A Risk Management Approach for Highly Interconnected Networks

Critical infrastructures together with their utility networks play a crucial role in the societal and individual day-to-day life. Thus, the estimation of potential threats and security issues as well as a proper assessment of the respective risks is a core duty of utility providers. Despite the fact that utility providers operate several networks (e.g., communication, control, and utility networks), most of today’s risk management tools only focus on one of these networks. In this chpater, we will give an overview of a novel risk management process specifically designed for estimating threats and assessing risks in highly interconnected networks. Based on the internationally accepted standard for risk management, ISO 31000, our risk management process integrates various methodologies and tools supporting the different steps of the process from risk identification up to risk treatment. At the heart of this process, a novel game-theoretic approach for risk minimization and risk treatment is applied. This approach is specifically designed to take the information coming from the various tools into account and model the complex interplay between the heterogeneous networks, systems, and operators within a utility provider. It operates on qualitative and semiquantitative information as well as empirical data and uses distribution-valued payoffs to account for the unpredictable effects occurring in this highly uncertain environment.

[1]  Stefan Rass,et al.  Defending Against Advanced Persistent Threats Using Game-Theory , 2017, PloS one.

[2]  L. Sander,et al.  Percolation on heterogeneous networks as a model for epidemics. , 2002, Mathematical biosciences.

[3]  Stefan Schauer,et al.  Threat awareness for critical infrastructures resilience , 2016, 2016 8th International Workshop on Resilient Networks Design and Modeling (RNDM).

[4]  Peter Gorm Larsen,et al.  Collaborative Design for Embedded Systems: Co-modelling and Co-simulation , 2014 .

[5]  Paul Smith,et al.  Towards secure and resilient networked power distribution grids: Process and tool adoption , 2016, 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[6]  John S. Fitzgerald,et al.  Co-modelling and Co-simulation in Embedded Systems Design , 2014, Collaborative Design for Embedded Systems.

[7]  Rolf Oppliger Quantitative Risk Analysis in Information Security Management: A Modern Fairy Tale , 2015, IEEE Security & Privacy.

[8]  M. Newman Spread of epidemic disease on networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[9]  Marcel Salathé,et al.  Dynamics and Control of Diseases in Networks with Community Structure , 2010, PLoS Comput. Biol..

[10]  Stefan Rass,et al.  A Stochastic Framework for Prediction of Malware Spreading in Heterogeneous Networks , 2016, NordSec.

[11]  Stefan Rass,et al.  Modelling security risk in critical utilities: The system at risk as a three player game and agent society , 2016, 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[12]  Rudolf Hornig,et al.  An overview of the OMNeT++ simulation environment , 2008, Simutools 2008.

[13]  V. Sidoravicius,et al.  Percolation Theory , 2005, Thinking Probabilistically.

[14]  Stefan Rass,et al.  Decisions with Uncertain Consequences—A Total Ordering on Loss-Distributions , 2016, PloS one.

[15]  Friederich Kupzog,et al.  Rapid control prototyping platform for networked smart grid systems , 2013, IECON 2013 - 39th Annual Conference of the IEEE Industrial Electronics Society.

[16]  Stefan Rass On Game-Theoretic Risk Management (Part One) - Towards a Theory of Games with Payoffs that are Probability-Distributions , 2015 .

[17]  J. Robins,et al.  Second look at the spread of epidemics on networks. , 2006, Physical review. E, Statistical, nonlinear, and soft matter physics.

[18]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[19]  Friederich Kupzog,et al.  Loose coupling architecture for co-simulation of heterogeneous components , 2013, IECON 2013 - 39th Annual Conference of the IEEE Industrial Electronics Society.

[20]  Stefan Rass,et al.  Risk Propagation Analysis and Visualization using Percolation Theory , 2016 .