1 / 28

MOTIA FINAL CONFERENCE ''Project Presentation ”

Rome “ Piazza di Spagna - 29 Marzo 2012. MOTIA FINAL CONFERENCE ''Project Presentation ”. Project Impact assessment and qualitative evaluation Maria Cristina Brugnoli CASPUR, Università di Tor Vergata mariacristinabrugnoli@gmail.com. Outline. Overview and main objectives

obelia
Download Presentation

MOTIA FINAL CONFERENCE ''Project Presentation ”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Rome “Piazza di Spagna - 29 Marzo 2012 MOTIA FINAL CONFERENCE ''Project Presentation” Project Impact assessment and qualitative evaluation Maria Cristina Brugnoli CASPUR, Università di Tor Vergata mariacristinabrugnoli@gmail.com

  2. Outline • Overview and main objectives • Interview schedule • Description of the field • General feedback • Highlights on major items • Specific feedback from the end users • Application of SNA methodology to CI analysis and modelling

  3. Overview Investigation of CI in Italy and proposed metrics for the qualitative evaluation and modelling of CI

  4. Outline of the activity • Qualitative investigation and definition of agencies characteristics in relation to CI • Case study: organizations and agencies in Italy • Focus: qualitative characterization of ICT CI chain, relation btw organizations and ICT infrastructures, and within the ICT infrastructures as a whole • Field (organisations having an extensive us of the ICT Infrastructure): • Public services and administration • Service providers • Civil security and emergency services

  5. Objectives • to gauge initial responses to the MOTIA concept and MOTIA specific R&D objectives; • to gauge initial reactions in relation to the metrics and methodology proposed by the project and get suggestions for further improvements also in order to shape the overall characteristics of the inter-dependences ICT infrastructures; • to identify other actors that make an extensive use of the telecommunication infrastructure and that could be interested in the project results; • to support and provide insights for the project dissemination and overall assessment activities.

  6. Interview schedule • Warm-up • Field • Investigation of ICT and TLC technologies (used in the organizational) • Focus on Critical infrastructures • Presentation of MOTIA Concept • Collection of feedback on MOTIA interest and impact • Plus and minus, suggestions and sum up

  7. PUBLIC SERVICES (field characteristics) • Public administration: • ICT networks used by the administrations are very heterogeneous • In general personnel know-how is quite low • Awareness of SEC and Critical Infrastructure is low • There is a strong will to be involved in the IT adoption/improvement activities • There is a strong will on creating the path for a PA as services enabling also business continuity • Still more focussed on the ICT internal service rather than the external ones (…very low pressure from the customers • Public emergency services: • ICT networks and services used by the administrations are very heterogeneous • There is very high interest in web-based and mobile based apps • The personnel know-how is high and competent in technologies • Willingness to pay for more expensive services if needed • Awareness of SEC and Critical Infrastructure is relevant but has low impact the decision making • Quite high constrains (security in particular) • Relation with the operator is quite satisfying • Disaster recovery services has not been evaluated yet

  8. General reactions and suggestions • High level of impact at EU and national level • Interest in the project although is less clear is…: • the methodology that MOTIA is willing to implement • concrete results of the project • potential impact in the “daily activities” of the end users • New “simplified” concept (for non-technical audience) • Technical characterization of user needs and impact assessment (CASPUR/ENEA internal meeting) • Definition of practical and concrete tools to be easily adopted by the end users • List of EU/national action items and recommendations (to be disseminated also through lobbying activities) • MOTIA white paper…? (e.g. linking the impact ass. results with other data, also considering the specific characteristics of the Italian case study)

  9. Field: characteristics of the end users • ABI Lab (2): • + 150 banks • 4 areas (SEC, IT, organization, and commercial) • participate to several EU and IT boards (high connection with the EU) • produces reports and surveys • are in charge of many communication and dissemination activities • ICT networks for banks are very heterogeneous • ENAV (1): • manages all Italian air traffic • 4 control centres, 35 airports, and 34 radars • participate to several EU and IT boards, is under the regulation of Eurocontrol (very high connection with the EU) • moving all the communication on IP (currently 3 different networks + video surveillance net) • Poste Italiane (1): • one of the backbones of the Italian economy (loss in case of disaster: 60 M Euros per day!) • complex offer with variety of services (postal, commercial, bank,…) • are on the market, but still many characteristic of the public company • participate to the most important IT boards (low connection with the EU, high with the IT) • ad hoc service networks with TI and Fastweb

  10. General reaction on the MOTIA project • Positive: • Strong interest and expectations • The topic and the objectives are clear • Availability in supporting and participating to the project (also in providing representation at EU level) • Not shy in presenting their needs and remarks • Willingness to pay for more expensive services if needed • SEC and Critical Infrastructure have enormous impact on the BID… • Awareness of SEC and Critical Infrastructure relevant is high but has not impact the decision making • Nowadays there is more attention on SEC that on Critical Infrastructure, MOTIA is welcome!

  11. General reaction on the MOTIA project • Less clear is…: • the methodology that MOTIA is willing to implement • concrete results of the project • potential impact in the “daily activities” of the end users

  12. Major items identified • Technical aspects and ICT implementation • Provisioning of ICT services • Regulatory and political aspects • Organizational issues

  13. ICT implementation • Redundancy (civil security), prevention (banks), and early warning (postal services), services differentiation (service providers), as strategies to avoid failure • Very high constrains (customers, national provisioning of services, security and safety) • System do not support traceability of events • “…the ICT system is a “black box” in the house of the operator…” • Testing and verification are crucial (and to be realized each time a changes is implemented) • Strong need of high level guidelines and methodology

  14. Provisioning of ICT services • Relation with the operators • Collaboration • Exchange of information • Post- services consultancy • More transparency and collaboration • More exchange of information • Operators are seen as “Critical Operators” • Other expectations and needs • Customization and personalization of services • More post-services • Availability in supporting during the testing and during the other crucial/critical activities • Disaster recovery as a not satisfied issues

  15. Regulatory and political aspects • National and European legislation, need of clear directive at IT and EU level • Relation and lobbying at EU level • Each sector should have its own regulation • Specific regulation in regard to the operators and ICT providers obligations

  16. Organizational issues • Lack of transparency and collaboration • No clear information on the actual services provided • Low level knowledge of the “failure chain” and its evolution • Strong need of collaboration at all level of personnel

  17. Specific user feedback: Banks and postal services • Characteristics • low level of ICT knowledge • strong pressure from the customers • strong push from the customers • regulation and policies is a benefit • Needs • creation of an unique infrastructure for the bank-system • more support after technology deployment (“what we have is just an email contact!”) • creation of a Map of “Critical operators” and ICT services providers • creation of standard (basic) agreements, based on a “minimum set” of assured services

  18. Specific user feedback Characteristics Needs • Improvement and introduction of a ad hoc alerting system is strongly suggested • Disaster recovery at the moment is too expensive • Recovery timeframe (+ABI) • Business continuity (+ABI) • More collaboration on decision making at high level management • Need to analysis the CI at physical, IP and management level • Operation should work closely with the end users

  19. Specific user feedback (Civil security) Characteristics • Regulation and policies are a benefit for us • No constrains from costs (ENAV) Needs • EU guidelines and cooperation with the other countries • Exchange of best practices and know-how • high quality of ICT providers and operators (high competence) • Support in the transition/evolution towards IP • Understanding of how ATM can be properly places into IP-based communications • New methodologies for moving from complexity to synergy

  20. Level of satisfaction

  21. Knowledge and awareness

  22. Needs and expectations

  23. CIs qualitative vs quantitative analysis and modeling • Literature review on CI qualitative evaluation and modeling (none of them were exhaustive…) • High-level view Socio-technical system (Little, 2004) and CI vulnerabilities model (McEntire, 2001) • In depth analysis: Network Analysis approach, where the CI can be analysed using SNA • Current work: transforming qualitative R&D results into data for the construction of the CI network

  24. SNA approach for CI • SNA is a mature methodology used to to understand and visualize social groups characteristics • Usually SNA is used to map and measure relationships and flows between people, groups, and organizations • In MOTIA use SNA in a broad sense mapping not only social relations but also relations (as interdependencies) between machines, IT services and other tangible and intangible entities and mixed groups • The social-driven analysis of the CI will provide insights for the definition and evaluation of the CI vulnerability attitude (also on the basis of CI liabilities and capacities) • As an outcome for each of the organisational case studies we will be able to define the observed CI network graph and its characterization

  25. Related work • The paper proposed the analysis of CI vulnerability. An example (the case of Canada Province-A) is given to illustrate the ideas and results presented in the paper. The analysis is conducted on the interdependencies of the main infrastructures of the area. Chai C., Liu X., Zhang W . J., Deters R., Liu D, “Social Network analysis of the vulnerability of interdependent critical infrastructures”, International Journal of Critical Infrastructures, Vol 4, No. 3 – 2008.

  26. Civil security and emergency services Lobbying Agency operators Equip. Primary agency (1) Testing Training Legal and tech Telco operators Services Operator OP (2) OP (3)

  27. Postal services Primary agency (1) Lobbying Equip. Services Telco operators Operator OP (2) OP (3)

  28. Analysis • identification of different layers (social, legal, know-how,…) • identification of different actors in the chain • in-degree/out-degree • number and type of lines/links • number of nodes • density • proximity

More Related