Funny & Jokes

An Intelligent Fault Monitoring and Risk Management Tool for Complex Critical Infrastructures: The SERSCIS Approach in Air-Traffic Surface Control

Description
An Intelligent Fault Monitoring and Risk Management Tool for Complex Critical Infrastructures: The SERSCIS Approach in Air-Traffic Surface Control
Categories
Published
of 6
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  An Intelligent Fault Monitoring and Risk Management Tool for Complex Critical Infrastructures: The SERSCIS Approach in Air-traffic Surface Control D. Kostopoulos 1 , G. Leventakis 1, 3 , V. Tsoulkas 1 and N. Nikitakos 21 Center for Securit Studies !K"#"$% &#inistr of Citi'en (rotection, $t)ens, G* 2 +niversit of t)e $eean, Dept. of S)ippin Tradin and Transport, Sa-os, G* 3 Dept. of nfor-ation / Co--unication Sste-s "nineerin, +niversit of t)e $eean, Karlovassi, Sa-os.,G*."-ail0 di-kostopoulos-ail.co- and Tsoulkas.ke-ea-ail.co-  Abstract   e provide novel results on t)e develop-ent of an intellient risk -anae-ent and t)reat -onitorin visuali'ation tool reali'ed 4it)in t)e "+ funded pro5ect S"*SCS !Se-anticall "n)anced, *esilient and Secure Critical nfrastructure Services%. $fter a 6rief overvie4 of e7istin risk -anae-ent -et)ods for Cs, t)e S"*SCS -ain o65ectives, -otivation and co-ponents 4e proceed in descri6in t)e )i)l co-ple7 task of aircraft -anae-ent process and t)e adopted risk assess-ent and evaluation -et)odolo for t)e i-ple-entation of t)e t)reat analsis 8 -onitorin solution in t)e aircraft surface operations sector. n particular our case stud and proof 9 of 9 concept prototpe concentrates on t)e tec)nical support and infor-ation presentation capacit to decision -akers and )u-an 8 in t)e loop 8 operators for opti-i'in t)e dna-ic and adaptive 6e)avior of t)e interconnected CT sste-s in an $irport Colla6orative Decision -akin !$8CD#% test case scenario of t)e "uropean $ir Traffic Sste-.Ke4ords0 fault -onitorin, decision support tool !DST%, interlinked CT sste-s, se-antic -odelin, S"S$* risk -et)odolo, air transport Critical nfrastructures !Cs%. .  NT*:D+CT:N  $ND #:TV$T:N :ver t)e past decade t)e )eav reliance of critical infrastructure operations in various do-ains includin co-ple7 interconnected transportation sste-s see ;13<, ;1=< and aircraft operational net4orks on -odern interconnected CT net4orks ;1<, ;><, )as advanced sinificantl and in an unprecedented 4a t)e level of productivit, efficienc and resources 8 services opti-i'ation. $t t)e sa-e ti-e t)is intensification )as produced ne4 classes of vulnera6ilities ;><, ;1=<, 4)ic) can 6e classified into t)ree 6road cateories0 1.  Planning and use of ICT systems  for perfor-ance opti-i'ation under ?nor-al@ operational conditions -akes t)ese sste-s 4eaker to react and respond to ?a6rupt and a6nor-al@ c)anes suc) as accidents or -alicious c6er 9 attacks. 2. Vulnerability of ICT systems  -a 6e t)e result of events caused 6 p)sical and fault alterations or i-ple-entations or c6er )ackin, or -is-anae-ent leadin to an infor-ation deficit 4)ic) 6 itself disrupts t)e operational functionin and -anae-ent of t)e critical infrastructure. 3.  Interconnectedness of the ICT systems  i-plies t)at fault events as -entioned previousl occurrin in a partial su6sste- or co-ponent -a propaate and disrupt t)e nor-al operational conditions of ot)er su6sste-s or net4orks, t)us actin as a vulnera6ilit a-plification sc)e-e, due to stron couplins. n t)at 4a local incidents finall -a produce -a5or disruptions in t)e overall critical infrastructure ;2<, ;3<, ;13< and ;1=<.$s it is furt)er analsed in t)e ne7t sections, S"*SCS !Se-anticall "n)anced, *esilient and Secure Critical nfrastructure Services% 6asic oal is to support t)e operation of interlinked net4orks and sste-s of services in CT t)at are used to plan and -anae operational activities in co-ple7 critical infrastructures suc) as airports in con5unction 4it) t)e associated aircraft operations. .. . S"*SCS A$SC $*CBT"CT+*" $ND :A"CTV"S t is a 4ell8kno4n fact t)at failures, or underperfor-ance of an of t)e interlinked infor-ation and co--unication su6sste-s due to faults, c6er8t)reats or -is-anae-ent actions, severel co-pro-ises and derades t)e capa6ilities of 6usinesses to plan and opti-i'e resource usae, -aintenance of accepta6le efficienc levels or sustaina6le provision of data and infor-ation needed 6 ot)er parties. #oreover t)ese CT8induced vulnera6ilities often are difficult if not i-possi6le to detect and analse since t)e are produced and oriinate fro- interactin and stronl or 4eakl coupled infrastructure co-ponents. it)in t)e S"*SCS fra-e4ork efforts are concentrated in t)e develop-ent of service 9 oriented applications !S:$% to create, -onitor and -anae CT sste-s allo4in dna-ic adaptation to -anae ti-e varin operational situations as 4ell as to counter act t)e risk propaation and a-plification effects of interconnected su6 net4orks caused 6 -alicious or un4anted events, ;2<, ;11< and ;12<. T)e ke concept is t)e possi6ilit to -anae risks and interdependencies 6 adaptin t)e CT co-position in response to events. Stated differentl in t)is conte7t, -anae-ent actions are related 4it) t)e trans-ission and sendin of controllin input sinals to t)e CT co-ponents of t)e critical infrastructure 4)en t)e -onitorin data strea-s indicate so. T)e S"*SCS fra-e4ork -onitors t)e C usin a co--on e6 service -anae-ent interface to -anae t)e dna-ic co-position of services and resources see references ;2<, ;3< and ;=<. n i. 1 S"*SCS fra-e4ork interactions  4it) t)e critical infrastructures and )u-an in t)e loop operators are presented sc)e-aticall.   Critical ICT + Infrastructure SERSCIS-assisted operator Monitoring Monitoring Control Control Automated management Management by humans Monitoring SERSCIS Framework Policy Cange iure . S"*SCS interactions 4it) Cs and :perators Given t)e a6ove, an ontolo )as 6een developed for se-antic -odelin and -ac)ine reasonin to analse C reEuire-ents and vulnera6ilities as 4ell as a fault -anae-ent and securit risk assess-ent tool 6ased on t)is reasonin. T)e developed ontolo captures kno4lede a6out t)e 6e)avior of service oriented sste-s !S:$% and service co-position 6ased on se-antic 4e6 tec)noloies. urt)er-ore it captures kno4lede of t)e addressed critical infrastructure in t)e air8traffic -anae-ent do-ain 4)ic) is furt)er ela6orated in t)e seEuel. T)is kno4lede includes0 roles and access ri)ts of personnel and orani'ations, associated co--unications and social interactions, 4orkin practices, as 4ell as 6e)avior of actions of illeal and unaut)ori'ed roups. T)us t)e developed se-antics 6ased solution addresses t)e pro6le- of relia6le and auto-atic or se-i8auto-atic support of )u-an 8 in t)e loop 8 operators in decision 9 -akin and real ti-e risk -onitorin of -ission critical infrastructures dependent )eavil on CT interconnected net4orks. ... .. $+LT *SK $SS"SS#"NT / #$N$G"#"NT $ND TB" $* T*$C C:NT*:L $((LC$T:N D:#$N  ..  Best practices in risk assessment & management  n t)is su6section 4e revie4 so-e of t)e e7istin 6est practices approac)es in T polic and risk -anae-ent 4)ic) )ave 6een considered durin t)e desin and i-ple-entation p)ase of t)e fault -onitorin support tool. T)e co-ple7it and criticalit of e7istin critical infrastructures 4it) t)e associated CT co-ponents and net4orks and 4it) t)e ne4 strict overn-ental reulations adopted on local and international level are -akin *isk #anae-ent -et)ods and CT Aest (ractices a strateic i-perative. "speciall in a -ulti8stake )older service oriented environ-ent t)e adoption of a 4ell defined risk -et)odolo t)at 4ill sufficientl uarantee and ensure continuous service provision and operation is of para-ount i-portance and priorit. Special efforts )ave resulted in t)e creation of 4ell esta6lis)ed eneric polic tools, fra-e4orks and standards suc) as t)e S: 2F1 risk assess-ent standard. :n a polic level C:AT ;1H< is suc) a fra-e4ork allo4in decision -akers to i-ple-ent 4ell defined and transparent policies and -easures of CT ood practices and overnance uidelines. Si-ilarl an open *isk #anae-ent fra-e4ork0 #$G"*T version 2 )as 6een released 6 t)e #inisterio De $d-inistraciones (u6licas !Spanis) #inistr for (u6lic $d-inistrations% ;1I< to create a4areness of *isk #anae-ent and assess-ent for T sste-s and to offer a sste-atic tool to analse associated risks.t is enerall ad-itted t)at despite its vital i-portance CT securit and risk -anae-ent especiall for )i)l co-ple7 arc)itectures re-ains an open pro6le-. T)e co-ple7it of e7istin and ne4 )ard4are 9 soft4are co-ponents, t)e )6rid structure !continuous 8 discrete and static 9 dna-ic su68net4orks% as 4ell as t)e interlinked and )eteroeneous nature of CT stake8)older net4orks create serious o6stacles for full o6servation and control even 6 t)e o4ner oranisations adoptin relevant approac)es. T)e co--on t)read of -ost of t)e e7istin and 4ell esta6lis)ed risk analsis tec)niEues for decision -akin is of e-pirical 8 Eualitative or se-i8)euristic and auto-ated nature co-prised of t)ree 6asic co--on staes0 1.*isk $ssess-ent, 2.*isk $nalsis and Decision #akin, 3.*e-ediation (lannin and e7ecution of -easures. B..  The air-traffic control application domain and the  Airport – Collaboratie !ecision "aking initiatie #A-C!"$ T)e "uropean $ir Traffic Sste- is facin a constantl increasin load of air traffic and t)e Sinle "uropean Sk initiative platfor- of t)e "uropean Co--ission e7pects t)e nu-6er of fli)ts to dou6le until t)e ear 22, ;=<,;><. #oreover t)e aviation enterprise is 6asicall infor-ation86ound. #anae-ent of aircraft seEuencin, eit)er in t)e air or on t)e surface, reEuires access to lare volu-es of )i)l dna-ic, fast8c)anin infor-ation related to aircraft locations, -ove-ents and intentions, airport surface constraints and under -an circu-stances, 4eat)er data. $dditionall to t)e previous it -ust 6e added t)e infor-ation a6out t)e needs and desires of airport users, aircraft operators and ot)er resource and 6usiness service providers. T)e task of acEuirin, -anain, interpretin, updatin and distri6utin t)e needed infor-ation is )i)l co-ple7. $t t)e sa-e ti-e t)ere is an upper conservative 6ound on t)e airspace capacit and so t)e onl sustaina6le and via6le approac) is t)e introduction of opti-i'ation tools and procedures on t)e usae of all availa6le resources. :ne suc) approac) 4)ic) 4e 6riefl descri6e is t)e "urocontrol initiative called Colla6orative Decision #akin !CD#%. T)e 6asic inredient is 6ased on a pre8processed take8off ti-e of an aircraft seEuencin at t)e airport of departure, allo4in plannin of arrival and departures, so t)at airport processes and facilities can 6e allocated appropriatel. T)e associated operational data e7c)ane 6et4een airports, air naviation service providers !$NS(s% and "urocontolJs C#+ i-poses serious c)allenes in ter-s of t)reat risk -anae-ent and -onitorin due to )eav reliance on CT tec)noloies. T)is is addressed 6 t)e adoption of t)e $irport Colla6orative Decision #akin approac) 4)ic) deals 4it) intense infor-ation s)arin a-on  t)e various stake)olders suc) as0 t)e airport, t)e airlines, t)e round )andlin aencies and t)e $NS(. urt)er-ore an i-ple-entation uideline for $8CD# is a 1H -ilestones seEuencin approac) descri6in a co-plete fli)t of t)e aircraft 4)ic) is provided in i. 2. iure . $8CD# -ilestone seEuence approac) t is 6eond t)e scope of t)is article to analse furt)er t)is seEuence procedure. e onl stress t)e fact t)at failure or under perfor-ance of t)e interconnected CT sste-s 4ill seriousl co-pro-ise t)e overall capacit and a6ilit of involved airports to function properl and to sustain an accepta6le level of Eualit of service !oS% or even to provide accurate aircraft -ove-ent esti-ates to t)e 4ider "uropean air traffic -anae-ent sste-s, ;< and ;1<. it)in t)e S"*SCS fra-e4ork a series of failure scenarios )ave 6een investiated due to faults on t)e CT sste-s and state of t)e art fault -onitorin and assess-ent as 4ell as visuali'ation tec)niEues )ave 6een i-ple-ented as it is s)o4n in t)e follo4in sections. C..  The %%A' method Due to t)eir criticalit $ir Traffic Control sste-s as part of national and international infrastructures )ave 6een t)e su65ect of intense reulations and t)e esta6lis)-ent of -ini-u- strinent standards includin t)e need for relia6le risk -anae-ent -et)ods. T)e S"S$* $T# (reli-inar Securit *isk $ssess-ent #et)od is a 4ell defined and -ature approac) and is co-pati6le 4it) t)e "urocontrol Securit *isk #anae-ent Toolkit as 4ell as 4it) S: 2FI ;<. $ si-ilar Eualitative fra-e4ork 6ut in a -ore eneral conte7t is 4ell presented in ;><, ;1< 4)ile a 6rief account of risk assess-ent tools is iven in ;1<. T)e 6asic step ele-ents are0 1.  Identification of most important assets and further classification into a. pri-ar assets and 6. supportin !secondar% assets 2. Threat identification   targeting the primary and supporting assets 3.  stablishment of a risk ealuated classification   of threat scenarios targeting these assets =.  stablishment of a decision making process   for ob(ecties achieement to address security risks) T)e first step 4)ic) is also used in t)e S"*SCS approac) 6asicall involves t)e definition and population of a sEuare -atri7 4)ic) is co-prised of a set of t)ree criteria0 • Confidentialit ! C %, • nterit ! I!   • $vaila6ilit ! A directl related   4it) eac) pre8identified pri-ar asset. $n associated !scale 1 to I%  *eel of Identification  is introduced takin into account t)e relevant level of i-portance in ter-s of C! I! A , for eac) pri-ar asset. Co-putation of C onfidentialit, I nterit and A vaila6ilit levels for eac) pri-ar asset allo4s t)e convenient insertion of t)e final values in a sEuare -atri7 for- in 4)ic) for eac) pri-ar asset t)ere is an associated discrete indicator for C,  and $. T)en t)e final R  isk " evel E valuation -atri7 is for-ed and t)e final output is a *isk Level colu-n vector. $ tpical risk level calculation is presented in Ta6le 1.Ta6le . *isk level evaluation -atri7 Risk"e#el E#aluationImpact$%&'("ikelihood( #BBBB ' L#BBB & LL#BB % LLL#B $ LLL##T)e S"S$* -et)od reEuires t)e selection 6et4een four tpes of response, tpical of an eneric risk -anae-ent -et)od0 acceptance0 reconise t)e t)reat as a risk, 6ut one t)at is so unlikel and&or lo4 i-pact t)at it can 6e toleratedM reduction0 atte-pt to reduce t)e likeli)ood of t)e t)reat 6 introducin e7tra controls into t)e sste-M avoidance0 reduce t)e i-pact of t)e t)reat 6 droppin t)e t)reatened infrastructure o65ectives or c)anin t)e 4a t)e infrastructure i-ple-ents t)ose o65ectives so t)e t)reat no loner appliesM transfer0 allocate responsi6ilit for -anain t)e risk to anot)er part, 4)o is 6etter a6le to deal 4it), see references ;<, ;><, ;11<,;12< for analtical presentations. .V V TB" S"*SCS T"ST C$S" CB$LL"NG"S $ND TB" S"*SCS $((*:$CB  ..  The %'CI% test case challenges ollo4in t)e previous analsis alt)ou) co-pre)ensive t)e -et)od is not 4ell fitted for dna-icall co-posed confiurations since t)e ke steps involve0  pre-classification of asset i-portance, dependency pat) analsis 6et4een pri-ar and secondar assets + threat identification   and assessment of attack   success iven t)e securit applied controls and decision  on appropriate counter8actions for eac)  t)reat. T)e first and last steps reEuire full 6usiness kno4lede 4)ile t)e ot)ers are presented as -anual processes 6ased on su65ective e7pert analsis and 4)ic) are difficult to auto-ate. $s $8CD# interconnects )i)l safe and secure sste-s, suc) as air 9 traffic -anae-ent sste-s, airlines, "uropeJs Control lo4 #anae-ent !C#+% and less safe and secure sste-s suc) as t)e resource plannin of a round )andler, it is evident t)at securit, safet and availa6ilit on t)e net4ork level are of ut-ost i-portance in ac)ievin relia6le co--on situational a4areness. ailure propaation fro- one sste- to anot)er -ust 6e avoided and sste-s need to 6e isolated in case of event failures or securit 6reac)es. T)e S"*SCS set8up focuses on t)e process of ?turnin round@ an aircraft fro- t)e ti-e point it arrives ?in 6lock@ to t)e ti-e point it ?ta7is out@ for final take 9 off, see also ;11<,;12<. $ serious c)allene t)at is addressed is a surviva6ilit strate of $8CD# for accurate predicta6ilit of aircraft surface operations. T)e effect of fault sste-s needs to 6e -itiated t)rou) redundanc and reconfiuration. T)us t)e developed decision and -onitorin tool is provided to t)e decision -anaer )elpin )i- to take t)e opti-al counter8actions in a iven safet or securit 6reac) scenario. T)e ke perfor-ance indicators and para-eters 4)ic) are addressed and are dealt 4it) in t)e S"*SCS SL$ !Service Level $ree-ent% arc)itecture are0 • Sste- availa6ilit • Data Eualit and interit • Data ti-eliness • Confidentialit. B..  The %'%CI% approach n t)is su6section 4e 6riefl overvie4 t)e approac) taken in S"*SCS, see also ;2<, ;11<, ;12<. T)is is desined to e7ploit se-antic sste- -odels to ena6le t)e use of -ac)ine reasonin to support t)e end user in -akin and i-ple-entin decisions at run8ti-e. T)is translates into0 • creatin a se-antic -odel of t)e running  sste- 6ased on t)e availa6le -onitorin data and usin it to reason a6out t)e securit status of t)e sste-. • presentin infor-ation fro- t)is -odel to t)e user, to )elp t)e- understand and address current   securit risks. • • iure . (roof of concept decision support fra-e4ork • T)e tools developed support -ac)ine8assisted desin ti-e sste- -odellin, allo4in its structure and properties to 6e descri6ed 6efore t)e actual sste- is created 6 dna-ic run8ti-e co-position. T)is -odel is called an a6stract sste- -odel since it descri6es t)e structure of t)e sste- 6ut not its actual co-position. T)e S"*SCS decision support fra-e4ork 4)ic) sc)e-aticall is iven in i. 3. t)en constructs a concrete sste- -odel representin a snaps)ot of t)e runnin sste-, 6ased on -onitorin data and se-antic reasonin over t)e a6stract sste- -odel. $voidin furt)er analsis 4)ic) 4ould 6e 6eond t)e scope of t)is 4ork 4e -ention t)at t4o separate reasonin processes are takin place0 1.Se-antic reasonin for potential t)reat classification 6ased on 4)et)er t)ese are addressed 6 t)e controls present in t)e runnin sste- 2.Aaesian inference for likeli)ood esti-ation t)at eac) t)reat is currentl 6ein carried out. C..   Presentation to the user it)in S"*SCS t)e user is presented 4it) t)ree tpes of infor-ation01.)at are t)e sste- vulnera6ilities, or 4)at t)reats is t)e sste- una6le to -anae 2.)at is t)e current likeli)ood pro6a6ilit eac) t)reat   is 6ein carried out 3.)at is t)e t)reat i-pact on t)e $irport C. #oreover t)atJs classified into t)ree classes0 )locked threat  if an attacker s)ould carr out t)e t)reat !intentionall or ot)er4ise%, t)e sste- )as controls t)at 4ill prevent t)e attack fro- succeedin. Mitigated threat  4)en t)e attacker carries out t)e t)reat, t)e attack cannot 6e prevented, 6ut t)e sste- controls provide a response t)at 4ill counteract its effect on t)e tareted asset. *ulnera+ilit,  -eanin t)e sste- does not )ave an -eans to prevent t)e attack or counteract its effects on t)e tareted sste- asset. V S"*SCS $+LT *SK #:NT:*NG $ND DST +S"* NT"*$C" iure . S"*SCS DST, as a risk classifier of t)reats.   T)e o65ectives of t)e -onitorin and decision support tool are 6asicall four. 1.  'isk Classification  !lo4, -ediu-, )i) accordin t)eir potential i-pact and 6locked, -itiated, vulnera6ilities dependin on )o4 4ell are addressed 6 controls% 2.  Periodic assessment   !t)e DST refres)es in a periodic fas)ion t)e -odel and dna-icall reduces t)e involved risk factors% 3. Threat e,planations !t)e DST provides e7planation of t)reats 4)ic) is ver )elpful to t)e operator in t)e loop for understandin t)e sste- and to take appropriate actions% =.(ropositions !t)e DST allo4s t)e operator to revert to past -odel versions 4)en reEuired allo4in t)e user to -ake ?4)at 9 if@ tests on )is -odel 6 addin controls and co-parin t)e results 4it) t)e oriinal -odel%. So t)e fault -onitorin DST tool provides continuous feed6ack and suests ne4 control actions t)at can 6e useful 4)ile provides t)e capa6ilit to test t)eir effect to ?4)at 9 if? scenarios. i. = provides a screens)ot co-pre)ensive interface vie4 of t)e tool functionalities. Notice t)at t)e user is presented 4it) t)e t)ree vulnera6ilit classifications0 t)e ood ones are to t)e left !6locked and -itiated t)reats% and t)e -ost trou6lin t)reats !vulnera6ilities% are on t)e ri)t. iure . S"*SCS DST, as a risk classifier of t)reats. T)e core se-antic lanuae is :L, t)e e6 :ntolo Lanuae -eanin t)at t)e -odels in t)e DST -ust 6e in :L for-at. T)e version of t)e :L lanuae is :L2.T)e support tool is 6uilt on $V$ 1.H and ST 3.F3. #ost 4e6 se-antic pro5ects are 6uilt on $V$ and t)is is t)e -ain reason $V$ is used in S"*SCS DST. T)e reasoner )as a reat role in t)e DST. T)e reasoner used is Ber-it 1.3.I. T)rou) t)e pro5ect ot)er reasoners 4ere used as 4ell !ess !H%, (ellet !F%% 6ut t)e 4ere proved una6le to )andle real and lare volu-es of data. T)ou) Ber-it so far -anaes 4ell 4it) t)e volu-e data, a ne4 reasoned is desined in order to adapt reasonin to Aaes inference used in t)e S"*SCS approac), ;I<, ;H< and ;F<.Conclusivel se-antic -odels )ave 6een proved ver useful in t)e application area of securit and risk -anae-ent of $ir Traffic Cs. T)e S"*SCS tool -ade t)is fact clear especiall to t)e end users and C securit decision -akers. iure . S"*SCS DST, as a risk classifier of t)reats.iure . S"*SCS DST, as a risk classifier of t)reats. V. . C:NCL+S:NS $ND   +T+*"   D*"CT:NS $ description of t)e onoin develop-ent efforts for t)e i-ple-entation of an innovative fault -onitorin and risk -anae-ent tool for t)e securit and situational a4areness of Critical nfrastructures in t)e aviation do-ain )as 6een presented. "7istin risk -anae-ent and risk assess-ent CT
Search
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks