critical infrastructure resilience
Post on 13-Dec-2014
1.955 Views
Preview:
DESCRIPTION
TRANSCRIPT
Thales Security Solutions & Services
Seven findings on Critical Infrastructures Resilience
CRITIS 2011 – Luzern – 09/09/2011 – Paul Théron
Thales Security Solutions & Services
2 /2 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
The context
Very general, and diverse, definitions of resilience
Confusion between dependability, BCM, …, and resilience
Burgeoning standardisation initiatives in relation to resilience
The idea of extreme shocks is now fully accepted :
� «A recent OECD study* analysed whether cyber-incidents could lead to a ‘global shock’ as devastating as e.g. large-scale pandemics. They concluded that there are a very few cyberevents with the capacity to provoke a global shock. Although they state that there are many examples where cyber-incidents have caused a great deal of harm and financial loss, they conclude that the greatest concern for policy makers are large scale events caused by two different cyber-incidents taking place at the same time or a cyber-event taking place during another form of disaster or attack. »
In European Parliament (2011) Study Report on “The role of ENISA in contributing to a coherent and enhanced structure of network and information security in the EU and internationally”. Directorate General for Internal Policies ; Policy Department A: Economic and Scientific Policy ; Industry, Research and Energy, p21
* OECD (2011) Reducing Systemic Cybersecurity Risk. P. Sommer, I. Brown, IFP/WKP/FGS(2011)
So, the question is : Can we better define the notion of resilience ?
Thales Security Solutions & Services
3 /3 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
REST : The REsilience Studies Team
REsilience Studies Team (REST) � Cyber REsilience Studies Team (CREST)
� Goals : To elicit the theoretical underpinnings of r esilience in order to build resilient socio-technic al systems
� Approach : Phenomena dynamics, Social-Ecological Sys tems, Organisation, Computing Science, Cognition/Ps ychology
� Scope : National, Societal / Territorial, Business, and Critical Infrastructure Resilience
� Methods : Literature review, Case studies, Action re search, EU & Collaborative projects, Dual experimen ts, Workshops
� Fields : Telecommunications, Energy, Communities, Bu siness, Political regimes, Work collectives, Fire-f ighters
Thales Security Solutions & Services
4 /4 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Katrina (August 2005, New Orleans)
IncidentsIncidents
EvacuationEvacuation
AlerteAlerte
Dernières précautionsDernières précautions
RefugeRefuge
DévastationDévastation
ChocChoc SurvieSurvie
Préparation des secoursPréparation des secours
SécurisationSécurisation
DéploiementDéploiement
Après coupAprès coup
IncidentsIncidents
EvacuationEvacuation
AlerteAlerte
Dernières précautionsDernières précautions
RefugeRefuge
DévastationDévastation
ChocChoc SurvieSurvie
Préparation des secoursPréparation des secours
SécurisationSécurisation
DéploiementDéploiement
Après coupAprès coup
Paul Théron 2007
Thales Security Solutions & Services
5 /5 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Défense
Manoeuvre
Survie
échec
échec
échec
Effondrement
Incident
Sauvetage échec
Destruction
Le feu est à 150/200 yards
Dodge ordonne de remonter le canyon
Le feu rattrape les hommes
Dodge ordonne de jeter les outils
Le feu va « exploser »
Dodge “invente” le “contre-feu” ; Sallee et Rumsey se sont réfugiés dans
une crevasse
Récupération
Dodge, Sallee et Rumsey ont survécu
Mais les 12 Smokejumpers ont succombé
D’autres Smokejumpers sont très grièvement blessés
On tente de les secourir…
Défense
Manoeuvre
Survie
échec
échec
échec
Effondrement
Incident
Sauvetage échec
Destruction
Le feu est à 150/200 yards
Dodge ordonne de remonter le canyon
Le feu rattrape les hommes
Dodge ordonne de jeter les outils
Le feu va « exploser »
Dodge “invente” le “contre-feu” ; Sallee et Rumsey se sont réfugiés dans
une crevasse
Récupération
Dodge, Sallee et Rumsey ont survécu
Mais les 12 Smokejumpers ont succombé
D’autres Smokejumpers sont très grièvement blessés
On tente de les secourir…
Mann Gulch (August 1949, USA, Montana)
Thales Security Solutions & Services
Our findings…
Thales Security Solutions & Services
7 /7 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
First finding on resiliency : what it has to do with
STRESS
FEAR
TRAUMA
Thales Security Solutions & Services
8 /8 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Second finding on resiliency : what it is
pressureFragile
pressure pressure
more
Robust
Resilient pressure pressure
more
Yushi Fujita - Resilience Engineering Symposium, October 25-29, 2004, Soderkoping Brunn, Sweden
surprise
Thales Security Solutions & Services
9 /9 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Third finding on resiliency : why it is needed
Davos report 2011
Rinaldi IEEE Control System Magazine 2001
Complexity frominterdependencies
A crisis-pronesociety
Thales Security Solutions & Services
10 /10 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Fourth finding on resiliency : how it works
SurpriseSurprise
Plannedresponse
Navigation
Survival
fails
fails
fails
Collapse
Incident
Rescue fails
Destruction
Recovery
Learning
Preparation
Overwhelming circumstances
Crushing circumstances
Fate
Destabilising circumstances
Prev / Prot*
fails
VulnerabilityVulnerability
CRISIS
Post-traumaticRESILIENCE
PeritraumaticRESILIENCE
P Théron (2007-2011) Resilience V-Model
* Prevention / Protection
Thales Security Solutions & Services
11 /11 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Fifth finding on resiliency : How it can be defined
« A crisis is an experience of collapse »
� Of a socio-technical system’s pillars
� What gives it its capacity to deliver
� Under the effect of a major shock
� Surprise
� Defencelessness
� Consciousness of a fatal issue
« Resilience is the aptitude of a socio-technical system to surmount a crisis »
� Getting-by
� Resisting
� Resuming
� Rebounding
# EC - JLS/2008/D1/018 : A study on measures to analyse and improve European emergency preparedness in the field of fixed and mobile telecommunications and Internet
Business a UsualDomain of
Emergencies
IncidentResponse
Procedures
Impacts
1Minor
Incident
4SevereShock
5ExtremeShock
0MinorEvent
2Major
Incident
3Severe
Incident
Range ofControlModes
ProceduredDefences
toIncident
Management
Creativeadaptation
toTactical
reasoning
Negligible Tolerable Untolerable
Business / SystemContinuity
Plans
CrisisManagementCapabilities
Skills & Knowledge
Impacts
1Minor
Incident
4SevereShock
5ExtremeShock
0MinorEvent
2Major
Incident
3Severe
Incident
Range ofControlModes
ProceduredDefences
toIncident
Management
Creativeadaptation
toTactical
reasoning
Negligible Tolerable UntolerableImpacts
1Minor
Incident
4SevereShock
5ExtremeShock
0MinorEvent
2Major
Incident
3Severe
Incident
Range ofControlModes
ProceduredDefences
toIncident
Management
Creativeadaptation
toTactical
reasoning
Negligible Tolerable Untolerable
Business / SystemContinuity
Plans
CrisisManagementCapabilities
Skills & Knowledge
EMERGENCY : situation in which a socio-technical system has to cope with a situation ranging from a major incident up to an extreme shock (2 ���� 5)
Shift in theCommandment
paradigm
#
“The ability of a system to provide & maintain an acceptable level of service, in face of faults (unintentional, intentional, or naturally caused) affecting normal operation” http://www.enisa.europa.eu/act/res/files/glossary
“the ability of a system to recover from adversity, either back to its original state or an adjusted state based on new requirements. Building resilience requires a long-term effort involving reengineering fundamental processes, both technical and social.” EC COM(2009)149
“The ability of a system to provide & maintain an acceptable level of service, in face of faults (unintentional, intentional, or naturally caused) affecting normal operation” http://www.enisa.europa.eu/act/res/files/glossary
“the ability of a system to recover from adversity, either back to its original state or an adjusted state based on new requirements. Building resilience requires a long-term effort involving reengineering fundamental processes, both technical and social.” EC COM(2009)149
Thales Security Solutions & Services
12 /12 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Sixth finding on resiliency : How it is obtained
Resilience requires
� Theory of resilience based on a
� Model of incidents dynamics
� Model of resilience production
� Emergency Preparation Process
� Collaborative
� Continuous Improvement Loop
� Emergency Response Organisation
� Tactical Decision Making
� Co-operative Processes
� Resilience Capabilities
Rules & Resource :-I1: Interpretation-I2: Reckoning & Anticipation-I3: Options Analysis
Rules & Resource :-M1: Time Margins-M2: Reserve Infrastructures-M3: Reserve Logistics-M4: Support Social Networks-M5: Intrinsic Robustness-M6: Creativity & Know-How-M7: Publics’ Sensitivity & Tolerance-M8: Publics’ Trust & Liking-M9: Financial & Legal Freedom
Rules & Resource :-F1: Urgentists-F2: Evacuation & Victims-F3: Clearing & Reconstruction-F4: Emergency Fund
Rules & Resource :-D1: Alarm & Mobilisation-D2: Strategies & Plans-D3: Decision-Making Procedures-D4: Chain of Command-D5: Chain of Control-D6: Communications & Interoperability
Rules & Resource :-O1: Intelligence-O2: Surveillance-O3: Reconnaissance
TR
Observation
Interpretation
MarginsForces
Com&Legal
Direction
Rules & Resource :-C1: Pre-Crisis Com-C2: Influence Network-C3: CrisCom Design-C4: MediaCom & HRCom-C5: Legal Action & Advice
Act upon Situation
See what’s going on Understand & Anticipate
on situation
Manoeuvre to regain Initiative
ManageTrust & Risk
Pilot Action
TR : Tactical Reasoning
Rules & Resource :-I1: Interpretation-I2: Reckoning & Anticipation-I3: Options Analysis
Rules & Resource :-M1: Time Margins-M2: Reserve Infrastructures-M3: Reserve Logistics-M4: Support Social Networks-M5: Intrinsic Robustness-M6: Creativity & Know-How-M7: Publics’ Sensitivity & Tolerance-M8: Publics’ Trust & Liking-M9: Financial & Legal Freedom
Rules & Resource :-F1: Urgentists-F2: Evacuation & Victims-F3: Clearing & Reconstruction-F4: Emergency Fund
Rules & Resource :-D1: Alarm & Mobilisation-D2: Strategies & Plans-D3: Decision-Making Procedures-D4: Chain of Command-D5: Chain of Control-D6: Communications & Interoperability
Rules & Resource :-O1: Intelligence-O2: Surveillance-O3: Reconnaissance
TR
Observation
Interpretation
MarginsForces
Com&Legal
Direction
Rules & Resource :-C1: Pre-Crisis Com-C2: Influence Network-C3: CrisCom Design-C4: MediaCom & HRCom-C5: Legal Action & Advice
Act upon Situation
See what’s going on Understand & Anticipate
on situation
Manoeuvre to regain Initiative
ManageTrust & Risk
Pilot Action
TR : Tactical Reasoning
Rules & Resource :-I1: Interpretation-I2: Reckoning & Anticipation-I3: Options Analysis
Rules & Resource :-M1: Time Margins-M2: Reserve Infrastructures-M3: Reserve Logistics-M4: Support Social Networks-M5: Intrinsic Robustness-M6: Creativity & Know-How-M7: Publics’ Sensitivity & Tolerance-M8: Publics’ Trust & Liking-M9: Financial & Legal Freedom
Rules & Resource :-F1: Urgentists-F2: Evacuation & Victims-F3: Clearing & Reconstruction-F4: Emergency Fund
Rules & Resource :-D1: Alarm & Mobilisation-D2: Strategies & Plans-D3: Decision-Making Procedures-D4: Chain of Command-D5: Chain of Control-D6: Communications & Interoperability
Rules & Resource :-O1: Intelligence-O2: Surveillance-O3: Reconnaissance
TR
Observation
Interpretation
MarginsForces
Com&Legal
Direction
TR
Observation
Interpretation
MarginsForces
Com&Legal
Direction
Rules & Resource :-C1: Pre-Crisis Com-C2: Influence Network-C3: CrisCom Design-C4: MediaCom & HRCom-C5: Legal Action & Advice
Act upon Situation
See what’s going on Understand & Anticipate
on situation
Manoeuvre to regain Initiative
ManageTrust & Risk
Pilot Action
TR : Tactical Reasoning
Awareness
Decision
Action
Awareness
Decision
Action TR
Awareness
Decision
Action
Awareness
Decision
Action TR
# EC - JLS/2008/D1/018 : A study on measures to analyse and improve European emergency preparedness in the field of fixed and mobile telecommunications and Internet
STKs
NSIE
infos
IRM
Alarm
RAS /CIWIN
Alarm
CERTs / TIERSs
TERC
infos Alarm
Alarm
REGULATOR
ENISA
infos
2
4
3
Report
5
56
9
coordination
Report
7
8
NFEP
NSM DB
infos
EP Measures
10
3
GOVERNMENT SERVICES
11
1
Incident
12
STKs
NSIE
infos
IRM
Alarm
RAS /CIWIN
Alarm
CERTs / TIERSs
TERC
infos Alarm
Alarm
REGULATOR
ENISA
infos
2
4
3
Report
5
56
9
coordination
Report
7
8
NFEP
NSM DB
infos
EP Measures
10
3
GOVERNMENT SERVICES
11
1
Incident
12
#
Thales Security Solutions & Services
13 /13 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Seventh finding on resiliency : frameworks that could yield it
Governance : Emergency Preparedness Governance Model (EPGM)
Achievement targets : Emergency Response Framework (ERFW)
Process : Emergency Preparation Framework (EPFW)
Emergency PreparationActivities
PO
EL
LL
EX
AS
ED
PG
PO
EL
PO
EL
LL
EX
LL
EX
AS
ED
PG
AS
ED
AS
ED
PG
(re-)Assessment
Policy Making&
Strategy
Elaborationof
Measures
Education & Dissemination of good practices
Exercising&
Testing
Lesson Learningand sharing
&Monitoring
ProgrammeManagement
PO
EL
LL
EX
AS
ED
PG
PO
EL
PO
EL
LL
EX
LL
EX
AS
ED
PG
AS
ED
AS
ED
PG
(re-)Assessment
Policy Making&
Strategy
Elaborationof
Measures
Education & Dissemination of good practices
Exercising&
Testing
Lesson Learningand sharing
&Monitoring
ProgrammeManagement
Emergency PreparationActivities
PO
EL
LL
EX
AS
ED
PG
PO
EL
PO
EL
LL
EX
LL
EX
AS
ED
PG
AS
ED
AS
ED
PG
(re-)Assessment
Policy Making&
Strategy
Elaborationof
Measures
Education & Dissemination of good practices
Exercising&
Testing
Lesson Learningand sharing
&Monitoring
ProgrammeManagement
PO
EL
LL
EX
AS
ED
PG
PO
EL
PO
EL
LL
EX
LL
EX
AS
ED
PG
AS
ED
AS
ED
PG
(re-)Assessment
Policy Making&
Strategy
Elaborationof
Measures
Education & Dissemination of good practices
Exercising&
Testing
Lesson Learningand sharing
&Monitoring
ProgrammeManagement
DIRECTIONS
PREPARATION
RESPONSE
EPFW
ERFW
EPGM
EEPC GUIDANCE & SUPPORT
Lessons Guidelines
Requirements Needs
DIRECTIONS
PREPARATION
RESPONSE
EPFW
ERFW
EPGM
EEPC GUIDANCE & SUPPORT
Lessons Guidelines
Requirements Needs
Strategic collaborationlevel
Programme Managementlevel
EC - JLS/2008/D1/018 : A study on measures to analyseand improve European emergency preparedness in the field of fixed and mobile telecommunications and Internet
GOVERNMENTS
STANDARDISATION
STAKEHOLDERS
Guidelines
Certification
Thales Security Solutions & Services
Conclusions
Thales Security Solutions & Services
15 /15 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Conclusions of the time…
Progress in the industry is currently led by a deficit of knowledge
� A burgeoning field of research but…
� A new, still ill-understood, topic in a complex context
� A silo mentality not helped by…
� A fundamental institutional inertia
� A window of opportunity for the most active lobbies leading to…
� A burst of standardisation initiatives despite…
� A fundamental lack of proper underlying models of resilience
� This may lead authorities and the industry to take inappropriate decisions
We need more inter-disciplinary, cross-industry, research
� Analysis of major incidents and lesson learning in relation to resilient responses
� Characterisation of major cyber shocks
� Resilience Management Frameworks
� Synergies between RM disciplines : safety, security, BCM, crisis management
� More real-world studies based on new models (ex for modelling interdependencies : new factors, real-life / real-size systems, real-li fe incident fine grained data)…
Thales Security Solutions & Services
Thank you for your attention !
paul.theron@thalesgroup.com
Thales Security Solutions & Services
17 /17 /
Info
rmat
ions
con
fiden
tielle
s / p
ropr
i ét é
de T
h ale
s. T
ous
droi
ts r
é ser
vés.
/ T
hale
sco
nfid
entia
l / p
ropr
ieta
ry in
form
atio
n. A
ll rig
hts
res e
rved
P T
héro
n / C
RIT
IS 2
011
/ Luz
ern
09-0
9-20
11
Recent Bibliography
Theron P. (2009c) Resilience, Incident Reporting and Exercises. Measuring Resilience – the Next Challenge. ENISA
Quarterly Review Vol. 5, No. 4, December 2009
European Commission - DG JLS (2011) Study EC JLS/2008/D1/018: A study on measures to analyse and improve
European emergency preparedness in the field of fixed and mobile telecommunications and Internet.
http://ec.europa.eu/information_society/policy/nis/strategy/prep_study/index_en.htm
ENISA (2011) Enabling and managing end-to-end resilience. ENISA's website
ENISA (2011) National Risk Management Preparedness. http://www.enisa.europa.eu/act/rm/working-
group/WG%20NRPM%202010
Théron P (2011) Un nouveau paradigme pour l’étude des crises et de la résilience sociétale. Cahiers de la sécurité –
n°15 – janvier - mars 2011
top related