Professional Documents
Culture Documents
Marcelo Masera
Joint Research Centre
European Commission
• Increasing concerns
– Failures, errors, bad design
– Attacks: information warfare, hackers/crackers
• Main novelties:
– Information as critical asset
– Supply- and demand-side information services:
• new players, new business models
– Inter-operative applications
– Connection to open communication networks
• demanding security & privacy requirements
• But:
– Lack of engineering of the whole infrastructure
– Uncertainty on dependability requirements & systems
adequacy
– Indetermination of global responsibilities
Information
Infrastructure A Infrastructure B
Energy /matter
Human/organisational
• Potentially exhibiting:
– non-linearity
– unpredictability of collective behaviour
– local disruptions with unknown global effects
• Topics:
– Specifying service dependability/performance requirements
– Characterising service vulnerabilities
• Accidental: faults, errors, failures
• Malicious: attacks
Infrastructure Information
Information
Alfa assets
Infrastructure
Service
requirements
Approaches:
simulation
analytic
Plus privacy!
• Current situation
– Internet-like services are not assured
• Availability, timeliness, bandwidth: best effort
• Integrity, confidentiality: application-level solutions
– Service level agreements not yet state-of-the-art
• Current situation
– Evidence on component vulnerabilities, not system
– Lack of comprehensive view: assets, threats
• Notions:
• Critical event in infrastructure
• Information asset
• Requirements Information
asset
• System vulnerabilities Infrastructure Information
Alfa Infrastructure
• Threats
threat agent motive means loss
• accidental • event • error/failure • conditions
• malicious • intention mechanisms • circumstances
• attack method
Requirements
Information
infrastructure Requirements
Information
infrastructure Automation systems
Requirements
Loops:
non-linearity, hidden vulnerabilities, unforeseen behaviour…
• Different activation:
– Actual occurrence of event
– Perception of potential occurrence
• For human/organisational links
Distribution company
LV lines SCADA ICT
RTU
Internal
ICT End customer
Hospital
Clinical Internal Clinical support
ICT
Administrative Logistics
Information
infrastructure