CRITICAL INFRASTRUCTURE PROTECTION (CIP)
advertisement
<www.informatik2003.de> CRITICAL INFRASTRUCTURE PROTECTION (CIP) - STATUS AND PERSPECTIVES Preprints of the First GI Workshop on CIP, Frankfurt a.M. 2003 Edited by Willi Stein, Bernhard Hämmerli, Hartmut Pohl, & Reinhard Posch An International Two-Days Workshop (Sept. 29-30, 2003) within the Annual Meeting “Informatik 2003” of the German Informatics Society (GI: Gesellschaft für Informatik) at JWG University, Frankfurt a.M. (Sept. 29 - Oct. 2, 2003). Johann W olfgang GoetheUniversität Frankfurt a.M. © by Willi Stein 2003 <willi.stein@bsi.bund.de> The papers [1.4], [1.5], [2.2], [2.4], [3.1], [4.2], [4.3], and [4.5] can be included in this preprints with friendly permission of “Lecture Notes in Informatics (LNI) – Proceedings”, Series of the German Informatics Society (GI), © Gesellschaft für Informatik, Bonn 2003. Sponsored by Gesellschaft für Informatik (GI) e.V. Bonn (FB Sicherheit), Fraunhofer ISST Berlin, and Fraunhofer SIT Darmstadt. Contents SESSION 1: Introduction and Country Session 1.1 Critical Infrastructure Protection (CIP) Workshop – Introduction and Goals. W. Stein, B. Haemmerli, H. Pohl, R. Posch 1.2 The European Initiatives on Network and Information Security. A. Servida (EU Brussels) 1.3 Critical Infrastructure Protection: Survey of world-wide Activities. S. Ritter & J. Weber (BSI, Bonn) 1.4 Critical (information) Infrastructure Protection in The Netherlands. E. Luiijf, H. Burger & M. Klaver (TNO/FEL, The Hague) 1.5 Critical Information Infrastructure Protection in Norway. K. Nystuen & J. Hagen (FFI, Kjeller) 1.6 Critical Infrastructure Protection in Germany. S. Jantsch (Consultant, Munich) 1.7 International Information Assurance (IA)/Critical Infrastructure Protection (CIP) Challenges A Swedish View. L. Nicander (IO/CIP Center, Stockholm) SESSION 2: Modeling and Simulation 2.1 Modeling and Simulation for Critical Infrastructures – Status and Future Issues. S. Varnado (SANDIA, Albuquerque) 2.2 An Integrated Approach to Survivability Analysis of Large Complex Critical Infrastructures. S. Bologna (ENEA-Casaccia, Rome) & T. Beer (IABG, Munich) 2.3 Modelling and Simulation for Analysis of Critical Infrastructures. W. Schmitz (IABG, Munich) 2.4 Internet under Threat: Simulation of Survivability with INESS. W. Fischer, N. Lepperhoff & A. Volst (FZ, Juelich) SESSION 3: CIP Networks and Partnerships 3.1 MELANI – An Analysis Centre for the Protection of Critical Infrastructures in the Information Age. R. Rytz & J. Römer (ISB, Berne) 3.2 CIRCA – Computer Incident Response Coordination Austria. O. Hellwig (Consultant, Vienna) 3.3 Information Logistics Approach towards an User Demand-Driven Information Supply for Critical Infrastructure Protection. H. Kurrek & C. Thiel (FhG-ISST, Berlin) 3.4 Information Sharing Successes and Challenges: The U.S. Experience. S. Algeier (US Chamber of Commerce, Washington) 3.5 Fostering On-line Trust and Protecting Critical Infrastructures through Information Sharing: The Case of Internet Protection Centres. D. Bruschi (U. Milano) & L. Valeri (RAND Europe, Berlin) 3.6 Building Partnerships for Critical Infrastructure Protection: A View From the UK. N. Robinson (RAND Europe, Cambridge) Critical Infrastructure Protection (CIP) Workshop (Frankfurt a.M., 29-30 Sept. 2003) - Contents: 1 SESSION 4: Policies and Methods 4.1a Critical Information Infrastructure Protection in the United Kingdom. T. Barry (NISCC, London) 4.1b UK Critical Information Infrastructure Protection – The R&D Dimension. I. Bryant (NISCC, London) 4.2 Policy Based Management for Critical Infrastructure Protection. G. LeGrand, F. Springinsfeld, M. Riguidel (ENST, Paris) 4.3 Critical Information Infrastructure Protection (CIIP) Policies in Selected Countries: Findings of the CIIP Handbook. I. Wigert & M. Dunn (ETH, Zurich) 4.4 Analysis of Critical Infrastructures: The ACIS methodology. D. Reinermann & J. Weber (BSI, Bonn) 4.5 Strategic Games to Foster Policy Development for Critical Infrastructure Protection. M. Holenstein & D. Bircher (EBP, Zollikon) SESSION 5: Applicational Aspects and Assessments 5.1 End to End Security Assessment (EESA) for Critical Infrastructure Protection. E. Adar (iTcon, Tel Aviv) & H. Thielmann (SIT-FhG, Darmstadt) 5.2 A Methodology for the Evaluation of the Security Risks of Internet-based Remote Control Applications of Utilities. M. Masera, G. Dondossola, G. Mauri, M. Hohenadel & A. El Abjani (CEC JRC, Ispra) 5.3 Kritische Kommunikationsdienste und ihre kritischen Komponenten: Beiträge zur Stützung von Selbstbestimmung und Unabhängigkeit. B. Haemmerli (HTA, Lucerne) 5.4 Critical Infrastructure Protection: Some Operator's Point of View. P. Friessem & H. Sarbinowski (FhG-SIT, Darmstadt & Sankt Augustin) 5.5 Emergency and Rescue: Methodology and Tool for Alert Activation and Crisis Management. L. Carlier, L. Dhaleine, P. Genestier, C. Lac & B. Savina (France Telecom, Lannion) Critical Infrastructure Protection (CIP) Workshop (Frankfurt a.M., 29-30 Sept. 2003) - Contents: 2 Preface This volume represents the preprints of the first workshop on Critical Infrastructure Protection (CIP) of the German Informatics Society (GI: Gesellschaft für Informatik e.V., Bonn). This international two-days workshop was held, as one part of the Annual Meeting “Jahrestagung Informatik” (Sept. 29-Oct. 2, 2003) of the German Informatics Society, at the Johann Wolfgang Goethe-Universität in Frankfurt a.M. on September 29-30, 2003. But what do we mean with CIP? Protecting critical infrastructures (CI), such as communications, transportation, and energy, against disruption of any kind is increasingly crucial in maintaining both domestic stability and national security. CIP includes cyber, physical, and psychological levels to secure systems and assets. Critical Infrastructure Protection and Information Security The Critical Infrastructure Protection (CIP) approach logically includes the information security (InfoSec) approach and, in addition, has to consider a broader spectrum of risks and threats. The nature of risks and vulnerabilities in modern societies is becoming more and more transnational today. An open, non-hierarchical dialog on newly recognised vulnerabilities at the physical, cyber, and psychological levels is needed to create a better understanding of new risks and their causes, interactions, probabilities, and costs. Indeed, CIP is needed in each country, but CIP is extremely demanding, and implementing an effective CIP solution can easily exceed the scientific, technological, and organisational resources of a country. CIP is a challenge within each nation’s own responsibility that can be supported by bilateral and transnational activities. Therefore new forms of co-operation and/or partnership have to be developed: between scientific communities, between private and public actors, and between countries. Origin of this workshop The idea leading to this workshop evolved during talks, which we had one year ago with Dr. Manfred Reitenspiess (Munich) at an EU/DDSI meeting in Brussels (19-20 September 2002). Due to the “genius loci”, we perceived the national, the European, and the transnational dimensions of CIP, and we tried to understand CIP as an IT-driven network-centric approach being indispensable in a more and more networked world. Sure, that is an IT-oriented position from an IT-oriented meeting. Hence the present group of editors started organising this workshop by using initiatives from Austria, Switzerland (e.g., www.infosurance.ch) and Germany, including the co-operation mechanisms of the national informatics societies, i.e., GI, ÖCG, and SI. One of our goals was to bridge the (still in all countries existing) gaps between the communities of information security (InfoSec) and of critical infrastructure protection (CIP/CIIP). For the “Call for Papers” of this CIP Workshop we constituted an ”International Board of Workshop Coordinators” having these members: • • • • • • • • Herbert Fiedler, U. of Bonn (Germany) herbert.fiedler@gmd.de Bernhard Hämmerli, HTA Lucerne (Switzerland) bmhaemmerli@hta.fhz.ch Eric Luiijf, TNO/FEL The Hague (Netherlands) luiijf@fel.tno.nl Jan Lundberg, SEMA Stockholm (Sweden) jan.lundberg@krisberedskapsmyndigheten.se Hartmut Pohl, FH Bonn-Rhein-Sieg (Germany) Hartmut.Pohl@sang.net Reinhard Posch, A-SIT Vienna (Austria) Reinhard.Posch@cio.gv.at Willi Stein, BSI Bonn (Germany) willi.stein@bsi.bund.de Gerhard Weck, Infodas Köln (Germany) GerhardWeck@compuserve.com Acknowledgements We wish to thank the Division „Security“ of the German Informatics Society (GI-FB Sicherheit) and its speaker (Dr. Manfred Reitenspiess, Munich), the Fraunhofer Institute SIT Darmstadt (Prof. Dr. Claudia Eckert), and the Fraunhofer Institute ISST Berlin (Dr. Christoph Thiel) for sponsoring this volume. In particular, we are deeply indebted to Daniel Bircher (EBP Zollikon), Helen Gill (NSF Washington), Carl Landwehr (NSF Washington), Eric Luiijf (TNO/FEL The Hague), Jan Lundberg (SEMA Stockholm), Jan Metzger (ETH Zurich), Andrea Servida (EU Brussels), and Samuel Varnado (SANDIA National Laboratory, Albuquerque) for supporting this workshop, either by communicating ideas or by opening doors to other experts. Critical Infrastructure Protection (CIP) Workshop (Frankfurt a.M., 29-30 Sept. 2003) - Preface: 1 We further express our appreciation to the authorities and the organising team of the annual meeting, and in particular to Silke Eberhardt (TU Ilmenau), Prof. Rüdiger Grimm (TU Ilmenau), Sabine Landvogt (U. Frankfurt), Jens Nedon (ConSecur, Meppen), Prof. Andreas Oberweis (U. Frankfurt), and Prof. Kai Rannenberg (U. Frankfurt). Proposals for future European projects We pointed out that CIP is a challenge within each nation’s own responsibility, and that network-centric co-operative approaches are the way of acting in the interconnected society. In our understanding, the next scientific steps on the way to an Europe-wide co-operative protection of critical infrastructures could include projects like these: • • • • • European CIP Platform, European CIP Workshop, European CIP Newsletter, European CIP Network of Excellence, and European CIP Website. For the editors of the CIP preprints: Willi Stein Critical Infrastructure Protection (CIP) Workshop (Frankfurt a.M., 29-30 Sept. 2003) - Preface: 2 Critical Infrastructure Protection (CIP) Workshop – Introduction and Goals Willi Stein, BSI Bonn (Germany) willi.stein@bsi.bund.de Bernhard Hämmerli, HTA Lucerne (Switzerland) bmhaemmerli@hta.fhz.ch Hartmut Pohl, FH Bonn-Rhein-Sieg (Germany) Hartmut.Pohl@sang.net Reinhard Posch, A-SIT Vienna (Austria) Reinhard.Posch@cio.gv.at Critical Infrastructure Protection (CIP) Protecting critical infrastructures (CI), such as communications, transportation, and energy (see Figure 1), against disruption of any kind is increasingly crucial in maintaining both domestic stability and national security. The Critical Infrastructure Protection (CIP) approach is broader than the information security approach. CIP includes both, cyber and physical measures to secure systems and assets whose incapacity or destruction would have a debilitating impact on the national security, and the economic and social well being of a nation (and its neighbours in physical and cyber space). CIP and CIIP Critical Information Infrastructure Protection (CIIP) is a subset of CIP. CIIP focuses on the protection of information technology systems and assets including components such as telecommunications, computers/software, Internet, satellites, etc., and on interconnected computers and networks, and the services they provide [from CIIP Handbook 2002]. CIP is a challenge within each nation’s own responsibility that can be supported by bilateral and transnational activities. Origin of the concept The core concept of CIP, as in the process of implementation now, was developed in the US between 1996 and 1999, where the scientific and socio-technological foundations of CIP had been worked out by the RAND Corporation www.rand.org, beginning about 1989. Detailed CIP and CIIP documentation is provided at www.ciao.gov/, www.pcis.org/, www.thei3p.org/, www.iwar.org.uk/ and at other links. Sector and layer models are used as illustrations for how critical infrastructures are organised. Meanwhile there exists an increasing number of CIP/CIIP-related activities outside the USA. Critical infrastructure approaches in Germany www.bsi.bund.de/fachthem/kritis/index.htm, e.g., include the sectors: 1. 2. 3. 4. 5. 6. 7. telecommunications and IT infrastructures; energy (i.e., electricity, oil and gas); banking, finance and insurance; transport systems; public health care (including food and potable water); emergency and rescue services; government and public services (incl. police, customs and armed forces) Telecom & IT Government & Public Services Energy Modelof ofIT-InterIT-InterModel connectedInfraInfraconnected structureSectors Sectors structure Financial Services Transport Emergency & Rescue Health Care Figure 1: Model of IT-Interconnected Infrastructure Sectors Critical Infrastructure Protection (CIP) Workshop (Frankfurt a.M., 29-30 Sept. 2003) - Paper 1.1, Page: 1 European CIP activities European CIP activities presently include, e.g.: 1. the EU-supported initiatives DDSI www.ddsi.org/ (with country surveys), ACIP www.eu-acip.de/, and AMSD www.am-sd.org/; 2. the German private industry initiative www.aksis.de/; 3. Swiss Federal Strategy Unit for Information Technology (FSUIT) www.isb.admin.ch , the InfoSurance Foundation www.infosurance.ch/ and the Comprehensive Risk Analysis and Management Network (CRN) www.isn.ethz.ch/crn with conferences, documentation, and the CIIP Handbook (2002); 4. Norwegian protection approaches, started already in the early 1990s www.dsb.no/; 5. the Netherlands infrastructure studies www.tno.nl/instit/fel/ts/prj/critical-infrastructure-protection.html; 6. the CIO activities of the Austrian government www.cio.gv.at/; 7. the Swedish National Center of IO/CIP www.fhs.mil.se/institut/kvi/cios/english/index.html, the CRIS institute www.cris-inst.com/ and the Swedish Emergency Management Agency (SEMA) www.krisberedskapsmyndigheten.se/; 8. the UK activities at the National Infrastructure Security Co-ordination Centre www.niscc.gov.uk/ , at UK Resilience http://ukresilience.info/ and at the Information Assurance Advisory Council (IAAC) www.iaac.org.uk/; 9. explorations for a US-EU collaboration www.eecs.berkeley.edu/CIP/US-EU/agenda.html; 10. and, last not least, the Research Activity EU/IST (FP6) www.cordis.lu/ist/ with “Dependability” www.cordis.lu/ist/cpt/dependability.htm (including, e.g., the projects Examine and Safeguard) and Key Action 2 “Dependability of Information Infrastructures” www.cordis.lu/ist/ka2/dependability.html. CIP activities outside the USA and outside Europe Of further interest are the CIP activities outside the USA and outside Europe, e.g.: 1. of Canada www.ocipep.gc.ca/; 2. of Australia www.noie.gov.au/ www.nationalsecurity.gov.au/ www.defence.gov.au/predict/ www.ag.gov.au/ www.cript.gov.au/; 3. and of New Zealand www.ccip.govt.nz/ www.e-government.govt.nz/niip/index.asp. Goals of the workshop This workshop is intended to promote IT-oriented research and development in the emerging field of Critical Infrastructure Protection (CIP) and to contribute to the definition of R&D strategies with an European CIP focus. More precisely, the workshop tries to promote the exchange of ideas, focus on national policies and common interests, gain in understanding/deepening of central research questions, and perception of interdisciplinary challenges. Based on initiatives from Austria, Switzerland and Germany, this is one of the first CIP workshops with an IT orientation in Europe. Thus one goal of the workshop should be bridging the (in all countries still existing) gaps between the communities of information security (InfoSec) and of critical infrastructure protection (CIP/CIIP). The target group of this workshop consists of officials, policy analysts, practitioners and researchers involved in the protection of international critical infrastructures against cyber-security threats. In our understanding, the next scientific steps on the way to an Europe-wide co-operative protection of critical infrastructures could include projects like these: • • • • • European CIP Platform, European CIP Workshop, European CIP Newsletter, European CIP Network of Excellence, and European CIP Website. Critical Infrastructure Protection (CIP) Workshop (Frankfurt a.M., 29-30 Sept. 2003) - Paper 1.1, Page: 2
