940 resultados para critical infrastructure
Resumo:
A postgraduate seminar series with a title Critical Infrastructure Protection against Cyber Threats held at the Department of Military Technology of the National Defence University in the fall of 2013 and 2014. This book is a collection of some of talks that were presented in the seminar. The papers address origin of critical infrastructure protection, wargaming cyberwar in critical infrastructure defence, cyber-target categorization, supervisory control and data acquisition systems vulnerabilities, electric power as critical infrastructure, improving situational awareness of critical infrastructure and trust based situation awareness in high security cloud environment. This set of papers tries to give some insight to current issues of the network-centric critical infrastructure protection. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers.
Resumo:
Postgraduate seminar series with a title Situational Awareness for Critical Infrastructure Protection held at the Department of Military Technology of the National Defence University in 2015. This book is a collection of some of talks that were presented in the seminar. The papers address designing inter-organizational situation awareness system, principles of designing for situation awareness, situation awareness in distributed teams, vulnerability analysis in a critical system context, tactical Command, Control, Communications, Computers, & Intelligence (C4I) systems, and improving situational awareness in the circle of trust. This set of papers tries to give some insight to current issues of the situation awareness for critical infrastructure protection. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers.
Resumo:
Economics of Cybersecurity Part 2. SPSI-2015-01-0024.
Resumo:
The service of a critical infrastructure, such as a municipal wastewater treatment plant (MWWTP), is taken for granted until a flood or another low frequency, high consequence crisis brings its fragility to attention. The unique aspects of the MWWTP call for a method to quantify the flood stage-duration-frequency relationship. By developing a bivariate joint distribution model of flood stage and duration, this study adds a second dimension, time, into flood risk studies. A new parameter, inter-event time, is developed to further illustrate the effect of event separation on the frequency assessment. The method is tested on riverine, estuary and tidal sites in the Mid-Atlantic region. Equipment damage functions are characterized by linear and step damage models. The Expected Annual Damage (EAD) of the underground equipment is further estimated by the parametric joint distribution model, which is a function of both flood stage and duration, demonstrating the application of the bivariate model in risk assessment. Flood likelihood may alter due to climate change. A sensitivity analysis method is developed to assess future flood risk by estimating flood frequency under conditions of higher sea level and stream flow response to increased precipitation intensity. Scenarios based on steady and unsteady flow analysis are generated for current climate, future climate within this century, and future climate beyond this century, consistent with the WWTP planning horizons. The spatial extent of flood risk is visualized by inundation mapping and GIS-Assisted Risk Register (GARR). This research will help the stakeholders of the critical infrastructure be aware of the flood risk, vulnerability, and the inherent uncertainty.
Resumo:
Maritime transports are very essential for Finland as over 80% of the foreign trade in the country is seaborne and possibilities to carry out these transports by are limited. Any disruption in maritime transports has negative consequences to many sectors in the Finnish economy. Maritime transport thus represents critical infrastructure for Finland. This report focuses on the importance of maritime transports on security of supply in Finland and for the so called critical industries in particular. The report summarizes the results of the Work Package 2 of the research project STOCA – “Study of cargo flows in the Gulf of Finland in emergency situations”. The aim of the research was to analyze the cargo flows and infrastructure that are vital for maintaining security of supply in Finland, as well as the consequences of disruptions in the maritime traffic for the Finnish critical industries and for the Finnish society. In the report we give a presentation of the infrastructure and transport routes which are critical for maintaining security of supply in Finland. We discuss import dependency of the critical industries, and the importance of the Gulf of Finland ports for Finland. We assess vulnerabilities associated with the critical material flows of the critical industries, and possibilities for alternative routings in case either one or several of the ports in Finland would be closed. As a concrete example of a transport disruption we analyze the consequences of the Finnish stevedore strike at public ports (4.3.–19.3.2010). The strike stopped approximately 80% of the Finnish foreign trade. As a result of the strike Finnish companies could not export their products and/or import raw materials, components and spare parts, or other essential supplies. We carried out personal interviews with representatives of the companies in Finnish critical industries to find out about the problems caused by the strike, how companies carried out they transports and how they managed to continue their operations during the strike. Discussions with the representatives of the companies gave us very practical insights about companies’ preparedness towards transport disruptions in general. Companies in the modern world are very vulnerable to transport disruptions because companies regardless of industries have tried to improve their performance by optimizing their resources and e.g. by reducing their inventory levels. At the same time they have become more and more dependent on continuous transports. Most companies involved in foreign trade have global operations and global supply chains, so any disruption anywhere in the world can have an impact on the operations of the company causing considerable financial loss. The volcanic eruption in Iceland in April 2010 stopping air traffic in the whole Northern Europe and most recently the earth quake causing a tsunami in Japan in March 2011 are examples of severe disruptions causing considerable negative impacts to companies’ supply chains. Even though the Finnish stevedore strike was a minor disruption compared to the natural catastrophes mentioned above, it showed the companies’ vulnerability to transport disruptions very concretely. The Finnish stevedore strike gave a concrete learning experience of the importance of preventive planning for all Finnish companies: it made them re-think their practical preparedness towards transport risks and how they can continue with their daily operations despite the problems. Many companies realized they need to adapt their long-term countermeasures against transport disruptions. During the strike companies did various actions to secure their supply chains. The companies raised their inventory levels before the strike began, they re-scheduled or postponed their deliveries, shifted customer orders between production plants among their company’s production network or in the extreme case bought finished products from their competitor to fulfil their customers’ order. Our results also show that possibilities to prepare against transport disruptions differ between industries. The Finnish society as a whole is very dependent on imports of energy, various raw materials and other supplies needed by the different industries. For many of the Finnish companies in the export industries and e.g. in energy production maritime transport is the only transport mode the companies can use due to large volumes of materials transported or due to other characteristics of the goods. Therefore maritime transport cannot be replaced by any other transport mode. In addition, a significant amount of transports are concentrated in certain ports. From a security of supply perspective attention should be paid to finding ways to decrease import dependency and ensuring that companies in the critical industries can ensure the continuity of their operations.
Resumo:
The use of cloud computing is extending to all kind of systems, including the ones that are part of Critical Infrastructures, and measuring the reliability is becoming more difficult. Computing is becoming the 5th utility, in part thanks to the use of cloud services. Cloud computing is used now by all types of systems and organizations, including critical infrastructure, creating hidden inter-dependencies on both public and private cloud models. This paper investigates the use of cloud computing by critical infrastructure systems, the reliability and continuity of services risks associated with their use by critical systems. Some examples are presented of their use by different critical industries, and even when the use of cloud computing by such systems is not widely extended, there is a future risk that this paper presents. The concepts of macro and micro dependability and the model we introduce are useful for inter-dependency definition and for analyzing the resilience of systems that depend on other systems, specifically in the cloud model.
Resumo:
Despite that Critical Infrastructures (CIs) security and surveillance are a growing concern for many countries and companies, Multi Robot Systems (MRSs) have not been yet broadly used in this type of facilities. This dissertation presents a novel study of the challenges arisen by the implementation of this type of systems and proposes solutions to specific problems. First, a comprehensive analysis of different types of CIs has been carried out, emphasizing the influence of the different characteristics of the facilities in the design of a security and surveillance MRS. One of the most important needs for the surveillance of a CI is the detection of intruders. From a technical point of view this problem can be abstracted as equivalent to the Detection and Tracking of Mobile Objects (DATMO). This dissertation proposes algorithms to solve this specific problem in a CI environment. Using 3D range images of the environment as input data, two detection algorithms for ground robots have been developed. These detection algorithms provide a list of moving objects in the robot detection area. Direct image differentiation and computer vision techniques are used when the robot is static. Alternatively, multi-layer ground reconstructions are compared to detect the dynamic objects when the robot is moving. Since CIs usually spread over large areas, it is very useful to incorporate aerial vehicles in the surveillance MRS. Therefore, a moving object detection algorithm for aerial vehicles has been also developed. This algorithm compares the real optical flow obtained from a down-face oriented camera with an artificial optical flow computed using a RANSAC based homography matrix. Two tracking algorithms have been developed to follow the moving objects trajectories. These algorithms can efficiently handle occlusions and crossings, as well as exchange information among robots. The multirobot tracking can be applied to any type of communication structure: centralized, decentralized or a combination of both. Even more, the developed tracking algorithms are independent of the detection algorithms and could be potentially used with other detection procedures or even with static sensors, such as cameras. In addition, using the 3D point clouds available to the robots, a relative localization algorithm has been developed to improve the position estimation of a given robot with observations from other robots. All the developed algorithms have been extensively tested in different simulated CIs using the Webots robotics simulator. Furthermore, the algorithms have also been validated with real robots operating in real scenarios. In conclusion, this dissertation presents a multirobot approach to Critical Infrastructure Surveillance, mainly focusing on Detecting and Tracking Dynamic Objects.
Resumo:
La informática se está convirtiendo en la quinta utilidad (gas, agua, luz, teléfono) en parte debido al impacto de Cloud Computing en las mayorías de las organizaciones. Este uso de informática es usada por cada vez más tipos de sistemas, incluidos Sistemas Críticos. Esto tiene un impacto en la complejidad internad y la fiabilidad de los sistemas de la organización y los que se ofrecen a los clientes. Este trabajo investiga el uso de Cloud Computing por sistemas críticos, centrándose en las dependencias y especialmente en la fiabilidad de estos sistemas. Se han presentado algunos ejemplos de su uso, y aunque su utilización en sistemas críticos no está extendido, se presenta cual puede llegar a ser su impacto. El objetivo de este trabajo es primero definir un modelo que pueda representar de una forma cuantitativa las interdependencias en fiabilidad y interdependencia para las organizaciones que utilicen estos sistemas, y aplicar este modelo en un sistema crítico del campo de sanidad y mostrar sus resultados. Los conceptos de “macro-dependability” y “micro-dependability” son introducidos en el modelo para la definición de interdependencia y para analizar la fiabilidad de sistemas que dependen de otros sistemas. ABSTRACT With the increasing utilization of Internet services and cloud computing by most organizations (both private and public), it is clear that computing is becoming the 5th utility (along with water, electricity, telephony and gas). These technologies are used for almost all types of systems, and the number is increasing, including Critical Infrastructure systems. Even if Critical Infrastructure systems appear not to rely directly on cloud services, there may be hidden inter-dependencies. This is true even for private cloud computing, which seems more secure and reliable. The critical systems can began in some cases with a clear and simple design, but evolved as described by Egan to "rafted" networks. Because they are usually controlled by one or few organizations, even when they are complex systems, their dependencies can be understood. The organization oversees and manages changes. These CI systems have been affected by the introduction of new ICT models like global communications, PCs and the Internet. Even virtualization took more time to be adopted by Critical systems, due to their strategic nature, but once that these technologies have been proven in other areas, at the end they are adopted as well, for different reasons such as costs. A new technology model is happening now based on some previous technologies (virtualization, distributing and utility computing, web and software services) that are offered in new ways and is called cloud computing. The organizations are migrating more services to the cloud; this will have impact in their internal complexity and in the reliability of the systems they are offering to the organization itself and their clients. Not always this added complexity and associated risks to their reliability are seen. As well, when two or more CI systems are interacting, the risks of one can affect the rest, sharing the risks. This work investigates the use of cloud computing by critical systems, and is focused in the dependencies and reliability of these systems. Some examples are presented together with the associated risks. A framework is introduced for analysing the dependability and resilience of a system that relies on cloud services and how to improve them. As part of the framework, the concepts of micro and macro dependability are introduced to explain the internal and external dependability on services supplied by an external cloud. A pharmacovigilance model system has been used for framework validation.
Resumo:
Mestrado em Engenharia Electrotécnica e de Computadores
Resumo:
Mestrado em Relações Internacionais.
Resumo:
Portugal, having responsibilities at European level, needs to ensure compliance with European standards, particularly with regard to the European Security Plan for Critical Infrastructures. National critical infrastructures should be a focus of attention with regard to the management of public risks, since these represent "a set of services that are essential to the functioning of the country and the functioning of the forces that ensure national defense." (Soares, 2008) This contribution on national critical infrastructures (CI) has the essential objective of clarifying the development of the strategy adopted by Portugal in pursuit of the security of these fundamental infrastructures. The goal lies not only through producing a descriptive document, but also carry a brief confrontation between the legal framework related to these subjects and the reality in which the Critical Infrastructure Operators and the National Civil Protection Authority (ANPC) operate. It is intended, in this sense, to understand the development of the project for the national security program of critical infrastructures and what effects of its measures on operators. As for the methodology, we followed a methodological strategy, where we combine the literature with data obtained through semi-structured interviews. Portugal, being a geographically peripheral country and having no record of incidents capable of causing major contingencies in key services for the normal development of society, does not have a structured and regulator plan that substantiates the need for operators responsible for CI to invest in security. This same approach is expected at the State level, believing that even though this theme has be widely explored by international institutions, Portugal has not yet tried to give the attention it deserves. Without the existence of an institution and a regulatory system, CI operators can become less available to comply with the legal framework.
Resumo:
This document was developed for the schools of Iowa to use as a template to enhance current school safety programs; the creation of this document was a partnered effort at the state level between the aforementioned agencies. The purpose of this document is to give school districts and individual schools a planning resource to use when creating their school safety plans. Ultimately, schools can decide how much of this document they would like to incorporate into their current plan. The original document was created by the Minnesota Department of Homeland Security, and its use was granted to Iowa Homeland Security in 2011. Iowa pulled together a panel of experts to make this document specific to Iowa’s schools, and laws. It’s important to note the partnership created by this document is intended to continue through information sharing in relation to critical assets, infrastructure protection, and school safety. Iowa Homeland Security is a representative in the Iowa Department of Public Safety, Division of Intelligence Fusion Center. This partnership allows for streamlined information sharing to the critical infrastructure owner/operators across the state. The current plan for information sharing is through the Iowa Homeland Security and Emergency Management, Threat information and Infrastructure Protection Program (TIIPP) to the Iowa Department of Education for processing and dissemination statewide. Depending on the type of information being released it could be specific to a school, district or the education sector statewide.
Resumo:
A postgraduate seminar series with a title Cyber Warfare held at the Department of Military Technology of the National Defence University in the fall of 2012. This book is a collection of some of talks that were presented in the seminar. The papers address computer network defence in military cognitive networks, computer network exploitation, non-state actors in cyberspace operations, offensive cyber-capabilities against critical infrastructure and adapting the current national defence doctrine to cyber domain. This set of papers tries to give some insight to current issues of the cyber warfare. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers.
Resumo:
Dans cet ouvrage, nous cherchons à comprendre l‘impact des perceptions sur la production et la gestion de la sécurité dans le réseau du transport en commun de Montréal. Quinze entrevues de recherche ont été effectuées avec des policiers de l‘Unité-Métro pour dégager les principaux éléments qui entrent dans la conception du risque. Les policiers sont appelés à travailler dans un environnement où, d‘une part, il n‘y a jamais eu d‘attaques terroristes, mais d‘autre part qui demeure une cible potentielle à la fois pour les experts, les gouvernements et dans la culture populaire. Nos résultats montrent que les policiers se développent une perception du risque qui leur est propre. En général, ils ont une attitude pragmatique qui leur permet de relativiser les situations et de décider lesquelles nécessitent une intervention de leur part. De plus, les policiers adoptent des stratégies de justification et de protection qui minimisent la perception du risque. Nos participants soulignent que ces stratégies sont nécessaires pour leur permettre d‘effectuer leurs tâches quotidiennes. Ainsi, afin d‘échapper à la paranoïa, les policiers évitent de penser à la menace terroriste et focus plutôt leur attention sur la criminalité sur laquelle ils ont l‘impression d‘avoir un pouvoir réel. Toutefois, la vigilance reste de mise. Malgré que les policiers ne conçoivent pas le risque de la même manière que les gestionnaires, la présence de l‘Unité-Métro demeure un élément important de production de la sécurité sur le terrain.
