Modelling and Simulation of the response process for an emergency at the Great Belt bridge
-
Upload
infinit-innovationsnetvaerket-for-it -
Category
Technology
-
view
567 -
download
0
Transcript of Modelling and Simulation of the response process for an emergency at the Great Belt bridge
![Page 1: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/1.jpg)
Experience Report: Modelling and Simulation of Railway Emergency Response Plans
ITU ProSec, May 2nd, 2016
Søren Debois Joint work with Thomas Hildebrandt & Lene Sandberg
![Page 2: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/2.jpg)
Plan• Cyber-threats to Critical Infrastructure
• The method
• The Great Belt Bridge incident case
• Collaborative mapping & simulation
• Conclusions
![Page 3: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/3.jpg)
Cyber-threats & Infrastructure
![Page 4: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/4.jpg)
Cyber-physical attacks on Critical Infrastructure
• Operators (DSB, BaneDanmark) robust against physical incidents, including terrorism.
• Operators IT system landscape very large and varied.
• However, traditional “No-IT” approach to train operators still form foundations of day-to-day operations.
![Page 5: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/5.jpg)
The potential weakness
• Cyber-physical assault: Combined physical & cyber attack.
• Do emergency response plans hold up when both IT and physical infrastructure is physically attacked?
![Page 6: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/6.jpg)
How to investigate?• Extensive emergency response plans exist. Drills are
performed regularly.
• Let’s simulate!
• But wait! Paper-based rehearsals don’t actually use ICT systems. How to simulate?
• We need to simulate both the actions of drill participants and breakdowns of IT systems.
• We have to be sure no-one “cheats” by accidentally assuming some system is functioning.
![Page 7: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/7.jpg)
Declarative Process Models
• Formal model of emergency response process.
• Give enormous freedom within a set of rules.
• No-one cheats accidentally; the model won’t allow it.
![Page 8: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/8.jpg)
Example
![Page 9: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/9.jpg)
How do we try this out?
How do we get the process model?
![Page 10: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/10.jpg)
Case: Great Belt Bridge
![Page 11: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/11.jpg)
Collaborative mapping
• Extensive documentation of emergency response procedures exists.
• We sat down with domain experts from DSB & BaneDanmark and constructed a model based on that documentation.
![Page 12: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/12.jpg)
![Page 13: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/13.jpg)
How do we know whether this model is meaningful?
![Page 14: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/14.jpg)
Collaborative simulation
• Simulation gives the ability to explore un-anticipated paths and “what-if” scenarios.
• Collaborative simulation brings a new level of realism, especially for coordination problems of emergency response scenarios.
![Page 15: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/15.jpg)
Simulation study, Metropol
• At Metropol, students of Emergency and Risk Management as participants.
• Tool provided insufficient overview.
• Tool did not hide available and executed actions of other participants .
![Page 16: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/16.jpg)
Simulation study, DSB
• At DSB, with DSB emergency response team lead and experienced train driver.
• Recommendations: Pictures, text, documentation in-tool.
![Page 17: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/17.jpg)
Conclusions
![Page 18: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/18.jpg)
Conclusions
• Collaborative mapping and simulation of emergency response processes is a viable means of studying ICT/Cyber-physical vulnerabilities.
• DCR Formalism accessible to domain experts (with assistance)
• DCR Tooling almost there.
![Page 19: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/19.jpg)
Future work
• Integrating the IT system landscape into the model.
![Page 20: Modelling and Simulation of the response process for an emergency at the Great Belt bridge](https://reader034.fdocuments.in/reader034/viewer/2022042723/58ed32e31a28abfd358b4629/html5/thumbnails/20.jpg)
Thank you!
Søren Debois