Abstract
The paper deals with a methodology for the assessment and management of risk in critical infrastructures. A ready-made risk manager, which supports information security- and business continuity management systems, was adapted to a new application domain—critical infrastructure protection and was used in the EU Ciras project as one of its three basic pillars. First, the author reviewed security issues in critical infrastructures, with special focus on risk management. On this basis the assumptions were discussed how to adapt the ready-made risk manager for this domain. The experimentation tool was configured, including risk measures and system dictionaries. The operations of the tool were illustrated by examples from a case study performed in a previous work. The case study dealt with the collaborating railway- and energy critical infrastructures. The aim of this research is to assess the usefulness of such approach and to acquire knowledge for future project works.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This project has been funded with support from the European Commission. This publication reflects the views only of the author, and the European Commission cannot be held responsible for any use which may be made of the information contained therein (Grant Agreement clause).
- 2.
developed at the Institute of Innovative Technologies EMAG within a project co-financed by the National Centre for Research and Development (NCBiR).
References
Białas, A.: Experimentation tool for critical infrastructures risk management. In: Proceedings of the 2015 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 775–780 ISBN 978-1-4673-4471-5 (Web). IEEE Catalog Number: CFP1385 N-ART (Web)
Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection
Commission Staff Working Document on a new approach to the European Programme for Critical Infrastructure Protection Making European Critical Infrastructures more secure. European Commission. Brussels, Aug 28 2013, SWD(2013) 318 final
Ciras project, http://cirasproject.eu/ (access date: November 2015)
ValueSec project, www.valuesec.eu (access date: November 2015)
OSCAD project, http://www.oscad.eu/index.php/en/ (access date: Nov 2015)
Bialas, A.: Critical infrastructures risk manager—the basic requirements elaboration. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) Theory and Engineering of Complex Systems and Dependability, Proceedings of the Tenth International Conference on DepCoS-RELCOMEX, June 29–July 3 2015, Brunów, Poland. Advances in Intelligent Systems and Computing, vol. 365, pp. 11–24. Springer, Cham (2015). doi:10.1007978-3-319-19216-1_2
Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, understanding and analyzing critical infrastructure interdependencies. IEEE Control Syst. Mag., 11–25 (2001)
Hokstad, P., Utne, I.B., Vatn, J. (Eds): Risk and Interdependencies in Critical Infrastructures: A Guideline for Analysis (Springer Series in Reliability Engineering). Springer, London (2012). doi:10.1007/978-1-4471-4661-2_2
Rausand, M.: Risk Assessment: Theory, Methods, and Applications. Series: Statistics in Practice (Book 86). Wiley (2011)
Giannopoulos, G., Filippini, R., Schimmer, M.: Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art. European Union (2012)
Deliverable D2.1: Common areas of Risk Assessment Methodologies. Euracom (2007)
ISO/IEC 31010:2009—Risk Management—Risk Assessment Techniques
ENISA: http://rm-inv.enisa.europa.eu/methods. Accessed June 2015
Baginski, J., Bialas, A., Rogowski, D. et al.: D1.1—State of the Art of Methods and Tools, CIRAS Deliverable. Responsible: Institute of Innovative Technologies EMAG (February 2015), Dissemination level: RE/CO (i.e. available only for: beneficiaries, stakeholders and European Commission)
EN 61025 Fault tree analysis (FTA) (IEC 61025:2006), CENELEC (2007)
EN 62502 Event tree analysis (ETA) (IEC 62502:2010), CENELEC (2010)
Białas, A.: Risk assessment aspects in mastering the value function of security measures. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) New results in dependability and computer systems. Advances in Intelligent and Soft Computing, vol. 224. Springer, Cham, pp. 25–39. http://link.springer.com/chapter/10.1007%2F978-3-319-00945-2_3#page-1 doi:10.1007/978-3-319-00945-2_3
Bialas, A.: Computer support for the railway safety management system—first validation results. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.): Proceedings of Ninth International Conference on DepCoS-RELCOMEX. June 30—July 4, 2014, Brunow, Poland. Advances in Intelligent Systems and Computing, vol. 286. Springer, Cham (2014), pp. 81–92. doi:10.1007/978-3-319-07013-1
Białas, A.: Business continuity management, information security and assets management in mining, Mechanizacja i Automatyzacja Górnictwa, No 8(510), Instytut Technik Innowacyjnych EMAG, Katowice (2013). English version: pp. 125–138
Białas, A.: Research on critical infrastructures risk management. In: Rostański, M., Pikiewicz, P., Buchwald, P. (eds.) Internet in the information Society 2015—10th International Conference Proceedings. Scientific Publishing University of Dąbrowa Górnicza (2015), pp. 93–108
Acknowledgements
The author thanks the colleagues from the CIRAS project consortium for discussing the presented concept.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing Switzerland
About this paper
Cite this paper
Bialas, A. (2017). Computer Support for Risk Management in Critical Infrastructures. In: Grzenda, M., Awad, A., Furtak, J., Legierski , J. (eds) Advances in Network Systems . iNetSApp 2015. Advances in Intelligent Systems and Computing, vol 461. Springer, Cham. https://doi.org/10.1007/978-3-319-44354-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-44354-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44352-2
Online ISBN: 978-3-319-44354-6
eBook Packages: EngineeringEngineering (R0)