Analyzing security risks in critical infrastructures embedded in systems of systems: How to capture the impact of interdependencies

Our economy and national well-being is highly dependent on Critical Infrastructures (CIs). Today, CIs rely heavily on ICT and are often embedded within systems of systems. This makes CIs particularly vulnerable to security threats. In this paper we address the methodological challenge of how to estimate the impact that interdependencies within a System of Systems (SoS) have on the overall security risk picture of an embedded CI. becomes possible, at least in theory, to access the ICT systems from anywhere in the world. This makes information security (International Organization for Standardization 2005) a central part of Critical Infrastructure Protection (CIP), and this is also supported by numerous examples of ICT incidents in CIs, such as (Poulsen 2003, Poulsen 2004, Lemos 2007). Informally, an SoS may be thought of as a kind of “super system” comprised of a set of interconnected systems that work together towards some common goals. One example is the system consisting of the electrical grid and its supporting systems, such as telecommunication systems. Here the common goal is to provide electrical power. It is also an example of a CI embedded within an SoS. To assess the security of a CI within an SoS may be extremely challenging. Firstly, the individual systems in an SoS may be highly dependent. Secondly, the individual systems may be under different managerial control and within different jurisdictions. For the systems that are outside our control, we often have a limited knowledge of their security risks, structure, and behavior. In general, it is much easier to model and analyze intradependencies between systems that are controlled by the same party, than interdependencies between systems in an SoS, of which many we have only restricted documentation and control. In this paper we address these challenges. In particular, how to estimate the impact that interdependencies within an SoS have on the overall security risk picture of an embedded CI. The rest of the paper is structured as follows: In Section 2 we provide definitions for different types of dependencies. In Section 3 we demonstrate our