Next Generation Information-Based Infrastructures

Advancements of information and communication technologies (ICT) cause infrastructure owners to augment current infrastructures with such ICT. The creation of more efficient and effective end-user services provides economical benefits and increases customer satisfaction. Concurrently, ICT advancements allow governmental and industrial sectors to develop complete new infrastructures and infrastructure services, the so called Next Generation Infrastructures (NGI). NGI will offer new services to society, end-users and the supply-chain of organisations and linked, dependent infrastructural services. For over fifty years, the introduction of new ICT-based services and infrastructures has been tightly coupled with failures in ICT-security. This chapter on NGI discusses the root causes of these security failures. Based on historical experiences, this chapter predicts threats and cyber security failures alike for the envisioned NGI such as smart (energy) grids, smart road transport infrastructure, smart cities, and e-health. This prediction will become reality unless fundamental changes in the approach to security of ICT-based and ICT-controlled infrastructures are taken.

The Issue of Trust and Information Sharing and the Question of Public Private Partnerships

Whatever their focus, Public-Private Partnerships (PPPs) require that a fundamental level of trust be established between the partners in order to have any chance of success. In parallel with trust, there is also a need to share information between partners, which must be carried out in a controlled and secure manner. This chapter examines the need for and the effectiveness of PPPs, the likely participants in them, and how incentives might be used to encourage their participation. The chapter also discusses the nature both of trust and information sharing, and how they are can be an enabler in both setting up and running PPPs.

Using Hybrid Attack Graphs to Model and Analyze Attacks against the Critical Information Infrastructure

The Smart Grid will incorporate computer networking technologies into the electrical generation, transmission, and distribution sectors. Thus, there will be an underlying Critical Information Infrastructure (CII) based on these network connections. This CII is vulnerable to traditional cyber or computer based attacks typically geared toward disabling devices or networks. However, the Smart Grid is also vulnerable to physical attacks where sensors are tricked into reporting false conditions that cause the control system to react in an inappropriate manner. Cyber-physical attacks blending both cyber and physical attack components are also a possibility. Techniques to model cyber-attacks exist, and this chapter presents a modeling methodology, termed hybrid attack graphs, to model cyber-physical attacks. The hybrid attack graph formalism can be applied to develop best practice guidelines and security patches for the Smart Grid. This formalism can also be applied to other cyber-physical domains as well to help bridge the gap between the physical, logical, and network domains.

Modelling Economic Consequences of ICT Infrastructure Failure in Support of Critical Infrastructure Protection Policies

There is a large body of work and effort been made in the modelling of critical infrastructures (CI’s) by academia, enterprises, stakeholders, operators, etc.; however, their endeavours have received mixed success so far. This can be traced back to several difficult and historical hurdles in CI modeling such as the chronic unavailability of reliable and recognised data, the specificity of the resulting model, and therefore, its application, the underlying mathematics, narrow-mindedness and lack of awareness of the consequences of infrastructure failure, the recognition and dissemination of the modelling methodology-knowledge, etc. Consequently, bridging theory and application and providing tools for analysing CI’s is key to ensuring that such modelling delivers the benefits voiced and satisfies the needs raised. This chapter sets out to tackle several of these issues.

Large Scale Physical Disruptions in the Electronic Communication Sector

While small-scale disruptions that affect the electronic communications sector are frequent, their impact is generally relatively low, and recovery can be extremely fast. However, large-scale disruptions that have a major impact on the electronic communications sector are relatively uncommon. It is as a consequence of these two facts that Communications Service Providers (CSPs) place the majority of their effort (where possible) into the planning for prevention of small-scale disruptions, and recovery from those that do occur.

Risk Assessment of Multi-Order Dependencies between Critical Information and Communication Infrastructures

Assessing risk in information and communication infrastructures is a challenging topic due to the complexity of critical infrastructures (CIs) and of the various dependencies between such infrastructures. This chapter discusses the basic concepts of risk assessment for CIs. Moreover, it describes a recently proposed methodology for criticality assessment. The main goal of this methodology is to assess the risk of an infrastructure (or a sector of critical infrastructures), taking into account the dependencies between CIs and/or sectors. The methodology is compatible with current information systems practices. The basic characteristic of the presented methodology is that it attempts to capture both organization-oriented and society-oriented consequences of possible security events, a feature which is not always embedded in mainstream information security risk assessment methodologies.

Resilience Principles for the ICT Sector

This chapter summarizes a set of abstract principles extracted from the literature pertaining to the resilience of systems in the ICT sector from which concrete solutions can be developed. Case studies are discussed that illustrate the validity and criticality of these principles. Also discussed is the interdependency among these principles that show that, in general, concrete solutions cannot be developed from principles individually but must be implemented in combination with other specific principles. A model of the phases of a disruption is shown and the applicability of these principles to these phases is discussed. Both single and multiple threat scenarios are discussed that reflect historical cases.

The Telecoms Inclusion Principle

Communications and information technologies play an increasingly important role both within and between national critical infrastructures. From the food that we eat to the water that we drink, to the energy that we use across all modes of transportation to the systems that protect us when we travel in those systems; we rely on information infrastructures. These interdependencies will increase rapidly in coming years. For instance, the European SESAR programme and the US NextGen initiative are using computational systems to increase the efficiency and maintain the safety of air traffic management with increasing numbers of flights. Similarly, a range of ‘smart grid’ initiatives depend upon computational infrastructures to coordinate the supply and demand of renewable and conventional power sources. The benefits that are provided by telecommunications and information technologies also creates new vulnerabilities, for instance, it is increasingly difficult for national critical infrastructures to recover and reorganise their service provision in the aftermath of computational failures. It is for these reasons that this chapter proposes a telecoms inclusion principle. This states that it order to assess the resilience of any national critical infrastructure we must consider the failure modes and resilience capabilities of telecommunications infrastructures. A consequence of this principle is that the failure of telecommunications infrastructures must be considered in all contingency plans, in drills and exercises, as well as the recovery strategies that are used to mitigate the consequences of an adverse event.

Cyber Risks in Energy Grid ICT Infrastructures

The objective of the chapter is to present the role of cyber security experiments within a methodological approach for the evaluation of cyber risks in grid control systems. As a starting point, a cyber-power risk index has been defined to support the identification of relevant risk factors across network attack models. Instances of attack models have been then experimented on an ICT architecture implementing grid operation scenarios with the double aim of evaluating the attacks’ effects by means of communication performance measures and of tuning the configuration of security mechanisms. The chapter discusses the results of a variety of attack experiments and their role in the calculation of the risk index.

The Complexity Science Approach vs. the Simulative Approach

The chapter starts with the description of the state-of-the-art and the literature review, while introducing the general context of the simulative and complexity science methodologies applied to the critical information infrastructure protection. While introducing the general context, the authors illustrate the methodologies and their applications. The major objective is to investigate the pros and cons to facilitate the choice between the mainstream lines of research in critical information infrastructure protection. Theoretical and practical issues are balanced in order to provide the reader with a wider understanding of the problems at hand and with the appropriate methodological tools to face them. This discussion on the state-of-the-art by no means can be considered exhaustive, depending on the personal views of the authors and on the room available, nevertheless it is meant to explain the trends and the relevant points in the field. It is also worth mentioning, moreover, that with respect to other CI (oil, gas, power grid, etc.), only a small number of CII modelling case studies are available. The reader should be aware that the intention of the authors is not to provide a deep, theoretical, or philosophical analysis of the issue under consideration, rather to help from a practical point of view.