Risk Assessment Methodology for Critical Infrastructure Protection

The European Programme for Critical Infrastructure Protection is the main vehicle for the protection of critical infrastructures in Europe. The Directive 2008/114/EC is the legislative instrument of this programme. Risk assessment is an important element that is mentioned throughout the Directive text. However, there is no harmonized methodology in Europe for the assessment of interconnected infrastructures. The present work describes such a methodology and its implementation for the assessment of critical infrastructures of European dimension. The methodology accounts for impact at asset level, evaluates the propagation of a failure at network level due to interdependencies and assess the economic impact of critical infrastructure disruption at national level.JRC.G.6-Security technology assessmen

Risk assessment methodologies for critical infrastructure protection. Part II: A new approach

This report describes a risk assessment process for Critical Infrastructures (CI) based on the staff working document from DG ECHO namely “Risk Assessment and Mapping Guidelines for Disaster Management” and DG HOME “on a new approach to the European Programme for Critical Infrastructure Protection Making European Critical Infrastructures more secure”. As a result of the DG ECHO staff working document, several Member States (MS) have provided overview of risks where the risk of “loss of critical infrastructure” has been identified as a man made risk. However, we consider that there is a lot of room for improvement in this process mainly because Critical Infrastructures are not yet one more risk at MS level but CIs in their turn are subject to the risks that have been identified my MS. In the present report we identify this gap and we provide a methodology that is based on a different approach with respect to the CI risks.JRC.G.5-Security technology assessmen

Critical infrastructure systems of systems assessment methodology.

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies that separately consider physical security and cyber security. This research has developed a risk assessment methodology that explicitly accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay, and respond. This methodology also accounts for the condition that a facility may be able to recover from or mitigate the impact of a successful attack before serious consequences occur. The methodology uses evidence-based techniques (which are a generalization of probability theory) to evaluate the security posture of the cyber protection systems. Cyber threats are compared against cyber security posture using a category-based approach nested within a path-based analysis to determine the most vulnerable cyber attack path. The methodology summarizes the impact of a blended cyber/physical adversary attack in a conditional risk estimate where the consequence term is scaled by a ''willingness to pay'' avoidance approach

Current capabilities, requirements and a proposed strategy for interdependency analysis in the UK

The UK government recently commissioned a research study to identify the state-of-the-art in Critical Infrastructure modelling and analysis, and the government/industry requirements for such tools and services. This study (Cetifs) concluded with a strategy aiming to bridge the gaps between the capabilities and requirements, which would establish interdependency analysis as a commercially viable service in the near future. This paper presents the findings of this study that was carried out by CSR, City University London, Adelard LLP, a safety/security consultancy and Cranfield University, defense academy of the UK

Assessing and strengthening organisational resilience in a critical infrastructure system: Case study of the Slovak Republic

Critical infrastructure is a system that consists of civil infrastructures in which disruption or failure would have a serious impact on the lives and health of the population. It includes, for example, electricity, oil and gas, water supplies, communications and emergency or healthcare services. It is therefore important that technical resilience and organisational resilience is provided continuously and at a high level by the owners and operators of these civil infrastructures. Organisational resilience management mainly consists of continuously assessing determinants in order to identify weak points early so that adequate security measures can be taken to strengthen them. In the context of the above, the article presents a method for Assessing and Strengthening Organisational Resilience (ASOR Method) in a critical infrastructure system. The essence of this method lies in defining the factors that determine organisational resilience and the process of assessing and strengthening organisational resilience. The method thus allows weaknesses to be identified and the subsequent quantification of positive impacts that strengthen individual factors in organisational resilience. A benefit from applying this method is minimizing the risk and subsequent adverse impact on society of critical infrastructure system disruption or failure. The article also contributes to achieving the UN Sustainable Development Goal 9, namely Building Resilient Infrastructure. The ASOR method namely contributes to the development of quality, reliable, sustainable and resilient infrastructure, including regional and trans-border infrastructure. Finally, the article presents the results of this method's practical application on a selected electricity critical infrastructure entity in the Slovak Republic.Web of Science123art. no. UNSP 10457

STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats

Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilities’ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version

Critical Infrastructure Protection Approaches: Analytical Outlook on Capacity Responsiveness to Dynamic Trends

Overview: Critical infrastructures (CIs) – any asset with a functionality that is critical to normal societal functions, safety, security, economic or social wellbeing of people, and disruption or destruction of which would have a very significant negative societal impact. CIs are clearly central to the normal functioning of a nation’s economy and require to be protected from both intentional and unintentional sabotages. It is important to correctly discern and aptly manage security risks within CI domains. The protection (security) of CIs and their networks can provide clear benefits to owner organizations and nations including: enabling the attainment of a properly functioning social environment and economic market, improving service security, enabling integration to external markets, and enabling service recipients (consumers, clients, and users) to benefit from new and emerging technological developments. To effectively secure CI system, firstly, it is crucial to understand three things - what can happen, how likely it is to happen, and the consequences of such happenings. One way to achieve this is through modelling and simulations of CI attributes, functionalities, operations, and behaviours to support security analysis perspectives, and especially considering the dynamics in trends and technological adoptions. Despite the availability of several security-related CI modelling approaches (tools and techniques), trends such as inter-networking, internet and IoT integrations raise new issues. Part of the issues relate to how to effectively (more precisely and realistically) model the complex behavior of interconnected CIs and their protection as system of systems (SoS). This report attempts to address the broad goal around this issue by reviewing a sample of critical infrastructure protection approaches; comprising tools, techniques, and frameworks (methodologies). The analysis covers contexts relating to the types of critical infrastructures, applicable modelling techniques, risk management scope covered, considerations for resilience, interdependency, and policy and regulations factors. Key Findings: This research presents the following key findings: 1. There is not a single specific Critical Infrastructure Protection (CIP) approach – tool, technique, methodology or framework – that exists or emerges as a ‘fit-for-all’; to allow the modelling and simulation of cyber security risks, resilience, dependency, and impact attributes in all critical infrastructure set-ups. 2. Typically, two or more modelling techniques can be (need to be) merged to cover a broader scope and context of modelling and simulation applications (areas) to achieve desirable highlevel protection and security for critical infrastructures. 3. Empirical-based, network-based, agent-based, and system dynamics-based modelling techniques are more widely used, and all offer gains for their use. 4. The deciding factors for choosing modelling techniques often rest on; complexity of use, popularity of approach, types and objectives of user Organisation and sector. 5. The scope of modelling functions and operations also help to strike the balance between ‘specificity’ and ‘generality’ of modelling technique and approach for the gains of in-depth analysis and wider coverage respectively. 6. Interdependency and resilience modelling and simulations in critical infrastructure operations, as well as associated security and safety risks; are crucial characteristics that need to be considered and explored in revising existing or developing new CIP modelling approaches. Recommendations: Key recommendations from this research include: 1. Other critical infrastructure sectors such as emergency services, food & agriculture, and dams; need to draw lessons from the energy and transportation sectors for the successive benefits of: i. Amplifying the drive and efforts towards evaluating and understanding security risks to their infrastructure and operations. ii. Support better understanding of any associated dependencies and cascading impacts. iii. Learning how to establish effective security and resilience. iv. Support the decision-making process linked with measuring the effectiveness of preparedness activities and investments. v. Improve the behavioural security-related responses of CI to disturbances or disruptions. 2. Security-related critical infrastructure modelling approaches should be developed or revised to include wider scopes of security risk management – from identification to effectiveness evaluations, to support: i. Appropriate alignment and responsiveness to the dynamic trends introduced by new technologies such as IoT and IIoT. ii. Dynamic security risk management – especially the assessment section needs to be more dynamic than static, to address the recurrent and impactful risks that emerge in critical infrastructures