Infrastructure resilience

<Infrastructure resilience, 2013 Slide 1

Infrastructure resilience

Ian Sommerville


Resilience• Resilience is the ability of assets,

networks and systems to anticipate, absorb, adapt to, and recover from a disruptive event or series of events.

• Resilience is about maintaining the continuity of a service in the presence of disruptive events



Pandemic disease

• Pandemic disease is the highest impact risk because it potentially affects the whole of a national infrastructure as people become ill


Cyber attacks

• Cyber attacks that compromise confidentiality are not likely to have a major impact on the availability of a national infrastructure

• But cyber attacks that affect the control systems are more serious


Risk impact

• Risk impact is related to the extent of the damage to infrastructure assets


Impact depends on locality

• Local incidents, such as a terrorist attack on physical infrastructure, have limited impact because they only affect a small part of that infrastructure


Organisational infrastructure

• Organisations may be more vulnerable than physical infrastructure

• Incidents that affect the organisational infrastructure can have more significant impact

– Organisations are less likely to be distributed


Risk impact

• Because physical infrastructure is distributed, failures in one part of a physical network are localised

– A crack is discovered in one bridge but this does not affect other bridges in the network


Software vulnerability

• However, software control changes this

– If common elements of an infrastructure are networked and controlled by the same software, a failure in one element (especially a malicious attack) can propagate throughout the network

– Large-scale failures and unavailability therefore become possible


Infrastructure dependencies• All infrastructure

elements now depend on power and communications

• Failure and unavailable of these infrastructures has the most impact

Photo: creative commons/flickr/anemoneprojectors


Infrastructure vulnerabilities

• Limited physical protection



• Old/insecure software control systems

Image: http://commons.wikimedia.org/wiki/File:SCADA_PUMPING_STATION_1.jpg



• Lack of monitoring systems

• Lack of coordination across infrastructure elements



• Lack of knowledge of infrastructure state or dependencies

• Lack of knowledge of infrastructure demand


Achieving resilience


Resistance

Provide protection against anticipated events or attacks

– Flood defences

– Cybersecurity awareness

© Adrian Pingstone 2005


Resistance

• Based on previous experience and assumptions

• Changing world or external circumstances may mean that assumptions are invalid


Reliability

• Infrastructure components should be designed to operate under a range of (anticipated) conditions not just ‘normal’ operating conditions


Reliability

• Components, as far as possible, should be designed for ‘soft’, incremental rather than catastrophic failure


Digital and analog systems

• Digital systems are more brittle than analog systems

• Analog systems often fail gradually; computer-based systems often simply crash


Redundancy

• The network or system as a whole should be designed so that there are backup installations and spare capacity available.


Redundancy

• Examples– Computing support should be provided by

different providers in different locations

– Diverse generation capacity for electricity

– Multiple locations for command and control


Response and recovery

• Respond to distruptive events quickly, limiting the damage as far as possible and ensuring public safety


Response and recovery

• Plan how to restore services as quickly as possible in the event of a loss of capability

• Business continuity planning

• Disaster recovery


Achieving resilience• Advance planning to draw up contingency

plans to cover anticipated problems

• (a) good design of the network and systems to ensure it has the necessary resistance, reliability and redundancy (spare capacity), and

• (b) by establishing good organisational resilience to provide the ability, capacity and capability to respond and recover from disruptive events.


Key points• Critical infrastructure resilience is the

ability of the infrastructure to continue to deliver essential services during and after a hazardous event

• Infrastructure resilience depends on planning for contingencies and effective infrastructure design


Key points• Software control of infrastructure

systems potentially increases vulnerability because the effects of an event may not be localised

• Resilient infrastructure design is based on 4 R’s – resistance, reliability, redundancy, and recovery

Infrastructure resilience

Technology