Outlining comprehensive security analysis of a critical infrastructure network

Research output: Contribution to journalArticleScientificpeer-review

1 Citation (Scopus)

Abstract

This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.
Original languageEnglish
Pages (from-to)30-39
JournalInternational Journal of Safety and Security Engineering
Volume6
Issue number1
DOIs
Publication statusPublished - 2016
MoE publication typeA1 Journal article-refereed

Fingerprint

Critical infrastructures
infrastructure
methodology
Risk analysis
Electricity
analysis
electricity
Gases
Water
method
gas

Keywords

  • attacks
  • consequence analysis
  • critical infrastructure network
  • security analysis

Cite this

@article{d26b68bcbbe84ddc8f4f42b493126dc8,
title = "Outlining comprehensive security analysis of a critical infrastructure network",
abstract = "This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.",
keywords = "attacks, consequence analysis, critical infrastructure network, security analysis",
author = "Tero Tyrv{\"a}inen and Ilkka Karanta",
year = "2016",
doi = "10.2495/SAFE-V6-N1-30-39",
language = "English",
volume = "6",
pages = "30--39",
journal = "International Journal of Safety and Security Engineering",
issn = "2041-9031",
publisher = "WIT Press",
number = "1",

}

Outlining comprehensive security analysis of a critical infrastructure network. / Tyrväinen, Tero; Karanta, Ilkka.

In: International Journal of Safety and Security Engineering, Vol. 6, No. 1, 2016, p. 30-39.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - Outlining comprehensive security analysis of a critical infrastructure network

AU - Tyrväinen, Tero

AU - Karanta, Ilkka

PY - 2016

Y1 - 2016

N2 - This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.

AB - This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.

KW - attacks

KW - consequence analysis

KW - critical infrastructure network

KW - security analysis

U2 - 10.2495/SAFE-V6-N1-30-39

DO - 10.2495/SAFE-V6-N1-30-39

M3 - Article

VL - 6

SP - 30

EP - 39

JO - International Journal of Safety and Security Engineering

JF - International Journal of Safety and Security Engineering

SN - 2041-9031

IS - 1

ER -