Interdependencies with

the information infrastructure:

dependability and complexity issues

Marcelo Masera
Joint Research Centre
European Commission

5th International Conference on

Technology Policy and Innovation
Critical Infrastructures
25th June
June,, 2001
 Contents
• Trends in the evolution of infrastructures
– Complexity
– Networked systems-of-systems
– Dependence on ICT
• The information infrastructure
– Requirements and vulnerabilities
– Dependence and interdependencies
• Sector specific cases

27 June 2001 JRC - Interdependencies, dependability and complexity 2

 Infrastructures
• Awareness
– our societies rely on a network of infrastructures
– unclear responsibility/control
– social & economic development dependent on confidence
How to get assurance?

• Increasing concerns
– Failures, errors, bad design
– Attacks: information warfare, hackers/crackers

Need of better understanding on causes and effects

27 June 2001 JRC - Interdependencies, dependability and complexity 3

 Critical Infrastructures
Critical, but for whom?

• Failure to meet expected service level:

– Performance
– Dependability

• The definition of criticality determines what is

under scrutiny:
– National security vs. citizens’ welfare
– Sectors identified: health emergency vs. health care
– Doomsday vs. service disruption scenarios
– Threats, vulnerabilities…

27 June 2001 JRC - Interdependencies, dependability and complexity 4

 Trends
• Drivers:
– Extensive use of IT and open communication networks
– Complexity within each system
– Interconnectedness among systems

In a context that is rapidly evolving:

from globalisation to technology dynamics

infrastructures CD social organisation

f.i. from “fortress” to “networked” security

27 June 2001 JRC - Interdependencies, dependability and complexity 5

 Reliance on ICT
• Intensive use of ICT:
– Automation
– Remote communication
– Data-centred applications

• Main novelties:
– Information as critical asset
– Supply- and demand-side information services:
• new players, new business models
– Inter-operative applications
– Connection to open communication networks
• demanding security & privacy requirements

27 June 2001 JRC - Interdependencies, dependability and complexity 6

 Internal complexity
• Qualitative & quantitative changes:
– Addition of components, functions & behavior
– Expansion of scale
– Services mounted over technologies
– Emergent higher order layers

• But:
– Lack of engineering of the whole infrastructure
– Uncertainty on dependability requirements & systems
adequacy
– Indetermination of global responsibilities

New private-public equation

27 June 2001 JRC - Interdependencies, dependability and complexity 7

 Interconnectedness
• Exchange of: • But also:
– Data – Human & organisational
– Matter/energy interactions

Information

Infrastructure A Infrastructure B

Energy /matter

Human/organisational

27 June 2001 JRC - Interdependencies, dependability and complexity 8

 Networked infrastructures
Arrangement of complex,
interrelated systems-of-systems

• Potentially exhibiting:
– non-linearity
– unpredictability of collective behaviour
– local disruptions with unknown global effects

¾ Study of (critical) interdependencies,

mainly with the information infrastructure

27 June 2001 JRC - Interdependencies, dependability and complexity 9

 Information infrastructure
• No universally accepted definition
– Behaves as single but decentralised
– Multi-jurisdictional, heterogeneous
– Partially known
• Layering:
– Upper layers depend upon (performance/dependability of) lower layers
Sector
Value-added services specific
Generic end-user services

Network management services Information

Information
Infrastructure
Infrastructure
Network Basic transport services

Transmission Local access

27 June 2001 JRC - Interdependencies, dependability and complexity 10

 Dependable information services
• Information Infrastructure as public utility:
– Assurance of service quality (different levels)
– Provision of capabilities for:
• Data communications
• Distributed computation
– Basis for applications showing predictable behaviour

• Topics:
– Specifying service dependability/performance requirements
– Characterising service vulnerabilities
• Accidental: faults, errors, failures
• Malicious: attacks

27 June 2001 JRC - Interdependencies, dependability and complexity 11

 Information interdependencies
Vulnerabilities

Infrastructure Information
Information
Alfa assets
Infrastructure

Service
requirements
Approaches:
simulation
analytic

27 June 2001 JRC - Interdependencies, dependability and complexity 12

 Specifying requirements
• Quantifiable (and therefore negotiable):
– Availability
• capabilities, services, data
– Integrity
• data transmission, data handling
– Confidentiality
• for all actors (source, user, intermediaries)
– Timeliness
• end-to-end service
– Capacity
• throughput, reliability

Plus privacy!

27 June 2001 JRC - Interdependencies, dependability and complexity 13

 Allocating requirements
• The information service design problem:
– What is available, feasible, affordable
– Composition/decomposition is not straightforward

• Current situation
– Internet-like services are not assured
• Availability, timeliness, bandwidth: best effort
• Integrity, confidentiality: application-level solutions
– Service level agreements not yet state-of-the-art

27 June 2001 JRC - Interdependencies, dependability and complexity 14

 Vulnerability of information services
• Risk & criticality:
– Information assets at risk:
• Vulnerabilities intrinsic to each infrastructure
• Vulnerabilities from interdependence with Information Infrastructure

• Current situation
– Evidence on component vulnerabilities, not system
– Lack of comprehensive view: assets, threats

Impact on trust & confidence

In the Information Society

27 June 2001 JRC - Interdependencies, dependability and complexity 15

 Definition of dependence
An infrastructure is dependent
on the information infrastructure if a critical event within it
might be provoked by violation of the requirements
of the consigned information assets

• Notions:
• Critical event in infrastructure
• Information asset
• Requirements Information
asset
• System vulnerabilities Infrastructure Information
Alfa Infrastructure

Risk-related approach Top event Service

req’s
Vulnerabilities

27 June 2001 JRC - Interdependencies, dependability and complexity 16

 Assessment approach
• Top event
– In infrastructure alfa: business continuity, security, safety, privacy
• Information asset
– Asset sent through the information infrastructure
Anonymity
• Requirements Privacy
Consent, access,
validation
– For instance: Accountability
Integrity
• System vulnerabilities Security Confidentiality

– In the information infrastructure Availability

• Threats
threat agent motive means loss
• accidental • event • error/failure • conditions
• malicious • intention mechanisms • circumstances
• attack method

27 June 2001 JRC - Interdependencies, dependability and complexity 17

 Interdependencies
From To
Power infrastructure

Infrastructure alfa Electric power

Req’s systems

Requirements
Information
infrastructure Requirements

Information
infrastructure Automation systems
Requirements

Loops:
non-linearity, hidden vulnerabilities, unforeseen behaviour…

27 June 2001 JRC - Interdependencies, dependability and complexity 18

 Interdependencies /2
• Different types: Ca Fa E Ci F i
– Functional (capabilities)
Sa Si
– Structural (components, links)
Infrastructure Information
– Behavioural (states) Alfa Infrastructure
– End-to-end flow (throughput, performance)

• Different activation:
– Actual occurrence of event
– Perception of potential occurrence
• For human/organisational links

27 June 2001 JRC - Interdependencies, dependability and complexity 19

 Electric power sector case
Generation Power plant Internal Power market agency
company DSC / SCADA ICT
ICT

Transmission system operator

Power lines SCADA
Information
Internal infrastructure
ICT

Distribution company
LV lines SCADA ICT
RTU
Internal
ICT End customer

27 June 2001 JRC - Interdependencies, dependability and complexity 20

 Electric power sector case /2
• Top event: Disruption of power plant
• Information asset: Station control data
• Requirements:
– Business continuity, safety
• Vulnerabilities:
– Organisational: update of access permits, update of patches,
share of common information among stakeholders
– Software: exposures in mission critical applications
• Threats:
– Disgruntled ex-employee, abusing access rights after
dismissal, exploiting known exposures
– Malicious attackers, gaining access by compromise of
company ICT, exploiting trojan horses in SCADA software

27 June 2001 JRC - Interdependencies, dependability and complexity 21

 Health-care sector case
• Project DRIVE

Hospital
Clinical Internal Clinical support
ICT
Administrative Logistics

Information
infrastructure

Public health authorities Drug supplier

Internal Internal
ICT ICT

27 June 2001 JRC - Interdependencies, dependability and complexity 22

 Health-care sector case /2
• Top event: Disclosure of patients’ private data
• Information asset: Patient clinical data
• Requirements:
– Privacy, security
• Vulnerabilities:
– Organisational: privacy and access control policies
– Software: exposures in mission critical applications
• Threats:
– Deceitful business partner, stealing clinician identity,
violating anonymity of drug use
– Malicious attackers, gaining access by compromise of
company ICT, copying records for financial gain

27 June 2001 JRC - Interdependencies, dependability and complexity 23

 Workshop
• “Interdependencies and Vulnerabilities in
Information Infrastructures”
– 27-28 March, Brussels
– Sessions:
• Telecommunications
• Information assets
• Health care
• Energy and utilities
• Finance
– Result:
• Report (available at deppy.jrc.it)

27 June 2001 JRC - Interdependencies, dependability and complexity 24

 Workshop conclusions
1. Short-term actions (2001-2002)
• European Working Group on Interdependencies and
Vulnerabilities
• Information collection and exchange
• Scenario exercises
• Elicitation of R&D challenges
2. Medium-term actions (2003-2007)
• R&D challenges (Dependability Initiative in 6th Framework
Programme)
• Interdisciplinary & complexity
• Dependency loops & non-linearity
• Modelling and simulation, risk models
• Migration to new technologies
• Benchmarking
• Prevention, tolerance, removal, prediction

27 June 2001 JRC - Interdependencies, dependability and complexity 25

 Concluding remarks
• Need to:
– adopt a risk oriented approach
• criticality and interdependencies referred to unwanted events

– develop rigorous concepts

• interdependencies, information assets requirements, system
vulnerabilities, threats

– develop specific analysis methods

• considering interconnectedness and complexity issues

27 June 2001 JRC - Interdependencies, dependability and complexity 26