Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis.

Slides:

Advertisements

Similar presentations

Safe and Sustainable Water Resources Research Integrate the existing Drinking Water and Water Quality research programs into one holistic program that.

Advertisements

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

Introduction to Cyber Physical Systems Yuping Dong Sep. 21, 2009.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid Projects Andrew Bui.

Illinois Security Lab Critical Infrastructure Protection for Power Carl A. Gunter University of Illinois.

Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.

NSF Workshop, Washington DC, Nov 2003_ R Harley 1 Summary of EPRI-NSF Workshop held in Playacar, Mexico, April 2002, on GLOBAL DYNAMIC OPTIMIZATION OF.

Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.

Critical Infrastructure Interdependencies H. Scott Matthews March 3, 2003.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Critical Infrastructure Protection: A 21 st Century Challenge Professor Madjid Merabti PROTECT: Research Centre for Critical Infrastructure Computer Technology.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.

Cyber Security of Smart Grid Systems

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

1st IRRIIS Workshop, April 26th, 2006 Key challenges for Critical Information Infrastructure Protection 1st IRRIIS Workshop Sankt Augustin April 26th,

Centre for Earth Systems Engineering Research Infrastructure Transitions Research Consortium (ITRC) David Alderson & Stuart Barr What is the aim of ITRC?

1 IS 8950 Managing Network Infrastructure and Operations.

Presentation title SUB TITLE HERE Intelligent 21st Century Strategies for Broadband and Cyber Infrastructures Security By Dr. Emmanuel Hooper, PhD, PhD,

Ch. 1. The Third ICT Wave The Third ICT Wave.

Distributed Real-Time Systems for the Intelligent Power Grid Prof. Vincenzo Liberatore.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

The Climate Prediction Project Global Climate Information for Regional Adaptation and Decision-Making in the 21 st Century.

Tufts Wireless Laboratory School Of Engineering Tufts University “Network QoS Management in Cyber-Physical Systems” Nicole Ng 9/16/20151 by Feng Xia, Longhua.

Association of Defense Communities June 23, 2015

Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.

Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.

Dependable ICT for Utilities Proposal for DESIRE activities The CRIS Institute Hans Ottosson The International.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

IRRIIS-FP6-2005–IST-4 IRRIIS Project Overview 3rd Public IRRIIS Workshop September 6, 2007, Bonn, Hotel Königshof Erich Rome, FhG-IAIS.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

Urban Infrastructure and Its Protection Responding to the Unexpected Interest Group Report Group Members G. Giuliano (USC), Jose Holguin-Veras (CUNY),

Engineering Essential Characteristics Security Engineering Process Overview.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Future ICT Landscapes – Security and Privacy Challenges & Requirements Simone Fischer-Hübner IVA Workshop, Stockholm 24th May 2012.

Develop a Safety Assurance approach for Complex Systems (Problem Definition) Supervisors: Tim Kelly, Rob Alexander Chris Leong HISE Group Giving a Presentation.

EPA Homeland Security Strategy  Critical Infrastructure Protection  Preparedness, Response & Recovery  Communication and Information  Protection of.

Randy Beavers CS 585 – Computer Security February 19, 2009.

Authors: Ronnie Julio Cole David

Information Technology Needs and Trends in the Electric Power Business Mladen Kezunovic Texas A&M University PS ERC Industrial Advisory Board Meeting December.

MIS 605 Class presentations Socio-technical theory Group1 Members 1.Simon Wasike 2.John Njau Muriithi 3.Francis Timonah 4.Eliud Murithi 5.Franciscah Waihenya.

AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.

Dip. Di Informatica Sistemi e Produzione Università di Roma Tor Vergata E. Casalicchio, E.Galli, S.Tucci CRESCO SPIII.5 Project status Università.

DEFINE central topics: Critical infrastructures interdependencies Marcelo Masera Joint Research Centre DEFINE workshop November 2002, Pisa.

Urban Infrastructure and Its Protection Responding to the Unexpected Interest Group Report.

CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory.

Design and Planning Tools John Grosh Lawrence Livermore National Laboratory April 2016.

Advancing National Wireless Capability Date: March 22, 2016 Wireless Test Bed & Wireless National User Facility Paul Titus Department Manager, Communications.

Surveillance and Security Systems Cyber Security Integration.

CSCE 548 Secure Software Development Risk-Based Security Testing

Green Software Engineering Prof

Failures of Technological Systems

The Extensible Tool-chain for Evaluation of Architectural Models

A Must to Know - Testing IoT

Smart Learning concepts to enhance SMART Universities in Africa

Presentation transcript:

Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis

2ETH Zürich Laboratory for Safety Analysis Problems: Numerous variables, highly integrated Structure stable over time, low dynamics Analytical thinking and diligence sufficient Methods: Decomposition of systems, causal chains; PSA framework Further developments required, e.g. human factors, common cause failures Major challenge : From reliability and risk engineering of complicated systems...

3ETH Zürich Laboratory for Safety Analysis Complex systems: Inadequate information about elements, states and interactions Nonlinearities, feedback loops, adaptive emergent behavior Problems: System behavior unequal sum of single elements’ behavior Strong interdependencies Need to model and simulate „system-of-systems“... to vulnerability assessment of complex systems

4ETH Zürich Laboratory for Safety Analysis What if… Drinking water is missing due to Electrical energy system break down due to Missing communication service due to Overloaded communication component due to Cyber attack due to …  Critical Infrastructure Protection (CIP)

5ETH Zürich Laboratory for Safety Analysis Critical Infrastructures Interdependencies: Scientific Support for Federal Office for Civil Protection Source: IRGC White Paper 3, 2006 (red: high, green: low, yellow: medium) Fig. Assessment matrix for five coupled infrastructures currentstarted

6ETH Zürich Laboratory for Safety Analysis Electric Power Systems: Italian Blackout 2003

7ETH Zürich Laboratory for Safety Analysis Internet protocols were designed for an environment of trustworthy academic and government users with limited applications, not for global users. Commercial off-the-shelf (COTS) software (the number of features and rapid time to market outweigh a thoughtful security design) Monocultures of, individual and networked computers, applications, routers, switches and operating systems increase the effects of any threat: –a single vulnerability can exist and be exploited in millions of identical copies of the same software and hardware Internet (infrastructure) security

8ETH Zürich Laboratory for Safety Analysis SCADA (real Swiss case) – search of potential hacker entry points (3) (1)Dedicated data exchange between utilities and Swiss TSO (PIA system) (2)Trading/office systems separated from SCADA (1)Own control systems – can be operated via own telephone lines; protective systems/devices independent from SCADA (1) (2)

9ETH Zürich Laboratory for Safety Analysis Drinking Water © SVGW / SSIGE / SSIGA 2003;

10ETH Zürich Laboratory for Safety Analysis Water: Simulation of contamination Scenarios Contaminations Flow Concentration Sensor placement

11ETH Zürich Laboratory for Safety Analysis Methods: framework for vulnerability analysis

12ETH Zürich Laboratory for Safety Analysis Intact Repairing Defect Memory Goal Method: Agent Based Modeling (ABM)  Has different states (Finite State Machine, FSM)  Is capable of interaction with its environment (e.g. other objects)  has „receptors“ and „effectors“ for specific („messages“) and non-specific (environmental variables) signals  Can act randomly  May have a memory (learning)  Can strive for a goal

13ETH Zürich Laboratory for Safety Analysis Simulation of N objects One single object does not tell us much about the behaviour of its macro-system Therefore every component of a system has to be modelled separately by an object By the computational simulation of all objects, the global system behaviour and the system states emerge Intact Repairing Defect

14ETH Zürich Laboratory for Safety Analysis Agent-based Modelling applied to the electric power system 3. Die Simulation Kumulative Ausfallswahrscheinlichkeit 2. Die Systemmodellierung 1. Das Konzept 1.Identify the components of the system. Determine the states of each component by making use of FSM. 2. Establish the communication among the objects. 3. Simulate your model to generate the system states and estimate Blackout Frequencies

15ETH Zürich Laboratory for Safety Analysis Conclusions Complex systems (e.g. CIs) face multiple threats (technical- human, natural, physical, cyber, contextual; unintended or malicious); may pose risks themselves CIs show high complexity, inter-dependencies of different type, coupling and interaction level, e.g. through a host of industrial ICT Vulnerability analysis of complex systems calls for ‘system-of- systems thinking’, suitable techniques and problem-oriented approach. LSA has developted a comprehensive framework for vulnerability analysis of complex systems