Risk management is a core duty in critical infrastructures as operated by utility providers. Despite the existence of numerous risk assessment tools to support the utility providers in estimating the nature and impact of possible incidents, risk management up till now is mostly a matter of best practice approaches. Risk management tools are mostly focused on one of two major topics: – the utility network physical infrastructure, consisting of, e.g. gas, water pipes or power lines – the utility’s control network including SCADA (Supervisory Control and Data Acquisition) networks and business and information systems. In the context of utility providers, these network types exhibit a significant interaction, and therefore risk management methods that focus on just one of these network types might be insufficient – referred to as interconnected utility infrastructures in this description. The main objective of this project is to identify and evaluate ‘Hybrid Risk Metrics’ for assessing and categorising security risks in interconnected utility infrastructure networks in order to provide foundations for novel protection and prevention mechanisms. The project will provide utility network providers with a risk assessment tool that – in adherence with, e.g., the BSI or ICNC recommendations – supports qualitative risk assessment based on numerical (quantitative) techniques. For that matter, our method will explicitly account for the infrastructure’s two-fold nature in terms of the utility network and the control network alongside it. The expected impact is thus a movement away from best practice only, towards the treatment of risk in utility networks based on a sound and well-understood mathematical foundation. The project will take an explicit step towards considering security in the given context of utility networks, ultimately yielding a specially tailored solution that is optimal for the application at hand.
COORDINATOR: AIT Austrian Institute of Techonology GmbH
- ETRA I+D S.A. – Spain.
- UNIVERSITÄT PASSAU – Germany
- LANCASTER UNIVERSITY – United Kingdom
- AKHELA SRL – Italy
- SUMINISTROS ESPECIALES ALGINETENSES COOP. V. – Spain
- LINZ AG FUR ENERGIE, TELEKOMMUNIKATION, VERKEHR UND KOMMUNALE DIENSTE – Austria.
KEY WORDS: Risk management, SCADA, game theory, security