Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis.

Published byJoanna West Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis."— Presentation transcript:

1 Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis

2 2ETH Zürich Laboratory for Safety Analysis Problems: Numerous variables, highly integrated Structure stable over time, low dynamics Analytical thinking and diligence sufficient Methods: Decomposition of systems, causal chains; PSA framework Further developments required, e.g. human factors, common cause failures Major challenge : From reliability and risk engineering of complicated systems...

3 3ETH Zürich Laboratory for Safety Analysis Complex systems: Inadequate information about elements, states and interactions Nonlinearities, feedback loops, adaptive emergent behavior Problems: System behavior unequal sum of single elements’ behavior Strong interdependencies Need to model and simulate „system-of-systems“... to vulnerability assessment of complex systems

4 4ETH Zürich Laboratory for Safety Analysis What if… Drinking water is missing due to Electrical energy system break down due to Missing communication service due to Overloaded communication component due to Cyber attack due to …  Critical Infrastructure Protection (CIP)

5 5ETH Zürich Laboratory for Safety Analysis Critical Infrastructures Interdependencies: Scientific Support for Federal Office for Civil Protection Source: IRGC White Paper 3, 2006 (red: high, green: low, yellow: medium) Fig. Assessment matrix for five coupled infrastructures currentstarted

6 6ETH Zürich Laboratory for Safety Analysis Electric Power Systems: Italian Blackout 2003

7 7ETH Zürich Laboratory for Safety Analysis Internet protocols were designed for an environment of trustworthy academic and government users with limited applications, not for global users. Commercial off-the-shelf (COTS) software (the number of features and rapid time to market outweigh a thoughtful security design) Monocultures of, individual and networked computers, applications, routers, switches and operating systems increase the effects of any threat: –a single vulnerability can exist and be exploited in millions of identical copies of the same software and hardware Internet (infrastructure) security

8 8ETH Zürich Laboratory for Safety Analysis SCADA (real Swiss case) – search of potential hacker entry points (3) (1)Dedicated data exchange between utilities and Swiss TSO (PIA system) (2)Trading/office systems separated from SCADA (1)Own control systems – can be operated via own telephone lines; protective systems/devices independent from SCADA (1) (2)

9 9ETH Zürich Laboratory for Safety Analysis Drinking Water © SVGW / SSIGE / SSIGA 2003; www.trinkwasser.ch

10 10ETH Zürich Laboratory for Safety Analysis Water: Simulation of contamination Scenarios Contaminations Flow Concentration Sensor placement

11 11ETH Zürich Laboratory for Safety Analysis Methods: framework for vulnerability analysis

12 12ETH Zürich Laboratory for Safety Analysis Intact Repairing Defect Memory Goal Method: Agent Based Modeling (ABM)  Has different states (Finite State Machine, FSM)  Is capable of interaction with its environment (e.g. other objects)  has „receptors“ and „effectors“ for specific („messages“) and non-specific (environmental variables) signals  Can act randomly  May have a memory (learning)  Can strive for a goal

13 13ETH Zürich Laboratory for Safety Analysis Simulation of N objects One single object does not tell us much about the behaviour of its macro-system Therefore every component of a system has to be modelled separately by an object By the computational simulation of all objects, the global system behaviour and the system states emerge Intact Repairing Defect

14 14ETH Zürich Laboratory for Safety Analysis Agent-based Modelling applied to the electric power system 3. Die Simulation Kumulative Ausfallswahrscheinlichkeit 2. Die Systemmodellierung 1. Das Konzept 1.Identify the components of the system. Determine the states of each component by making use of FSM. 2. Establish the communication among the objects. 3. Simulate your model to generate the system states and estimate Blackout Frequencies

15 15ETH Zürich Laboratory for Safety Analysis Conclusions Complex systems (e.g. CIs) face multiple threats (technical- human, natural, physical, cyber, contextual; unintended or malicious); may pose risks themselves CIs show high complexity, inter-dependencies of different type, coupling and interaction level, e.g. through a host of industrial ICT Vulnerability analysis of complex systems calls for ‘system-of- systems thinking’, suitable techniques and problem-oriented approach. LSA has developted a comprehensive framework for vulnerability analysis of complex systems

Download ppt "Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis."

Similar presentations

Safe and Sustainable Water Resources Research Integrate the existing Drinking Water and Water Quality research programs into one holistic program that.

Safe and Sustainable Water Resources Research Integrate the existing Drinking Water and Water Quality research programs into one holistic program that.
FIA Prague Preparation February 6, 2008. Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Introduction to Cyber Physical Systems Yuping Dong Sep. 21, 2009.

Introduction to Cyber Physical Systems Yuping Dong Sep. 21, 2009.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Smart Grid Projects Andrew Bui.

Smart Grid Projects Andrew Bui.
Illinois Security Lab Critical Infrastructure Protection for Power Carl A. Gunter University of Illinois.

Illinois Security Lab Critical Infrastructure Protection for Power Carl A. Gunter University of Illinois.
Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.

Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
NSF Workshop, Washington DC, Nov 2003_ R Harley 1 Summary of EPRI-NSF Workshop held in Playacar, Mexico, April 2002, on GLOBAL DYNAMIC OPTIMIZATION OF.

NSF Workshop, Washington DC, Nov 2003_ R Harley 1 Summary of EPRI-NSF Workshop held in Playacar, Mexico, April 2002, on GLOBAL DYNAMIC OPTIMIZATION OF.
Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.

Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.
Critical Infrastructure Interdependencies H. Scott Matthews March 3, 2003.

Critical Infrastructure Interdependencies H. Scott Matthews March 3, 2003.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Critical Infrastructure Protection: A 21 st Century Challenge Professor Madjid Merabti PROTECT: Research Centre for Critical Infrastructure Computer Technology.

Critical Infrastructure Protection: A 21 st Century Challenge Professor Madjid Merabti PROTECT: Research Centre for Critical Infrastructure Computer Technology.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

Similar presentations

Ads by Google