Mixed Holistic Reductionistic Approach for Impact Assessment of Cyber Attacks

Recently issues about cyber-war have gained relevant attention, especially because of gravity of damages that could be caused by cyber attacks to strategic targets, mining security of citizens. Examples of targets might include national civil and military airports, command and control systems of civ...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Digioia, G., Foglietta, C., Panzieri, S., Falleni, A.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Recently issues about cyber-war have gained relevant attention, especially because of gravity of damages that could be caused by cyber attacks to strategic targets, mining security of citizens. Examples of targets might include national civil and military airports, command and control systems of civil and military transportation means electronic military systems for national defense, national infrastructures for water and electricity distribution, industries and also hospitals or firefighters informatics systems. The risk of cyber attacks for the mentioned systems and infrastructures has grown because of the introduction of general-purpose and open (not proprietary)communication protocols, widely interconnecting systems and services. With this regard, it is of great importance the problem of evaluating the impact that cyber attacks could generate and to select effective countermeasures to protect military and civil heterogeneous and interconnected systems. In this paper the Mixed Holistic Reductionist (MHR) model is proposed as a conceptual methodology to evaluate the impact of a set of cyber attacks to military and civil infrastructures of strategic interest. The reductionist approach allows modeling of heterogeneous systems using the simplest elements and then coming to assess the interaction of basic components. The holistic paradigm instead allows to analyze complex systems by evaluating their behavior in complex and thus as a monolithic unit. This model allows combining the holistic method with the reductionist, trying to maintain the benefits of both paradigms. The two methods are linked together through an additional layer which is an intermediate level of abstraction, usually represented by the services of any infrastructure. Services are defined as logical objects, in order to obtain useful functionality to the customer, or other infrastructure. The validity of MHR model has been already tested within the context of Critical Infrastructure protection. In particular, it has been implemented in CISIA, a system-interdependency simulator, developed by "Roma Tre"University. In this work, the effectiveness of the model is studied with regard to government infrastructure protection from cyber attacks and, with this regard, an explicative case study is presented.
DOI:10.1109/EISIC.2012.30