EAPC PFP Workshop CIIP ICT Sectors and Interdependencies

EAPC / PFP Workshop CIIP: ICT Sectors and Interdependencies Prof. Dr. B. M. Hämmerli, bmhaemmerli@acris. ch Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli

EAPC / PFP Workshop Some Inputs to stimulate the ICT Group Sector and Interdependency Discussion Content From Monopoly to Free Market Economy of Scale and Decentralization / Centralization Interconnection of Services and Interdependencies Domino effect Example Family Home Our Task today Conclusion Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 2

EAPC / PFP Workshop Introduction Definition Criticality of Services: Services, organizations and institutions, which are (absolutely) essential to the public community such that failure or disruption of which will result in long-lasting supply bottlenecks and/or other dramatic consequences for substantial elements of the community are considered as critical A Sector consists of one or Multiple Services Later: Definition Vulnerability of Systems / Threat / Asymmetric Threat / Domino or Cascading Effects / Interdependencies Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 3

EAPC / PFP Workshop Situation Analysis and Needs Service Supply of Nations: From Monopoly to Free Market Security Task For each Nation Security ? Task Task Zurich, September 23, 2005 Task Free Market introduced: • Competition (lowest rate possible) • Many service provider with corporate security • Delegation of the supply task • Overall guarantee of supply and its securing measures skipped • Structure is still centralized, (partly with common nodes and/or Infrastructure (Telco) CIP is the answer to secure the old fashioned “public service” for (inter) & national purpose Prof. Dr. Bernhard M. Hämmerli 4

EAPC / PFP Workshop Situation Analysis and Needs I Why we have this challenge by now? Efficiency vs. Robustness: Processes, Infrastructure Services Efficiency Robustness 1980 Zurich, September 23, 2005 today 20 XX Prof. Dr. Bernhard M. Hämmerli 5

EAPC / PFP Workshop Situation Analysis and Needs Economy of Scale / Decentralization 1 Economy of Scale Production cost in regular situations are often lower with a centralized approach Security measures are applied, but central vulnerabilities remain Decentralization as a mean to make infrastructure robust Management Center Logical channel for management information Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 6

EAPC / PFP Workshop Conventional Central Station Based Power System partly with Decentralized Generation Coal ? % Industrial Overloaded/Congested Transmission Lines Nuclear ? % Nat. Gas ? % Commercial Generator Substation Petroleum ? % Zurich, September 23, 2005 Hydro ? % Distribution Substation Residential This and the next slides are from Prof. Dr. Saifur Rahman, Director Alexandria Research Institute, VA-Tech USA Prof. Dr. Bernhard M. Hämmerli 7

EAPC / PFP Workshop Situation Analysis and Needs Economy of Scale / Decentralization 3 Distributed Generation Technologies Solar Cells Wind Turbines Gas Turbines Reciprocating Engines Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 8

EAPC / PFP Workshop Dependency and Interdependency A depends on B B A Interdependent or mutual dependent A B or A B § Complex: A depends on B, B on C, …, and Y on A and B M X A … C O B Y N By Suanne Jantsch Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 9

EAPC / PFP Workshop Infrastructure Sectors and its Interconnection Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 10

EAPC / PFP Workshop Situation Analysis and Needs: Interconnected CIP View from EU Project ACIP Methods CIS Hierarchy Computer Zurich, September 23, 2005 Energy. . . Transportation Nav. System Power Lines. . . Switches Green: Basic and Essential Services Prof. Dr. Bernhard M. Hämmerli System Simulation Optim. Algorithms Human Behavior Mod. Technical Components Telecommunication System Dynamics Empirical Modeling etc. Individual Systems Compound of Critical Infrastructures Socio-economic Models Gaming Scenario Techniques System Interdependencies Government Economy Society System of Systems Knowledge Management Cost Benefit Analysis Co-operation & Decision Support Policies / Strategies Vulnerability Analysis Risk Analysis / Safety Management Analysis 11 Technical Simulation Technical Experimentation etc. IABG Schmitz (2002)

EAPC / PFP Workshop 31 Interconnected Critical Services in the Netherlands Private Public and internationally linked: physically, logically and informationally Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 12

EAPC / PFP Workshop Sectors according NISCC UK Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 13

EAPC / PFP Workshop Situation Analysis and Needs New Threats : Interdependencies are structured! The nature of systems implies, that not all dependencies are as important. Basically has energy first priority, followed by telecommunication. Transport / Traffic / Postal Services Rescue / Health Care Disposal Government and Administration Gas / Oil supply Water a. s. o. Applications View of Info. Surance Switzerland Finance Applications Operating System / Middleware Communication Electricity Physical Thread Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 14

EAPC / PFP Workshop Trends and Good Practice in Getting Started (Example CH) IV Info. Surance Example: Common Generic Risks in CI(I)P l Te io at ic Fi un na m nc e om ec Round Tabel Generic Risks, Info. Surance Spring 2003 n 2 Types of Risks: -Core Risks -Application Risks s ca Se n ct or an s e s Ad c po u ++ mi e rt ++ nis tra tio A n t pp io li R Tr gy Zurich, September 23, 2005 er En Idea: Share Risks identified in other sectors to speed up the risk analysis process Common Risk or dependability? ! Interfaces and Independencies Clearing of Risks Prof. Dr. Bernhard M. Hämmerli 15

EAPC / PFP Workshop Domino Effects Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 16

EAPC / PFP Workshop Dependencies from Energy Sector Example: Family Home No Electrical Energy: Food: § Cooking: Gas or Electricity § Deep Freezer: 10 Hour to warm up! Light: Candles, Camp Ground Solutions Telephone: § Mobile § Wired: Cordless, Simple Phones Heating § Oil (not working because of electrical burning system) § Open Fire Computing / Internet § Laptop until end of battery § Desk Top Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 17

EAPC / PFP Workshop Emergency Communication Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 18

EAPC / PFP Workshop Our Task I Your and your Country's‘ understanding of a sector interdependencies, generally and specifically in your country Task II: ICT / Communication What does fail, when ICT does not work? § Generally in all country § Country specific Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 19

EAPC / PFP Workshop Situation Analysis and Needs Conclusions and Strategies Architecture: Future Infrastructure Design (New Threats, Free Market) § § § § Migration towards future Architecture (decentralization, redundancy and separation of information and steering- & control layer) Making existing infrastructure resilient (multiple simultaneous attacks) e. g. through decentralization and segregation (Information and Control Level) Granularity of CIP models (long discussion process of experts needed) Decentralize infrastructure and make critical infrastructure (the sectors and the suppliers within the sectors) as much as possible independent from each other Avoid centralized and common single point of failure (requires extensive analysis (e. g. telco: common lines)) Centralize the management platform of decentralized systems to gain as much status knowledge as possible for taking the best decisions in case of failure. Have several back up of the management centers. Lack of models / contracts with international corporation (are benefit-oriented, no special loyalty to nations, security is a limited issue) Nations should negotiate and clarify these situations (risk assessment) “CIP Middleware“ is missing (From Monopoly -> Free Market) § § § Top down: Policy approach is brought in to nations thinking Bottom up: Corporation do an enormous effort in BCP, DRP and IT Security In between is the „CIP Middleware“, Information Sharing Centers (ISAC), topic to be defined (Automatic mutual support, building CI(I)P Communities) There is a enormous effort in corporate and sector’s CI(I)P today. To integrate this complex infrastructure and its interfaces in a national or transnational CI(I)P plan is one of the most challenging CIP Task Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 20

EAPC / PFP Workshop Questions Zurich, September 23, 2005 Prof. Dr. Bernhard M. Hämmerli 21