论文信息 - Addressing complex problem situations in critical infrastructures using soft systemsanalysis : the CS-AWARE approach

Addressing complex problem situations in critical infrastructures using soft systemsanalysis : the CS-AWARE approach

In a world in which large-scale cyber attacks are the norm rather than the exception, the need for cybersecurity gains in importance every day. Current cybersecurity solutions are often not taking the holistic approach that would be required to provide comprehensive security to their users (for example, strategic/critical infrastructure, large organizations, small and medium-sized enterprises (SMEs) or public institutions). A new way of thinking about cybersecurity is required: Cooperation and collaboration among individual actors as a way to improve the security situation for society and economy as a whole is a promising approach. In the European Union, the legal framework that is currently developing (like the network and information security (NIS) directive), recognizes the need for cooperation and collaboration among individual actors to improve cybersecurity. Information sharing is one of the key elements of the NIS directive. In this paper, we present a system and dependency analysis based on soft systems thinking that is able to capture the relations between assets and its internal and external dependencies in the complex systems of organizations like critical infrastructures or other organizations that base their operations on complex systems and interactions. The analysis is done in a socio-technological manner; the human aspect of the systems is considered as important as the technical or organizational aspects. As a use case, we present CS-AWARE, a European H2020 project which relies on the presented system and dependency analysis method as a core concept for providing a cybersecurity solution that is in line with the cooperative and collaborative efforts of the NIS directive. Keywords–Cybersecurity; Critical Infrastructures; System Analysis; Soft Systems Methodology; Socio-technological Analysis; Cyber Situational Awareness; Information Sharing.

[1] Peter Checkland,et al. Systems Thinking, Systems Practice , 1981 .

[2] Derek H.T. Walker,et al. Five case studies applying soft systems methodology to knowledge management , 2001 .

[3] J. Drexhage. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the reduction of the impact of certain plastic products on the environment , 2002 .

[4] M. Laakso,et al. A case for protocol dependency , 2005, First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05).

[5] Juha Röning,et al. Graphingwiki - a Semantic Wiki extension for visualising and inferring protocol dependency , 2006, SemWiki.

[6] Juha Röning,et al. Software Vulnerability vs. Critical Infrastructure - a Case Study of Antivirus Software , 2009 .

[7] Juha Röning,et al. Socio-technical Security Assessment of a VoIP System , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[8] Djamel Khadraoui,et al. Risk Assessment in Critical Infrastructure Security Modelling Based on Dependency Analysis - (Short Paper) , 2011, CRITIS.

[9] Gerald Quirchmayr,et al. Open Source Intelligence in Disaster Management , 2012, 2012 European Intelligence and Security Informatics Conference.

[10] Luis C. Dias,et al. An Application of Soft Systems Methodology in the Evaluation of Policies and Incentive Actions to Promote Technological Innovations in the Electricity Sector , 2016 .