An Operator-Driven Approach for Modeling Interdependencies in Critical Infrastructures Based on Critical Services and Sectors

  • Elisa CanzaniEmail author
  • Helmut Kaufmann
  • Ulrike Lechner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10242)


To trigger disruptive cascading effects among Critical Infrastructures (CIs), advanced cyber attacks take advantage of dependences among organizations. CIs are highly interconnected due to services and products they deliver one another to guarantee correct operational processes in such complex system-of-systems. Consequently, proper countermeasures in case of threats to CIs must consider interdependencies between them. The strategic use of information systems to coordinate response efforts of CI operators at national and international levels is a major objective towards more resilient societies. As relevant contribution to the development of a cyber incident early warning system for CI operators, this paper presents a System Dynamics (SD) interdependency model based on critical services that different operators must provide to guarantee the correct functioning of a CI. We explain model requirements and characteristics, and demonstrate how it can be used to gain situational awareness in the context of European CIs.


Critical Infrastructures Interdependency modeling System Dynamics Early warning system Incident response coordination 



Elisa Canzani PhD research is funded within the Marie Curie Research & Innovation Actions by the European Union FP7/2007-2013, NITIMesr (317382). This work is partly funded by the European Union FP7 project ECOSSIAN (607577).


  1. 1.
    Luiijf, H.A.M., Besseling, K., Spoelstra, M., de Graaf, P.: Ten national cyber security strategies: a comparison. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 1–17. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  2. 2.
    Buldyrev, S.V., Parshani, R., Paul, G., Stanley, H.E., Havlin, S.: Catastrophic cascade of failures in interdependent networks. Nature 464, 1025–1028 (2010)CrossRefGoogle Scholar
  3. 3.
    Juuso, A., Takanen, A.: Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs). Codenomicon WP (2012)Google Scholar
  4. 4.
    Mattioli, R., Levy-Benchton, C.: Methodologies for the identification of Critical Information Infrastructure assets and services (2014)Google Scholar
  5. 5.
    Canzani, E.: Modeling dynamics of disruptive events for impact analysis in networked critical infrastructures. In: 13th International Conference on Information Systems for Crisis Response and Management, ISCRAM (2016)Google Scholar
  6. 6.
    Eusgeld, I., Nan, C., Dietz, S.: System-of-systems approach for interdependent critical infrastructures. Reliab. Eng. Syst. Saf. 96, 679–686 (2011)CrossRefGoogle Scholar
  7. 7.
    Settanni, G., Skopik, F., Shovgenya, Y., Fiedler, R., Kaufmann, H., Gebhardt, T., Ponchel, C.: A blueprint for a pan-European cyber incident analysis system. In: 3rd International Symposium for ICS and SCADA Cyber Security Research 2015, pp. 84–88 (2015)Google Scholar
  8. 8.
    Hasan, J., States, S., Deininger, R.: Safeguarding the security of public water supplies using early warning systems: a brief review. J. Contemp. Water Res. Educ. 129, 27–33 (2004)CrossRefGoogle Scholar
  9. 9.
    Bsufka, K., Kroll-Peters, O., Albayrak, S.: Intelligent network-based early warning systems. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 103–111. Springer, Heidelberg (2006). CrossRefGoogle Scholar
  10. 10.
    Kaufmann, H., Hutter, R., Skopik, F., Mantere, M.: A structural design for a pan-European early warning system for critical infrastructures. Elektrotechnik und Informationstechnik 132, 117–121 (2014). Springer, ViennaCrossRefGoogle Scholar
  11. 11.
    Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Syst. Mag. 21, 11–25 (2001)CrossRefGoogle Scholar
  12. 12.
    Gao, J., Li, D., Havlin, S.: From a single network to a network of networks. Natl. Sci. Rev. 1, 346–356 (2014)CrossRefGoogle Scholar
  13. 13.
    Adetoye, Adedayo O., Goldsmith, M., Creese, S.: Analysis of dependencies in critical infrastructures. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 18–29. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  14. 14.
    Ouyang, M.: Review on modeling and simulation of interdependent critical infrastructure systems. Reliab. Eng. Syst. Saf. 121, 43–60 (2014)CrossRefGoogle Scholar
  15. 15.
    2008/114/EC-Council Directive: Identification and designation of European Critical Infrastructures and the assessment of the need to improve their protection. Off. J. Eur. Union 51, 75–82 (2008)Google Scholar
  16. 16.
    Sterman, J.D.: Business Dynamics: Systems Thinking and Modeling for a Complex World. Irwin/McGraw-Hill, Boston (2000)Google Scholar
  17. 17.
    Canzani, E., Kaufmann, H., Lechner, U.: Characterizing disruptive events to model cascade failures in critical infrastructures. In: 4th International Symposium for ICS and SCADA Cyber Security Research 2016 (2016)Google Scholar
  18. 18.
    Canzani, E., Lechner, U.: Insights from modeling epidemics of infectious diseases – a literature review. In: 12th International Conference on Information Systems for Crisis Response and Management, ISCRAM (2015)Google Scholar
  19. 19.
    Laugé, A., Hernantes, J., Sarriegi, J.M.: Critical infrastructure dependencies: a holistic, dynamic and quantitative approach. Int. J. Crit. Infrastruct. Prot. 8, 16–23 (2015)CrossRefGoogle Scholar
  20. 20.
    Canzani, E., Pickl, S.: Cyber epidemics: modeling attacker-defender dynamics in critical infrastructure systems. In: 7th International Conference on Applied Human Factors and Ergonomics, AHFE (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Elisa Canzani
    • 1
    Email author
  • Helmut Kaufmann
    • 2
  • Ulrike Lechner
    • 1
  1. 1.Department of Computer ScienceUniversität der Bundeswehr MünchenNeubibergGermany
  2. 2.Cybersecurity Research LabAirbus Aerospace and DefenseOttobrunnGermany

Personalised recommendations