Embed Size (px)
Citation preview
Dr. ing. Marco Lisi European Space Agency
Security in Large, Strategic and Complex Systems: Challenges and Solutions
All views expressed in this presentation are those of the author and do not necessarily represent the views of, and should not be attributed to, the European Space Agency
2
Summary All critical infrastructures of our society are supported
by large and complex systems, largely based on ICT technologies;
Large and complex systems are essentially network-centric, thus vulnerable to cyber-attacks and other security threads;
Information security is a “must have” option not only for “dual use” systems, but in general for all those systems constituting critical infrastructures or devoted to emergency services, disaster recovery, crisis management, homeland security, environment monitoring and control.
3
Critical Infrastructures • Critical infrastructures are “so vital (…) that the incapacity
or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety.” [U.S. Homeland Security Presidential Directive on Critical Infrastructure Identification, Prioritization, and Protection, December 17, 2003];
• An EU critical infrastructure is an “asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions” [Council Directive 2008/114/EC of 8 December 2008].
4
Electric Power Grids
5
Oil Pipeline Transport Networks
6
Water Pipeline Distribution Networks
7
Nuclear Power Generation Plants
8
Dams and Water Reservoirs
9
Telecommunications Networks
10
Railways Transportation Systems
11
Maritime Transportation Systems
12
Air Traffic Control Systems
13
Global Navigation Satellite Systems (PNT Infrastructure)
14
Large and Complex Systems (1/2) A large and complex system is a system composed of
a large number of interconnected elements, often developed and deployed worldwide, which interact dynamically, giving rise to emergent properties
Examples of complex systems for civil applications include: global satellite navigation systems air traffic control systems railway control systems space systems such as the International Space Station or
space transportation and exploration vehicles surveillance, Earth observation and Homeland security
systems electric power distribution systems telecommunication systems complex computer networks, including Internet.
15
Large and Complex Systems (2/2) A complex system often integrates existing systems
(or parts of them) in an overall large-scale architecture (“System of systems”) containing a large number of interfaces and implementing multiple modes of operation, in a highly dynamic environment
Large and complex systems require extensive logistics and maintenance support capabilities
Large and complex systems are conceived to be in service for a long time; in this case the evolution of the system (upgrades and modifications) has to be taken into account from the beginning.
16
Characteristics of Large and Complex Systems Service oriented Software intensive (several million lines of code) Capabilities-based rather than platform-based Organization and governance (human factor) Technical performance is a prerequisite for
production and delivery of services, not a final objective
Requirements related to operations, in addition to technical ones, assume a very high relevance:
Quality of Service (QoS) Flexibility Reliability, Availability, Continuity Expandability Maintainability Interoperability Safety Resilience Security
17
11 September 201?
18
A future scenario to avoid…
19
An Escalating Threat • In 2012 nearly 200 cyber-attacks against critical
infrastructure targets were reported to the U.S. Department of Homeland Security – an increase of more than 50% vs. the previous year;
• Growing evidence indicates that many of these attacks originated from military and/or government institutions in foreign countries.
20
21
Critical Infrastructures are Interdependent
22
The break-down of one critical infrastructure might cause a “domino effect” on all the others
23
Critical Infrastructures Dependency on Time
24
The main characteristics of our society also constitute its main vulnerabilities
Connectivity Complexity
Inter-dependency
25
“Large and Complex Systems" and Information Security: Challenges Security standards would ideally demand that a
system be disconnected from all networks before it can be given the highest security rating;
In a large and complex system (or “system of systems”), service oriented and based on an “open” architecture, trusted and untrusted domains need to co-exist and operate together;
The “Security Paradox”: a connected machine (or system) is a vulnerable machine (or system). But most of today’s systems are inherently “network-centric”;
This apparent contradiction must be resolved, finding the optimum balance between protection of information and availability of it.
26
“Large and Complex Systems" and Information Security: Solutions Concurrent system architecture design, with early
definition of security requirements (“Design for Security”);
Resilient system and network architectures (“Design for Resiliency”);
Maximum exploitation of internal and external (“systems of systems”) redundancies and of alternative back-up technologies;
Need for flexible security certification standards; Robust and flexible encryption techniques; Soft and hard “air gap” and firewall technologies; Secure gateways and network routers.
27
Trusted and Untrusted Networks/Domains
28
Multiple Independent Levels of Security (MILS) and Safety
29
Information Security Certification: Open Issues • Long time required for the execution of the
evaluation/certification process; • High cost of the evaluation/certification process; • Need for “air-gap” technologies at the boundaries
between trusted and untrusted domains; • Availability of jointly certified hardware and
software platforms; • Severe limitations in the use of commercial off-the-
shelf (COTS) software products; • Limitations in the use of commonly adopted
communications protocols (e.g. TCP/IP); • Loss of certification because of minor modifications
or obsolescence of both hardware and software; • Need for “encapsulation” techniques for the
utilization of non-certified components.
30
Cyber-attacks are not the only threat: Electro Magnetic Pulse (EMP)
31
Effects of an EMP Attack
Future PNT System of Systems Infrastructure
32
Non-GNSS PNT Systems
Autonomous PNT Platforms
GNSSs
eLoran Wi-Fi
GSM SOPs
The Global Systems of Systems Infrastructure
33
GEOSS Telecomms
Conclusions
In today’s world the demand for safety, security and value-added services is increasing at a very fast pace, leading to the development of large, complex, integrated, highly networked systems or “systems of systems”;
Such large and complex systems often become the backbone of critical infrastructures of our society;
Information security features, including encryption, keys management, soft and hard “air-gaps” and conditional access control, will have to be designed into the system architecture from the beginning, as integral parts of it;
The ultimate answer to our demand for security might come from global “systems of systems” infrastructures, with highly resilient and internally redundant architectures.
34
Korean
Thank You
English
Russian
Danke German
Grazie Italian
Gracias Spanish
Obrigado Brazilian
Portuguese Arabic
Simplified Chinese
Traditional Chinese
Thai
Merci French
Japanese
