2,953 research outputs found
Modelling interdependencies between the electricity and information infrastructures
The aim of this paper is to provide qualitative models characterizing
interdependencies related failures of two critical infrastructures: the
electricity infrastructure and the associated information infrastructure. The
interdependencies of these two infrastructures are increasing due to a growing
connection of the power grid networks to the global information infrastructure,
as a consequence of market deregulation and opening. These interdependencies
increase the risk of failures. We focus on cascading, escalating and
common-cause failures, which correspond to the main causes of failures due to
interdependencies. We address failures in the electricity infrastructure, in
combination with accidental failures in the information infrastructure, then we
show briefly how malicious attacks in the information infrastructure can be
addressed
Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art
Effective risk assessment methodologies are the cornerstone of a successful Critical Infrastructure Protection program. The extensive number of risk assessment methodologies for critical infrastructures clearly supports this argument. Risk assessment is indispensable in order to identify threats, assess vulnerabilities and evaluate the impact on assets, infrastructures or systems taking into account the probability of the occurrence of these threats. This is a critical element that differentiates a risk assessment from a typical impact assessment methodologyJRC.G.6-Security technology assessmen
Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge
The Internet of Things (IoT) triggers new types of cyber risks. Therefore,
the integration of new IoT devices and services requires a self-assessment of
IoT cyber security posture. By security posture this article refers to the
cybersecurity strength of an organisation to predict, prevent and respond to
cyberthreats. At present, there is a gap in the state of the art, because there
are no self-assessment methods for quantifying IoT cyber risk posture. To
address this gap, an empirical analysis is performed of 12 cyber risk
assessment approaches. The results and the main findings from the analysis is
presented as the current and a target risk state for IoT systems, followed by
conclusions and recommendations on a transformation roadmap, describing how IoT
systems can achieve the target state with a new goal-oriented dependency model.
By target state, we refer to the cyber security target that matches the generic
security requirements of an organisation. The research paper studies and adapts
four alternatives for IoT risk assessment and identifies the goal-oriented
dependency modelling as a dominant approach among the risk assessment models
studied. The new goal-oriented dependency model in this article enables the
assessment of uncontrollable risk states in complex IoT systems and can be used
for a quantitative self-assessment of IoT cyber risk posture
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
- …