Infastructure Interdependencies Modeling and Analysis - A Review and Synthesis

The events of 9/11 and the occurrence of major natural disasters in recent years has resulted in increased awareness and renewed desire to protect critical infrastructure that are the pillars to maintaining what has become normal life in our economy. The problem has been compounded because the increased connectedness between the various sectors of the economy has resulted in interdependencies that allow for problems and issues with one infrastructure to affect other infrastructures. This area is now being investigated extensively after the Department of Homeland Security (DHS) prioritized this issue. There is now a vast extant of literature in the area of infrastructure interdependencies and the modeling of it. This paper presents a synthesis and survey of the literature in the area of infrastructure interdependency modeling methods and proposes a framework for classification of these studies. The framework classifies infrastructure interdependency modeling and analysis methods into four quadrants in terms of system complexities and risks. The directions of future research are also discussed in this paper

Unmanned and Autonomous Systems of Systems Test and Evaluation: Challenges and Opportunities

The introduction of Unmanned and Autonomous Systems (UAS) brings substantial, interesting, and in many cases, new challenges to the Department of Defense’s Test and Evaluation community. The test and evaluation of UASs becomes significantly more complicated than traditional systems, especially as we approach more fully autonomous systems and need to test integrated systems of systems in joint military operational testing environments. Compounding the multi-faceted considerations involved in test and evaluation, systems have continuously increasing complexity and capabilities and can be at different maturity levels. Emergent properties, particularly those that are unplanned and undesired, also need to be considered. Challenges identified by the Unmanned and Autonomous Systems Test community and related to the test and evaluation of the UASs are discussed. This paper presents various approaches for addressing these challenges including an innovative Prescriptive and Adaptive Testing Framework and decision support system, PATFrame

Synthesis, Interdiction, and Protection of Layered Networks

This research developed the foundation, theory, and framework for a set of analysis techniques to assist decision makers in analyzing questions regarding the synthesis, interdiction, and protection of infrastructure networks. This includes extension of traditional network interdiction to directly model nodal interdiction; new techniques to identify potential targets in social networks based on extensions of shortest path network interdiction; extension of traditional network interdiction to include layered network formulations; and develops models/techniques to design robust layered networks while considering trade-offs with cost. These approaches identify the maximum protection/disruption possible across layered networks with limited resources, find the most robust layered network design possible given the budget limitations while ensuring that the demands are met, include traditional social network analysis, and incorporate new techniques to model the interdiction of nodes and edges throughout the formulations. In addition, the importance and effects of multiple optimal solutions for these (and similar) models is investigated. All the models developed are demonstrated on notional examples and were tested on a range of sample problem sets

A Framework for Understanding, Prioritizing, and Applying Systems Security Engineering Processes, Activities, and Tasks

Current systems security practices lack an effective approach to prioritize and tailor systems security efforts to develop and field secure systems in challenging operational environments, which results in business and mission stakeholders becoming more susceptible to an array of disruptive events. This work informs Systems Engineers on recent developments in the field of system security engineering and provides a framework for more fully understanding the application of Systems Security Engineering (SSE) processes, activities, and tasks as described in the recently released National Institute of Standards and Technology (NIST) Special Publication 800-160. This SSE framework uniquely offers a repeatable and tailorable methodology that allows system developers to focus on high Return-on-Investment (RoI) SSE processes, activities, and tasks to more efficiently meet stakeholder protection needs and deliver trustworthy secure systems

Optimization Approaches for Improving Mitigation and Response Operations in Disaster Management

Disasters are calamitous events that severely affect the life conditions of an entire community, being the disasters either nature-based (e.g., earthquake) or man-made (e.g., terroristic attack). Disaster-related issues are usually dealt with according to the Disaster Operations Management (DOM) framework, which is composed of four phases: mitigation and preparedness, which address pre-disaster issues, and response and recovery, which tackle problems arising after the occurrence of a disaster. The ultimate scope of this dissertation is to present novel optimization models and algorithms aimed at improving operations belonging to the mitigation and response phases of the DOM. On the mitigation side, this thesis focuses on the protection of Critical Information Infrastructures (CII), which are commonly deemed to include communication and information networks. The majority of all the other Critical Infrastructures (CI), such as electricity, fuel and water supply as well as transportation systems, are crucially dependent on CII. Therefore, problems associated with CII that disrupt the services they are able to provide (whether to a single end-user or to another CI) are of increasing interest. This dissertation reviews several issues emerging in the Critical Information Infrastructures Protection (CIIP), field such as: how to identify the most critical components of a communication network whose disruption would affect the overall system functioning; how to mitigate the consequences of such calamitous events through protection strategies; and how to design a system which is intrinsically able to hedge against disruptions. To this end, this thesis provides a description of the seminal optimization models that have been developed to address the aforementioned issues in the general field of Critical Infrastructures Protection (CIP). Models are grouped in three categories which address the aforementioned issues: survivability-oriented interdiction, resource allocation strategy, and survivable design models; existing models are reviewed and possible extensions are proposed. In fact, some models have already been developed for CII (i.e., survivability-interdiction and design models), while others have been adapted from the literature on other CI (i.e., resource allocation strategy models). The main gap emerging in the CII field is that CII protection has been quite overlooked which has led to review optimization models that have been developed for the protection of other CI. Hence, this dissertation contributes to the literature in the field by also providing a survey of the multi-level programs that have been developed for protecting supply chains, transportation systems (e.g., railway infrastructures), and utility networks (e.g., power and water supply systems), in order to adapt them for CII protection. Based on the review outcomes, this thesis proposes a novel linear bi-level program for CIIP to mitigate worst-case disruptions through protection investments entailing network design operations, namely the Critical Node Detection Problem with Fortification (CNDPF), which integrates network survivability assessment, resource allocation strategies and design operations. To the best of my knowledge, this is the first bi-level program developed for CIIP. The model is solved through a Super Valid Inequalities (SVI) decomposition approach and a Greedy Constructive and Local Search (GCLS) heuristic. Computational results are reported for real communication networks and for different levels of both disaster magnitude and protection resources. On the response side, this thesis identifies the current challenges in devising realistic and applicable optimization models in the shelter location and evacuation routing context and outlines a roadmap for future research in this topical area. A shelter is a facility where people belonging to a community hit by a disaster are provided with different kinds of services (e.g., medical assistance, food). The role of a shelter is fundamental for two categories of people: those who are unable to make arrangements to other safe places (e.g., family or friends are too far), and those who belong to special-needs populations (e.g., disabled, elderly). People move towards shelter sites, or alternative safe destinations, when they either face or are going to face perilous circumstances. The process of leaving their own houses to seek refuge in safe zones goes under the name of evacuation. Two main types of evacuation can be identified: self-evacuation (or car-based evacuation) where individuals move towards safe sites autonomously, without receiving any kind of assistance from the responder community, and supported evacuation where special-needs populations (e.g., disabled, elderly) require support from emergency services and public authorities to reach some shelter facilities. This dissertation aims at identifying the central issues that should be addressed in a comprehensive shelter location/evacuation routing model. This is achieved by a novel meta-analysis that entail: (1) analysing existing disaster management surveys, (2) reviewing optimization models tackling shelter location and evacuation routing operations, either separately or in an integrated manner, (3) performing a critical analysis of existing papers combining shelter location and evacuation routing, concurrently with the responses of their authors, and (4) comparing the findings of the analysis of the papers with the findings of the existing disaster management surveys. The thesis also provides a discussion on the emergent challenges of shelter location and evacuation routing in optimization such as the need for future optimization models to involve stakeholders, include evacuee as well as system behaviour, be application-oriented rather than theoretical or model-driven, and interdisciplinary and, eventually, outlines a roadmap for future research. Based on the identified challenges, this thesis presents a novel scenario-based mixed-integer program which integrates shelter location, self-evacuation and supported-evacuation decisions, namely the Scenario-Indexed Shelter Location and Evacuation Routing (SISLER) problem. To the best of my knowledges, this is the second model including shelter location, self-evacuation and supported-evacuation however, SISLER deals with them based on the provided meta-analysis. The model is solved through a Branch-and-Cut algorithm of an off-the-shelf software, enriched with valid inequalities adapted from the literature. Computational results are reported for both testbed instances and a realistic case study

Research challenges on energy-efficient networking design

The networking research community has started looking into key questions on energy efficiency of communication networks. The European Commission activated under the FP7 the TREND Network of Excellence with the goal of establishing the integration of the EU research community in green networking with a long perspective to consolidate the European leadership in the field. TREND integrates the activities of major European players in networking, including manufacturers, operators, research centers, to quantitatively assess the energy demand of current and future telecom infrastructures, and to design energy-efficient, scalable and sustainable future networks. This paper describes the main results of the TREND research community and concludes with a roadmap describing the next steps for standardization, regulation agencies and research in both academia and industry.The research leading to these results has received funding from the EU 7th Framework Programme (FP7/2007–2013) under Grant Agreement No. 257740 (NoE TREND)

Cyber risk at the edge: Current and future trends on cyber risk analytics and artificial intelligence in the industrial internet of things and industry 4.0 supply chains

Digital technologies have changed the way supply chain operations are structured. In this article, we conduct systematic syntheses of literature on the impact of new technologies on supply chains and the related cyber risks. A taxonomic/cladistic approach is used for the evaluations of progress in the area of supply chain integration in the Industrial Internet of Things and Industry 4.0, with a specific focus on the mitigation of cyber risks. An analytical framework is presented, based on a critical assessment with respect to issues related to new types of cyber risk and the integration of supply chains with new technologies. This paper identifies a dynamic and self-adapting supply chain system supported with Artificial Intelligence and Machine Learning (AI/ML) and real-time intelligence for predictive cyber risk analytics. The system is integrated into a cognition engine that enables predictive cyber risk analytics with real-time intelligence from IoT networks at the edge. This enhances capacities and assist in the creation of a comprehensive understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when AI/ML technologies are migrated to the periphery of IoT networks

Risky business: managing electronic payments in the 21st Century

On June 20 and 21, 2005, the Payment Cards Center of the Federal Reserve Bank of Philadelphia, in conjunction with the Electronic Funds Transfer Association (EFTA), hosted a day-and-a-half forum, “Risky Business: Managing Electronic Payments in the 21st Century.” The Center and EFTA invited participants from the financial services and processing sectors, law enforcement, academia, and policymakers to explore key topics associated with the challenge of effectively managing risk in a payments environment that is increasingly electronic. The meeting’s goal was to identify areas of potential risk and explore interindustry solutions. This paper provides highlights from the forum presentations and ensuing conversations.

Quantitative dependability and interdependency models for large-scale cyber-physical systems

Cyber-physical systems link cyber infrastructure with physical processes through an integrated network of physical components, sensors, actuators, and computers that are interconnected by communication links. Modern critical infrastructures such as smart grids, intelligent water distribution networks, and intelligent transportation systems are prominent examples of cyber-physical systems. Developed countries are entirely reliant on these critical infrastructures, hence the need for rigorous assessment of the trustworthiness of these systems. The objective of this research is quantitative modeling of dependability attributes -- including reliability and survivability -- of cyber-physical systems, with domain-specific case studies on smart grids and intelligent water distribution networks. To this end, we make the following research contributions: i) quantifying, in terms of loss of reliability and survivability, the effect of introducing computing and communication technologies; and ii) identifying and quantifying interdependencies in cyber-physical systems and investigating their effect on fault propagation paths and degradation of dependability attributes. Our proposed approach relies on observation of system behavior in response to disruptive events. We utilize a Markovian technique to formalize a unified reliability model. For survivability evaluation, we capture temporal changes to a service index chosen to represent the extent of functionality retained. In modeling of interdependency, we apply correlation and causation analyses to identify links and use graph-theoretical metrics for quantifying them. The metrics and models we propose can be instrumental in guiding investments in fortification of and failure mitigation for critical infrastructures. To verify the success of our proposed approach in meeting these goals, we introduce a failure prediction tool capable of identifying system components that are prone to failure as a result of a specific disruptive event. Our prediction tool can enable timely preventative actions and mitigate the consequences of accidental failures and malicious attacks --Abstract, page iii