Assurance and trust indicators to evaluate accuracy of on-line risk in critical infrastructures

Authors

Abstract

Critical infrastructure (CI) services are consumed by the so- ciety constantly and we expect them to be available 24 hours a day. A common definition is that CIs are so vital to our society that a disruption or destruction would have a severe impact on the social well-being and the economy on national and international levels.
CIs can be mutually dependent on each other and a failure in one in- frastructure can cascade to another (inter)dependent infrastructure and cause service disruptions. Methods to better assess and monitor CIs and their (inter)dependencies at run-time in order to be able to evaluate possible risks have to be developed. Furthermore, methods to ensure the validity of evaluated risk have to be investigated.
In this work, we build on existing work of CI security modelling, a CI model that allows modelling the risks of CI services at run-time. We conduct a study of indicators allowing to evaluate the correctness of calculated service risk, taking into account various sources contributing to this evaluation. Trust-based indicators are introduced to capture the dynamically changing behaviour of a system.

Keywords

Critical infrastructures, ICT security, Trust and reputation management.

Subject

Critical Infrastructure Protection

Related Project

FP7 ICT MICIE - Tool for systemic risk analysis and secure mediation of data ex-changed across linked CI information infrastructure

Conference

6th Int. Conf. on Critical Infrastructures Information Security (CRITIS 2011), September 2011