1 / 18

Presentation November, 2002 PISA

Analysis, Assessment and Exercise on Critical Infratructure Protection. Presentation November, 2002 PISA. Reinhard Hutter Senior Vice President IABG mbH Division IK Einsteinstr. 20 D-85521 Ottobrunn Phone: +49 89 6088 2524 Email: hutter@iabg.de www.iabg.de www.aksis.de. Telecommunication.

patch
Download Presentation

Presentation November, 2002 PISA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Analysis, Assessment and Exercise onCritical Infratructure Protection Presentation November, 2002 PISA Reinhard HutterSenior Vice PresidentIABG mbH Division IKEinsteinstr. 20D-85521 OttobrunnPhone: +49 89 6088 2524Email: hutter@iabg.de www.iabg.dewww.aksis.de Slide 1

  2. Telecommunication Transportation (Ship) Government Banking & Finance Transportation (Rail) Energy Information Transportation (Air) Vital Human Services Dependencies andInterdependencies Critical Infrastructures Slide 2

  3. Fuels, Lubricants Fuel Transport Shipping Power for Signalling, Switchers Transpor- tation Transportation Fuel for Generators, ,Lubricants SCADA Communications Transpor- tation Fuel Transport Shipping SCADA Communications Power for pumping Stations, Storage Control Systems Oil Fuels, Lubricants Water for Production Cooling Emission reduction Electric Power Fuel for Generators, Water for Cooling, Emission reduction Power for Switchers Natural Gas Heat Power for Pump & Lift Stations Control Systems SCADA Communications Power for compressors Storage, Control Systems Fuel for Generators, Water Water for Cooling, Source: “Critic. Infrastruct Dependencies” Rinaldi, Peerenboom,Kelly 2002 Telecom SCADA Communications Infrastructure Interdependencies Slide 3

  4. Number of Events 60 +) in thousands *) in hundreds 50 Defense Cyber Incidents +) 40 CyberIncidentsHandled +) 30 Industry and nondefense Government Cyber Incidents +) Prosecuted Cyber Criminal Case *) 20 Vulnerabilities Reported *) 10 0 Cyber Threat and Critical Infrastructures Trends of Cyber „Events“ Slide 4

  5. Critical Infrastructures Analysis & Assessment • Quantitative Analyses urgently Required • The Methodological Challenge - Multi-Objective - Multi-MOE - Multi-Sided - Multi-Disciplined • Compared to Military OR and Modelling & Simulation - More Complex and less Money • C Y T E X - The CyberTerrorExercise, Nov. 2001 • What ist the Power of Modelling and Simulation? Slide 5

  6. Analysis Tasks M&S Support Cooperability Policies / Strategies Decision Support etc. Socio-economic Models Scenario techniques Gaming etc Societies and Economy Interoperability Cost-Benefit Analysis Risk and Safety Management Decision Support etc. System of CIS- Systems Systems Dynamics Empirical Modelling Cost-Benefit Models etc Cost-Benefit Analysis Decision Support Risk and Safety Management Vulnerability Analysis etc. Systems Simulation Optimization Algorithms Human Behaviour Models Cost-Benefit Models etc. Indi- vidual CIS Vulnerability Sustainability Maintenability etc. Techn. Compo- nents Technical Simulation Experimentation LCC Models etc. Critical Infrastructure Analyses Slide 6

  7. The Stairway of Knowledge about Threat, Dependencies and Risks The Threat Model Real Exercised Simulated Computer based Scenarios Reflection Models Thoughts Who nows? Reality () LiveExercises () Degree of Reality VirtualSimulation Constructive Simulation Degree of Abstraction Generic Studies  Intuition  Ignorance  Widely Vague Thoughts Software System Real unknown Model Components System Approaches to the CIP Domain Slide 7

  8. Very high The Scope of ACIP Risks & Cost of Damages QuantitativeValidity Statistical Validity Very low Ignorance Intuition Generic Constructive Virtual Live Reality -------------S i m u l a t i o n------------- The Benefits of Approaches Slide 8

  9. Critical Infrastructure Architecture Slide 9

  10. ACIP Analyses Methodologies Government Economy Society • Socio-economic Models • Gaming • Scenario techniques etc. Socio-Econ. Syst. Policies/Strategies • Syst. Dynamics • Empirical Modelling • Gaming “System of Systems” Compound of Critical Infrastructures Co-operation&Decision Support Systems´ Interdependencies • Systems Sim. • Optimization • Algorithms • Human Be- • haviour Mod. Cost Benefit Analysis Risk Analysis/Safety Management Knowledge Management ... Individual Systems Telecommunication Energy Transportation • Technical • Simul. • Experi- • mentation Vulnerability Analysis ... Computer Nav. System Power lines Switches Technical Components Modelling & Simulation Architecture Slide 10

  11. The Critical Infrastructure Protection Process Slide 11

  12. The Critical Infrastructure Protection Process Slide 12

  13. Standard Operation Monitoring &Information sharing Daily Operation Training &Exercises ScenarioGen. Threat Assessment Model basedExercises CostEffectiveness E v a l u a t i o n P l a n n i n g TechnicalEnhancementProgress M & S AssessmentTools AlternativesOptimization DependabilityAnalysis Vulnerability Assessment Exercises &Decision SupportTools InvestmentPriorities & Ro I EmergencyResponse Counter Measures (Combat) Protection Alert &Warning Protection and Counter Action Modelling & Simulation Support to all CIP related Processes Slide 13

  14. -an Example GovernmentMilitaryPublic Admin Tele-Communication Energy CrisisManagement Transportation & Logistics Banks & Finance The Cyber Terror Exercise, Nov.12-14, 2001 Year 200X City of Berlin 28 Jan G8 Summit 21 Jan Terror. Manifesto 22 Jan Intelligence Ass. Gov’t Task Force 23 Jan Chancellor’s Crisis Meeting 24 Jan Gov’t Press Conf. 24-28 Jan Replanning of Safety & Security Forces 28 Jan 08:00 a.m. Start of Co-ordinated Cyber Attacks Slide 14

  15. ExerciseControlStaff Situation Analysis White Cells Event Generation MessageGeneration Media InteractionManagement CrisisResponseTeams(6) Communications TechnicalSupport Reaction/CounterMeasure Generation Damage Assessment Modelling &Simulation Reporting Game Elements and Organisations Slide 15

  16. El. Energy E-Bomb / Elect. Breakd. Bomb Alert Banks‘ Perf. Cash Bookings Total TelecommsDisruptions • Down to approx. 10%: • Long Distance Calls • Inter-Reg. Bank Transactions • Air Traffic/Surveillance • Rail & Street Traffic Controls Gov IT / BSI DoS Attack Thermal Power Plt. Rail/Air Traffic False Alarms Limited Signals/Controls Police/Fire Brg DoS Attack Electricity Outage 08:30 09:30 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 Events, Disruptions, Consequences

  17. Analysis for Critical Infrastructure Protection Conclusions • Increasing Complexity • Global Interdependencies Require Global Co-operation • New Threats, Vulnerabilities and Risks • Dynamic World • New Security Concepts • New Roles of Security Forces, Private Sector, and Armed Forces • Cross-Sector Co-Operation • New Analysis Challenge • Increasing Acceptance of Analytical Approaches • Learn from Existing Approaches and Methodologies Slide 17

  18. Options for Co-operation • Integration in DeSIRE • Integrated work • Separate subproject • Work Share Model • R&D, integration, verification, testing as a standalone IP • Validation & application to defined problems inside Desire • Defined Interfaces for Co-operation • Organization • Communication • Workshare • Technological and methodological standards and interfaces • Stand alone • loose information sharing • Customer controlled co-ordination Slide 18

More Related