|
CRITIS'07 2nd International Workshop on Critical Information Infrastructures Security October 3-5, 2007, Benalmadena-Costa (Malaga), Spain (Including ITCIP '07, Information Technology for Critical Infrastructure Protection) |
|
|
| CRITIS'07 |
| Home |
| Call for Papers |
| Committees |
| Program |
|
Registration & Accommodation |
| Travel/Tourist Info |
| Venue |
| Contact us |
| Sponsors |
 
  
|
| Learn about CRITIS'06 |
"Emerging Technology Challenges in the Protection of Critical Information Infrastructures"
Jacques Bus, European Commission, INFSO Unit "Security"
TBA
"Critical Information and Critical Infrastructures. How Do They Relate?"
Adrian Gheorghe, Old Dominion University, US
The basic difficulty with societal infrastructures, call them critical infrastructures, is that they are extremely fragile.
It takes only a seemingly minor incident like a power transformer failure or an anonymous bomb threat or a road / rail
traffic crash to send the entire structure into failure mode. In event of malicious threat, natural disaster or technical
failure, we need to understand the systematic nature of infrastructures if we are to be able to respond quickly and
effectively to get the system back in its performance capability limits.
The need to understand the emerging concept of critical information in relation to the complexity of societal critical
infrastructures brings new dimensions in the current discourse on the vulnerability of life support systems
for providing services.
Critical information studies address a wealth of new issues in a comprehensive and holistic manner. It fits well
the contemporary landscape of critical infrastructure protection. According to recent studies, critical information
studies constitute a special field of work that "considers the ways in which culture and information are
regulated, and thus the relationship among regulation and commerce, creativity, science, technology, politics,
and other human affairs", and even more.
The lecture will address the concept of critical information as an emergent characterization of interdependencies,
resiliency and sustainability of current critical infrastructures, and their future generation.
Interdependencies among critical infrastructures will be extended, in concept and magnitude, from the well
known representation existing today in the state of the art literature, to the new one assisted by the
implementation of the concept of critical information. The vulnerability of satellite systems, down
to the potential cascading impact on many levels of societal infrastructures will be discussed and
commented, in the light of critical information and system-of-systems new advanced concepts.
"The tangled webs of Critical Information Infrastructures"
Paulo Veríssimo, Universidade de Lisboa, Portugal
In the past few decades, critical infrastructures of all kinds have become largely computerised and interconnected
all over the world. This generated a web of critical information infrastructures, susceptible to digital or
computer-borne attacks and faults. Progressively, modern societies discovered that threats against computers
and control computers could have as devastating effects as attacks on the physical infrastructures themselves.
These threats range from accidental events like natural faults or wrong manoeuvres, to attacks by hackers
or terrorists. The problem affects a range of systems with great socio-economic value, such as utility systems
like electrical, gas or water, or telecommunication systems and computer networks like mobile telephony or the
Internet. Achieving resilience, that is, ensuring acceptable levels of service and, in last resort, the
integrity of systems themselves, when faced with threats of several kinds, became a major objective.
These tangled webs were woven by industrialised societies over the past few years, and although there is
growing awareness about the dimension of the problem, and an increase in the concern for using security
and dependability best practices in these systems, we believe that the problem is complex and not completely
understood, and can not be solved with classical methods.
Whilst the high degree of interconnection is causing great concern, given that attacks can
be perpetrated in an unexpected, anonymous and remote way, the complexity of the problem is mainly due
to the hybrid composition of those infrastructures: the operational network, called generically SCADA;
the corporate intranet; and the Internet, to which, and often unwittingly, the other parts are
sometimes connected to.
These issues and possible strategies for solutions, will be discussed in this talk.
"Critical Infrastructure Interdependency Modeling and Simulation: Current Practices and Challenges"
Donald Dudenhoeffer, Idaho National Labs, USA
Critical infrastructure represents that infrastructure whose disruption could either directly or indirectly
affect an organization, a business, a city or even a country's ability to perform key functions and missions.
Today, infrastructures such as electrical power, water, telecommunications, etc… are highly intertwined in operations
and functionality. Today, few infrastructures exist wholly disjoint. Be it through direct connectivity,
policy and procedures or even geospatial proximity, the majority of infrastructures are tied together.
While this interconnectivity has most certainly increased efficiency, it should be a key concern for infrastructure
owners and managers at all levels. A 2002 RAND report stated: "One of the most frequently identified shortfalls
in knowledge related to enhancing critical infrastructure protection capabilities is the incomplete understanding of
interdependencies between infrastructures. Because these interdependencies are complex, modeling efforts are
commonly seen as a first step to answering persistent questions about the "real" vulnerability of infrastructures." [1]
While several efforts [2,3] have surveyed the current research in the area of infrastructure interdependency
modeling and analysis, the object of this discussion is to present not only the key features found in these
different modeling approaches, but also the challenges that exists in deploying interdependency analysis
as part of an operationally deployable toolset. The objective of this presentation is to provide a technical
background for research in interdependency modeling, and to invoke open exchange on approaches to overcome the
challenging aspects of this area. This work draws upon discussion and exchange with leading international research
teams in this area as well as lessons learned from integrating of infrastructure interdependency modeling into
an operational command and control suite for the U.S. Office of the Secretary of Defense for Homeland Defense.
[1] D. Mussington, Concepts for Enhancing Critical Infrastructure Protection: Relating Y2K to CIP Research and Development. 2002. RAND:Science and Technology Institute, Santa Monica CA, p 29.
[2] M. Dunn, and I.Wigert. 2004. International CIIP Handbook 2004: An Inventory and Analysis of Protection Policies in Fourteen Countries. Zurich: Swiss Federal Institute of Technology: 243.
[3] P. Pederson, D. Dudenhoeffer, S. Hartley, M. Permann. 2006. Critical Infrastructure Interdependency Modeling: A Survey of U.S. and International Research, INL Technical Document: INL/EXT-06-11464.
|
Last Modified: September 2007 |