1. CRITICAL INFRASTRUCTURE RISK ASSESSMENT SUPPORT Group Work: Brainstorming on System Requirements 1st Stakeholders’ Workshop Katowice, March, 5th, 2015 Reinhard Hutter / Peter Klein

2. The Group Work Objectives Process Group Work Feedback Way ahead

3. WP1: Requirements and Concepts Identify needs and expectations of Cl stakeholders in the range of tools and methods  Questions; Needs; Your Feedback Specify requirements for the CIRAS tool-set for risk assessment and management, Plan the application of use cases and their development for experimentation  We think of “large” and “catastrophic” incidents

4. Typical Requirements Classes Functional requirements Requirements concerning data acquisition and quality Usability requirements/ user friendliness Requirements concerning interoperability Output results analysis and reporting requirements Requirements concerning flexibility, adaptability to different CI environments, etc.

5. Req‘ts CategoryTypical RequirementsRemarks Framework conditions & risks Time and resources Complexity and novelty User involvement / roles Maturity of existing tool(s) CI-interdependency modelling Key (open) issue is modelling of interdependencies, cascading effects etc. Functional RRA : OSCAD? Interdependencies,.. CBA and QCA: How to use in CIRAS? Focus on Understanding, easy setup & experiment’n Setup & Data Use Cases requirements Data quality and comprehensiveness Similar to ValueSec Usability Ease of understanding Effort to learn and apply Handling & control We need a “typical” end-user profile Technical integration Internal interoperab. („the 3 pillars“) External: To which systems? SW-engineering standards System security provisions External interoperability may not be a big issue in CIRAS (?) Results & reporting Types of results Result reports Selection & configuration by the user Focus on ease of understanding and fast feedback Flexibility & adaptability Possibility of sensitivity analyses Adaptability to other CI-use cases Portability (to other user environments) Growth potential Describes the requirements to be come a “standard” for the future Some “Food for Thought” S K I P

6. Some Typical General Questions Do CIs or CM organizations apply RM tools? If yes: What is common, what is different? If no: Is there a need? Which expected benefit? Who will use a CIRAS tool-set? Can or should a CIRAS tool-set become some standard? Can a CIRAS tool-set foster PPP cooperation? Will a CIRAS tool-set help to understand unsolved issues?

7. The Stakeholder Questionnaire Categories 1.Economic and Business 2.Government and Administrations 3.Societal Factors 4.Interdependencies and Cascading Effects 5.Functional Characteristics 6.Operational Environment  The Group Work will follow the same structure

8. Two Work Groups Topics Categories Group1 Business focus Group2 Governm & admin focus I Economic and Business 1 II Government and Administrations 2 III Societal Factors 2 IV Interdependencies and Cascading Effects 12 V Functional Characteristics 12 VI Operational Environment 12

9. Suggested Group1: Business Focus NameGiven NameOrganization CityCountryGroup BilderbeekArnoNational Security Advisory CentreThe Hague Netherland s1 BańkoPrzemysławProximus S.A.KatowicePoland 1 Andrzejewsk aMonika Szczecin and Swinoujscie Seaports Authority SASzczecinPoland1 KałkusWłodzimierz Polish Air Navigation Services AgencyWarszawaPoland1 SitarzMarek Professor in WSB Business School - Department of Railways Dąbrowa GórniczaPoland1 MańkaAdam Silesian University of Technology - Transport FacultyKatowicePoland1 LarranetaJavier PESI Spanish Technology Platform on Industrial Safety, Secretary GeneralBilbaoSpain1 JurczakRobert PSE Polskie Sieci Elektroenergetyczne S.A. - Polish Power Networks Konstancin- JeziornaPoland1 NovakMichal PNSC Poznań Supercomputing and Networking Centre PoznanPoland1 PeterKleinCIRAS/ CESSModerator DariuszRogowskiEMAGNote Taker DariuszRogowskiEMAGRapporteur

10. Suggested Group2: Government Focus Name Given Name Organization CityCountryGroup SpitMarcelNational Security Advisory CentreThe Hague Netherla nds2 LUIS GODOMonica Mossos d'Esquadra (Catalonian Regional Police)BarcelonaSpain2 LöbbeckePeter Fachhochschule Polizei Sachsen- AnhaltAscherslebenGermany2 SantiagoElvira Higher Council for Scientific ResearchMadridSpain2 PopławskiŁukasz Polish Air Navigation Services AgencyWarszawaPoland2 GruchmannYvonne BIGS Brandenburgisches Institut für Gesellschaft und Sicherheit GmbHPotsdamGermany2 KamieniowskiGrzegorz Silesian Governor's Office in Katowice, Director of Department of Security and Crisis ManagementKatowicePoland2 WilczekRadosław PKP Polish Railways, Expert on Crisis Management in the Security DepartmentWarszawaPoland2 ReinhardHutterCIRAS/ CESSModerator AntonioGarciaATOSNote taker JaimeMartinATOSRapporteur

11. Moderated Sessions Answer a general key question (next slide) Discuss Topics (6 Worksheets) Capture Attributes, Ideas, Questions, Remarks Add further Topics Indicate your Priorities Fill in the Questionnaire Summarize and report to Plenum  All feedback will be handled anonymously !!!

12. Moderated Sessions A first key question to each of you: If you were offered an IT tool on Risk Management/ Risk Assessment (or an improvement of your existing tools), What would be your core most important REQUIREMENT you would ask for ?  Let’s start the Group Work

13. Thank you very much for your attention and cooperation!  Lets start working Reinhard Hutter Technical Director hutter@cess-net.eu www.cirasproject.eu Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism and other Security- related Risks Programme of the European Union