Run-time risk management in adaptive ICT systems

We will present results of the SERSCIS project related to risk management and mitigation strategies in adaptive multi-stakeholder ICT systems. The SERSCIS approach involves using semantic threat models to support automated design-time threat identification and mitigation analysis. The focus of this paper is the use of these models at run-time for automated threat detection and diagnosis. This is based on a combination of semantic reasoning and Bayesian inference applied to run-time system monitoring data. The resulting dynamic risk management approach is compared to a conventional ISO 27000 type approach, and validation test results presented from an Airport Collaborative Decision Making (A-CDM) scenario involving data exchange between multiple airport service providers

UK utility data integration: overcoming schematic heterogeneity

In this paper we discuss syntactic, semantic and schematic issues which inhibit the integration of utility data in the UK. We then focus on the techniques employed within the VISTA project to overcome schematic heterogeneity. A Global Schema based architecture is employed. Although automated approaches to Global Schema definition were attempted the heterogeneities of the sector were too great. A manual approach to Global Schema definition was employed. The techniques used to define and subsequently map source utility data models to this schema are discussed in detail. In order to ensure a coherent integrated model, sub and cross domain validation issues are then highlighted. Finally the proposed framework and data flow for schematic integration is introduced

An Ontology for Product-Service Systems

Industries are transforming their business strategy from a product-centric to a more service-centric nature by bundling products and services into integrated solutions to enhance the relationship between their customers. Since Product- Service Systems design research is currently at a rudimentary stage, the development of a robust ontology for this area would be helpful. The advantages of a standardized ontology are that it could help researchers and practitioners to communicate their views without ambiguity and thus encourage the conception and implementation of useful methods and tools. In this paper, an initial structure of a PSS ontology from the design perspective is proposed and evaluated

Unlocking the potential of public sector information with Semantic Web technology

Governments often hold very rich data and whilst much of this information is published and available for re-use by others, it is often trapped by poor data structures, locked up in legacy data formats or in fragmented databases. One of the great benefits that Semantic Web (SW) technology offers is facilitating the large scale integration and sharing of distributed data sources. At the heart of information policy in the UK, the Office of Public Sector Information (OPSI) is the part of the UK government charged with enabling the greater re-use of public sector information. This paper describes the actions, findings, and lessons learnt from a pilot study, involving several parts of government and the public sector. The aim was to show to government how they can adopt SW technology for the dissemination, sharing and use of its data

Computational environment for modeling and enhancing community resilience: Introducing the center for risk-based community resilience planning

The resilience of a community is defined as its ability to prepare for, withstand, recover from and adapt to the effects of natural or human-caused disasters, and depends on the performance of the built environment and on supporting social, economic and public institutions that are essential for immediate response and long-term recovery and adaptation. The performance of the built environment generally is governed by codes, standards, and regulations, which are applicable to individual facilities and residences, are based on different performance criteria, and do not account for the interdependence of buildings, transportation, utilities and other infrastructure sectors. The National Institute of Standards and Technology recently awarded a new Center of Excellence (NIST-CoE) for Risk-Based Community Resilience Planning, which is headquartered at Colorado State University and involves nine additional universities. Research in this Center is focusing on three major research thrusts: (1) developing the NIST-Community Resilience Modeling Environment known as NIST-CORE, thereby enabling alternative strategies to enhance community resilience to be measured quantitatively; (2) developing a standardized data ontology, robust data architecture and data management tools in support of NIST-CORE; and (3) performing a comprehensive set of hindcasts on disasters to validate the data architecture and NIST-CORE

Visualising product-service system business models

Copyright © 2014. Copyright in each paper in this conference’s proceedings is the property of the author(s). Permission is granted to reproduce copies of these works for purposes relevant to the above conference, provided that the author(s), source and copyright notice are included on each copy. For other uses, including extended quotation, please contact the author(s).The paper addresses the issue of how to visualise innovative business models at various stages of the design and development process. The focus is on a particular type of business model, defined Product-Service Systems (PSSs), characterised by an integrated product-service offering, but can be generalised to other business model innovations. The paper presents a visualisation system based on a formalised business model ontology and a set of visualisation tools, and discusses how it can be used to enhance internal and external communication and improve dialogue and co-design activities inside the company and with external stakeholders

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well