Assurance Cases: An Approach to Communicating Infrastructural Security Risks

Critical infrastructures are characterized by the number of actors that operate the different interconnected constituent systems. The protection of the critical infrastructure as a whole results from the individual actions of those many operators. Any decision about the adequacy of the protection level requires the communication of the respective security situations: among the infrastructure operators for their mutual assurance, to the authorities for policy decisions related to national security and the welfare of society, and to the end-users of the infrastructure. Nowadays, there is standard method for communicating these assurance levels. But there are other fields where similar situations have been solved with structure methods. For instance, in the European nuclear, railways and military fields, it is common to make use of the so-called Safety Case. The presentation will discuss the challenges foreseen in the development of Assurance Cases for critical infrastructures, taking into consideration their particular characteristics: dynamic vulnerabilities and threats, multiplicity of stakeholders, etc., with special consideration of malicious attacks and security requirements. In addition, the talk will present the evolution of the research done on the application of Assurance Cases to summarizing the results of assessments for the sake of facilitating the dialogue between operators, authorities and end users.

MASERA Marcelo; 

2011-02-09

Virginia Tech University

JRC32873

http://www.cimap.vt.edu/CIIA/Papers/Session1-1-Marcelo.pdf,    https://publications.jrc.ec.europa.eu/repository/handle/JRC32873,