Architectural Model for Information Security Analysis of Critical Information Infrastructures

Critical Information Infrastructures (CII) are computer systems and networks that support and control operations of many critical infrastructures that our society depends on, such as power plants, electrical grids, and water and waste facilities. Since the operations of CII also effect physical world, they are a good example of large-scale, critical cyber-physical systems. In recent years, CII become an attractive target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world. Thus ensuring the security of CII is of vital importance. A fundamental prerequisite to secure a CII system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale, this is challenging to acquire. In this paper, we propose a layered architectural view for CII, which aims at building a common ground among stakeholders and supporting the implementation of information security management processes. In order to manage the complexity and scale, we define four interrelated architectural layers, and use the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of CII security analysis.