Risk based resilient network design

This paper presents a risk-based approach to resilient network design. The basic design problem considered is that given a working network and a fixed budget, how best to allocate the budget for deploying a survivability technique in different parts of the network based on managing the risk. The term risk measures two related quantities: the likelihood of failure or attack, and the amount of damage caused by the failure or attack. Various designs with different risk-based design objectives are considered, for example, minimizing the expected damage, minimizing the maximum damage, and minimizing a measure of the variability of damage that could occur in the network. A design methodology for the proposed risk-based survivable network design approach is presented within an optimization model framework. Numerical results and analysis illustrating the different risk based designs and the tradeoffs among the schemes are presented. © 2011 Springer Science+Business Media, LLC

Default risk in an interconnected banking system with endogeneous asset markets : [Version: August 2011]

This paper analyzes the emergence of systemic risk in a network model of interconnected bank balance sheets. Given a shock to asset values of one or several banks, systemic risk in the form of multiple bank defaults depends on the strength of balance sheets and asset market liquidity. The price of bank assets on the secondary market is endogenous in the model, thereby relating funding liquidity to expected solvency - an important stylized fact of banking crises. Based on the concept of a system value at risk, Shapley values are used to define the systemic risk charge levied upon individual banks. Using a parallelized simulated annealing algorithm the properties of an optimal charge are derived. Among other things we find that there is not necessarily a correspondence between a bank's contribution to systemic risk - which determines its risk charge - and the capital that is optimally injected into it to make the financial system more resilient to systemic risk. The analysis has policy implications for the design of optimal bank levies. JEL Classification: G01, G18, G33 Keywords: Systemic Risk, Systemic Risk Charge, Systemic Risk Fund, Macroprudential Supervision, Shapley Value, Financial Networ

CDMX Código Resiliente: Aqua-Commons en Ciudad de Méjico

Using Mexico City (CDMX) as a paradigmatic example of seriously unbalanced water regimes, our project Resilient Code helps strengthen and communicate CDMX’s government efforts toward risk reduction and water resilience in marginal communities. Our project does so by bridging otherwise separate agents in the government towards a common goal: equitable resilience. Resilient Code provides design solutions that link the social infrastructure of PILARES (a network of 300 vocational schools distributed throughout the city) to CDMX’s environmental and risk reduction initiatives, including their Risk Atlas. This strategic program of design-based solutions began with “water resilience” as a Pilot to repurpose public space throughout underserviced barrios as a network of “water-commons”. Resilient Code helps partners in CDMX implement projects to reduce environmental risks and complement socio-economic programs, fostering growth of the “water-commons”. Resilient Code is socialized through a participatory game-based workshop, and through an online Atlas of Risk Reduction.Tomando la Ciudad de Méjico (CDMX) como un ejemplo paradigmático de regímenes hídricos en serio desequilibrio, nuestro proyecto Código Resiliente ayuda a reforzar y comunicar los esfuerzos del gobierno de la CDMX hacia la reducción de riesgos y la resiliencia hídrica en las comunidades marginales. Nuestro proyecto lo hace enlazando agencias separadas del gobierno hacia un objetivo común: la resiliencia equitativa. Código Resiliente brinda soluciones que vinculan la infraestructura social de PILARES (una red de 300 escuelas vocacionales distribuidas por toda la ciudad) con las iniciativas ambientales y de reducción de riesgos de la CDMX, para promover recursos comunes de agua entre sus ciudadanos. Este programa estratégico de soluciones de infraestructura participativa y blanda comenzó con la “resiliencia hídrica” como piloto para mejorar el espacio público como red de “aqua-commons” en barrios marginales. Código Resiliente se diseña para implementar dichas soluciones, reducir los riesgos ambientales complementando programas socioeconómicos y fomentar el la red de “aqua-commons”como resultado. Código Resiliente se socializa a través de un taller de acción participativa basado en juegos y a través de un Atlas de Reducción de Riesgos en línea

Design science research towards resilient cyber-physical eHealth systems

Most eHealth systems are cyber-physical systems (CPSs) making safety-critical decisions based on information from other systems not known during development. In this design science research, a conceptual resilience governance framework for eHealth CPSs is built utilizing 1) cybersecurity initiatives, standards and frameworks, 2) science of design for software-intensive systems and 3) empowering cyber trust and resilience. According to our study, a resilient CPS consists of two sub-systems: the proper resilient system and the situational awareness system. In a system of CPSs, three networks are composed: platform, software and social network. The resilient platform network is the basis on which information sharing between stakeholders could be created via software layers. However, the trust inside social networks quantifies the pieces of information that will be shared - and with whom. From citizens’ point of view, eHealth is wholeness in which requirements of information security hold true. Present procedures emphasize confidentiality at the expense of integrity and availability, and regulations/instructions are used as an excuse not to change even vital information. The mental-picture of cybersecurity should turn from “threat, crime, attack” to “trust” and “resilience”. Creating confidence in safe digital future is truly needed in the integration of the digital and physical world’s leading to a new digital revolution. The precondition for the exchange of information “trust” must be systematically built at every CPS’ level. In health sector, increasingly interconnected social, technical and economic networks create large complex CPSs, and risk assessment of many individual components becomes cost and time prohibitive. When no-one can control all aspects of CPSs, protection-based risk management is not enough to help prepare for and prevent consequences of foreseeable events, but resilience must be built into systems to help them quickly recover and adapt when adverse events do occur.Most eHealth systems are cyber-physical systems (CPSs) making safety-critical decisions based on information from other systems not known during development. In this design science research, a conceptual resilience governance framework for eHealth CPSs is built utilizing 1) cybersecurity initiatives, standards and frameworks, 2) science of design for software-intensive systems and 3) empowering cyber trust and resilience. According to our study, a resilient CPS consists of two sub-systems: the proper resilient system and the situational awareness system. In a system of CPSs, three networks are composed: platform, software and social network. The resilient platform network is the basis on which information sharing between stakeholders could be created via software layers. However, the trust inside social networks quantifies the pieces of information that will be shared - and with whom. From citizens’ point of view, eHealth is wholeness in which requirements of information security hold true. Present procedures emphasize confidentiality at the expense of integrity and availability, and regulations/instructions are used as an excuse not to change even vital information. The mental-picture of cybersecurity should turn from “threat, crime, attack” to “trust” and “resilience”. Creating confidence in safe digital future is truly needed in the integration of the digital and physical world’s leading to a new digital revolution. The precondition for the exchange of information “trust” must be systematically built at every CPS’ level. In health sector, increasingly interconnected social, technical and economic networks create large complex CPSs, and risk assessment of many individual components becomes cost and time prohibitive. When no-one can control all aspects of CPSs, protection-based risk management is not enough to help prepare for and prevent consequences of foreseeable events, but resilience must be built into systems to help them quickly recover and adapt when adverse events do occur

Disaster-Resilient Control Plane Design and Mapping in Software-Defined Networks

Communication networks, such as core optical networks, heavily depend on their physical infrastructure, and hence they are vulnerable to man-made disasters, such as Electromagnetic Pulse (EMP) or Weapons of Mass Destruction (WMD) attacks, as well as to natural disasters. Large-scale disasters may cause huge data loss and connectivity disruption in these networks. As our dependence on network services increases, the need for novel survivability methods to mitigate the effects of disasters on communication networks becomes a major concern. Software-Defined Networking (SDN), by centralizing control logic and separating it from physical equipment, facilitates network programmability and opens up new ways to design disaster-resilient networks. On the other hand, to fully exploit the potential of SDN, along with data-plane survivability, we also need to design the control plane to be resilient enough to survive network failures caused by disasters. Several distributed SDN controller architectures have been proposed to mitigate the risks of overload and failure, but they are optimized for limited faults without addressing the extent of large-scale disaster failures. For disaster resiliency of the control plane, we propose to design it as a virtual network, which can be solved using Virtual Network Mapping techniques. We select appropriate mapping of the controllers over the physical network such that the connectivity among the controllers (controller-to-controller) and between the switches to the controllers (switch-to-controllers) is not compromised by physical infrastructure failures caused by disasters. We formally model this disaster-aware control-plane design and mapping problem, and demonstrate a significant reduction in the disruption of controller-to-controller and switch-to-controller communication channels using our approach.Comment: 6 page

Game Theory Meets Network Security: A Tutorial at ACM CCS

The increasingly pervasive connectivity of today's information systems brings up new challenges to security. Traditional security has accomplished a long way toward protecting well-defined goals such as confidentiality, integrity, availability, and authenticity. However, with the growing sophistication of the attacks and the complexity of the system, the protection using traditional methods could be cost-prohibitive. A new perspective and a new theoretical foundation are needed to understand security from a strategic and decision-making perspective. Game theory provides a natural framework to capture the adversarial and defensive interactions between an attacker and a defender. It provides a quantitative assessment of security, prediction of security outcomes, and a mechanism design tool that can enable security-by-design and reverse the attacker's advantage. This tutorial provides an overview of diverse methodologies from game theory that includes games of incomplete information, dynamic games, mechanism design theory to offer a modern theoretic underpinning of a science of cybersecurity. The tutorial will also discuss open problems and research challenges that the CCS community can address and contribute with an objective to build a multidisciplinary bridge between cybersecurity, economics, game and decision theory

Disaster Resilience Education and Research Roadmap for Europe 2030 : ANDROID Report

A disaster resilience education and research roadmap for Europe 2030 has been launched. This roadmap represents an important output of the ANDROID disaster resilience network, bringing together existing literature in the field, as well as the results of various analysis and study projects undertaken by project partners.The roadmap sets out five key challenges and opportunities in moving from 2015 to 2030 and aimed at addressing the challenges of the recently announced Sendai Framework for Disaster Risk Reduction 2015-2030. This roadmap was developed as part of the ANDROID Disaster Resilience Network, led by Professor Richard Haigh of the Global Disaster Resilience Centre (www.hud.ac.uk/gdrc ) at the School of Art, Design and Architecture at the University of Huddersfield, UK. The ANDROID consortium of applied, human, social and natural scientists, supported by international organisations and a stakeholder board, worked together to map the field in disaster resilience education, pool their results and findings, develop interdisciplinary explanations, develop capacity, move forward innovative education agendas, discuss methods, and inform policy development. Further information on ANDROID Disaster Resilience network is available at: http://www.disaster-resilience.netAn ANDROID Disaster Resilience Network ReportANDROI

Resilience: Health in a New Key

This is the story of resilience, the remarkable capacity of individuals and communities to bounce back from adversity and even thrive in a world of turmoil and change. How we can begin to build on our strengths -- instead of becoming prisoners of our weaknesses -- is the subject of this issue brief