(in) Security - Academic Conferences Limited
(in) Security - Academic Conferences Limited
(in) Security - Academic Conferences Limited
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Analysis and Modell<strong>in</strong>g of Critical Infrastructure Systems<br />
Graeme Pye and Matthew Warren<br />
Deak<strong>in</strong> University, Geelong, Australia<br />
graeme@deak<strong>in</strong>.edu.au<br />
mwarren@deak<strong>in</strong>.edu.au<br />
Abstract: The <strong>in</strong>creas<strong>in</strong>g complexity and <strong>in</strong>terconnectedness of critical <strong>in</strong>frastructure systems, <strong>in</strong>clud<strong>in</strong>g the<br />
<strong>in</strong>formation systems and communication networks that support their existence and functionality, poses questions and<br />
challenges. Particularly, <strong>in</strong> terms of modell<strong>in</strong>g and analysis of the security, survivability and ultimately reliability and<br />
cont<strong>in</strong>ued availability of critical <strong>in</strong>frastructure systems and the services they deliver to modern society. The focus of<br />
this research enquiry is with regard to critiqu<strong>in</strong>g and modell<strong>in</strong>g critical <strong>in</strong>frastructure systems. There are numerous<br />
systems analyse and modell<strong>in</strong>g approaches that outl<strong>in</strong>e any number of differ<strong>in</strong>g methodological approaches, each<br />
with their own characteristics, expertise, strengths and weaknesses. The <strong>in</strong>tention of this research is to <strong>in</strong>vestigate<br />
the merit of apply<strong>in</strong>g a ‘softer’ approach to critical <strong>in</strong>frastructure system security analysis and modell<strong>in</strong>g that broadly<br />
views the systems <strong>in</strong> holistic terms, <strong>in</strong>clud<strong>in</strong>g their relationships with other systems. The <strong>in</strong>tention is not to discuss or<br />
criticise exist<strong>in</strong>g research apply<strong>in</strong>g quantitative approaches, but to discuss a ‘softer’ system analysis and modell<strong>in</strong>g<br />
approach <strong>in</strong> a security context that is adaptable to analysis modell<strong>in</strong>g of critical <strong>in</strong>frastructure systems.<br />
Keywords: critical <strong>in</strong>frastructure, security analysis, systems modell<strong>in</strong>g<br />
1. Introduction<br />
The <strong>in</strong>teractive nature and characteristics of critical <strong>in</strong>frastructure systems presents several theoretical<br />
and practical challenges to modell<strong>in</strong>g, prediction, simulation and analysis of the causal behaviours and<br />
security factors both with<strong>in</strong> and between mixes of differ<strong>in</strong>g system types. Furthermore, understand<strong>in</strong>g the<br />
potential impacts of <strong>in</strong>terdependency relationships as <strong>in</strong>frastructures evolve and change <strong>in</strong> operational<br />
regulations govern<strong>in</strong>g critical <strong>in</strong>frastructure systems is an important consideration (Brown et al 2004). The<br />
<strong>in</strong>teractions and responses are neither universally applicable nor transferable between <strong>in</strong>dependent,<br />
s<strong>in</strong>gle critical <strong>in</strong>frastructure systems or <strong>in</strong>terconnected multiple system configurations. Critical<br />
<strong>in</strong>frastructure systems comprise a heterogeneous mixture of dynamic, <strong>in</strong>teractive, non-l<strong>in</strong>ear elements,<br />
unscheduled discont<strong>in</strong>uations and numerous other <strong>in</strong>fluential impositions and behaviours (Macdonald &<br />
Bologna 2003). These configurations and behaviours present significant challenges to the security<br />
analysis and modell<strong>in</strong>g of critical <strong>in</strong>frastructure systems.<br />
2. System analysis and modell<strong>in</strong>g considerations<br />
Systems generally consist of a collection of lower level elements or subsystems that work together <strong>in</strong> a<br />
cooperative manner toward the greater overarch<strong>in</strong>g goal of the system. Furthermore, the characteristics<br />
of systems vary considerably and are largely the result of the type of system, open or closed, and the<br />
external environment that <strong>in</strong>teracts and <strong>in</strong>fluences system functionality generally. Additionally, the<br />
relationships and <strong>in</strong>fluences exerted between subsystems also have a part to play <strong>in</strong> comprehend<strong>in</strong>g the<br />
subject system’s functionality and responses to differ<strong>in</strong>g circumstances.<br />
2.1 System modell<strong>in</strong>g themes<br />
In general terms, apply<strong>in</strong>g the system security analysis or system modell<strong>in</strong>g approaches to represent an<br />
<strong>in</strong>terpretive conceptualisation of a real-world system (Berntsen et al nd) provides a means of view<strong>in</strong>g the<br />
important aspects or essence of the system at various levels, depend<strong>in</strong>g on the particular system<br />
modell<strong>in</strong>g theme.<br />
For example, other common system modell<strong>in</strong>g and analysis themes are as follows (Avison 2003a):<br />
A three-level view, where the conceptual level is a descriptive high-level overview of the system<br />
doma<strong>in</strong>, the logical level describ<strong>in</strong>g the system goals and <strong>in</strong>tention, while the physical level describes<br />
the system itself <strong>in</strong>clud<strong>in</strong>g the technologies <strong>in</strong>volved.<br />
Process modell<strong>in</strong>g theme describes the logical analysis of the processes with<strong>in</strong> the system and is a<br />
discipl<strong>in</strong>e that applies a basic technique of functional decomposition, which breaks down a complex<br />
problem <strong>in</strong>to smaller, more manageable detail.<br />
Data analysis theme <strong>in</strong>volves comprehend<strong>in</strong>g and document<strong>in</strong>g the data elements and their<br />
relationships with<strong>in</strong> the system.<br />
194