life was good and getting better ITOPF 2010

Digital Engineering Support to Mission Engineering

The European Research Council. ERC Monitoring & Evaluation Strategy

Scoping Paper for. Horizon 2020 work programme Societal Challenge 4: Smart, Green and Integrated Transport

Foreword The Internet of Things Threats and Opportunities of Improved Visibility

Enhancing IEA Efforts on Digitalization. Kamel Ben Naceur 5 April 2017 IEA Digitalization and Energy Workshop

Combining two approaches for ontology building

Adaptation and Application of Aerospace and Defense Industry Technologies to the Oil and Gas Industry

Smart Grid Panel Presentation

Engineering Grand Challenges. Information slides

Metrology at NRC Canada:

The marginalisation of cross-cutting issues in CCUS Mission Innovation PRDs

Process Planning - The Link Between Varying Products and their Manufacturing Systems p. 37

Strategic and operational risk management for wintertime maritime transportation system

Dependability in the Information Society: getting ready for the FP6

CONNECTIONS BETWEEN SUSTAINABLE DEVELOPMENT AND THE PROTECTION OF CRITICAL INFRASTRUCTURE

DC Core Internet Values discussion paper 2017

DATA PROTECTION IMPACT ASSESSMENT

Safety and Risk Management

Assessing and Integrating Emerging Technologies

Countering Capability A Model Driven Approach

The Essentials of Pipeline Integrity Management

Software-Intensive Systems Producibility

S&T Stakeholders Conference

Towards a learning based paradigm of the futures research

Participation in standardisation some results from the ResiStand project

CMRE La Spezia, Italy

IoT governance roadmap

Potential areas of industrial interest relevant for cross-cutting KETs in the Electronics and Communication Systems domain

FastPass A Harmonized Modular Reference System for Automated Border Crossing (ABC)

Scoping Paper for. Horizon 2020 work programme Leadership in Enabling and Industrial Technologies Space

Strategic Partner of the Report

IMPLEMENTING HSPD-12: A PROGRAM MANAGER S PERSPECTIVE

The Role of the Communities of Interest (COIs) March 25, Dr. John Stubstad Director, Space & Sensor Systems, OASD (Research & Engineering)

Common Features and National Differences - preliminary findings -

Nicolai Herrmann. Regional Energy 2050: A sustainability-oriented strategic backcasting methodology for local utilities

Enhanced lab-based testing methods and tools

Violent Intent Modeling System

Secure Societies. Pauli Stigell, Pekka Rantala

Integrated Transformational and Open City Governance Rome May

Ground Systems Department

Integrity Management of Offshore Assets

Counterspace Capabilities using Small Satellites: Bridging the Gap in Space Situational Awareness

UNIT-III LIFE-CYCLE PHASES

Modeling Security Decisions as Games

Graduate in Food Engineering. Program Educational Objectives and Student Outcomes

Instrumentation, Controls, and Automation - Program 68

Privacy Management in Smart Cities

History and Perspective of Simulation in Manufacturing.

ISGAN ANNEX 7 SMART GRIDS TRANSITIONS

Taking a broader view

Machine Vision in Austria

TECHNICAL RISK ASSESSMENT: INCREASING THE VALUE OF TECHNOLOGY READINESS ASSESSMENT (TRA)

II. MEASUREMENT OF THE CITY PERFORMANCE EFFICIENCY

Information Communication Technology

Presentation Overview

Roadmapping efforts for research, education and innovation in Cyber Physical Systems

A review of standards for Smart Cities

Evaluation of policies and incentive actions to foster technological innovations in the electricity sector - structuring criteria

Counter-Terrorism Initiatives in Defence R&D Canada. Rod Schmitke Canadian Embassy, Washington NDIA Conference 26 February 2002

Understanding User Needs in Low-Resource Settings for Diagnostics Development

rones-vulnerable-to-terrorist-hijackingresearchers-say/

Uncertainty in CT Metrology: Visualizations for Exploration and Analysis of Geometric Tolerances

CyPhers Project: Main Results

Chemical-Biological Defense S&T For Homeland Security

PILOT STUDIES AS ENABLER FOR THE MARKET INTRODUCTION OF AAL SOLUTIONS Experiences from the Austrian pilot regions

THE USE OF A SAFETY CASE APPROACH TO SUPPORT DECISION MAKING IN DESIGN

ABC-UTC Progress Report

2018 Research Campaign Descriptions Additional Information Can Be Found at

Wolfgang Knoll, Managing Director AIT. Vienna, May 8, 2014

Organisation for Economic Co-operation and Development Global Science Forum. Report on Science and Technology for a Safer Society

Understanding DARPA - How to be Successful - Peter J. Delfyett CREOL, The College of Optics and Photonics

Technology Refresh A System Level Approach to managing Obsolescence

INDUSTRY 4.0. Modern massive Data Analysis for Industry 4.0 Industry 4.0 at VŠB-TUO

Engineered Resilient Systems DoD Science and Technology Priority

Engaging Stakeholders

Technology Roadmapping. Lesson 3

Empirical Research on Systems Thinking and Practice in the Engineering Enterprise

Quantum Technologies Public Dialogue Report Summary

Wind Energy Technology Roadmap

SUMMARY EDITORIAL PULSE PLATFORM COMPONENTS. PULSE Newsletter. Editorial and Platform Components

Thoughts on Reimagining The University. Rajiv Ramnath. Program Director, Software Cluster, NSF/OAC. Version: 03/09/17 00:15

Comments of Shared Spectrum Company

Customising Foresight

Call for contributions

Transcription:

A Hybrid Management Process for Interconnected Infrastructures Stefan Schauer Workshop on Novel Approaches in and Security Management for Critical Infrastructures Vienna, 19.09.2017

Contents Motivation Hybrid Management and the ISO 31000 HyRiM Process Conclusion 19.09.2017 CIP Workshop 2017, Vienna 2

Contents Motivation Hybrid Management and the ISO 31000 HyRiM Process Conclusion 19.09.2017 CIP Workshop 2017, Vienna 3

Motivation assessment and risk management is a core duty for utility providers Utility providers operate critical infrastructures Responsible for the supply of large number of people with different goods Incidents within/affecting utility providers might have huge economic and societal impacts Numerous risk assessment and risk management tools already exist Based on well-established standards and guidelines (e.g., ISO 31000) Often focusing on a specific field (e.g., IT Security ISO 27005, Supply Chain Management ISO 28000, Port Security ISO 20858) Often designed for businesses and not the special requirements of utility providers or critical infrastructures Mostly a matter of best practices 19.09.2017 CIP Workshop 2017, Vienna 4

Motivation Networks operated by utility providers are heavily connected among each other Utility network (e.g., power lines, water pipes, oil pipelines, etc.) Control networks (e.g., SCADA networks, smart grids, etc.) ICT networks (e.g., office networks, communication networks, intranet, etc.) 19.09.2017 CIP Workshop 2017, Vienna 5

Contents Motivation Hybrid Management and the ISO 31000 HyRiM Management Process Conclusion 19.09.2017 CIP Workshop 2017, Vienna 6

ISO 31000 World-wide leading standard for risk management is the ISO 31000 Follows a very generic approach on risk management Ubiquitously applicable on every kind of organisation More specific standards are building on and extending the ISO 31000 (e.g., ISO 27005, ISO 28000, ISO 20858, etc.) ISO 31000 describes a two-tier structure Operative risk management process provides a generic description of the different steps towards risk management Organizational risk management framework required to implement the risk management process within a company In HyRiM we extend the ISO 31000 towards a more mathematically-based approach, including concepts and algorithms developed in the project 19.09.2017 CIP Workshop 2017, Vienna 7

Hybrid Management Requirements of utility providers have changed Number of cyber-physical systems increases (e.g., SCADA networks, Industrial Control Systems) Threats evolve more rapidly and become more complex (e.g., Advanced Persistent Threats APT) Intentional threats became more popular in recent years (e.g., terrorism, cyber-terrorism/hacktivists, espionage, etc.) Threats affecting one part of a utility provider can propagate through the network and affect other, distant parts, too Malware infection on the ICT network might cause the failure of a SCADA system and thus affect the utility network itself Security issue of a SCADA system might give access to business data handled in the ICT network Additionally, utility providers are interconnected and interacting with each other 19.09.2017 CIP Workshop 2017, Vienna 8

Hybrid Management Novel approaches towards security and risk management have to be identified to address these issues Solutions for each network level exist and are applied separately Hybrid risk management methodologies are required, providing a holistic overview (i.e., looking at several networks simultaneously) Interconnections and the related cascading effects need to be considered Sole focus on technical threats and technical solutions is no longer adequate Social engineering is a major aspect in many attack strategies Organizational factors are essential for every security measure or security strategy performed in an organization Security and risk management methodologies explicitly have to take societal factors into account 19.09.2017 CIP Workshop 2017, Vienna 9

Contents Motivation Hybrid Management and the ISO 31000 HyRiM Process Conclusion 19.09.2017 CIP Workshop 2017, Vienna 10

HyRiM Process Ethnographic Studies Establishing the Context Extended Perimeter Communication and Consultation Threat Awareness Architecture Co-Simulation Framework Percolation Theory Game-theoretic Minimization Identification Analysis Evaluation Treatment Physical Surveillance Simulation Agent-based Model Prioritization Optimal Execution Strategy Monitoring and Review Resilience Framework 19.09.2017 CIP Workshop 2017, Vienna 11

Impact and Likelihood Damage (Distribution) Damage (Histogram) 19.09.2017 CIP Workshop 2017, Vienna 12

Ranking & Matrix 19.09.2017 CIP Workshop 2017, Vienna 13

Payoff Matrix 19.09.2017 CIP Workshop 2017, Vienna 14

Contents Motivation Hybrid Management and the ISO 31000 HyRiM Process Conclusion 19.09.2017 CIP Workshop 2017, Vienna 15

Conclusion Utility operators live in a highly uncertain environment More complex and rapidly changing threat landscape Consequences of events are not assessed easily (e.g., cascading effects) Standard risk assessment and risk management process are often not enough Novel risk management process developed in the HyRiM project Extension of the standard ISO 31000 process Strongly relying on qualitative data/information Application of mathematical tools and structured approaches Implementation of game theory to identify optimal mitigation actions Goal is to support the operational and management level to make better decisions 19.09.2017 CIP Workshop 2017, Vienna 16

Identifying and Managing s in Interconnected Utility Networks Stefan Schauer stefan.schauer@ait.ac.at Workshop on Novel Approaches in AIT Austrian Institute of Technology and Security Management Lakeside B10a for Critical Infrastructures 9020 Klagenfurt Vienna, 19.09.2017 Austria

Contents Motivation Management and the ISO 31000 HyRiM Management Process Conclusion BACK-UP: Details on the HyRiM RM Process 19.09.2017 CIP Workshop 2017, Vienna 18

Process Overview Establishing the Context External Context Internal Context Context of the RM Process Criteria of the RM Process Identification Asset Identification Threat Identification Vulnerability Identification Analysis Threat Scenario Definition Consequence Analysis Likelihood Analysis Evaluation Selection Ranking Level Determination Treatment Attack Strategies Defense Strategies Mitigation Actions Implementation Strategy 19.09.2017 CIP Workshop 2017, Vienna 19

Establishing the Context Establishing the Context External Context Internal Context Context of the RM Process Criteria of the RM Process Identify all interrelations with internal and external stakeholders Internal technical, organizational and social aspects (e.g., communication channels, dependencies between different technical and social networks) External interrelations and interdependencies (e.g., external organizations as resource providers or regulatory bodies) Identify the relevant framework for the risk management process Parts of the organization which are covered in the risk management process (e.g., organizational units, depth of the risk assessment process) Criteria to evaluate the significance of a specific risk based on organization s resources, objectives and goals or general characteristics (e.g., definition how the likelihood or the impact of an event is characterized) 19.09.2017 CIP Workshop 2017, Vienna 20

Identification Identification Asset Identification Threat Identification Vulnerability Identification Identify the relevant assets of the organization s infrastructure Based on the internal context (cf. Context Establishment ) Focus on the interconnections between assets Identify all potential threats and respective vulnerabilities affecting the organization s infrastructure Obtain a structured view on all potential threats and vulnerabilities Application of a specific Threat Awareness Architecture Information can/should be collected from different sources External (e.g., existing threat catalogues or online threat databases) Internal (e.g., expert knowledge or information on past incidents) 19.09.2017 CIP Workshop 2017, Vienna 21

Analysis Analysis Threat Scenario Definition Consequence Analysis Likelihood Analysis Identify a fine-grained list of potential threat scenarios Determine the potential consequences for the manifestation of all threat scenarios Quantitative (e.g., using percolation theory or a co-simulation approach) Qualitative (e.g., by experts from within the organization or external advisors) Determine the potential likelihood for the manifestation of all threat scenarios In general fully qualitative estimation supported using information from external sources (e.g., reports containing statistical information on the likelihood of specific events) All information is gathered in histograms or distribution functions Capturing of uncertainty and preventing loss of information 19.09.2017 CIP Workshop 2017, Vienna 22

Analysis Analysis Threat Scenario Definition Consequence Analysis Likelihood Analysis Damage (Distribution) Damage (Histogram) 19.09.2017 CIP Workshop 2017, Vienna 23

Evaluation Evaluation Selection Ranking Level Determination Select a list of most relevant risks (based on threat scenarios) Determine a ranking of the identified risks Ordering according to their respective consequences and likelihood Comparing histograms is non-trivial (novel approach has bee identified) Create a graphical representation and a priority list of the identified risks Each risk is placed within a risk matrix based on its consequences and likelihood s having the most severe consequences together with the highest likelihood are located at the upper right corner of the matrix 19.09.2017 CIP Workshop 2017, Vienna 24

Evaluation Evaluation Selection Ranking Level Determination 19.09.2017 CIP Workshop 2017, Vienna 25

Treatment Treatment Attack Strategies Defense Strategies Mitigation Actions Implementation Strategy Identify the risks that need to be mitigated Usually these are the highest-ranked risks Threat scenarios describe potential attack strategies for these risks Identify possible mitigation actions (defense strategies) to counter the respective attack strategies Reducing the consequences of the specific risk (e.g., by lowering the number of affected assets) Reducing the likelihood of the specific risk (e.g., by making it harder to exploit specific vulnerabilities) Letting a risk vanish completely (e.g., by closing specific vulnerabilities) 19.09.2017 CIP Workshop 2017, Vienna 26

Treatment Treatment Attack Strategies Defense Strategies Mitigation Actions Implementation Strategy Determine the effect of a specific defense strategy on a single attack strategy Rerunning the consequence analysis for the organization s asset structure (assume that the specific defense strategy has been implemented) Evaluate all possible combinations of attack and defense strategies Results are fed into the game-theoretic framework Game-theoretic framework provides an optimal security strategy In general a mixture of the single mitigation actions Describes the different frequencies at which these mitigation actions have to be performed Organizational structure (job scheduling) is required to support the correct implementation of the mitigation actions 19.09.2017 CIP Workshop 2017, Vienna 27

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback