2009 IEEE International Conference on
Systems, Man, and Cybernetics |
 |
- [P539]
Critical Infrastructures: from risk assessment to identification of improvement priorities
Author(s): Sergio Olivero, Massimo Migliorini, Federico Stirano, Nicola Bazzurro, Dragan SavicAbstract
Drinking water networks are critical infrastructures for human communities. The strategic importance of case studies in the field of water networks is enhanced by the fact that in general water systems are considered an ideal laboratory to study, apply and test security solutions. The assessment of all potential vulnerabilities, which have to be clearly understood and modeled, is indispensable for the definition of appropriate preventive and corrective countermeasures. Moreover, the continuous risk management of these infrastructures is fundamental for maintaining adequate levels of protection for securing the effectiveness of the countermeasures. Manage the risk of a critical infrastructures means basically 1) to understand organization¡¯s information security requirements and the need to establish policy and objectives for information security, 2) implement and operate controls to manage an organization¡¯s information security risks in the context of the organization¡¯s overall business risks and 3) monitor and review the performance and effectiveness of the system. To ensure an adequate safeness level to the population, it is necessary to study and analyze not only the physical components of a water distribution network, but also the ICT components. For example, computer systems that control the whole infrastructure play a relevant role in guaranteeing the security and safeness of the system and assuring the health of the associated economies. Risk Assessment must include all these aspects to be valuable tool to enable an effective management of water networks.