New Report: Evolving Security Issues and the Responsiveness of Critical Infrastructure Protection Approaches

Professor Jeremy Watson, PETRAS Director and Dr Uchenna Ani, PETRAS Researcher have released a report (a copy of the report can be downloaded here) focussed on the responsiveness of existing Critical Infrastructure Protection approaches to address evolving security risks posed by IT and IoT adoption. Particularly, how to effectively model the complex behaviour of interconnected CIs and their protection as system of systems (SoS).

Critical infrastructures (CIs) refer to any asset(s) with functionalities that are critical to normal societal functions, safety, security, economic or social well- being of people, and disruption or destruction of which would have a very significant negative societal impact. CIs are clearly central to the normal functioning of a nation’s economy and require to be protected from both intentional and unintentional sabotages.

Modelling and simulating CI attributes, functionalities, operations, and behaviours offers a way to support security analysis considering trend dynamics and technological adoptions.

The report attempts to address the broad goal around this issue by reviewing a sample of critical infrastructure protection approaches; comprising tools, techniques, and frameworks (methodologies).

The analysis covers contexts relating to the types of critical infrastructures, applicable modelling techniques, risk management scope covered, considerations for resilience, interdependency, and policy and regulations factors.

Key Findings from the report:  

1. There is not a single specific Critical Infrastructure Protection (CIP) approach – tool, technique, methodology or framework – that exists or emerges as a ‘fit-for-all’; to allow the modelling and simulation of cyber security risks, resilience, dependency, and impact attributes in all critical infrastructure set-ups.

2. Typically, two or more modelling techniques can be (need to be) merged to cover a broader scope and context of modelling and simulation applications (areas) to achieve desirable high- level protection and security for critical infrastructures.

3. Empirical-based, network-based, agent-based, and system dynamics-based modelling techniques are more widely used, and all offer gains for their use.

4. The deciding factors for choosing modelling techniques often rest on; complexity of use, popularity of approach, types and objectives of user Organisation and sector.

5. The scope of modelling functions and operations also help to strike the balance between ‘specificity’ and ‘generality’ of modelling technique and approach for the gains of in-depth analysis and wider coverage respectively.

6. Interdependency and resilience modelling and simulations in critical infrastructure operations, as well as associated security and safety risks; are crucial characteristics that need to be considered and explored in revising existing or developing new CIP modelling approaches.

If you would like to discuss the findings of this report, please contact Dr Uchenna Ani, PETRAS UCL Researcher, on u.ani@ucl.ac.uk.