3rd International Workshop on Critical Information Infrastructures Security
October 13-15, 2008, Frascati (Rome), Italy
The program of the event will include invited talks by the following distinguished speakers:
Erol Gelenbe - Imperial College (UK)
"Modelling and Simulation of Critical Infrastructure"
Critical infrastructures include energy, transportation, emergency-health, and communication networks. However, more and more, any of these infrastructures are enabled via computer networks and information systems. Furthermore, such systems are highly interconnected into systems-of-systems. In this lecture we will discuss through some concrete examples on how the reliability and survivability of such systems can be modeled and simulated, and such a European approach to prepare our pan-European critical infrastructures for the emergencies that may arise.
Massoud Amin - University of Minnesota (USA)
"Resilience and Self-healing challenges"
How to manage or control a heterogeneous, widely dispersed, yet globally interconnected system is a serious technological problem in any case. It is even more complex and difficult to control it for optimal efficiency and maximum benefit to the ultimate consumers while still allowing all its business components to compete fairly and freely.
From a broader view, global trends toward interconnectedness, privatization, deregulation, economic development, accessibility of information, and the continued technical trend of rapidly advancing information and telecommunication technologies all suggest that the complexity, interactivity, and interdependence of infrastructure networks will continue to grow.
Much of the world's business and industry, art and science, entertainment and crime are conducted through the Web and the Internet. But our use of these electronic information systems depends, as do our more mundane activities, on many other complex infrastructures, such as cable and wireless telecommunications, banking and finance, land, water and air transportation, gas, water and oil pipelines, and the electric power grid. All of these are, themselves, complex networks, geographically dispersed, non-linear, and interacting both among themselves and with their human owners, operators, and users.
In addition, in many complex networks, the human participants themselves are both the most susceptible to failure and the most adaptable in the management of recovery.
Mathematical models of such complex systems are typically vague (or may not even exist); moreover, existing and classical methods of solution are either not available, or are not sufficiently powerful. Any complex dynamic infrastructure network typically has many layers, decision-making units and is vulnerable to various types of disturbances.
Management of disturbances in all such networks, and prevention of undesirable cascading effects throughout and between networks, requires a basic understanding of the true system dynamics, rather than mere sequences of steady-state operations.
In any situation subject to rapid changes, completely centralized control requires multiple, high-data-rate, two-way, communication links, a powerful central computing facility, and an elaborate operations control center. But all of these are liable to disruption at the very time when they are most needed, i.e., when the system is stressed by natural disasters, purposeful attack, or unusually high demands. Effective, intelligent, distributed control is required that would enable parts of the networks to remain operational and even automatically re-configure in the event of local failures or even threats of failure.
This presentation briefly describes our on-going work in our holistic approach to analysis of the interdependent national and global infrastructure that builds on advances in the mathematics of complexity, methods of probabilistic risk assessment, and techniques for fast computation and interactive simulation with the goal of increased agility and resilience for large-scale systems.
Professor S. Massoud Amin
Honeywell/H. W. Sweatt Chair in Technological Leadership
Director of Center for the Development of Technological Leadership (CDTL)
Professor of Electrical and Computer Engineering
University Distinguished Teaching Professor
University of Minnesota, Minneapolis, MN 55454 USA.
George Apostolakis MIT (USA)
"Risk and Decision Analysis in Infrastructure Protection"
After September 11, 2001, protection against terrorism became a US and international focus. A major concern in terrorist studies is the vulnerability of infrastructures. To examine it we can adopt a decision analysis approach, which objective is to rank the infrastructure elements, and to identify specific issues that arise when risk assessment methods are applied to infrastructures. The proposed methodology begins by identifying assets and components of the infrastructure whose failure may lead to undesirable consequences. The assumed failure of an element leads to a rearrangement of the amounts of goods transported and consumed possibly leading to cascading failures. The consideration of the capacity of the infrastructure elements makes this analysis different from traditional PRAs, in which the performance of each element is modeled as a success or failure, thus leading to Boolean expressions. The physical consequences are input to a value tree that is then used to determine the impact the consequences have on the decision maker. The amount of impact a component represents to the decision maker is its value. Each component value is combined with its susceptibility to failure or attack. The combination of value and susceptibility is used to rank the components according to their risk significance. The results of the analysis presented above should be input to a deliberative process that will lead to the final decision.
Sujeet Shenoi - University of Tulsa (USA)
F.P. Walter Chair in Math and Computer Science
"Strategies for Securing Interconnected Critical Infrastructure Networks"
Can a criminal entity or terrorist group - from the other side of the world - take out down the Internet and telecommunications systems? Or launch a worm that disrupts oil and gas pipelines, water and electric power distribution? How will society cope if the outages last for weeks? This presentation highlights the challenges involved in securing interconnected critical infrastructure assets, in particular, the Internet and IP networks, telecommunications networks, and process control (SCADA) networks used for oil and gas, water and electric power distribution. Also, it discusses the importance of designing security solutions that weave science, technology and policy.
Dr. Sujeet Shenoi received his B.S. degree from the Indian Institute of Technology, Bombay in 1981, and his M.S. and Ph.D. degrees from Kansas State University. Dr. Shenoi is involved in several computer security projects: analysis and verification of cryptographic protocols, intrusion detection and countermeasures for computer and telecommunications networks, secure interoperability and programmable security. He is also spearheading the University of Tulsa Federal Cyber Service Initiative that trains information assurance professionals for service with the U.S. Federal Government. Dr. Shenoi is the founder of the Tulsa Undergraduate Research Challenge (TURC), a nationally recognized program of scholarship and service. For his innovative strategies integrating academics, research and service, Dr. Shenoi was named the 1998-1999 U.S. Professor of the Year by the Carnegie Foundation.
Angelo Marino, Research Programme Officier, Security (ICT). DG Information Society and Media (European Commission)
"Towards a European strategy for Critical Infrastructure Protection research"
Since early 2006, the protection of critical infrastructures remains one of the priorities in the European agenda. On the policy side, in 2006 the European Commission adopted a policy package on EPCIP (European Programme on Critical Infrastructure Protection), for the period 2007-2013. Under EPCIP, dedicated calls for specific studies and pilot projects aimed at assessing vulnerabilities and improving resilience of critical infrastructure, including developing of methodologies, were launched in 2007 and 2008. In June 2008, a political agreement was reached at the European Council, on a Directive for the identification and designation of European Critical Infrastructure (ECI) and the assessment of the need to improve their protection. The Directive is to entry into force before the end of 2008. Under the umbrella initiative on EPCIP, DG Information Society & Media is now working on a proposal for a policy initiative on Critical Information Infrastructure Protection (CIIP) planned for the beginning of 2009. The aim of this initiative will be to engage Member States and private sector to enhance the level of CIIP preparedness and response across the EU. From the research perspective, the Commission has already invested about 60 MEURO in the area and more than 25 research projects are addressing various issues related to the understanding, the prevention and the reaction to critical infrastructure failures and disruptions as well as to deliberate attacks. The Joint ICT-SEC call on critical infrastructure protection, part of the first work programmes of FP7, has reinforced the strong inter-link between policy and research at European level. Eighteen new projects, currently under negotiation, will start during the last quarter of 2008. From the CIIP perspective, these projects will cover understanding and managing the interactions and complexity of interdependent critical infrastructures and the design and development of resilient information and process control systems. Policy, research and technological development initiatives in CIP will continue to be further shaped and developed for the years to come.
Angelo Marino is graduated in computer science at the University of Pisa and obtained his MBA in global ICT management at UBI in Brussels. He worked for 12 years in the private and public sectors covering various roles in the area of software engineering and computer security. In 2002 he joined the European Commission services in the area software technologies within IST research programmes. From March 2004 he is within the unit Security (IST Programme) and his main area of activity covers resilient and dependable Critical Information Infrastructure.
Andrea Valboni - Microsoft (Italy)
"Cyber Threats and Vulnerabilities"
During the last ten years, IT attacks over the Internet changed deeply: viruses, that a few years ago were considered as dangerous threats, now appear as annoying but innocuous inconveniences, while new attacks aim at causing a real economic damage or at stealing citizens' and users' identities. Security is becoming more and more important in information society: it is now interpreted as a systematic approach to solve a problem that has no final solutions. Microsoft believes that a security strategy must include three components: methodology, cooperation with institutions and continuous improvement of technologies. These are Trustworthy Computing pillars: not a marketing slogan but a line of action that enabled Microsoft to achieve important results in the protection of security and privacy of customers, partners and consumers
Andrea was born in Florence in 1951 and became graduated in 1978 at the local University in Electronic Engineering.
He started his professional career in Olivetti's Group in 1979. After a short period spent as a developer in the Specialized Peripheral Division, he joined the Office Information System Division where he covered several roles over a period of 6 years, starting as a developer and ending as Product Manager in the R&D Division. In 1989, Andrea moved to the Olivetti HQ Banking Division as Product Lead for the Olivetti Banking Offering until 1995. In the last period spent in Olivetti, from 1995 to 1997, Andrea managed different groups in the WW Enterprise Customers Support Division, becoming the Director of the WW Banking Consulting and Support.
In 1998 he joined Microsoft as Practice Manager for the Microsoft Consulting Services (MCS) Office located in Rome. In 1999 Andrea took the responsibility of the Consulting group, managing in a second phase the merging between MCS and the Product Support Services with the title of Microsoft Services Director. From July 2002, Andrea became National Technology Officer for Public Sector with the goal to address policy issues in the Country, promoting the transformation power of technology and the benefits of neutral technology policy.
"Critical (Information) Infrastructure Protection: the challenges"