A Process for the Identification of Security Risks from Critical Infrastructure Interdependencies

Abstract

Traditional security risk assessment takes a broad asset-based view of organizations. The risk identification process therefore focuses on well-known threats and vulnerabilities to static and discrete assets that fall within the scope of organizational boundaries under investigation. It does not offer a methodology or framework that systematically deals with risks that arise from the complex interdependencies1 among the critical infrastructures2. To support this proposition, this paper conducts a systematic analysis of the security risks resulting from logical, cyber, geographical and physical interdependencies between telecommunications and power infrastructures. The analysis demonstrates that certain security risks arising from interdependencies cannot be identified using the traditional risk identification approach. A process model is then proposed to extend existing risk methodologies to include a systematic identification of the security risks that arise from the interdependencies of infrastructures.


AUTHORS

Manager, Technical Architecture & Infrastructure Services Australian Energy Market Operator Ltd

Patrick Beraud is an innovative Information Technology Professional with over 14 years experience gained from managing and directing complex global ICT projects in several regions including Europe, Australia, Taiwan, West Africa and Canada. He has several key career achievements under his belt, including team leadership for implementation of the Active Directory Services for the Public Financial Management Reform Program for the Republic of Ghana, Technical Director for Pharaon Telecom & Technologies in Australia and Benin, and analysing and designing network engineering projects for Sparq Solutions and its parent Australian companies, ENERGEX & Ergon Energy. His current post is Manager, Systems Engineering Management for a Market Trading Systems at Australian Energy Market Operator (AEMO). He passes on his knowledge through presentations, including in 2009 at University of Melbourne (Impact on Digitization) and as a speaker at the Computer Security Institute Conference in Washington, D.C. (paper on strategic Critical Infrastructure Protection Frameworks). Patrick received a Master of eForensics and Enterprise Security from the University of Melbourne in 2009.

Department of Computing and Information Systems,University of Melbourne,
Australia

Atif Ahmad is an information security researcher and independent security consultant based at the Department of Information Systems, University of Melbourne. His research interests are in asymmetric warfare and information security risk assessments especially where knowledge artefacts are concerned. In previous years Atif has worked as a consultant for Pinkerton and WorleyParsons where he applied his expertise to Internet corporations and critical infrastructure installations. Atif is a Board Certified Protection Professional (CPP) with the American Society for Industrial Security and holds an adjunct position at the Security Research Institute at Edith Cowan University.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com