SECURITY

More documents

Recommendations

Info

Overview CI Critical infrastructures are of vital importance for the national community because they are essential for survival and therefore particularly worth protecting. Fai- lure and, even more so, their breakdown would entail a sustained shortage in supply, serious disruptions of public security or other dramatic consequences. CI – Sectors • Energy supply • Supply (including drinking water, food, health services, rescue system) • Information and communication technologies • Transport services (including post) • Financing, banking, insurance • Authorities, public administration • Hazardous substances • Other sectors (media, major research centres, cultural property) CI – Hazards and Threats Critical infrastructures can be threatened by various hazards, especially: • Natural hazards • Man-made hazards • Storms, tornados • Accidents • Extreme precipitation, floods • System failure • Heat/droughts • Sabotage • Earthquakes • Terrorism • Epidemics/pandemics • War Due to the extreme dependence on services provided by critical infrastructures, especially modern societies are extremely vulnerable. Infrastructure facilities may be impaired or even fail under harsh conditions. Because of the sometimes massive dependencies between the sectors (interdependencies), this risk is even enhanced. Failures in one sector can lead to failures in other sectors and therefore trigger a domino effect. All infrastructure sectors highly depend on power supply or on information and telecommunication systems. Globalisation and privatisation of infrastructures harbour further risks. In spite of economic constraints, redundancies, which are capable of at least neutralising failures to some extent, should not be reduced. Vulnerable points should be revealed and reduced by a tolerable extent in order to decrease the impact of extreme events. CI – Strategy The Critical Infrastructure sections e.g. of the BBK* provide advice and services to the Federal Government but also to Laender, municipalities and enterprises. At the centre, all issues are dealt with at an interdisciplinary level: Engineers, natural and social scientists as well as administrative specialists work out practically oriented analyses and effective protection concepts. The protection concepts are based on three pillars: 1) Preventing and mitigating loss of services 2) Promoting back-up systems (redundancies) and emergency capacity 3) Enhancing self-protection capabilities Viable co-operations and partnerships in the area of critical infrastructures both with other authorities as well as with mainly private service providers are of vital importance to guaranty successful work. Thanks to the establishment and development of networks, mutual exchange shall be promoted, resilience of critical infrastructures enhanced and thus security strengthened. Co-operations and information networks link stakeholders and raise awareness. The aim is to promote critical infrastructure resilience and, hence, strengthen public safety and security. *Federal Office of Civil Protection and Disaster Assistance (BBK) © Federal Office of Civil Protection and Disaster Assistance (BBK) in Federal Republic of Germany as a central organisation element for civil safety. Literature 1. A framework for studying mortality arising from critical infrastructure loss; International Journal of Critical Infrastructure Protection: A key rationale for critical infrastructure protection policy around the world is that the critical infrastructure must be protected because its loss can lead to fatalities, and it is claimed, a large loss of life in some cases. Volume 7, Issue 2, June 2014, Pages 100–111; http://www.journals.elsevier.com/internationaljournal-of-critical-infrastr ucture-protection Making Work invisible: New Public 2. Management and operational work in critical infrastructure sectors; John Wiley & Sons Ltd: Public Administration, Volume 92, Issue 2, pages 477– 492, June 2014; http://onlinelibrary.wiley.com/doi/ 10.1111/padm.12069/pdf International Journal 3. of Critical Infrastructure Protection: Vulnerabilities of cyber-physical systems to stale data— Determining the optimal time to launch attacks +Implementation of security and privacy in ePassports and the extended access control infrastructure; Volume 7, Issue 4 - selected pp. 211-270 (December 2014. www.sciencedirect.com/science/jour nal/18745482) 60 EURO <strong>SECURITY</strong> / MES Critical Infrastructure II/14
Critical Infrastructure Risks for modern infrastructure The hazards which operators of critical infrastructure face can be categorised as (1) hazards related to natural events, (2) hazards from human error or technical failures and (3) hazards related to terrorism and criminal activity. Some events can also draw in neighbouring or linked installations and property. A domino effect resulting for example from fire spreading from neighbouring establishments, or from flying debris following an explosion or even from the failure of utilities after disasters, can mean the surrounding area may be damaged or destroyed too.Multiple events which take place in a short time frame such as a second, delayed separate explosion or several almost simultaneous breakdowns at different places can under certain circumstances cause an exponential effect in which rescue or recovery measures are prevented or resources are assembled in the wrong place (diversionary measures). Risk factors The following risk factors can cause disruption of critical infrastructure Risk factor: human • lack of security awareness • insufficient qualified staff • human error • criminal behaviour (sabotage, terror attacks) Risk factor: organisation • concentration of vital resources • outsourcing of infrastructures critical to the enterprise Risk factor: nature/environment • Natural disasters (extreme weather, earthquakes, wild fires, mass social movements) • epidemics The assumptions applied within a particular hazard type are based on empirical knowledge of criminality, but may not apply absolutely in every case.The question of who are the likely culprits and their modus operandi cannot of course be answered with certainty.Based on experience of securing operations though it is possible to produce a rough classification with perpetrators or groups whose typical motives and possible behaviour patterns can be categorised according to level of danger.Negligent actions are not considered here, these are registered under hazards from events resulting from human error and technical failures. How far potential culprits can actually generate serious damage and at what point it is possible and likely has to be the subject of a risk assessment in which the hazards in the locality of the company are identified (risk management). The types of hazard contain a series of assumptions which it should be possible to assign to the investigated hazard situation. Essentially these assumptions include: • possible circumstances of the act, • possible motives and typical behaviour/procedure, • probable resources used and • criminal force to be expected. Deliberate incorrect operation This refers to all deliberate acts in which a disturbance can be generated using one’s hands and without any further resources.This kind of act could for example include the switching on and off of facilities, the opening or closing of pipe controls (sliders), the turning of hand wheels and the operation of levers as part of a process sequence.Deliberate incorrect operation can be carried out both by an organisation’s own employees and by third parties. Potential impacts Manipulation means the deliberate changing or moving of system parts with the aim of precipitating a critical situation. Examples of this are:programming controls wrongly, tampering with measuring systems, suppressing process, error or alarm reporting systems or even switching off of protection systems. Here it is primarily insiders with precise knowledge of the installation who come into question as culprits. Threats from actions with criminal intent For security professionals the following types of attack on structures are special risks as they can result in extensive damage. EURO <strong>SECURITY</strong> / MES Critical Infrastructure II/14 61
Page 1:
MES EURO SECURITY Section Critical
Page 4:
Contents Information 3 Contents 4 1
Page 7 and 8:
Airport Security Maximizing the pot
Page 9 and 10: Maximizing the potential of airport
Page 12 and 13: Panomera ensures enhanced security
Page 14: BorderControl New Automated Border
Page 20 and 21: Surveillance solutions for the publ
Page 22: Montessori School Advances Educatio
Page 25 and 26: Montessori School Advances Educatio
Page 27 and 28: Airport Security Aéroports de Pari
Page 29 and 30: 5 Energy Sector Local Supply Global
Page 31 and 32: JANAF provides secure Oil transport
Page 33 and 34: Communications at gas terminals new
Page 35 and 36: Communication Building the Smart Gr
Page 37 and 38: problems in the supply of energy. I
Page 39 and 40: city network elements, such as subs
Page 42: Event Security Climate change confe
Page 45 and 46: Premier face recognition technology
Page 47 and 48: Crossmatch Application in Bank succ
Page 49 and 50: Refrigerant food distribution facil
Page 51 and 52: Fire detection “Thermal imaging c
Page 53 and 54: Chimney fires A chimney fire often
Page 55 and 56: gen content in both areas inside th
Page 57 and 58: AUTHENTICATE PHYSICAL IDENTITIES, A
Page 59: IT-Security Big business decisions
Page 63: Risks for modern infrastructureRisk
show all

SECURITY

Create successful ePaper yourself

Delete template?

Save as template?