An approach to modelling and mitigating infrastructure interdependencies

of Internet-oriented infrastructure systems, such as web server compounds, is reasonably well understood. Although it is not completely mastered (for example, denial of service is still a research subject), it is receiving adequate attention. However, such is not the case with the problem of resilience of critical utility infrastructures, such as energy transport networks (electricity, gas), telecommunication, water, etc. This problem is not completely understood, mainly due to the hybrid composition of these infrastructures [1]. The process control of utility infrastructures is based on SCADA (Supervisory Control and Data Acquisition) systems which yield the operational ability to acquire data, supervise and control whatever is the business in question (electricity, water, gas, telecomm). However, they also have interconnections to the standard corporate intranets, and hence indirectly to the Internet (e.g., remote access via dedicated or public networks). The aforementioned SCADA systems were classically not designed to be widely distributed and remotely accessed, let alone be open. They grew-up standalone, closed, not having security in mind. However, several wide area monitoring systems (WAMS), protection and control systems, implementing special protection schemes over the power transmission network, etc. are emerging whose architecture is based on open communication infrastructures. Such a trend towards open communication systems, is in line with other industrial automation systems that rely ever more on standardized hardware, software and communication components. Whilst it seems non-controversial that such an approach brings a certain level of threat, namely but not only through interference, we know of no work that has tried to equate the problem by defining a model of “modern utilities distributed systems architecture”. We believe that evaluation work on such a model will let us learn about activity patterns of interdependencies that will reveal the potential for far more damaging fault/failure scenarios than those that have been anticipated up to now. Moreover, such a model will be highly constructive as well, for it will form a structured framework for: conceiving the right balance between prevention and removal of vulnerabilities and attacks, and tolerance of remaining potential intrusions and designed-in faults. In fact, this evolution led to the inevitable: access to operational networks such as remote SCADA systems, ended up entangled with access to corporate intranets and public Internet, without there being computational and resilience models that understand (

[1]  Gene Tsudik,et al.  New multiparty authentication services and key agreement protocols , 2000, IEEE Journal on Selected Areas in Communications.

[2]  Benjamin A Carreras,et al.  Complex systems analysis of series of blackouts: cascading failure, critical points, and self-organization. , 2007, Chaos.

[3]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[4]  Eugene Nickolov,et al.  Critical Information Infrastructure Protection , 2005 .

[5]  J. Van den Keybus,et al.  Using a fully digital rapid prototype platform in grid-coupled power electronics applications , 2004, 2004 IEEE Workshop on Computers in Power Electronics, 2004. Proceedings..

[6]  Sadie Creese,et al.  Conceptual Model and Architecture of MAFTIA , 2003 .

[7]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  John E. Mitchell,et al.  Assessing vulnerability of proposed designs for interdependent infrastructure systems , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[9]  Masera Marcelo,et al.  Evaluation of the Effects of Intentional Threats to Power Substation Control Systems , 2006 .

[10]  Sandia Report,et al.  Sandia SCADA Program High-Security SCADA LDRD Final Report , 2002 .

[11]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[12]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[13]  Michael K. Reiter,et al.  Dynamic byzantine quorum systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[14]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[15]  Andrea Bondavalli,et al.  Dependability modeling and evaluation of multiple-phased systems using DEEM , 2004, IEEE Transactions on Reliability.

[16]  Joseph A. Falco,et al.  IT Security for Industrial Control Systems , 2002 .

[17]  Matti A. Hiltunen,et al.  Enhancing survivability of security services using redundancy , 2001, 2001 International Conference on Dependable Systems and Networks.

[18]  Miguel Correia,et al.  Low complexity Byzantine-resilient consensus , 2005, Distributed Computing.