Managing the Complexity of Critical Infrastructures

This chapter introduces the concept of Critical Infrastructure (CI). Although old civilisations had CI, the protection and resilience of CI has come to the fore again in the last two decades. The risk to society due to inadvertent and deliberate CI disruptions has largely increased due to interrelation, complexity, and dependencies of these infrastructures. The increased use of information and telecommunication technologies (ICT) to support, monitor, and control CI functionalities has contributed to this. The interest in CI and complex systems is strongly related to initiatives by several governments that from the end of the 90s of the previous century recognised the relevance of the undisturbed functioning of CI for the wellbeing of their population, economy, and so on. Their policies highlighted early the increasing complexity of CI and the challenges of providing such CI services without disruption, especially when accidental or malicious events occur. In recent years, most national policies have evolved following a direction from protection towards resilience. The need for this shift in perspective and these concepts are also analysed in this chapter.

This chapter provides an overview about dependencies among infrastructures and discusses how they can be adequately captured, modelled and analyzed. It provides a taxonomy overview of the most adopted methods with a focus on the IIM (Input-output Inoperability Model) and on topological approaches.

The ultimate target of Modelling and Simulation (M&S) activities in the field of CIP is to provide Models, Methodologies and tools to help in the analysis of different crisis’ scenarios and, subsequently, in crisis management decision making. A CIs’ disruptions scenario is simply a sequence of random events following a well-defined chronological order. Generally, each identified scenario produces a set of consequences which is a function of: the initiating event, the concerned CIs and the geo-organizational context of the disrupted CIs. Formal sciences represent the reality of our surrounding world. But formal sciences are imperfect and what we call “reality” is the projection of the inaccessible “Reality” on our world. This projection is the only reality we are talking about in formal sciences. Subsequently, formal sciences construct objects in which small parts of the sensible reality are grasped and formalized. These objects can be called “models”. We are limiting our interest here to formal sciences and engineering activities that cover both conceptual and phenomenological modelling processes. Models are first validated before being admitted in the construction of a global model of the sensible reality. Regarding our focus on crisis scenarios modelling, simulation and analysis (MS&A), engineers’ ambition is to simulate not only independent isolated phenomenon but also interacting multi-physic multi-scale phenomenon.

Critical Infrastructures are an essential asset in modern societies and our everyday life is heavily dependent on their reliable and secure operation. The problem of controlling and managing critical infrastructures is becoming more and more difficult as they are increasing in size due to the growing demand for the services they provide and the geographical spread required. As these infrastructures become larger and more complex, fewer people understand how these networks work and the interactions between all the components. Thus, models are necessary so as to accurately predict their behavior under steady state or under failure/attack scenarios. This chapter provides a review on modeling and simulation approaches of critical infrastructures and in particular of electric power, telecommunications, water supply and drainage systems, and transportation systems.

The objective of this chapter is to introduce and discuss the main phenomenological approaches that have been used within the CI M&S area. Phenomenological models are used to analyse the organizational phenomena of the society considering its complexity (finance, mobility, health) and the interactions among its different components. Within CI MA&S, different modelling approaches have been proposed and used as, for example, physical simulators (e.g. power flow simulators for electrical networks). Physical simulators are used to predict the behaviour of the physical system (the technological network) under different conditions. As an example, electrical engineers use different kind of simulators during planning and managing of network activities for different purposes: (1) power flow simulators for the evaluation of electrical network configuration changes (that can be both deliberate changes or results from of the effects of accidents and/or attacks) and contingency analysis, (2) real time simulators for the design of protection devices and new controllers. For the telecommunication domain one mat resort to  network traffic simulators as for example ns2/ns3 codes that allow the simulation of telecommunication networks (wired/wireless) at packet switching level and evaluate its performances. Single domains simulators can be federated to analyse the interactions among different domains. In contrast, phenomenological simulators use more abstract data and models for the interaction among the different components of the system. The chapter will describe the main characteristic of some of the main simulation approaches resulting from the ENEA and UBC efforts in the CIP and Complexity Science field.

The integration of simulation components into a federated, interoperable simulation environment introduces a large number of engineering challenges. Many of these challenges are technical issues, but there are also several challenges from the project management perspective. For example, when simulation components are provided by different organizations from different domains there is a need to ensure coordinated and timely interaction among these organizations, and a need for a common view on the engineering process. Recognizing and mitigating these technical and project management issues are critical to controlling risk across a simulation development effort. This chapter provides an overview of several standards that have been developed over time in the area of distributed (or federated) simulation. These standards address both simulation environment architecture and engineering process. This chapter starts with an introduction to distributed simulation, followed by an overview of:

Nowadays it is important to note that security of critical infrastructures and enterprises consists of two factors, those are cyber security and physical security. It is important to emphasise that those factors cannot be considered separately and that the comprehensive cyber-physical approach is needed. In this paper we analyse different methods, methodologies and tools suits that allows modelling different cyber security aspects of critical infrastructures. Moreover, we provide an overview of goals an challenges, an overview of case studies (which show an increasing complexity of cyber physical systems), taxonomies of cyber threats, and the analysis of ongoing actions trying to comprehend and address cyber aspects.

In this chapter it is shown that if an appreciable risk is present in the use of Modelling and Simulation (M&S), Verification and Validation (V&V) should be employed to manage and mitigate that risk. The use of M&S in the domain of critical infrastructure (CI) will always be accompanied by such a risk. It is important that a structured approach to V&V is used in order to be more effective and more efficient than just testing without a clear plan. The Generic Methodology for V&V (GM-VV) is a recommended practise in the international M&S community and adopted by large organisations such as NATO. The GM-VV has a number of concepts that allow for a structured approach to V&V. A structured approach to V&V such as the GM-VV leads to a set of handles that allow the best choices for V&V techniques to employ. The choice for a specific technique is dependent on a number of factors such as the needed certainty, the expected residual uncertainty of the proposed technique and its requirements in terms of costs, real-world knowledge, etc. This chapter is divided in 4 parts. The first part has the take away message “You have to do Verification and Validation because there is risk involved”, the second “You have to do it in a structured way if you want to do it more effective and more efficient” and the third “You have to choose the appropriate Verification and Validation technique to balance risk, effectiveness and efficiency.” In the last part some conclusions are drawn.

Decision Support Systems (DSS) are complex technological tools, which enable an accurate and complete scenario awareness, by integrating data from both “external” (physical) situation and current behaviour and state of functioning of the technological systems. The aim is to produce a scenario analysis and to guess identify educated the most efficient strategies to cope with possible crises. In the domain of Critical Infrastructures (CI) Protection, DSS can be used to support strategy elaboration from CI operators, to improve emergency managers capabilities, to improve quality and efficiency of preparedness actions. For these reasons, the EU project CIPRNet, among others, has realised a new DSS designed to help operators to deal with the complex task of managing multi-sectorial CI crises, due to natural events, where many different CI might be involved, either directly or via cascading effects produced by (inter-)dependency mechanisms. This DSS, called CIPCast, is able to produce a real-time operational risk forecast of CI in a given area; other than usable in a real-time mode, CIPCast could also be used as scenario builder, by using event simulators enabling the simulation of synthetic events whose impacts on CI could be emulated. A major improvement of CIPCast is its capability of measuring societal consequences related to the unavailability of primary services such as those delivered by CI.

The EU FP7 Network of Excellence CIPRNet has developed CIPRTrainer, an application that provides a new capability for training crisis management (CM) staff. It enables exploring different courses of action and comparing their consequences (what-if analysis) in complex simulated crisis and emergency scenarios. The simulation employs threat, impact, and damage models and is based on federated modelling, simulation and analysis of Critical Infrastructures. In this chapter, we present an overview of the technical realisation of CIPRTrainer, embed the approach into the state of the art, and elaborate on CIPRTrainer’s user interface and the training experience. The chapter also explains how the models for the complex crisis scenarios have been created, what level of detail could be realised, and how cases of missing data could be handled. As an example, we use a cross-border scenario about a cargo train derailment disaster. In the final sections, the reader learns how to set up, start and perform a training session with CIPRTrainer, how to use ‘what if’ analysis, and how to read the results of consequence analysis.

Interaction processes between two or more model domains can be represented with the help of model coupling. Different methods of coupling apply for different interaction processes. We illustrate this with the help of an exercise. In order to facilitate model coupling of water-related models the OpenMI standard has been developed. This document gives an introduction to the open modelling interface (OpenMI) and explains the steps that are necessary to migrate existing model code to Open MI compliance. An OpenMI composition of a flow simulation model for a river section of the Elbe river (Germany) that is coupled with a model for the control of a hydraulic structure is used to explain how models can be coupled with Open MI and to illustrate the added value of model coupling in terms of improved simulation result.