Risk Assessment of Multi-Order Dependencies between Critical Information and Communication Infrastructures

Assessing risk in information and communication infrastructures is a challenging topic due to the complexity of critical infrastructures (CIs) and of the various dependencies between such infrastructures. This chapter discusses the basic concepts of risk assessment for CIs. Moreover, it describes a recently proposed methodology for criticality assessment. The main goal of this methodology is to assess the risk of an infrastructure (or a sector of critical infrastructures), taking into account the dependencies between CIs and/or sectors. The methodology is compatible with current information systems practices. The basic characteristic of the presented methodology is that it attempts to capture both organizationoriented and society-oriented consequences of possible security events, a feature which is not always embedded in mainstream information security risk assessment methodologies.

[1]  Min Ouyang,et al.  A methodological approach to analyze vulnerability of interdependent infrastructures , 2009, Simul. Model. Pract. Theory.

[2]  Stefano Panzieri,et al.  A Holistic-Reductionistic Approach for Modeling Interdependencies , 2009, Critical Infrastructure Protection.

[3]  Panayiotis Kotzanikolaou,et al.  Risk-Based Criticality Analysis , 2009, Critical Infrastructure Protection.

[4]  Per Hokstad,et al.  A method for risk modeling of interdependencies in critical infrastructures , 2011, Reliab. Eng. Syst. Saf..

[5]  Matthew Henry,et al.  Risk Analysis in Interdependent Infrastructures , 2007, Critical Infrastructure Protection.

[6]  I. Kamwa,et al.  Causes of the 2003 major grid blackouts in North America and Europe, and recommended means to improve system dynamic performance , 2005, IEEE Transactions on Power Systems.

[7]  Nils Kalstad Svendsen,et al.  Connectivity models of interdependency in mixed-type critical infrastructure networks , 2007, Inf. Secur. Tech. Rep..

[8]  Vittorio Rosato,et al.  Modelling interdependent infrastructures using interacting dynamical models , 2008, Int. J. Crit. Infrastructures.

[9]  Enrico Zio,et al.  Modeling Interdependent Network Systems for Identifying Cascade-Safe Operating Margins , 2011, IEEE Transactions on Reliability.

[10]  Steven M. Rinaldi,et al.  Modeling and simulating critical infrastructures and their interdependencies , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[11]  Wolfgang Kröger,et al.  Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools , 2008, Reliab. Eng. Syst. Saf..

[12]  Andrzej Bialas,et al.  Information Security Systems vs. Critical Information Infrastructure Protection Systems - Similarities and Differences , 2006, 2006 International Conference on Dependability of Computer Systems.

[13]  Panayiotis Kotzanikolaou,et al.  A multi-layer Criticality Assessment methodology based on interdependencies , 2010, Comput. Secur..

[14]  E. Luiijf,et al.  THE STATE AND THE THREAT OF CASCADING FAILURE ACROSS CRITICAL INFRASTRUCTURES: THE IMPLICATIONS OF EMPIRICAL EVIDENCE FROM MEDIA INCIDENT REPORTS , 2011 .

[15]  Panayiotis Kotzanikolaou,et al.  Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects , 2011, CRITIS.

[16]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[17]  Roberto Setola,et al.  Critical infrastructure dependency assessment using the input-output inoperability model , 2009, Int. J. Crit. Infrastructure Prot..

[18]  Joost R. Santos,et al.  Modeling the Demand Reduction Input‐Output (I‐O) Inoperability Due to Terrorism of Interconnected Infrastructures * , 2004, Risk analysis : an official publication of the Society for Risk Analysis.

[19]  Panayiotis Kotzanikolaou,et al.  Risk assessment methodology for interdependent critical infrastructures , 2011 .

[20]  Kenneth G. Crowther,et al.  Decentralized risk management for strategic preparedness of critical infrastructure through decomposition of the inoperability input-output model , 2008, Int. J. Crit. Infrastructure Prot..