Presentation is loading. Please wait.

Presentation is loading. Please wait.

1st IRRIIS Workshop, April 26th, 2006 Key challenges for Critical Information Infrastructure Protection 1st IRRIIS Workshop Sankt Augustin April 26th,

Published byRoger Thornton Modified over 9 years ago

Similar presentations

Presentation on theme: "1st IRRIIS Workshop, April 26th, 2006 Key challenges for Critical Information Infrastructure Protection 1st IRRIIS Workshop Sankt Augustin April 26th,"— Presentation transcript:

1 1st IRRIIS Workshop, April 26th, 2006 Key challenges for Critical Information Infrastructure Protection 1st IRRIIS Workshop Sankt Augustin April 26th, 2006 Tatiana Roubinchtein, Mechthild Stöwer Main Problem areas and (inter)dependencies between Critical Infrastructures

2 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 2 Vulnerability of Critical Infrastructures Blackout America North East, August 2003 Blackout Italy, September 2003 Crashing of French GSM network, November 2004

3 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 3 Multiple Events – similar patterns Multiple interacting contingencies Low probability event sequence - very difficult to predict Failures of monitoring, control and protection equipment causes cascading events

4 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 4 Specific causes Italian blackout: cross border problem US blackout: inadequate setting of backup line protection equipment French GSM Network crash: failed software update

5 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 5 Economical/political problems High degree of business interdependencies Market restructuring – liberalisation, privatisation, increase of competition conflicting stakeholder’s interests (e.g. private companies, public interests) Cost-pressure Offshore reliance Increasing demand/network loads Insufficient political awareness regarding vulnerabilities of CI Lack of public research

6 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 6 Organisational problems Missing appropriate business models Lack of appropriate risk assessment models Lack of appropriate security policies including different (inter)dependend CIs Insufficient information sharing Insufficient skills of personnel

7 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 7 Technological problems induced by market forces Heterogeneous hardware infrastructure  Out-dated legacy system  Insuffucient hardware performance Transfer of monitoring/control information via public networks Usage of open, public available network protocols and standards Increasing use of Commercial-off-the-Shelf (COTS) solutions (Poorly designed) Connections between control systems and enterprise networks

8 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 8 Technological problems induced by technological evolution Complexity of the new technologies requires appropriate management procedures  Intransparent network systems  Heterogeneous hardware infrastructure  Mix of software solutions Complexity of the new technologies causes new vulnerabilities  Upgrades hard to retrofit to legacy systems  Quality of COTS often insufficient

9 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 9 Technological problems induced by new risk factors Transfer of monitoring/control information via public networks No use of appropriate encryption systems for information transfer and storage Usage of proprietary network protocols and standards Insecure wireless LANs in use Missing appropriate authentication procedures Missing appropriate software certification SCADA and DCS security tools often have “back-door” system access and other known vulnerabilities Unpatched components on the PC/SCADA networks

10 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 10 Deficits within appropriate standard frameworks Missing appropriate network models reflecting interdependencies within a CI and other CIs No consistent cyber security standards Hard to specify and evaluate threats Lack of unified mathematical framework with robust tools for modelling, simulation, control and optimisation of time-critical operations

11 Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 11 Points to be discussed List of technology problems comprehensive? (missing issues?) Prioritisation of problem areas Approaches of technology providers and operators to solve the problems? Significant gaps? Approaches to solve modelling issues Evaluation of standardisation activities

Download ppt "1st IRRIIS Workshop, April 26th, 2006 Key challenges for Critical Information Infrastructure Protection 1st IRRIIS Workshop Sankt Augustin April 26th,"

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis.

Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis.
IRRIIS – Integrated Risk Reduction of Information-based Infrastructure Systems Workshop - Middleware Improved Technology for Interdependent Critical Infrastructures.

IRRIIS – Integrated Risk Reduction of Information-based Infrastructure Systems Workshop - Middleware Improved Technology for Interdependent Critical Infrastructures.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 12 Strategies for Managing the Technology Infrastructure.

Chapter 12 Strategies for Managing the Technology Infrastructure.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.

Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.

Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Similar presentations

Ads by Google