摘要 :
The disruption of a Critical Infrastructure (CI) or a Critical Information Infrastructure (CII) may have a serious impact on the society. The pervasive web of CI/CII dependencies has the potential to cause exceptional damage and s...
展开
The disruption of a Critical Infrastructure (CI) or a Critical Information Infrastructure (CII) may have a serious impact on the society. The pervasive web of CI/CII dependencies has the potential to cause exceptional damage and societal disruption and may be hard to secure and govern. To understand the underlying threat causes of CI and CII disruptions and failures, information on CI/CII disruption incidents has been collected from public news resources for over 15 years. The database resource has been built to analyze and understand the phenomena and consequences of CI and CII disruptions and failures including dependencies, cascading effects, and good and bad practices. Another purpose of the database is to identify lessons. The information collected in the period 2004 2018 on CI/CII disruptions helps to understand the discrepancies between the way in which the population experiences CI/CII disruptions and cascading impact and the outcomes of theoretical dependency models. This paper therefore updates, extends, and deepens our earlier empirical findings for the period 2004 - 2010. The analysis and research results has led to a set of lessons identified and recommendations that can be applied to improve heterogenetic CI and CII dependency and cascading models, CI and CII-related emergency management, and CI/CII protection and resilience policies.
收起
摘要 :
Our increasingly complex and interconnected societies are continuously exposed to a wide range of risks. Infrastructure systems are subject to functional impairments associated with technological failure, natural threats and malic...
展开
Our increasingly complex and interconnected societies are continuously exposed to a wide range of risks. Infrastructure systems are subject to functional impairments associated with technological failure, natural threats and malicious acts. The adequate functioning of infrastructures is crucially sustaining our societal and economic activities. Therefore, the protection of infrastructures becomes more and more an important issue for policy makers.
This paper reports the experience gained during the preparatory studies carried out by the Joint Research Centre (JRC) to support the European Commission and its member states on the definition of criteria for identifying critical infrastructures.
The existing methods for identifying critical infrastructures are mainly based on risk analysis techniques. These approaches were found to be insufficient and need to be complemented with socioeconomic evaluations of potential impacts. This paper highlights the contribution of stakeholders and decision makers in the process of definition and identification of critical infrastructures because the concept of criticality is deeply rooted in sociopolitical acceptance.
收起
摘要 :
This paper presents a computational model for the quantification of critical infrastructure (CI) degree of dependency on ICT. Traditional CIs that support modern society in providing uninterruptable vital services are increasingly...
展开
This paper presents a computational model for the quantification of critical infrastructure (CI) degree of dependency on ICT. Traditional CIs that support modern society in providing uninterruptable vital services are increasingly ICT dependent. To build the needed bulwark against cyber threats, there is the need to assess their dependency on ICT since ICT infrastructure comes with vulnerabilities that amplify cyber risk. Consequently, the proposed computational model for the quantification of CI degree of dependency on ICT is a function of ICT metrics and indicators based on mathematical constructs. The outcome is ICT dependency index (IDI), and ICT dependency quadrant (IDQ), which compare, rank, and visualise the IDI of sectors and organisations. The findings show that no one sector can be chosen arbitrarily as the most critical ICT dependent. The model is particularly useful for developing countries to uniformly assess CI's degree of dependency on ICT as opposed to uninformed valuation.
收起
摘要 :
In 2009, the US Department of Homeland Security (DHS) began using a targeted questionnaire to produce individual vulnerability/ protective-measure values for high-risk critical infrastructures and key resources. As sites continue ...
展开
In 2009, the US Department of Homeland Security (DHS) began using a targeted questionnaire to produce individual vulnerability/ protective-measure values for high-risk critical infrastructures and key resources. As sites continue to be assessed, the topic of resilience is emerging as a necessary focus in risk management and infrastructure protection. Enhancing the resilience of critical infrastructures requires determining the ability of systems to withstand specific threats and return to normal operations after degradation. Thus, comprehensive consideration of all parts of infrastructure systems, from threats to consequences, is needed. The methodology must generate reproducible results that can support decision-making in risk management, disaster response, and business continuity.Argonne National Laboratory, in collaboration with the DHS Protective Security Coordination Division, has developed a comprehensive methodology that uses uniform and consistent data to develop a resilience index (RI). Using the RI to compare similar facilities can provide vital benefits to owners/operators as well as DHS.
收起
摘要 :
Critical infrastructure systems provide for the circulation of people, goods, services and information upon which health, safety, comfort and economic activity of a society depend. In this study, we analyse data from 541 organisat...
展开
Critical infrastructure systems provide for the circulation of people, goods, services and information upon which health, safety, comfort and economic activity of a society depend. In this study, we analyse data from 541 organisations affected by the 2010-2011 Canterbury, New Zealand, earthquake to understand how disruption of critical infrastructure services translates into disruption for businesses and other organisations affected by the loss of infrastructure services. The paper proposes metrics for assessing the relevance and criticality of infrastructures for organisations. In this context, relevance refers to organisations' perceived reliance on infrastructure services and criticality refers to the impact that infrastructure service outage might have on organisations, as a function of the infrastructure relevance for the same organisations and of the duration of infrastructure service outage. The metrics and procedures proposed in this paper provide a much-needed contribution towards enhancing understanding of the private sector's vulnerability to infrastructure disruption. The study findings can be used to qualitatively assess the vulnerability of industry sectors to infrastructure disruption, and can support the estimation of potential impacts induced by infrastructure service outages, at organisation and industry sector level. This can inform and foster public and private sector investments to enhance infrastructure resilience.
收起
摘要 :
Flood event is one of the natural disasters that increasingly threaten the safety of the people in an area. Critical infrastructure albeit important, has been shown to be vulnerable to flooding and damages to critical infrastructu...
展开
Flood event is one of the natural disasters that increasingly threaten the safety of the people in an area. Critical infrastructure albeit important, has been shown to be vulnerable to flooding and damages to critical infrastructure element may affect large areas over a longer time period. Critical infrastructures play an important role in functioning of industries and communities and also responding against flooding to reduce their impacts. Critical infrastructures such as hospital, school, road networks and other infrastructures are important during flood event to serve as emergency services. It was found that there is difference in understanding the concept of vulnerability with varying assessments and different view. This paper briefly reviews the concept of vulnerability and discusses on the approach used for flood vulnerability of critical infrastructure by past researchers to identify and fortify the vulnerable critical infrastructure ahead of time reducing the potential damage due to flood. This paper focuses the vulnerability of critical infrastructure during flood event and also describes several approaches with a discussion on the application of the approaches used and the relevance results.
收起
摘要 :
This article explores policy approaches to educating populations for potential critical infrastructure collapse in five different countries: the UK, the US, Germany, Japan and New Zealand. 'Critical infrastructure' is not always e...
展开
This article explores policy approaches to educating populations for potential critical infrastructure collapse in five different countries: the UK, the US, Germany, Japan and New Zealand. 'Critical infrastructure' is not always easy to define, and indeed is defined slightly differently across countries - it includes entities vital to life, such as utilities (water, energy), transportation systems and communications, and may also include social and cultural infrastructure. The article is a mapping exercise of different approaches to critical infrastructure protection and preparedness education by the five countries. The exercise facilitates a comparison of the countries and enables us to identify distinctive characteristics of each country's approach. We argue that contrary to what most scholars of security have argued, these national approaches diverge greatly, suggesting that they are shaped more by internal politics and culture than by global approaches.
收起
摘要 :
Critical infrastructure analysis often involves overwhelming volumes of complex, heterogeneous, interdependent information. Human judgment is essential to the analysis as insights and understandings are synthesized from informatio...
展开
Critical infrastructure analysis often involves overwhelming volumes of complex, heterogeneous, interdependent information. Human judgment is essential to the analysis as insights and understandings are synthesized from information that is often complex, dynamic, incomplete, diverse, conflicting and even deceptive. Yet, our ability to collect information is increasing at rates far beyond our ability to analyze it. Visual analytics - the science of analytical reasoning facilitated by interactive visual interfaces - can help analysts obtain better insights and understanding with greater efficiency. This paper discusses the research challenges involved in applying interactive visualization to critical infrastructure analysis. The research challenges are organized around three dimensions that are adapted from metrics proposed by Scholtz (2006) [8] for evaluating human information interaction systems. The challenges are illustrated using examples from the integrated modeling and simolation of critical infrastructures.
收起
摘要 :
Critical infrastructure technology vendors will inevitability take advantage of the benefits offered by the cloud computing paradigm. While this may offer improved performance and scalability, the associated security threats imped...
展开
Critical infrastructure technology vendors will inevitability take advantage of the benefits offered by the cloud computing paradigm. While this may offer improved performance and scalability, the associated security threats impede this progression. Hosting critical infrastructure services in the cloud environment may seem inane to some, but currently remote access to the control system over the internet is commonplace. This shares the same characteristics as cloud computing, i.e., on-demand access and resource pooling. There is a wealth of data used within critical infrastructure. There needs to be an assurance that the confidentiality, integrity and availability of this data remains. Authenticity and non-repudiation are also important security requirements for critical infrastructure systems. This paper provides an overview of critical infrastructure and the cloud computing relationship, whilst detailing security concerns and existing protection methods. Discussion on the direction of the area is presented, as is a survey of current protection methods and their weaknesses. Finally, we present our observation and our current research into hosting critical infrastructure services in the cloud environment, and the considerations for detecting cloud attacks.
收起
摘要 :
Cyber security becomes omnipresent within the society, stakeholders are taking actions necessary to reassure general public and to enhance the level of protection. One of the ways seems to be to incorporate cyber into existing fra...
展开
Cyber security becomes omnipresent within the society, stakeholders are taking actions necessary to reassure general public and to enhance the level of protection. One of the ways seems to be to incorporate cyber into existing frameworks for critical infrastructure protection. This text demonstrates how the introduction of cyber strains existing frameworks and demonstrates certain misconceptions on the case study of the legal change in the Czech Republic. Introducing cyber leads to selective choice of specific type of interdependency, while it ignores other significant types. The paper observes large discrepancy between the macro-level definitions and micro-level procedures and concludes that changes in the existing legal framework present a securitization exercise without significant added value. (C) 2018 Elsevier B.V. All rights reserved.
收起