Visualisation of critical infrastructure failure

The paper explores the complexity of critical infrastructure and critical infrastructure failure (CIF), real life examples are used to discuss the complexity involved. The paper then discusses what Visualisation is and how Visualisation can be applied to a security situation, in particular critical infrastructure. The paper concludes by discussing the future direction of the research.

Framework for assessing the influence of critical infrastructure interdependencies in post-disaster reconstruction management

Due to ever increasing climate instability, the number of natural disasters affecting society and communities is expected to increase globally in the future, which will result in a growing number of casualties and damage to property and infrastructure. Such damage poses crucial challenges for recovery of interdependent critical infrastructures. Post-disaster reconstruction is a complex undertaking as it is not only closely linked to the well-being and essential functioning of society, but also requires a large financial commitment. Management of critical infrastructure during post-disaster recovery needs to be underpinned by a holistic recognition that the recovery of each individual infrastructure system (e.g. energy, water, transport and information and communication technology) can be affected by the interdependencies that exist between these different systems. A fundamental characteristic of these interdependencies is that failure of one critical infrastructure system can result in the failure of other interdependent infrastructures, leading to a cascade of failures, which can impede post-disaster recovery and delay the subsequent reconstruction process. Consequently, there is a critical need for developing a holistic strategy to assess the influence of infrastructure interdependencies, and for incorporating these interdependencies into a post-disaster recovery strategy. This paper discusses four key dimensions of interdependencies that need to be considered in a post-disaster reconstruction planning. Using key concepts and sub-concepts derived from the notion of interdependency, the paper examines how critical infrastructure interdependencies affect the recovery processes of damaged infrastructures.

An applied framework for modelling a critical infrastructure system incident

The research applies the TARDIS system security analysis and modelling framework to an adverse critical infrastructure system incident. This paper reports on the practical application of the framework to a case study based on an actual critical infrastructure system failure and the resultant implications for the system and the wider regional community. Then a reflective discussion is undertaken reviewing the TARDIS framework approaches employed within the blended hybrid approach incorporated into the framework, before speculating on future research areas of framework development and application.

Critical infrastructure systems : security analysis and modelling approach

A system security analysis and system modelling framework tool is proposed adopting an associated conceptual methodology as the basis for assessing security and conceptually modelling a critical infrastructure system incident. The intent is to identify potential system security issues and gain operational insights that will contribute to improving system resilience, contingency planning, disaster recovery and ameliorating incident management responses for critical infrastructure system incidents. The aforementioned system security analysis and modelling framework is applied to an adverse critical infrastructure system incident case study. This paper reports on the practical application of the framework to a case study of an actual critical infrastructure system failure and the resultant incident implications for the system and the wider regional communities.

Freedom of information implications of information sharing networks for critical infrastructure protection

Protection of “critical infrastructure” has become a major issue for govern- ments worldwide. Yet in Australia, as in many other countries, including the United States, an estimated 90% of critical infrastructure is privately owned or operated commercially – in other words, critical infrastructure protection is not the exclusive domain of government. As a result, information sharing between government and the private sector has become a vitally important component of effective risk management. However, establishing effective arrangements of this kind between the public and private sector needs to take account of existing regimes of access and public disclosure which relate to government-held documents; in particular, that which is established by freedom of information (FOI) legislation. This article examines the extent to which the current Commonwealth FOI regime is likely to act as an impediment to the private sector operators of critical infrastructure participat- ing in government-operated information sharing arrangements. By examining developments in other jurisdictions, principally the United States, the article considers whether amendments to the current Australian FOI regime are necessary to ensure effective participation, consistent with the underlying object and purpose of FOI.

An extensible simulation framework for critical infrastructure security

We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases

Real-time and interactive attacks on DNP3 critical infrastructure using Scapy

The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols, to control national infrastructure. Widely used interactive packet manipulation tools, such as Scapy, have not yet been augmented to parse and create DNP3 frames (Biondi 2014). In this paper we extend Scapy to include DNP3, thus allowing us to perform attacks on DNP3 in real-time. Our contribution builds on East et al. (2009), who proposed a range of possible attacks on DNP3. We implement several of these attacks to validate our DNP3 extension to Scapy, then executed the attacks on real world equipment. We present our results, showing that many of these theoretical attacks would be unsuccessful in an Ethernet-based network.

The influence of critical infrastructure interdependencies on post-disaster reconstruction: Elements of infrastructure interdependency that impede the post-disaster recovery effort

The importance of developing effective disaster management strategies has significantly grown as the world continues to be confronted with unprecedented disastrous events. Factors such as climate instability, recent urbanization along with rapid population growth in many cities around the world have unwittingly exacerbated the risks of potential disasters, leaving a large number of people and infrastructure exposed to new forms of threats from natural disasters such as flooding, cyclones, and earthquakes. With disasters on the rise, effective recovery planning of the built environment is becoming imperative as it is not only closely related to the well-being and essential functioning of society, but it also requires significant financial commitment. In the built environment context, post-disaster reconstruction focuses essentially on the repair and reconstruction of physical infrastructures. The reconstruction and rehabilitation efforts are generally performed in the form of collaborative partnerships that involve multiple organisations, enabling the restoration of interdependencies that exist between infrastructure systems such as energy, water (including wastewater), transport, and telecommunication systems. These interdependencies are major determinants of vulnerabilities and risks encountered by critical infrastructures and therefore have significant implications for post-disaster recovery. When disrupted by natural disasters, such interdependencies have the potential to promote the propagation of failures between critical infrastructures at various levels, and thus can have dire consequences on reconstruction activities. This paper outlines the results of a pilot study on how elements of infrastructure interdependencies have the potential to impede the post-disaster recovery effort. Using a set of unstructured interview questionnaires, plausible arguments provided by seven respondents revealed that during post-disaster recovery, critical infrastructures are mutually dependent on each other’s uninterrupted availability, both physically and through a host of information and communication technologies. Major disruption to their physical and cyber interdependencies could lead to cascading failures, which could delay the recovery effort. Thus, the existing interrelationship between critical infrastructures requires that the entire interconnected network be considered when managing reconstruction activities during the post-disaster recovery period.

DNP3 network scanning and reconnaissance for critical infrastructure

The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols to control national infrastructure. The move from point-to-point serial connections to Ethernet-based network architectures, allowing for large and complex critical infrastructure networks. However, networks and con- figurations change, thus auditing tools are needed to aid in critical infrastructure network discovery. In this paper we present a series of intrusive techniques used for reconnaissance on DNP3 critical infrastructure. Our algorithms will discover DNP3 outstation slaves along with their DNP3 addresses, their corresponding master, and class object configurations. To validate our presented DNP3 reconnaissance algorithms and demonstrate it’s practicality, we present an implementation of a software tool using a DNP3 plug-in for Scapy. Our implementation validates the utility of our DNP3 reconnaissance technique. Our presented techniques will be useful for penetration testing, vulnerability assessments and DNP3 network discovery.

Preparing for disaster: a comparative analysis of education for critical infrastructure collapse

This article explores policy approaches to educating populations for potential critical infrastructure collapse in five different countries: the UK, the US, Germany, Japan and New Zealand. ‘Critical infrastructure’ is not always easy to define, and indeed is defined slightly differently across countries – it includes entities vital to life, such as utilities (water, energy), transportation systems and communications, and may also include social and cultural infrastructure. The article is a mapping exercise of different approaches to critical infrastructure protection and preparedness education by the five countries. The exercise facilitates a comparison of the countries and enables us to identify distinctive characteristics of each country’s approach. We argue that contrary to what most scholars of security have argued, these national approaches diverge greatly, suggesting that they are shaped more by internal politics and culture than by global approaches.

Security management : modelling critical infrastructure

Secure management of Australia's commercial critical infrastructure presents ongoing challenges to owners and the government. Currently a high-level iriformation sharing collaboration between the government and business manages complex security issues, but critical irifrastructure protection also lacks a scalable model exhibiting the overall structure of critical infrastructure at various levels, sectors and sub-sectors. This research builds on the work of Marasea and Warren (2003) to establish a representative model of Australia's critical irifrastructure; discusses the boundaries between critical infrastructures, and considers the existence andpotential irifluence ofcritical irifrastructure relationships.