Outlining comprehensive security analysis of a critical infrastructure network

    Research output: Contribution to journalArticleScientificpeer-review

    1 Citation (Scopus)

    Abstract

    This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.
    Original languageEnglish
    Pages (from-to)30-39
    JournalInternational Journal of Safety and Security Engineering
    Volume6
    Issue number1
    DOIs
    Publication statusPublished - 2016
    MoE publication typeA1 Journal article-refereed

    Fingerprint

    Critical infrastructures
    infrastructure
    methodology
    Risk analysis
    Electricity
    analysis
    electricity
    Gases
    Water
    method
    gas

    Keywords

    • attacks
    • consequence analysis
    • critical infrastructure network
    • security analysis

    Cite this

    @article{d26b68bcbbe84ddc8f4f42b493126dc8,
    title = "Outlining comprehensive security analysis of a critical infrastructure network",
    abstract = "This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.",
    keywords = "attacks, consequence analysis, critical infrastructure network, security analysis",
    author = "Tero Tyrv{\"a}inen and Ilkka Karanta",
    year = "2016",
    doi = "10.2495/SAFE-V6-N1-30-39",
    language = "English",
    volume = "6",
    pages = "30--39",
    journal = "International Journal of Safety and Security Engineering",
    issn = "2041-9031",
    publisher = "WIT Press",
    number = "1",

    }

    Outlining comprehensive security analysis of a critical infrastructure network. / Tyrväinen, Tero; Karanta, Ilkka.

    In: International Journal of Safety and Security Engineering, Vol. 6, No. 1, 2016, p. 30-39.

    Research output: Contribution to journalArticleScientificpeer-review

    TY - JOUR

    T1 - Outlining comprehensive security analysis of a critical infrastructure network

    AU - Tyrväinen, Tero

    AU - Karanta, Ilkka

    PY - 2016

    Y1 - 2016

    N2 - This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.

    AB - This paper outlines a security assessment methodology for analysing critical infrastructure networks. The focus is on intentional attacks against critical infrastructure, but otherwise the scope is not delimited much. Comprehensive security analysis of a critical infrastructure network requires an assessment of the probability of an attack, the probability of success of the attack, the propagation of the consequences in the network and the severity of the consequences. In this paper, a critical infrastructure network should be understood as a network including different infrastructures, such as gas, water and electricity. The aim is that the interconnections between different infrastructures are built in the risk model. In the outlined methodology, the analysis starts with the identification of potential attackers and targets, and selection of analysis cases. Then, a network model is utilised to identify attack locations and assess consequences, and in the last steps, attack events and their probabilities are analysed. Although different steps of the methodology can use different risk analysis methods, they are linked so that dependencies between them can be taken into account, and total risk estimates can be determined. It is not specified which particular method should be used in each step, but some potential methods are discussed. The selection of methods can depend on the application target and the size of the problem.

    KW - attacks

    KW - consequence analysis

    KW - critical infrastructure network

    KW - security analysis

    U2 - 10.2495/SAFE-V6-N1-30-39

    DO - 10.2495/SAFE-V6-N1-30-39

    M3 - Article

    VL - 6

    SP - 30

    EP - 39

    JO - International Journal of Safety and Security Engineering

    JF - International Journal of Safety and Security Engineering

    SN - 2041-9031

    IS - 1

    ER -