CIIP: ICT Sectors and Interdependencies

1
CIIP ICT Sectors and Interdependencies
2
Some Inputs to stimulate the ICT GroupSector and
Interdependency Discussion

• Content
• From Monopoly to Free Market
• Economy of Scale and Decentralization /
  Centralization
• Interconnection of Services and Interdependencies
• Domino effect
• Example Family Home
• Our Task today
• Conclusion

3
Introduction

• Definition Criticality of Services
• Services, organizations and institutions,
• which are
• (absolutely) essential to the public community
• such that
• failure or disruption of which
• will result in
• long-lasting supply bottlenecks and/or other
  dramatic consequences
• for substantial elements of the community are
  considered as critical
• A Sector consists of one or Multiple Services
• Later Definition Vulnerability of Systems /
  Threat / Asymmetric Threat /Domino or Cascading
  Effects / Interdependencies

4
Situation Analysis and Needs Service Supply of
Nations From Monopoly to Free Market

• From Monopoly to Free Market

• Free Market introduced
• Competition (lowest rate possible)
• Many service provider with corporate security
• Delegation of the supply task
• Overall guarantee of supply and its securing
  measures skipped
• Structure is still centralized,
• (partly with common nodes and/or
  Infrastructure (Telco)
• CIP is the answer to secure the old fashioned
  public service for (inter) national purpose

Security
Task
For each Nation
Security ?
Task
Task
Task
Task
Task
Task
Task
Task
Task
5
Situation Analysis and Needs I Why we have this
challenge by now?Efficiency vs. Robustness
Processes, Infrastructure Services
6
Situation Analysis and Needs Economy of Scale /
Decentralization 1

• Economy of Scale

Production cost in regular situations are often
lower with a centralized approach Security
measures are applied, but central vulnerabilities
remain Decentralization as a mean to make
infrastructure robust
Management Center
Logical channel for management information
7
Conventional Central Station Based Power
Systempartly with Decentralized Generation
Coal ?
Overloaded/Congested Transmission Lines
Industrial
Nuclear ?
Nat. Gas ?
Commercial
GeneratorSubstation
DistributionSubstation
Petroleum ?
Residential
This and the next slides are from Prof. Dr.
Saifur Rahman, Director Alexandria Research
Institute, VA-Tech USA
Hydro ?
8
Situation Analysis and Needs Economy of Scale /
Decentralization 3 Distributed Generation
Technologies
Solar Cells
Wind Turbines
9
Dependency and Interdependency
A depends on B
Interdependent or mutual dependent
By Suanne Jantsch
10
Infrastructure Sectors and its Interconnection
11
Situation Analysis and Needs Interconnected CIP
View from EU Project ACIP
Socio-economic Models Gaming Scenario Techniques
System Dynamics Empirical Modeling etc.
System Simulation Optim. Algorithms Human
Behavior Mod.
Technical Simulation Technical
Experimentation etc.
Green Basic and Essential Services
IABG Schmitz (2002)
12
31 Interconnected Critical Services in the
Netherlands
13
Sectors according NISCC UK
14
Situation Analysis and Needs New Threats
Interdependencies are structured!
The nature of systems implies, that not all
dependencies are as important. Basically has
energy first priority, followed by
telecommunication.
Transport / Traffic / Postal ServicesRescue /
Health Care DisposalGovernment and
AdministrationGas / Oil supplyWatera. s. o.
Applications
View of InfoSurance Switzerland
Finance Applications
Operating System / Middleware
Communication
Electricity
Physical Thread
15
Trends and Good Practice in Getting Started
(Example CH) IVInfoSurance Example Common
Generic Risks in CI(I)P

• Round Tabel Generic Risks, InfoSurance Spring
  2003
• 2 Types of Risks
• Core Risks
• Application Risks
• Idea Share Risks identified in other sectors to
  speed up the risk analysis process
• Common Risk or dependability? !

16
Domino Effects
17
Dependencies from Energy SectorExample Family
Home

• No Electrical Energy
• Food
• Cooking Gas or Electricity
• Deep Freezer 10 Hour to warm up!
• Light Candles, Camp Ground Solutions
• Telephone
• Mobile
• Wired Cordless, Simple Phones
• Heating
• Oil (not working because of electrical burning
  system)
• Open Fire
• Computing / Internet
• Laptop until end of battery
• Desk Top

18
Emergency Communication
19
Our Task

• Task I
• Your and your Country's understanding of a
  sector
• interdependencies, generally and specifically in
  your country
• Task II ICT / Communication
• What does fail, when ICT does not work?
• Generally in all country
• Country specific

20
Situation Analysis and NeedsConclusions and
Strategies

• Architecture Future Infrastructure Design (New
  Threats, Free Market)
• Migration towards future Architecture
  (decentralization, redundancy and separation of
  information and steering- control layer)
• Making existing infrastructure resilient
  (multiple simultaneous attacks) e.g. through
  decentralization and segregation (Information
  and Control Level)
• Granularity of CIP models (long discussion
  process of experts needed)
• Decentralize infrastructure and make critical
  infrastructure (the sectors and the suppliers
  within the sectors) as much as possible
  independent from each other
• Avoid centralized and common single point of
  failure (requires extensive analysis (e.g. telco
  common lines))
• Centralize the management platform of
  decentralized systems to gain as much status
  knowledge as possible for taking the best
  decisions in case of failure. Have several back
  up of the management centers.
• Lack of models / contracts with international
  corporation (are benefit-oriented, no special
  loyalty to nations, security is a limited
  issue)? Nations should negotiate and clarify
  these situations (risk assessment)
• CIP Middleware is missing (From Monopoly -gt
  Free Market)
• Top down Policy approach is brought in to
  nations thinking
• Bottom up Corporation do an enormous effort in
  BCP, DRP and IT Security
• In between is the CIP Middleware, Information
  Sharing Centers (ISAC), topic to be defined
  (Automatic mutual support, building CI(I)P
  Communities)There is a enormous effort in
  corporate and sectors CI(I)P today.To integrate
  this complex infrastructure and its interfaces in
  a national or transnational CI(I)P plan is one of
  the most challenging CIP Task

21
Questions