Hierarchical, model-based risk management of critical infrastructures

Baiardi, Fabrizio; Telmon, Claudio; Sgandurra, Daniele

doi:10.1016/j.ress.2009.02.001

Cited by 33 publications

(14 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These components can be analyzed separately, and the results integrated into the analysis, while maintaining the global model of the system being studied. This helps increase the level of depth of the analysis, while making scale economies in overall analysis time [24].…”

Section: Model Based Risk Analysis -Fis Modelling Approachmentioning

confidence: 99%

Robustness analysis of industrial emergency plans: a model-based methodology

Karagiannis

Piatyszek

Flaus³

2010

Risk Analysis VII

View full text Add to dashboard Cite

The purpose of this paper is to present a methodology for the analysis of the robustness of industrial internal and external emergency plans, established by the European Union SEVESO II Directive. This methodology is based upon a systemic, hierarchical and generic model of an internal or external industrial emergency plan. The process generally found within an internal and/or external industrial emergency plan is identified through the model, thus allowing for a modular representation of the plan. Each process integrates the functions/activities performed, the resources necessary for performing these functions/activities, the resources generated or affected by these functions, the supports required for each resource and the interactions (inputs and outputs) of each process. An explicit specification of these elements for a generic plan was provided through an ontological approach. An analysis of the plan model is performed to estimate a priori the failures that can potentially occur in the emergency response phase, when the plan is put into action. An extensive experience feedback analysis has also been performed to identify a posteriori the failures that have already occurred during the application of the plan. Some 160 accident reports have been consulted, and 31 internal and external emergency plan exercises were followed. This double analysis (a priori and a posteriori) has led to putting in place assessment checklists, structured via the systemic model for each of the plan's process. Each checklist provides an indicator of the level of accomplishment (performance indicator) for the respective function. The logical combination of the function performance indicators results in a comprehensive assessment of the robustness of the industrial emergency plan. This methodology can hence be used as a toolbox, both for the assessment of existing plans and also for the iterative development of industrial emergency plans.

show abstract

Section: Model Based Risk Analysis -Fis Modelling Approachmentioning

confidence: 99%

Robustness analysis of industrial emergency plans: a model-based methodology

Karagiannis

Piatyszek

Flaus³

2010

Risk Analysis VII

View full text Add to dashboard Cite

show abstract

“…This section briefly describes a billing infrastructure, which corresponds to an abstract model of an ICT infrastructure [1,2,15]. A billing infrastructure is characterized by the types of attacks and their impact on the infrastructure rather than the specific ICT components used in the infrastructure.…”

Section: Billing Infrastructuresmentioning

confidence: 99%

“…A billing infrastructure is an ICT infrastructure that is designed, constructed and managed to bill a large set of customers for services they access or consume. Such an infrastructure comprises a set of peripheral nodes and an intelligent backbone [2]. An example is a metering infrastructure in which the peripheral nodes measure the amount of a good (e.g., water or electricity) distributed to customers, and the backbone records, delivers and updates customer bills [9].…”

Section: Introductionmentioning

confidence: 99%

Modeling and Managing Risk in Billing Infrastructures

Baiardi¹,

Telmon²,

Sgandurra³

2009

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

This paper discusses risk modeling and risk management in information and communications technology (ICT) systems for which the attack impact distribution is heavy tailed (e.g., power law distribution) and the average risk is unbounded. Systems with these properties include billing infrastructures used to charge customers for services they access. Attacks against billing infrastructures can be classified as peripheral attacks and backbone attacks. The goal of a peripheral attack is to tamper with user bills; a backbone attack seeks to seize control of the billing infrastructure. The probability distribution of the overall impact of an attack on a billing infrastructure also has a heavy-tailed curve. This implies that the probability of a massive impact cannot be ignored and that the average impact may be unbounded -thus, even the most expensive countermeasures would be cost effective. Consequently, the only strategy for managing risk is to increase the resilience of the infrastructure by employing redundant components.

show abstract

“…For instance, attack taxonomies have been proposed for two popular SCADA protocols, Modbus [77] and DPN3 [52]. The problem of threat analysis, that is, evaluating the impact that attacks and failures have in the controlled infrastructures, has been studied in [6,7,31,140]. In addition to threat analysis, Baiardi et al [7] also discuss mitigation strategies.…”

Section: General Aspectsmentioning

confidence: 99%

“…The problem of threat analysis, that is, evaluating the impact that attacks and failures have in the controlled infrastructures, has been studied in [6,7,31,140]. In addition to threat analysis, Baiardi et al [7] also discuss mitigation strategies. Ten et al [140] proposes an even more complete solution, including monitoring, detection, threat analysis and mitigation.…”

Section: General Aspectsmentioning

confidence: 99%

Anomaly detection in SCADA systems : a network based approach

Barbosa¹

View full text Add to dashboard Cite

Hierarchical, model-based risk management of critical infrastructures

Cited by 33 publications

References 28 publications

Robustness analysis of industrial emergency plans: a model-based methodology

Robustness analysis of industrial emergency plans: a model-based methodology

Modeling and Managing Risk in Billing Infrastructures

Anomaly detection in SCADA systems : a network based approach

Contact Info

Product

Resources

About