Risk Assessment in Critical Infrastructure Security Modelling Based on Dependency Analysis - (Short Paper)

Critical infrastructure (CI) services are consumed by the society constantly and we expect them to be available 24 hours a day. CIs can be mutually dependent on each other and a failure in one infrastructure can cascade to another interdependent infrastructure to cause service disruptions. Methods to better assess and monitor CIs and their interdependencies in order to predict possible risks have to be developed. In this work, we present a method for CI analysis to identify critical entities in CIs at a management/organisational level as well as at a technical level supported by the PROTOS-MATINE model for dependency analysis.

[1]  Juha Röning,et al.  Graphingwiki - a Semantic Wiki extension for visualising and inferring protocol dependency , 2006, SemWiki.

[2]  Juha Röning,et al.  Software Vulnerability vs. Critical Infrastructure - a Case Study of Antivirus Software , 2009 .

[3]  M. Laakso,et al.  A case for protocol dependency , 2005, First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05).

[4]  Juha Röning,et al.  Socio-technical Security Assessment of a VoIP System , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[5]  Benjamin Gâteau,et al.  Risk-Based Methodology for Real-Time Security Monitoring of Interdependent Services in Critical Infrastructures , 2010, 2010 International Conference on Availability, Reliability and Security.