Hannu Sivonen 1

Risk assessment based on interdependencies

Helsinki, FinlandHannu Sivonen, Senior ResearcherMANMADE Castellanza 28-29 June 2007

Hannu Sivonen 2

National Emergency Supply Agency (NESA)Fund, independent of the state budgetPublic Private Partnership coordinator (23 branches, 800 experts)

Government defines objectives for security of supply

NESA finances security of supply when not provided by the market mechanism

Focus areas: Critical technical infrastructure Food supply Energy supply Logistics Critical medical substances and supplies Defence related industries

NESA balance is 1000 million €

Hannu Sivonen 3

A method for assessing the risk caused by interdependencies between technical infrastructures, basic services, and threats

Linear mathematical model similar to that used by Google Simplifying assumptions Complex interdependencies and accumulating effects and risks

handled

Information system failures and weather conditions are major risks in Finland

Published in FinnishYhteiskunnan huoltovarmuuden kannalta keskeisten toimintojen riskiarviointi http://www.huoltovarmuus.fi/julkaisut/esittely/?id=72

Risk assessment based on interdependencies

Hannu Sivonen 4

Finnish government decision 305/2002

Technical infrastructures (14)energy supplycommunicationsinformation systems

Basic services and supplies (29)food supplytransport logisticsmass mediahealth carefinancial services

Hannu Sivonen 5

Threats from outside the infrastructure and services (17)

economic threats threats to information systems crisis in international logistics

weather phenomenastructural damagestrikesenvironment and health threatsnational security threats

Hannu Sivonen 6

Interdependencies

= reasons for failures recurrent (ratio 1)

expected (ratio 0.1)

rare (ratio 0.01)

theoretical (ratio 0.001)

nonexistent

█████

Hannu Sivonen 7

Dependent factor Eff

ecti

ve f

acto

r

elec

tric

ity

fuel

su

pp

ly

dat

a co

mm

un

icat

ion

soft

war

e se

rvic

es

tran

spo

rt c

hai

n

- t

ran

spo

rt m

gm

t

- r

oad

tra

nsp

ort

wea

ther

ph

eno

men

a

electricity █ █ █ █ █ █fuel supply █ █ █ █ █ █data communication █ █ █ █software services █ █ █transport chain (end-to-end) █ █ - transport management █ █ █ █ █ - road transport █ █ █ █ █ █weather phenomena █

Input: Interdependencies (sample)

Hannu Sivonen 8

Mean time between failures

█████

recurrent (< 1 year)

expected (1-10 years)

rare (10-100 years)

theoretical (>100 years)

nonexistent

Hannu Sivonen 9

Input: Duration and mean time between failures

Mean time between failures (years) █ █ █ █

classified by duration of failure

less than more than

Factor 1 h 1 - 10 h 10 - 100 h 100 h

electricity █ █ █fuel supply █ █data communication █ █ █software services █ █ █transport management █ █ █ █road transport █ █ █weather phenomena █ █ █

Hannu Sivonen 10

Output: Relative risks pertinent to inter-dependent infrastructures

CALCULATED OUTPUT

Näkökulma ja vaikutusyksikkö Probability of Combined effect Combined risk

KOKO SUOMI: Toisistaan riippuvat infrastruktuurit ja perushuoltoalat one or more

Mittarina häiriöaikapisteet R3.0failures per year units / 24 h units / year

Factor %

software services 97 804 402data security services 97 717 358server systems 97 713 356work station networks 97 691 346electricity 84 1 547 135air traffic 98 99 127data communication 32 286 25transport management 98 17 22

Hannu Sivonen 11

Output: Relative risks pertinent to outside threats

CALCULATED OUTPUT

Näkökulma ja vaikutusyksikkö Probability of Combined effect Combined risk

KOKO SUOMI: Toimintojen ulkopuoliset häiriösyyt ja uhat R3.0 one or more

failures per year units / 24 h units / year

Factor %

weather phenomena 32 4 776 418threats to information systems 97 395 197crisis in international logistics 2 58 24structural damage 2 55 23crime and terrorism 2 115 10

Hannu Sivonen 12

Relative component risks in food logistics

CALCULATED OUTPUT

Probability of Combined effect Combined riskone or more

failures per year units / 24 h units / year

Factor %

logistics centres 84 308 358ordering systems 84 349 317cashier systems 84 296 269wholesale companies 18 337 147retail outlets 84 150 136meat operators *) 18 231 101dairy operators *) 18 231 101grain and vegetable operators *) 18 226 99medium size markets 18 207 90hypermarkets 18 153 67cooling equipment 17 296 54 … … … …

*) operator = processing plant + logistics operator

Hannu Sivonen 13

The model applied to criticality of ICT functions72 functions, 6 scenarios (3x2):

Duration of failure short term (hours) medium term (days) long term (months)

Dependency type cause of failure to others obstacle to recovery of others

No assessment for MTB, just interdependencies = potential effect, criticality

Hannu Sivonen 14

Top ten critical functions from 6 scenariosHours Days Months

As Cause of Failure1 Electricity Electricity Electricity2 Base network operations Base network repair HW / SW problem mgmt3 Common net services e.g. DNS Common net services e.g. DNS HW / SW repair4 Machine room network mgmt Machine room network mgmt Change mgmt5 IT production control IT production control Version magmt6 IT production environment mgmt Database mgmt Configuration mgmt7 Transaction mgmt Data backups Common net services e.g. DNS8 HW / SW problem mgmt Data recovery Air logistics9 Database mgmt IT production control Road logistics

10 Data backup Transaction mgmt Base network repair

As Obstacle to Recovery1 Data recovery Base network operations Electricity2 Electricity Electricity Air logistics3 Battery backup Client network operations Road logistics4 Common net services e.g. DNS Spare generators Common net services e.g. DNS5 Machine room network mgmt Common net services e.g. DNS Base network planning6 IT production control Data backup Base network building7 Transaction mgmt Data recovery Base network procurement8 HW / SW problem mgmt HW / SW repair Client network procurement9 Computer installing HW / SW security mgmt Client network planning

10 SW mgmt Base network repair Client network building