ghioni fabio the importance of system availability in corporate critical infrastructure protection
DESCRIPTION
The Importance of System Availability in Corporate Critical Infrastructure ProtectionTRANSCRIPT
INDEXINDEX
1.1. Asymmetric Warfare e.g. Unrestricted WarfareAsymmetric Warfare e.g. Unrestricted Warfare
2.2. Definition of Critical InfrastructureDefinition of Critical Infrastructure
3.3. A Network of Interconnected Macro SystemsA Network of Interconnected Macro Systems
4.4. Implications & ComplicationsImplications & Complications
5.5. Threat ExpositionThreat Exposition
6.6. Threat Scenario Threat Scenario –– Cyber AttacksCyber Attacks
7.7. Threat Scenario Threat Scenario –– Cyber AttackersCyber Attackers
8.8. Threat Scenario Threat Scenario –– ContextContext
9.9. Defense Strategies Defense Strategies –– Risk ManagementRisk Management
10.10. Defense Strategies Defense Strategies –– Resistance and ResilienceResistance and Resilience
11.11. Resilience, Redundancy and Attack ResistanceResilience, Redundancy and Attack Resistance
12.12. An Efficient SolutionAn Efficient Solution
Technology
HighLow
Pow
er
Strong
Weak
Mechanic War
Peace War
Systemic WarDirty War
ICT War
WeWe are are rapidlyrapidly movingmoving towardstowards the ICT the ICT War…War… High High technologicaltechnological skillsskills versusversus weakweakpower…power… In In otherother wordswords the epitome of THE ASYMMETRIC WARthe epitome of THE ASYMMETRIC WAR
1.1. Asymmetric Warfare e.g. Unrestricted WarfareAsymmetric Warfare e.g. Unrestricted Warfare
2.2. Definition of Critical InfrastructureDefinition of Critical InfrastructureA system that is so vital for the equilibrium of an organizationA system that is so vital for the equilibrium of an organization that its destruction or that its destruction or incapacitation could have a debilitating impactincapacitation could have a debilitating impact
energy
air traffic
public transport
banks and financial systemstelecommunication
s
critical communications hubs
emergency
utilitiesmilitary intrusion
During the last decades, critical infrastructures have increasedDuring the last decades, critical infrastructures have increased their dependence on ICTtheir dependence on ICT
3.3. A network of Interconnected Macro SystemsA network of Interconnected Macro Systems
Each system is composed of different layers:Each system is composed of different layers:
••PhysicalPhysical
••DigitalDigital--cybercyber
••OperativeOperative
••StrategicStrategic--organizationalorganizational
Interconnection and Interconnection and InterdependencyInterdependency are are essentialessential featuresfeatures of macro of macro systemssystems
CI 2
CI 1
CI 4CI 3
4.4. Implications & ComplicationsImplications & Complications
Fading bordersFading borders
Cascade effectsCascade effects UnpredictabilityUnpredictability
ComplexityComplexity InterconnectionInterconnection
Different layersDifferent layers
Different Different modelizationmodelization
5.5. Threat ExpositionThreat ExpositionSpeeding up of internal processes + Growing demand for interactiSpeeding up of internal processes + Growing demand for interactivity vity
= Great number of access points and doors to critical infrastruc= Great number of access points and doors to critical infrastructurestures
A long term approach is needed when dealing with Critical InfrasA long term approach is needed when dealing with Critical Infrastructure Protectiontructure Protection
6.6. Threat Scenario Threat Scenario –– Cyber AttacksCyber Attacks
Cyber attacks are the main threat against critical systems due tCyber attacks are the main threat against critical systems due to their increased dependence o their increased dependence upon information technologyupon information technology
7.7. Threat Scenario Threat Scenario –– Cyber AttackersCyber AttackersIt is vital to identify the motives behind cyber attackersIt is vital to identify the motives behind cyber attackers
Monetary gain is the key motivatorMonetary gain is the key motivator
8.8. Threat Scenario Threat Scenario -- ContextContextCommon attacks Common attacks exploitexploit systems’ vulnerabilities at the interconnection and interdependsystems’ vulnerabilities at the interconnection and interdependence ence layerlayer
9.9. Defense Strategies Defense Strategies –– Risk ManagementRisk Management
Risk Management applied to the protection of Critical InfrastrucRisk Management applied to the protection of Critical Infrastructures is affected by a high tures is affected by a high degree of uncertainty deriving from:degree of uncertainty deriving from:
complexitycomplexity
low predictabilitylow predictability
incessant technological changeincessant technological change
10.10. Defense Strategies Defense Strategies –– Resistance and ResilienceResistance and Resilience
Resistance is futile when dealing with highly unpredictable riskResistance is futile when dealing with highly unpredictable riskss
Resilience, or the ability to recover from unexpected events, caResilience, or the ability to recover from unexpected events, can be the appropriate strategy n be the appropriate strategy
11.11. Resilience, Redundancy and Attack ResistanceResilience, Redundancy and Attack Resistance
Redundancy is a typical resilience strategy for highly unpredictRedundancy is a typical resilience strategy for highly unpredictable systemsable systems
Redundancy = Less Efficiency and Greater Complexity Redundancy = Less Efficiency and Greater Complexity
12.12. An Efficient Solution An Efficient Solution
Shared backup facilitiesShared backup facilities
Separation between Cyber and Separation between Cyber and Strategic layersStrategic layers
Higher Higher DinamicityDinamicity
Lower CostsLower Costs
““Structural sink” at the hub level Structural sink” at the hub level
Domande?Domande?Italian
Fabio Ghioni أ��� أ��� ��� ���Arabic
ΕρωτήσειςΕρωτήσεις??Greek
¿¿PreguntasPreguntas??Spanish
вопросывопросы??Russian
Japanese
Questions?Questions?English/French
tupoQghachmeyKlingon
Sindarin
PerguntasPerguntas??Portuguese
FragenFragen??German