Post on 11-Nov-2014
description
<Infrastructure resilience, 2013 Slide 1
Infrastructure resilience
Ian Sommerville
<Infrastructure resilience, 2013 Slide 2
Resilience• Resilience is the ability of assets,
networks and systems to anticipate, absorb, adapt to, and recover from a disruptive event or series of events.
• Resilience is about maintaining the continuity of a service in the presence of disruptive events
<Infrastructure resilience, 2013 Slide 3
<Infrastructure resilience, 2013 Slide 4
Pandemic disease
• Pandemic disease is the highest impact risk because it potentially affects the whole of a national infrastructure as people become ill
<Infrastructure resilience, 2013 Slide 5
Cyber attacks
• Cyber attacks that compromise confidentiality are not likely to have a major impact on the availability of a national infrastructure
• But cyber attacks that affect the control systems are more serious
<Infrastructure resilience, 2013 Slide 6
Risk impact
• Risk impact is related to the extent of the damage to infrastructure assets
<Infrastructure resilience, 2013 Slide 7
Impact depends on locality
• Local incidents, such as a terrorist attack on physical infrastructure, have limited impact because they only affect a small part of that infrastructure
<Infrastructure resilience, 2013 Slide 8
Organisational infrastructure
• Organisations may be more vulnerable than physical infrastructure
• Incidents that affect the organisational infrastructure can have more significant impact
– Organisations are less likely to be distributed
<Infrastructure resilience, 2013 Slide 9
Risk impact
• Because physical infrastructure is distributed, failures in one part of a physical network are localised
– A crack is discovered in one bridge but this does not affect other bridges in the network
<Infrastructure resilience, 2013 Slide 10
Software vulnerability
• However, software control changes this
– If common elements of an infrastructure are networked and controlled by the same software, a failure in one element (especially a malicious attack) can propagate throughout the network
– Large-scale failures and unavailability therefore become possible
<Infrastructure resilience, 2013 Slide 11
Infrastructure dependencies• All infrastructure
elements now depend on power and communications
• Failure and unavailable of these infrastructures has the most impact
Photo: creative commons/flickr/anemoneprojectors
<Infrastructure resilience, 2013 Slide 12
Infrastructure vulnerabilities
• Limited physical protection
<Infrastructure resilience, 2013 Slide 13
Infrastructure vulnerabilities
• Old/insecure software control systems
Image: http://commons.wikimedia.org/wiki/File:SCADA_PUMPING_STATION_1.jpg
<Infrastructure resilience, 2013 Slide 14
Infrastructure vulnerabilities
• Lack of monitoring systems
• Lack of coordination across infrastructure elements
<Infrastructure resilience, 2013 Slide 15
Infrastructure vulnerabilities
• Lack of knowledge of infrastructure state or dependencies
• Lack of knowledge of infrastructure demand
<Infrastructure resilience, 2013 Slide 16
Achieving resilience
<Infrastructure resilience, 2013 Slide 17
Resistance
Provide protection against anticipated events or attacks
– Flood defences
– Cybersecurity awareness
© Adrian Pingstone 2005
<Infrastructure resilience, 2013 Slide 18
Resistance
• Based on previous experience and assumptions
• Changing world or external circumstances may mean that assumptions are invalid
<Infrastructure resilience, 2013 Slide 19
Reliability
• Infrastructure components should be designed to operate under a range of (anticipated) conditions not just ‘normal’ operating conditions
<Infrastructure resilience, 2013 Slide 20
Reliability
• Components, as far as possible, should be designed for ‘soft’, incremental rather than catastrophic failure
<Infrastructure resilience, 2013 Slide 21
Digital and analog systems
• Digital systems are more brittle than analog systems
• Analog systems often fail gradually; computer-based systems often simply crash
<Infrastructure resilience, 2013 Slide 22
Redundancy
• The network or system as a whole should be designed so that there are backup installations and spare capacity available.
<Infrastructure resilience, 2013 Slide 23
Redundancy
• Examples– Computing support should be provided by
different providers in different locations
– Diverse generation capacity for electricity
– Multiple locations for command and control
<Infrastructure resilience, 2013 Slide 24
Response and recovery
• Respond to distruptive events quickly, limiting the damage as far as possible and ensuring public safety
<Infrastructure resilience, 2013 Slide 25
Response and recovery
• Plan how to restore services as quickly as possible in the event of a loss of capability
• Business continuity planning
• Disaster recovery
<Infrastructure resilience, 2013 Slide 26
Achieving resilience• Advance planning to draw up contingency
plans to cover anticipated problems
• (a) good design of the network and systems to ensure it has the necessary resistance, reliability and redundancy (spare capacity), and
• (b) by establishing good organisational resilience to provide the ability, capacity and capability to respond and recover from disruptive events.
<Infrastructure resilience, 2013 Slide 27
Key points• Critical infrastructure resilience is the
ability of the infrastructure to continue to deliver essential services during and after a hazardous event
• Infrastructure resilience depends on planning for contingencies and effective infrastructure design
<Infrastructure resilience, 2013 Slide 28
Key points• Software control of infrastructure
systems potentially increases vulnerability because the effects of an event may not be localised
• Resilient infrastructure design is based on 4 R’s – resistance, reliability, redundancy, and recovery