Abstract
This paper outlines a security assessment methodology for
analysing critical infrastructure networks. The focus is
on intentional attacks against critical infrastructure,
but otherwise the scope is not delimited much.
Comprehensive security analysis of a critical
infrastructure network requires an assessment of the
probability of an attack, the probability of success of
the attack, the propagation of the consequences in the
network and the severity of the consequences. In this
paper, a critical infrastructure network should be
understood as a network including different
infrastructures, such as gas, water and electricity. The
aim is that the interconnections between different
infrastructures are built in the risk model. In the
outlined methodology, the analysis starts with the
identification of potential attackers and targets, and
selection of analysis cases. Then, a network model is
utilised to identify attack locations and assess
consequences, and in the last steps, attack events and
their probabilities are analysed. Although different
steps of the methodology can use different risk analysis
methods, they are linked so that dependencies between
them can be taken into account, and total risk estimates
can be determined. It is not specified which particular
method should be used in each step, but some potential
methods are discussed. The selection of methods can
depend on the application target and the size of the
problem.
Original language | English |
---|---|
Pages (from-to) | 30-39 |
Journal | International Journal of Safety and Security Engineering |
Volume | 6 |
Issue number | 1 |
DOIs | |
Publication status | Published - 2016 |
MoE publication type | A1 Journal article-refereed |
Keywords
- attacks
- consequence analysis
- critical infrastructure network
- security analysis