D3.4 CIPSEC Intra Inter dependencies Analysis. Preliminary Report

Summary:

In this deliverable we consider the specific analysis of the three individual Pilots, Environmental, Railway and Health, which have different characteristics both in the areas in which they operate and in the safety aspects that must be taken into account, also in relation to the possible Cascading Effects that can be generated as a result of computer incidents.

The document describes the different critical infrastructures of the three pilots by paying attention to the security aspects and the possible consequences that may occur as a result of attacks or incidents on the same infrastructure of each Pilot or on those directly or indirectly connected.

Following will be described the Pilot’s scenarios and the features that characterize each critical infrastructure that can be divided into two main sets, the HW and SW features, that can be shared by all pilots and the specific features that distinguish each pilot :

  • The first set includes PCs, servers, communications networks, storage for the HW components, S.O., FW, web applications for the SW.
  • The second set includes the specific features of each domain: electro medical equipment, air pollutant sensors, railway networks, AIRVALID and ARIACENTRAL, the Interlocking System, the Field Element Area, the Infusion Pumps, Imaging Equipment, etc.

In order to evaluate possible or real Cascading Effects, it is necessary to distinguish between Inter and Intra Dependencies, the first being dependency between macro systems, while the latter is related to internal relationships with the CIs. Based on the definitions of Inter and Intra Dependencies, we have proceeded with the identification of the possible Cascading Effects of each Pilot

As critical infrastructures can be so different from one another, it is necessary to focus attention on the Cascading Effects of generalizable problems, without forgetting however the cascading effects that may be specific to each single Pilot.

To pursue these goals, a description of the architecture that compiles each infrastructure is provided and analyses the issues that can be encountered and the consequences; while for the Railway Pilot, a recent incident and its consequences are also being analysed for the other two Pilots it was only possible to proceed with hypothetical analysis of the possible consequences of a cascade of a computer incident.

Finally we can consider that Critical infrastructures and Cascading Effects have different meanings depending on the domain of competence such as the components of a system and the interactions between them.

No less important are the territorial and temporal boundaries where interactions occur between the systems considered and the environment in which they operate and the interactions between the components of the systems themselves.