Disaster-Resilient Control Plane Design and Mapping in Software-Defined Networks

Communication networks, such as core optical networks, heavily depend on their physical infrastructure, and hence they are vulnerable to man-made disasters, such as Electromagnetic Pulse (EMP) or Weapons of Mass Destruction (WMD) attacks, as well as to natural disasters. Large-scale disasters may cause huge data loss and connectivity disruption in these networks. As our dependence on network services increases, the need for novel survivability methods to mitigate the effects of disasters on communication networks becomes a major concern. Software-Defined Networking (SDN), by centralizing control logic and separating it from physical equipment, facilitates network programmability and opens up new ways to design disaster-resilient networks. On the other hand, to fully exploit the potential of SDN, along with data-plane survivability, we also need to design the control plane to be resilient enough to survive network failures caused by disasters. Several distributed SDN controller architectures have been proposed to mitigate the risks of overload and failure, but they are optimized for limited faults without addressing the extent of large-scale disaster failures. For disaster resiliency of the control plane, we propose to design it as a virtual network, which can be solved using Virtual Network Mapping techniques. We select appropriate mapping of the controllers over the physical network such that the connectivity among the controllers (controller-to-controller) and between the switches to the controllers (switch-to-controllers) is not compromised by physical infrastructure failures caused by disasters. We formally model this disaster-aware control-plane design and mapping problem, and demonstrate a significant reduction in the disruption of controller-to-controller and switch-to-controller communication channels using our approach.Comment: 6 page

Failures in a Critical Infrastructure System

The purpose of this chapter is to provide a comprehensive overview of a critical infrastructure system, of failures and impacts that occur within it and of the resilience, which effectively reduces the risk of these impacts spreading on to dependent subsystems. The chapter presents a basic description of a critical infrastructure system and of the hierarchic arrangement of its subsystems and linkages between them. Critical infrastructure system failures, including their causes and impacts on dependent subsystems and on society as a whole, are presented in the following section. Particular focus is given to the propagation of impacts in a critical infrastructure system and the current approaches to their modeling. The chapter concludes by expounding on the resilience of critical infrastructure subsystems and its impact on the minimization of failures in critical infrastructure subsystems in circumstances involving emergencies

Cost-Efficient Data Backup for Data Center Networks against {\epsilon}-Time Early Warning Disaster

Data backup in data center networks (DCNs) is critical to minimize the data loss under disaster. This paper considers the cost-efficient data backup for DCNs against a disaster with $\varepsilon$ early warning time. Given geo-distributed DCNs and such a $\varepsilon$-time early warning disaster, we investigate the issue of how to back up the data in DCN nodes under risk to other safe DCN nodes within the $\varepsilon$ early warning time constraint, which is significant because it is an emergency data protection scheme against a predictable disaster and also help DCN operators to build a complete backup scheme, i.e., regular backup and emergency backup. Specifically, an Integer Linear Program (ILP)-based theoretical framework is proposed to identify the optimal selections of backup DCN nodes and data transmission paths, such that the overall data backup cost is minimized. Extensive numerical results are also provided to illustrate the proposed framework for DCN data backup

How to Think About Resilient Infrastructure Systems

abstract: Resilience is emerging as the preferred way to improve the protection of infrastructure systems beyond established risk management practices. Massive damages experienced during tragedies like Hurricane Katrina showed that risk analysis is incapable to prevent unforeseen infrastructure failures and shifted expert focus towards resilience to absorb and recover from adverse events. Recent, exponential growth in research is now producing consensus on how to think about infrastructure resilience centered on definitions and models from influential organizations like the US National Academy of Sciences. Despite widespread efforts, massive infrastructure failures in 2017 demonstrate that resilience is still not working, raising the question: Are the ways people think about resilience producing resilient infrastructure systems? This dissertation argues that established thinking harbors misconceptions about infrastructure systems that diminish attempts to improve their resilience. Widespread efforts based on the current canon focus on improving data analytics, establishing resilience goals, reducing failure probabilities, and measuring cascading losses. Unfortunately, none of these pursuits change the resilience of an infrastructure system, because none of them result in knowledge about how data is used, goals are set, or failures occur. Through the examination of each misconception, this dissertation results in practical, new approaches for infrastructure systems to respond to unforeseen failures via sensing, adapting, and anticipating processes. Specifically, infrastructure resilience is improved by sensing when data analytics include the modeler-in-the-loop, adapting to stress contexts by switching between multiple resilience strategies, and anticipating crisis coordination activities prior to experiencing a failure. Overall, results demonstrate that current resilience thinking needs to change because it does not differentiate resilience from risk. The majority of research thinks resilience is a property that a system has, like a noun, when resilience is really an action a system does, like a verb. Treating resilience as a noun only strengthens commitment to risk-based practices that do not protect infrastructure from unknown events. Instead, switching to thinking about resilience as a verb overcomes prevalent misconceptions about data, goals, systems, and failures, and may bring a necessary, radical change to the way infrastructure is protected in the future.Dissertation/ThesisDoctoral Dissertation Civil, Environmental and Sustainable Engineering 201

Critical infrastructure, panarchies and the vulnerability paths of cascading disasters

Cascading effects and cascading disasters are emerging fields of scientific research. The widespread diffusion of functional networks increases the complexity of interdependent systems and their vulnerability to large-scale disruptions. Although in recent years studies of interconnections and chain effects have improved significantly, cascading phenomena are often associated with the ‘‘toppling domino metaphor’’, or with high-impact, low-probability events. This paper aimed to support a paradigm shift in the state of the art by proposing a new theoretical approach to cascading events in terms of their root causes and lack of predictability. By means of interdisciplinary theory building, we demonstrate how cascades reflect the ways in which panarchies collapse. We suggest that the vulnerability of critical infrastructure may orientate the progress of events in relation to society’s feedback loops, rather than merely being an effect of natural triggers. Our conclusions point to a paradigm shift in the preparedness phase that could include escalation points and social nodes, but that also reveals a brand new field of research for disaster scholars

Ten-tier and multi-scale supplychain network analysis of medical equipment: Random failure and intelligent attack analysis

Motivated by the COVID-19 pandemic, this paper explores the supply chain viability of medical equipment, an industry whose supply chain was put under a crucial test during the pandemic. This paper includes an empirical network-level analysis of supplier reachability under Random Failure Experiment (RFE) and Intelligent Attack Experiment (IAE). Specifically, this study investigates the effect of RFA and IAE across multiple tiers and scales. The global supply chain data was mined and analyzed from about 45,000 firms with about 115,000 intertwined relationships spanning across 10 tiers of the backward supply chain of medical equipment. This complex supply chain network was analyzed at four scales, namely: firm, country-industry, industry, and country. A notable contribution of this study is the application of a supply chain tier optimization tool to identify the lowest tier of the supply chain that can provide adequate resolution for the study of the supply chain pattern. We also developed data-driven-tools to identify the thresholds for breakdown and fragmentation of the medical equipment supply chain when faced with random failures or different intelligent attack scenarios. The novel network analysis tools utilized in the study can be applied to the study of supply chain reachability and viability in other industries.Comment: 47 page

Increasing resilience to cascading events: The M.OR.D.OR. scenario

The growing complexity of global interconnected risk suggests that a shift has occurred in the way emergency planners need to improve preparedness and response to cascading events. With reference to the literature from the physical, social and political sciences, this paper analyses extreme space weather events and cyberattacks. The goal of this work is to produce a replicable scenario-building process, based on cross-disciplinary understanding of vulnerability, that could be complementary to probabilistic hazard assessment. Our hypothesis is that the technological and human component of critical infrastructure could be the primary vector for the escalation of secondary emergencies. While not themselves having direct implications in terms of loss of life, elements that are common to different risks could provide particular challenges for disaster management. Our findings identify some vulnerable nodes, such as Global Navigation Satellite System technology and remote-control systems, that could act as paths for the escalations of events. We suggest that these paths may be common to various known and unknown threats. We propose two scenarios of Massive, OveRwhelming Disruption of OpeRations (M.OR.D.OR.) that could be used for testing emergency preparedness strategies, and increasing the response to highly complex, unknown events. The conclusions highlight the open challenges of seeking to increase societal resilience. The limitations of this work are described, as are the possible challenges for future research