Post on 04-Aug-2015
!
Towards a Safe, Secure Society!- Resilience and IT Risks in Social Infrastructures -
Contact: Dr. Sven WOHLGEMUTH – DAAD Postdoctoral Scholar at the Digital Content and Media Sciences Research Division TEL : 03-4212-2594 FAX : 03-3556-1916 (c/o Prof. Dr. Echizen) E-mail : wohlgemuth@nii.ac.jp WWW: www.nii.ac.jp/jeisec
Social Infrastructures and ICT ICT as a Basic Infrastructure of Social Infrastructures
• In 2050, 70% of the world population will live in cities (UN) • Cities face major challenges like logistic bottlenecks, pollution,
employment, elderly society, education, public security, … • ICT supports cities' social infrastructures by making service
processes, security measures, and coordination activities more efficient: observe, evaluate, coordinate, and optimize status and flows of a city (e.g. resources and people)
• Social infrastructures are protected against expected threats from crime, terrorism, and natural disasters
But: What about risks from unexpected, inevitable threats?
Resilience and IT Risks in Social Infrastructures
Resilient ICT: Transparency by Evidences
Isao Echizen Sven Wohlgemuth Noboru Sonehara National Institute of Informatics, Tokyo, JP"
A Min Tjoa Vienna University of Technology, A"
Social infrastructures
Secu
rity
dom
ain
of E
cono
my
Secu
rity
dom
ain
of E
mpl
oym
ent
Secu
rity
dom
ain
of E
nerg
y
Secu
rity
dom
ain
of E
lder
ly S
ocie
ty
Secu
rity
dom
ain
of E
duca
tion
Employm
ent
Elderly
Society
Education
Energy
Criteria for Resilient ICT
Economy
Resilience: Resistance against attacks + Mitigate attacks (prevent & protect + respond & recover)
Equilibrium
• ICT still has to provide its services and data according to the protection goals of IT-Security (confidentiality, integrity, availability)
• Availability: Replace failed ICT services on-demand by similar ICT services But: On-demand flexibility of ICT raises new risks due granting access to "outsider" of a security domain
Günter Müller University of Freiburg, D"
Transparency by Evidences
• Possibility to understand and restore all ICT states at anytime • Enable to monitor ICT systems and to identify indirect
relationships between ICT services • No central point of control/coordination • Evidences indicates an ICT system's state transition differing from
target states
Research Areas
Resilient Risk Assessment (RA1)
Resilient ICT Services (RA2)
Resilient ICT Infrastructure (RA3)
Technical
Human Legal et al.
Interferences
1. Identification of basic services
2. Identification of risk scenarios
3. Usage control mechanisms
4. Evaluation of evidences
Risks
Interferences Interferences
Risks RisksRisks
5. Process re-engineering
Approach
- New processes
- Modified processes
2) Consequences
Economy
Employm
ent
Elderly
Society
Education
Energy
Social infrastructures
- Crime, terrorism, and natural disasters
- Damages/Failure of ICT services
1) Unexpected, inevitable Interferences by
- Cascading interferences
- Interoperability
3) Additional Risk: "Outsider" becomes "Insider"
- Controllability
- Non-availability of services/data
- Non-authorized access to services/data
- Incorrect data
4) Resultant Interferences by
- Privacy violation
- Physical damages
ICT