关键信息基础设施风险评估方法研究

网络安全法从立法上明确了国家关键信息基础设施要在等级保护基础上实行重点保护,并要求定期进行安全风险检测评估。文章首先分析了关键信息基础设施的重要特性和安全保障要点,基于当前最新的风险评估标准模型,结合行业最佳实践,提出了基于关键信息基础设施业务特点识别关键属性,并围绕关键属性进行风险评估的方法论,给出了基于二维矩阵的风险分析实施方法、相关内容作为关键信息基础设施检查评估国家标准的重要补充,将为关键信息基础设施安全评估工作的执行提供参考。     

Of critical importance: Toward a quantitative probabilistic risk assessment framework for critical infrastructure

Critical comments can be made to the current risk assessment framework for critical infrastructure used in The Netherlands: the Dutch National Risk Assessment (DNRA). The DNRA uses a qualitative approach to risk assessment, based on, for example, ordinal risk scoring and the risk matrix. Even though qualitative risk assessment methods are internationally popular, there is no scientific evidence that a qualitative approach to risk assessment actually works. In the case of the DNRA, the main points of criticisms relate to the usage of a subjective concept of risk, dependency on subjective risk experts, the use of risk matrices and the absence of decision rules. To combat these criticisms, this article proposes a quantitative probabilistic risk assessment framework for critical infrastructure based upon four design principles, that a methodologically justified risk assessment method for critical infrastructure should meet. The proposal made for the quantitative risk assessment framework uses a Bayesian approach, a standardized measure for negligible risk in the form of a yearly mortality probability of 10⁻⁶, and Disability Adjusted Life Years to quantify human life years for social cost–benefit analysis. Finally, the proposed quantitative method is demonstrated in a case study.     

Condition diagnostics of Russian railways infrastructure constructions under aerodynamic loads from high-speed trains

Aim of the present research is realization of a complex procedure on the basis of the combined approach for modeling aerodynamic loads on elements of the infrastructure (station constructions and designs, pedestrian crossings, bridges and tunnels) at high speed trains passage. Work is devoted to powerful methods of viscous gas currents modeling programs development and realization for research of aerodynamic loads on bodies making various movements, including shape variation, and to problems of bodies movement under aerodynamic forces solution.     

Connectivity models of interdependency in mixed-type critical infrastructure networks

Determining interdependencies and cascading failure modes in critical infrastructures is a complex problem that is exacerbated further by the diverging characteristics of the interconnected infrastructure types. Services in some types of infrastructure such as telecommunications or the electric grid are provided and consumed instantly. Others, notably oil and gas but also other infrastructures built on physical resources, however, exhibit buffering characteristics. In this paper we describe a model for the abstract representation of both types of infrastructure networks and their interdependencies. The model is then validated and demonstrated using characteristic topologies and interconnections.     

Diagnosis mechanism for accurate monitoring in critical infrastructure protection

Wide-area situational awareness for critical infrastructure protection has become a topic of interest in recent years. As part of this interest, we propose in this paper a smart mechanism to: control real states of the observed infrastructure from anywhere and at any time, respond to emergency situations and assess the degree of accuracy of the entire control system. Particularly, the mechanism is based on a hierarchical configuration of sensors for control, the ISA100.11a standard for prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighborhood.     

关键信息基础设施检测评估策略

《中华人民共和国网络安全法》对关键信息基础设施检测评估工作提出了明确的要求,是网络运营者的重要任务。对当前关键信息基础设施检测评估工作的不足进行了分析,提出了一套具备普适性及可拓展性的关键信息基础设施检测评估策略,为网络运营者开展关键信息基础设施安全保障工作提供了有效的支撑。     

The human role in tools for improving robustness and resilience of critical infrastructures

This paper presents a project dedicated to the development of means for improving the resilience of Critical Infrastructures (CIs) with respect to cyber attacks. The ability to sustain and protect the flow of information and data and the possibility to early detect, isolate and eliminate cyber hazards have become issues of paramount importance when developing the Supervisory Control And Data Acquisition (SCADA) systems of such a CI. The majority of tools dedicated to these goals are based on fully automatic autonomous self-reconfigurable systems that operate within the network, or online. However, the possibility to enable also human intervention for the further reduction in the vulnerability of CIs is equally possible. In this case, the intervention is considered offline and requires the active co-operation between a decision aid tool and a human operator. This paper presents a project aimed at improving robustness and resilience of CIs and discusses in particular the human interfaces associated with the offline tools. In essence, it is found that while the guidelines of the usability principle must be preserved, special account must be given to the type of issues involved and high professionalism of their users. This implies that certain basic criteria of the usability principle may be less relevant and their limitations may not be respected without loosing effectiveness and strength of the tools.     

关键基础设施网络安全技术研究进展

通过对关键基础设施的网络安全现状进行总结,对关键基础设施的安全威胁进行了分类,着重对信息物理融合系统在受到网络攻击时采用的数据词典、证据理论、博弈论等方法进行网络安全防护深入分析,着重分析了基于信任理论的信息物理融合系统的防御方案,阐述了关键基础设施的相关性与脆弱性之间的关系,总结了现有主要的关键基础设施网络安全的模拟技术,对比分析了现有的仿真技术的特点.最后提出了关键基础设施网络安全技术值得深入研究的发展方向.     

Proposal of resilience assessment by focusing on pliability

Resilience is a concept which presents the strength of mind necessary to adopt the difficulties and to recover from negative psychological state. The assessment for resilience has been assessed by using interview and questionnaire which depend on subjectivity of participants. Though the objective assessment for resilience is expected to advance the biofeedback treatment, neither effective method nor instrument have been developed. Then this study focuses on the pliability as one of aspects of resilience and experimentally verifies whether it becomes a novel index for resilience or not.     

关于委内瑞拉大停电事故的情况分析和关键基础设施的安全防护建议

通过对委内瑞拉大停电事故的初步情况分析,对电力系统关键基础设施的防护渠道进行了简要解析,并就我国当前工控系统安全现状,建议推进工业领域关键基础设施信息安全测评工作、建立长效检测、防护、上报、反馈机制,提升关键基础设施信息安全应急处置能力,并主动适应工业互联网发展趋势。     

Evidence-driven decision support in critical infrastructure management through enhanced domain knowledge modeling

Effective critical infrastructure management in dynamically changing service environments requires understanding and inferring unknown knowledge from complex heterogeneous dataset to reason about multi-dimensional complex problem solving activities by aggregating supporting evidences. While the attributes of the database table only describe data and certain notions from the database relational schema, they do not describe the higher-level concepts or the knowledge from the domain that are commonly thought of and referred by engineers who need to inspect and manage the infrastructure with a holistic viewpoint. Thus, engineers have to work with rudimentary data-level attributes that, further, complicates the critical infrastructure management, which essentially needs efficient, effective, and informed decision making. Ontology enables to solve a complex problem where the underlying domain concept provides collective understanding of the data based on the domain knowledge from multi-dimensional resources. Enhanced domain knowledge modeling is applied for transportation infrastructure asset management that requires bridge inspectors to make decisions based on complex multi-layered heterogeneous data, such as, infrared image data, aerial photo data, ground-mounted LIDAR data, etc. The ontological concepts represent the process knowledge and assessment knowledge and it will be further used to support the bridge inspectors and their inspection process, whereas data are the ground facts. This process knowledge plays an important role to bridge the ground facts and the high-level concept space and provides the mapping of the complex data space to the easily comprehensible conceptual space. In making critical decisions, these become crucial evidences in justifying decisions made as well as in making uniform decisions among different subject matter experts through the common understanding.     

Novel scheme for reducing communication data traffic in advanced metering infrastructure networks

The Journal of Supercomputing - A smart grid uses automation and information communication technologies to guarantee its integrity. The first step of smart grid construction is the deployment of an...     

A communication infrastructure to ease the development of mobile collaborative applications

Mobile workers doing loosely coupled activities typically perform on demand collaboration in the physical workplace. Communication services available in such work scenarios are uncertain, therefore mobile collaborative applications supporting those activities must provide ad hoc communication mechanisms in order to use each cooperation opportunity. Typically, the complexity of implementing such mobile ad hoc communication mechanisms becomes a challenge that jeopardizes the development of mobile collaborative solutions. This article presents a communication infrastructure named HLMP API dealing with that challenge. HLMP API intends to ease the development of such applications through the reuse of communication services. The infrastructure is an application programming interface that implements the HLMP routing protocol and also some awareness mechanisms that are required for mobile loosely coupled work. Developers using this infrastructure do not have to perform low-level programming.     

Design of an efficient communication infrastructure for highly contended locks in many-core CMPs

Lock synchronization is a key programming primitive for shared-memory many-core CMPs. However, as the number of cores increases, conventional software implementations cannot meet the desirable levels of performance and scalability. Meanwhile, most existing hardware-supported lock proposals require modifications at some level of the memory hierarchy, thus degrading QoS of applications through synchronization traffic.     

城市车路协同系统的通信及定位技术研究

为了改善道路安全和提高交通效率,提出一种实现车-车、车-路之间无线通信和车路智能协同控制的方法。结合车路协同系统(cooperative vehicle infrastructure system,CVIS)的研究方法,介绍了基于无线传感器网络(wireless sensor network,WSN)技术的车路协同系统和车辆定位装置的整体设计,包括基于ARM920T(advanced RISC machines)内核的嵌入式车载终端和路测终端的设计,全球定位系统(global positioning system,GPS)接收机的设计,以及设计一个中值滤波器和卡尔曼滤波器的组合来提高GPS接收机的精度。实验结果表明,优化后的GPS接收机定位位置误差明显减少,具有很高的精度和运行效率。     

Linguistic evaluation method for the environmental assessment of infrastructure projects

A soft linguistic evaluation method is proposed for the environmental assessment of physical infrastructure projects based on fuzzy relations. Infrastructure projects are characterized in terms of linguistic expressions of 'performance' with respect to factors or impacts and the 'importance' of those factors/impacts. A simple example is developed to illustrate the method in the context of three road infrastructure projects assessed against five factors/impacts. In addition, a means to include hard or crisp factors is presented and illustrated with respect to a sixth factor.     

DFT modeling approach for operational risk assessment of railway infrastructure

International Journal on Software Tools for Technology Transfer - Reliability engineering of railway infrastructure aims to understand failure processes and to improve the efficiency and...     

Information security governance practices in critical infrastructure organizations: A socio-technical and institutional logic perspective

Achieving a sustainable information protection capability within complex business, legal and technical environments is an integral part of supporting an organization’s strategic and compliance objectives. Despite a growing focus on information security governance (ISG) it remains under-explored requiring greater empirical scrutiny and more contextually attuned theorizing. This study adopts an interpretive case approach and uses analytical lenses drawing from socio-technical systems and institutional logics to examine how ISG arrangements are framed and shaped in practice in fourteen Australian Critical Infrastructure Organizations. Our findings illustrate the heterogeneity and malleability of ISG across different organizations involving intra- and inter-organizational relationships and trust mechanisms. We identify the need to reframe ISG, adopting the new label information protection governance (IPG), to present a more multi-faceted view of information protection incorporating a richly layered set of social and technical aspects, that constitute and are constituted by governance arrangements.