Security analysis and modelling framework for critical infrastructure systems

The provision and delivery of many of the services that modern society enjoys are the result of ubiquitous critical infrastructure systems that permeate across many sectors of the Australian community. Moreover, the integration of technological enhancements and networking interconnections between critical infrastructure systems has heightened system interdependence, availability and resilience, including the efficient delivery of services to consumers within Australia\u27s industrialised society. This research delivers a system security analysis and system modelling framework tool based on an associated conceptual methodology as the basis for assessing security and conceptually modelling a critical infrastructure system incident. The intent to identify potential system security issues and gain operational insights that will contribute to improving system resilience, contingency planning development applicable to disaster recovery and ameliorating incident management responses for Australian critical infrastructure system incidents.<br /

Global Risks 2014, Ninth Edition.

The Global Risks 2014 report highlights how global risks are not only interconnected but also have systemic impacts. To manage global risks effectively and build resilience to their impacts, better efforts are needed to understand, measure and foresee the evolution of interdependencies between risks, supplementing traditional risk-management tools with new concepts designed for uncertain environments. If global risks are not effectively addressed, their social, economic and political fallouts could be far-reaching, as exemplified by the continuing impacts of the financial crisis of 2007-2008

Network resilience

Many systems on our planet are known to shift abruptly and irreversibly from one state to another when they are forced across a "tipping point," such as mass extinctions in ecological networks, cascading failures in infrastructure systems, and social convention changes in human and animal networks. Such a regime shift demonstrates a system's resilience that characterizes the ability of a system to adjust its activity to retain its basic functionality in the face of internal disturbances or external environmental changes. In the past 50 years, attention was almost exclusively given to low dimensional systems and calibration of their resilience functions and indicators of early warning signals without considerations for the interactions between the components. Only in recent years, taking advantages of the network theory and lavish real data sets, network scientists have directed their interest to the real-world complex networked multidimensional systems and their resilience function and early warning indicators. This report is devoted to a comprehensive review of resilience function and regime shift of complex systems in different domains, such as ecology, biology, social systems and infrastructure. We cover the related research about empirical observations, experimental studies, mathematical modeling, and theoretical analysis. We also discuss some ambiguous definitions, such as robustness, resilience, and stability.Comment: Review chapter

An Integrated Cybersecurity Risk Management (I-CSRM) Framework for Critical Infrastructure Protection

Risk management plays a vital role in tackling cyber threats within the Cyber-Physical System (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This research aims for an effective Cyber Security Risk Management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and Comprehensive Assessment Model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as threat actor attack pattern, Tactic, Technique and Procedure (TTP), controls and assets and maps these concepts with the VERIS community dataset (VCDB) features for the purpose of risk predication. Also, the tool serves as an additional component of the proposed framework that enables asset criticality, risk and control effectiveness calculation for a continuous risk assessment. Lastly, the thesis employs a case study to validate the proposed i-CSRM framework and i-CSRMT in terms of applicability. Stakeholder feedback is collected and evaluated using critical criteria such as ease of use, relevance, and usability. The analysis results illustrate the validity and acceptability of both the framework and tool for an effective risk management practice within a real-world environment. The experimental results reveal that using the fuzzy set theory in assessing assets' criticality, supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers’ have shown exemplary performance in predicting different risk types including denial of service, cyber espionage, and Crimeware. An accurate prediction can help organisations model uncertainty with machine learning classifiers, detect frequent cyber-attacks, affected assets, risk types, and employ the necessary corrective actions for its mitigations. Lastly, to evaluate the effectiveness of the existing controls, the CAM approach is used, and the result shows that some controls such as network intrusion, authentication, and anti-virus show high efficacy in controlling or reducing risks. Evaluating control effectiveness helps organisations to know how effective the controls are in reducing or preventing any form of risk before an attack occurs. Also, organisations can implement new controls earlier. The main advantage of using the CAM approach is that the parameters used are objective, consistent and applicable to CPS

National Infrastructure Commission Digitally Connected Infrastructure System Resilience: Literature Review (UCL)

This literature review was produced by Dr Tom Dolan, Senior Research Associate ICIF and UKCRIC, UCL on behalf of UCL and Arup for the National Infrastructure Commission. The literature review presents and critiques key areas of academic literature relevant to four research questions on digitally connected infrastructure systems (DCIS) posed by the National Infrastructure Commission (NIC). The review provides additional context to support analysis, findings and recommendations presented in the main project report, and can be read as in conjunction with the report or as a standalone documen

From the Ground Up: A Complex Systems Approach to Climate Change Adaptation in Agriculture

Climate change presents an unprecedented challenge to global agriculture and food security. Small farms are especially vulnerable to the local impacts of large-scale drivers of change. Effective adaptation in agriculture requires working across scales, and geographic, political, and disciplinary boundaries to address barriers. I use elements of case study, agent-based modeling and serious games, to design a model of farmer decision-making using the sociocognitive framework of climate change adaptation. I examine how adaptation functions as a process, how complex dynamics influence farmer behavior, and how individual decisions influence collective behavior in response to climate change. This novel approach to adaptation research in agriculture examines the relationships between the contextual, compositional, and cognitive elements of the sociocognitive theory. The tools developed for this research have broad practical and theoretical future applications in climate adaptation research and policymaking. This dissertation is available in open access at AURA (https://aura.antioch.edu) and OhioLINK ETD Center (https://etd.ohiolink.edu)

Review of multi-hazards research and risk assessments

The work described in this report is a “Review of environmental multi-hazards research and risk assessment approaches” for the Natural Environment Research Council (NERC) through a UKRI contract for services (CR18075) and was compiled and led by a BGS consortium, supported by Natural Hazard Partnership (NHP) partners (HSE, CEH, and Met Office). Multi-hazard research is in its infancy, despite the growing attention it has received in the last years. Climate change, natural and anthropogenic hazards result in multi-hazard environments characterized by complex, interacting processes that generate impacts on the built environment and people, which are different to those incurred from the individual hazards happening in isolation. The recently developed methodologies for multi-hazard risk assessment processes represent an advancement in our understanding of these complexities, but they also pose specific challenges to policy makers and practitioners due to the cross-disciplinary nature required to undertake these assessments. This review strives to present an impartial and well-evidenced report of current developments in research, policy and industry with respect to multi-hazard processes and risk assessments. The need for such studies is now more apparent than ever, given the expected effects of climate change on the frequency and magnitude of weather-related hazards