This post has been written by Vittorio Vallero and Barbara Lunel.
Critical infrastructures indicate all those technological infrastructures that are relevant for the welfare of our countries. We need to think 1 infrastructure systems using concepts drawn from complex adaptive system (CAS) theory. Seeing our critical infrastructure as a CAS will help to recognize existing interdependencies between demand and supply, between different sectors of the infrastructure and how infrastructural systems agents tend to change and evolve over time. CAS can be defined as containing a large number of agents which interact, learn and most crucially, adapt to changes in their selection environment in order to improve their future survival chances (Holland, 2006)2. Agent-Based Models overcome limitations of equation-based approaches and are a powerful tool to study socioeconomic systems. "... Computer simulation can combine the useful flexibility of a computer code – where we can create agents acting, making choices, and reacting to the choices of other agents and to modification of their environment – and its intrinsic computability. In this way we can combine the descriptive capabilities of verbal argumentation and the ability to calculate the effects of different situations and hypotheses. From this perspective, the computer program is a form of mathematics. In addition, we can generate data – that is, time series – from our models and analyze them employing statistics and econometrics. In summary, we have: 1) verbal argumentations; 2) mathematical equations with statistics and econometrics; 3) agent-based computer simulations..."3. Here follows a definition chosen by CIPSEC to define cascading effects: “… cascading effects are the dynamics present in disasters, in which the impact of a physical event or the development of an initial technological or human failure generates a sequence of events in human subsystems that result in physical, social or economic disruption..."4. In general, the interdependencies increase the vulnerability of the critical infrastructures although the integration and the synergy in its usage provides valuable benefits in terms of efficiency, service quality and cost reduction. Interdependencies lead to avalanche effects in distribution of errors from one critical infrastructure to another. A simple outage caused by a problem can lead to cascading outages and possibly to the whole system collapse. Many examples of cascading problems of infrastructure dependencies can cover wide geographical areas. Communication technologies improve productivity, efficiency and competitiveness and the use of the Internet reduces operating costs but the interdependence arise and along with the benefits we also have easy access from cyber criminals and terrorists with all negative consequences further complicating the final scenario. This creates a wide variety of parameters that can influence the reference infrastructure. We will use as an example a simulation of the application of an antivirus product within an information system as we consider this type of simulation suitable to exemplify cascade effects. In this solution a series of parameters can be applied so as to guarantee a wide range of use cases in order to highlight any critical points that can be found. The simulation is therefore able to highlight, for example, the case in which the antivirus is used incorrectly and how the target environment is able to respond to the eventualities. Today we can use theoretical models in the social sciences using computers. Agent-based models (ABM) are a potential "third way" in advancing the study of social sciences, in addition to arguments and formalization. With computer simulations, unlike other methods, it is possible to formalize complex theories about processes, carry out experiments and observe the occurrence of emergence5. Mathematical and statistical models have some disadvantages; e.g., many of the equations which one would like to use to represent real social phenomena are simply too complicated to be analytically tractable like when the phenomena being modelled involve non-linear relationships: the advantages of mathematical formalization are not there. A common solution is to make simplifying assumptions until the equations do become solvable but these assumptions are often implausible and the resulting theories can be misleading6. Netlogo7 is an agent-based programming language with an integrated modelling environment appeared in 1999. This application can modulate and simulate complex system over a period and it offers an area for creating a user interface with buttons, sliders and monitors for implementing the different functions of the interface elements. Inside Netlogo -> File -> Models Library -> Sample Models - > Networks Virus on a Network89 it is possible simulate the behavior of virus inside a network environment. This model demonstrates the spread of a virus through a network. Each node represents a computer, and we are modeling the progress of a computer virus or worm through this network and each node may be in one of three states: susceptible, infected or resistant. The links in the networks represent the connection between computers and their neighbors. Infected nodes are the ones that currently have the virus. They try to send it to all their neighbors who are susceptible. Infected nodes have a recovery chance and can either become susceptible again or resistant. A node can become resistant by a resistance probability that is set in the model. The susceptible nodes are the nodes that are vulnerable to the virus. When a neighbor of a susceptible node is infected, it can get infected too depending on the virus spread probability, which is a parameter specified in the model. When an infected node becomes resistant, it stays resistant, and it is not possible for the virus to spread through its links. For instance, in a first realistic scenario, the defenses are lowered, decreasing the control frequency about the scheduled virus-scan procedure, or do not worry if human noticing something fishy about how the computer is behaving. Tick is a term used in NetLogo to describe the current number of time-steps of the simulation.
After a few ticks when I do not bother to defend the nodes of the network from the spread of the virus, cascade effects occur and I find the entire area of interest completely infected. In a second scenario by changing the initial number of infected nodes to the maximum value but keeping the anti-virus periodic control constant to 1 tick on the nodes, it is possible to keep the diffusion under control until it is reset to zero.
An important increase in the number of connections of each single node causes a decisive slowdown in the effectiveness of the antivirus. Cascading effects certainly have an impetus from the number of intra and inter dependencies of the reference structure. Simulation with Netlogo helps us understand this phenomenon. Through a tool suitable for simulations based on ABM, NetLogo, we wanted to demonstrate the effectiveness of an antivirus in the management of a computer network subject to the spread of a computer virus and the possible consequences and countermeasures obtainable with the use of an antivirus for contain a possible cyber-attack.
One of the problems that emerges in the approach of cybersecurity related to our technological environment is due to the difficulty of making clear the importance of certain behaviors towards procedures and practices that can impact our security, from the personal one to that of our work environment as well as the critical infrastructures so important for our life. ABMs like Netlogo can make us understand how important are these methodologies and systems capable of protecting us from the dangers of the application of technology for malicious purposes. Although the techno-social systems evolve over time, it is the result of combinations that are often underestimated or misunderstood by us and that the simulation with ABM highlights. In socio-economic systems, emphasis is put on importance of connectivity between the elements of the system itself and the interaction that derives from the fact that these elements are always connected. The ABMs make it possible to associate the time not as a component of the environment itself, which flows continuously for all the components, but as a component of the individual objects present in the model and which, therefore, change their status asynchronously. How many times have we wondered why we have to update our antivirus and why we have to choose an effective antivirus. With agent-based models we can see in an effective and elegant way that the choices we make do not only influence the technology we possess but determine the stability and resilience of the technological system in which we live. By simulating ex-ante the criticalities of a critical infrastructure we are able to foresee organizational or instrumental steps able to remedy any failures or emergency situations caused by both endogenous and exogenous agents.
- Holland, J.H. (2006) ‘Studying Complex Adaptive Systems", Journal of Systems Science and Complexity, 19(1), 1–8.
- Boero R, Morini M., Sonnessa M., Terna P. (2017) Agent-Based Models of the Economy-From Theories to Applications
- Stonedahl, F., Wilensky, U. (2008). NetLogo Virus on a Network model.http://ccl.northwestern.edu/netlogo/models/VirusonaNetwork. Center for Connected Learning and Computer-Based Modeling, Northwestern University, Evanston, IL.
- Wilensky, U. (1999). NetLogo. http://ccl.northwestern.edu/netlogo/. Center for Connected Learning and Computer-Based Modeling, Northwestern University, Evanston, IL.