Memorandum on the results of the sixth Workshop on the Implementation and Application of the Directive 2008/114/EC

The workshops on the Implementation and Application of the Directive 2008/114/EC have been an important activity for enhancing the communication of the Member States with the Commission Services with respect to the application of the Directive and also for exchange of relevant information. Six workshops have been organized since the adoption of the Directive in December 2008. This activity will continue to support the implementation and application of the Directive while it will also serve the review of the Directive that is due to kick off in January 2012JRC.G.6-Security technology assessmen

Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art

Effective risk assessment methodologies are the cornerstone of a successful Critical Infrastructure Protection program. The extensive number of risk assessment methodologies for critical infrastructures clearly supports this argument. Risk assessment is indispensable in order to identify threats, assess vulnerabilities and evaluate the impact on assets, infrastructures or systems taking into account the probability of the occurrence of these threats. This is a critical element that differentiates a risk assessment from a typical impact assessment methodologyJRC.G.6-Security technology assessmen

Optimizing resilience decision-support for natural gas networks under uncertainty

2019 Summer.Includes bibliographical references.Community resilience in the aftermath of a hazard requires the functionality of complex, interdependent infrastructure systems become operational in a timely manner to support social and economic institutions. In the context of risk management and community resilience, critical decisions should be made not only in the aftermath of a disaster in order to immediately respond to the destructive event and properly repair the damage, but preventive decisions should to be made in order to mitigate the adverse impacts of hazards prior to their occurrence. This involves significant uncertainty about the basic notion of the hazard itself, and usually involves mitigation strategies such as strengthening components or preparing required resources for post-event repairs. In essence, instances of risk management problems that encourage a framework for coupled decisions before and after events include modeling how to allocate resources before the disruptive event so as to maximize the efficiency for their distribution to repair in the aftermath of the event, and how to determine which network components require preventive investments in order to enhance their performance in case of an event. In this dissertation, a methodology is presented for optimal decision making for resilience assessment, seismic risk mitigation, and recovery of natural gas networks, taking into account their interdependency with some of the other systems within the community. In this regard, the natural gas and electric power networks of a virtual community were modeled with enough detail such that it enables assessment of natural gas network supply at the community level. The effect of the industrial makeup of a community on its natural gas recovery following an earthquake, as well as the effect of replacing conventional steel pipes with ductile HDPE pipelines as an effective mitigation strategy against seismic hazard are investigated. In addition, a multi objective optimization framework that integrates probabilistic seismic risk assessment of coupled infrastructure systems and evolutionary algorithms is proposed in order to determine cost-optimal decisions before and after a seismic event, with the objective of making the natural gas network recover more rapidly, and thus the community more resilient. Including bi-directional interdependencies between the natural gas and electric power network, strategic decisions are pursued regarding which distribution pipelines in the gas network should be retrofitted under budget constraints, with the objectives to minimizing the number of people without natural gas in the residential sector and business losses due to the lack of natural gas in non-residential sectors. Monte Carlo Simulation (MCS) is used in order to propagate uncertainties and Probabilistic Seismic Hazard Assessment (PSHA) is adopted in order to capture uncertainties in the seismic hazard with an approach to preserve spatial correlation. A non-dominated sorting genetic algorithm (NSGA-II) approach is utilized to solve the multi-objective optimization problem under study. The results prove the potential of the developed methodology to provide risk-informed decision support, while being able to deal with large-scale, interdependent complex infrastructure considering probabilistic seismic hazard scenarios

A Comprehensive Instrument for Identifying Critical Information Infrastructure Services

Kriitiliste Informatsiooni Infrastruktuuride (KII) teenuste kindlaks määramine on üks valituste ja organisatsioonide peamisi prioriteete. KII on ühtlasi kaaluka küberturvalisuse poliitika kriitiline osa. Nii avalikus kui erasektoris Kriitilise Infrastruktuuri (KI) haavatavus suureneb, sest kasvab omavahel ühilduvate hädavajalike teenuste arv, samaaegselt tõuseb ka tõenäosus vahelesegamisteks. Hädavajalike teenuste lubamatute vahelesegamiste mõju võib välja viia arenguteni, kus aset leiab hävitav kaskaadeffekt, mille tagajärjeks on riikliku infrastruktuurisüsteemi kokkuvarisemine. Antud lõputöö eesmärgiks on tutvustada ainulaadset kõikehõlmavat instrumenti, mis toetab eskaleeritud KII teenuste kindlaksmääramist, ja põhineb kolmel analüütilisel komponendil. Nendeks on: peamiste sidusrühmade kindlaks määramine kui täpne terminoloogia loomaks terminitest ühist arusaama; kohaldatava maatriksina töötav kalkuleerimisprotsess kriitiliste reastuste otstarbeks; ja, illustratiivne raamistik nimega 360-kraadi-tagasiside, mis kinnistab terviklikku lähenemist. Terminoloogiline edasiarendus tuleneb vahendi loomisest, mis võtab arvesse esialgseid leide, see tagab KIIde vallas suurema selguse ja täpsuse. Unikaalseid tunnusjooni omavad KIId peaksid olema hinnatud iseseisvalt. Seda vaatamata KIIde ühistele joontele KIde teiste tahkudega. Vahendi kohaldatavus on näitlikustatud Kolumbia juhtumikirjelduses, kus on illustreerivalt toodud seos kahe potensiaalse hädavajaliku teenuse vahel. Juhtumikirjedluses on ühtlasi kaardistatud nende tõenäoline paiknemine riikliku kaitse prioriteetide seas. Antud lõputöö kombineerib kvalitatiivseid ja kvantiatiivseid meetodeid, sisaldab võrdlusanalüüsi teoreetilisi sisendite kohta. Lõputöö tugineb peamiselt dokumentide analüüsil, ametlikest kanalitest pärineval sekundaarselt statistilisel infol, poolstruktureeritud intervjuudel ja juhtumikirjeldusel, mis annab tööle praktilise kaalutluse. Käesolev magistritöö on kirjutatud inglise keeles, koosneb 56 leheküljest, 22 näidetest ja 26 tabelitest.The identification of Critical Information Infrastructure (CII) services has become a top priority for governments and organizations, and a crucial component of a sound cyber security policy. As the interconnectivity of essential services spreads, the probability of disruptions increases and with it the vulnerability of all Critical Infrastructure (CI) sectors public and private. The impact of an undue interruption of essential services may develop in a devastating cascading effect and the collapse of a country’s infrastructures system. The purpose of this work is to introduce an original comprehensive instrument that supports the escalated identification of CII services on the basis of three analytical components: the identification of main stakeholders, as an accurate terminology for establishing a common understanding of the terms; the calculating process for criticality ranking that works as an adaptable matrix; and, an illustrative framework called the 360- DEGREE-FEEDBACK that applies the complete perspective. Terminological development preceded the formulation of the instrument considering preliminary findings on that the field of CII warrants more clarity and precision, and that the CIIs, despite their commonalities with other dimensions of CIs, possess unique characteristics that should be assessed independently. The applicability of the instrument is illustrated in a case study of Colombia, which is used to exemplify the relationship between two potential essential services and map the likely position of them in the table of national protection priorities. This study combines qualitative and quantitative methods, benchmarking theoretical contributions, and relying mainly on documentary analysis, secondary statistical data from official sources, semi-structure interviews and a case study of practical implications. This thesis is written in English and is 56 pages long, including 22 figures and 26 tables

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Improving resilience in Critical Infrastructures through learning from past events

Modern societies are increasingly dependent on the proper functioning of Critical Infrastructures (CIs). CIs produce and distribute essential goods or services, as for power transmission systems, water treatment and distribution infrastructures, transportation systems, communication networks, nuclear power plants, and information technologies. Being resilient, where resilience denotes the capacity of a system to recover from challenges or disruptive events, becomes a key property for CIs, which are constantly exposed to threats that can undermine safety, security, and business continuity. Nowadays, a variety of approaches exists in the context of CIs’ resilience research. This dissertation starts with a systematic review based on PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) on the approaches that have a complete qualitative dimension, or that can be used as entry points for semi-quantitative analyses. The review identifies four principal dimensions of resilience referred to CIs (i.e., techno-centric, organizational, community, and urban) and discusses the related qualitative or semi-quantitative methods. The scope of the thesis emphasizes the organizational dimension, as a socio-technical construct. Accordingly, the following research question has been posed: how can learning improve resilience in an organization? Firstly, the benefits of learning in a particular CI, i.e. the supply chain in reverse logistics related to the small arms utilized by Italian Armed Forces, have been studied. Following the theory of Learning From Incidents, the theoretical model helped to elaborate a centralized information management system for the Supply Chain Management of small arms within a Business Intelligence (BI) framework, which can be the basis for an effective decision-making process, capable of increasing the systemic resilience of the supply chain itself. Secondly, the research question has been extended to another extremely topical context, i.e. the Emergency Management (EM), exploring the crisis induced learning where single-loop and double-loop learning cycles can be established regarding the behavioral perspective. Specifically, the former refers to the correction of practices within organizational plans without changing core beliefs and fundamental rules of the organization, while the latter aims at resolving incompatible organizational behavior by restructuring the norms themselves together with the associated practices or assumptions. Consequently, with the aim of ensuring high EM systems resilience, and effective single-loop and double-loop crisis induced learning at organizational level, the study examined learning opportunities that emerge through the exploration of adaptive practices necessary to face the complexity of a socio-technical work domain as the EM of Covid-19 outbreaks on Oil & Gas platforms. Both qualitative and quantitative approaches have been adopted to analyze the resilience of this specific socio-technical system. On this consciousness, with the intention to explore systems theoretic possibilities to model the EM system, the Functional Resonance Analysis Method (FRAM) has been proposed as a qualitative method for developing a systematic understanding of adaptive practices, modelling planning and resilient behaviors and ultimately supporting crisis induced learning. After the FRAM analysis, the same EM system has also been studied adopting a Bayesian Network (BN) to quantify resilience potentials of an EM procedure resulting from the adaptive practices and lessons learned by an EM organization. While the study of CIs is still an open and challenging topic, this dissertation provides methodologies and running examples on how systemic approaches may support data-driven learning to ultimately improve organizational resilience. These results, possibly extended with future research drivers, are expected to support decision-makers in their tactical and operational endeavors

Network Interdependency Modeling for Risk Assessment on Built Infrastructure Systems

As modern infrastructures become more interconnected, the decision-making process becomes more difficult because of the increased complexity resulting from infrastructure interdependencies. Simulation and network modeling provide a way to understand system behavior as a result of interdependencies. One area within the asset management literature that is not well covered is infrastructure system decay and risks associated with that decay. This research presents an enhanced version of Haimes\u27 input-output inoperability model (IIM) in the analysis of built infrastructure systems. Previous applications of the IIM characterized infrastructure at the national level utilizing large economic databases. This study develops a three-phased approach that takes component level data stored within geographic information systems (GIS) to provide a metric for network interdependency across a municipal level infrastructure. A multi-layered approach is proposed which leverages the layered data structure of GIS. Furthermore, Monte Carlo simulation using stochastic decay estimates shows how infrastructure risk as a result of interdependency effects changes over time. Such an analysis provides insight to infrastructure asset managers on the impact of policy and strategy decision-making regarding the maintenance and management of their infrastructure systems

Infrastructure (Resilience-oriented) Modelling Language: I®M - A proposal for modelling infrastructures and their connections

The modelling of critical infrastructures (CIs) is an important issue that needs to be properly addressed, for several reasons. It is a basic support for making decisions about operation and risk reduction. It might help in understanding high-level states at the system-of-systems layer, which are not ready evident to the organisations that manage the lower level technical systems. Moreover, it is also indispensable for setting a common reference between operator and authorities, for agreeing on the incident scenarios that might affect those infrastructures. So far, critical infrastructures have been modelled ad-hoc, on the basis of knowledge and practice derived from less complex systems. As there is no theoretical framework, most of these efforts proceed without clear guides and goals and using informally defined schemas based mostly on boxes and arrows. Different CIs (electricity grid, telecommunications networks, emergency support, etc) have been modelled using particular schemas that were not directly translatable from one CI to another. If there is a desire to build a science of CIs it is because there are some observable commonalities that different CIs share. Up until now, however, those commonalities were not adequately compiled or categorized, so building models of CIs that are rooted on such commonalities was not possible. This report explores the issue of which elements underlie every CI and how those elements can be used to develop a modelling language that will enable CI modelling and, subsequently, analysis of CI interactions, with a special focus on resilience.JRC.DG.G.6-Security technology assessmen