OPEN ACCESS
This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.
attacks, consequence analysis, critical infrastructure network, security analysis
[1] Knapp, E., Industrial Network Security – Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Syngress: Waltham, 2011.
[2] Hokstad, P., Utne, I. & Vatn, J., Risk and Interdependencies in Critical Infrastructure: A Guideline for Analysis, Springer Series in Reliability Engineering: London, 2012.
[3] Lewis, J.A., Cybersecurity and Critical Infrastructure Protection, Center for Strategic and International Studies: Washington D.C., 2006. http://dx.doi.org/10.1002/0471789542
[4] Vesely, W.E., Goldberg, F.F., Roberts, N.H. & Haasl D.F., Fault Tree Handbook, U.S. Nuclear Regulatory Commission: Washington D.C., 1981.
[5] Apostolakis, G.E. & Lemon, D.M., A screening methodology for the identification and ranking of infrastructure vulnerabilities due to terrorism. Risk Analysis, 25(2), pp. 361–376, 2005.
[6] Garrett, C.J., Guarro, S.B. & Apostolakis, G.E., The dynamic flowgraph methodology for assessing the dependability of embedded software systems. IEEE Transactions on Systems, Man and Cybernetics, 25, pp. 824–840, 1995. http://dx.doi.org/10.1109/21.376495
[7] Utne, I.B., Hokstad, P. & Vatn, J., A method for risk modelling of interdependencies in critical infrastructures. Reliability Engineering and System Safety, 96, pp. 671–678, 2011. http://dx.doi.org/10.1016/j.ress.2010.12.006
[8] Roventa, E. & Spircu, T., Bayesian (belief) networks (Chapter 5). Management of Knowledge Imperfection in Building Imperfect Systems, eds. E. Roventa & T. Spircu, Springer-Verlag: Berlin, pp. 133–152, 2009.
[9] Mislick, G. & Nussbaum, D., Cost Estimation – Methods and Tools, John Wiley & Sons: Hoboken, 2015. http://dx.doi.org/10.1002/9781118802342
[10] Schneier, B., Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons: New York, 2000.
[11] Bier, V.M. & Azaiez, M.N., Game Theoretic Risk Analysis of Security Threats, Springer: New York, 2009.
[12] Böttinger, K. et al, Use case scenario report, ECOSSIAN: European control system security incident analysis network, 2015.