Services

Effetto domino, valutazione degli impatti e Segreteria di Coordinamento Interministeriale per le Infrastrutture Critiche (SCIIC)
Luisa Franchina
Marco Carbonelli
Laura Gratta
Mara Crisci
Convegno AIIC, Roma, 29 marzo 2010
Definition of Critical Infrastructure
From Directive 114/08 EC
“Critical Infrastructure” means those assets, systems
or parts thereof located in the EU Member States
which are essential for the maintenance of vital
societal functions, health, safety, security, economic
or social well-being of people, and the disruption or
destruction of which would have a significant impact
in a Member State as a result of the failure to maintain
those functions;
Definition of European Critical
Infrastructure
From Directive 114/08 EC
“European Critical Infrastructure” means critical
infrastructure located in the EU Member States the
disruption or destruction of which would have a
significant impact on at least two Member States of
the EU. The significance of the impact shall be
assessed in terms of cross-cutting criteria. This
includes effects resulting from cross-sector
dependencies on other types of infrastructure;
Art. 3
Pursuant to the procedure provided in Annex III, each
Member State shall identify potential ECIs which both satisfy the cross-cutting
and sectoral criteria and meet the definitions set out in Article 2(a) and (b).
……
The cross-cutting criteria referred to shall comprise the following:
(a) casualties criterion (assessed in terms of the potential number of
fatalities or injuries);
(b) economic effects criterion (assessed in terms of the significance of
economic loss and/or degradation of products or services; including potential
environmental effects);
(c) public effects criterion (assessed in terms of the impact on public
confidence, physical suffering and disruption of daily life; including the loss of
essential services).
…….
The cross-cutting criteria thresholds shall be based on the severity of the
impact of the disruption or destruction of a particular infrastructure
From Risk analysis to Impact analysis
Risk = f (Threat, Vulnerability, worst Exposure)
Impactevent
• real “exposure” at “ground zero” (victims,
economics, pub. consequences, …)
• effectiveness of the attack
• effectiveness of the reaction
Impactdomino
• sum of consequences of outage of CIs
involved in the domino effect (victims,
economics, pub. consequences, …)
• “mitigation” factors
We need a scalable model!
Regional level tool
Customized scenario
Threat independent
Vulnerability independent
Down to Operator level
Large confidence interval
(order of magnitude)
Widely applicable
Loose scenario definition
Threat independent
Vulnerability independent
Anonymous
rough
eq
r
fo
n
i
f
to
un
o
am
Easy to run
Fast
scale
e
ui r
d
Narrow confidence interval
(refined assessment)
detailed
DOMINO
Project
PCM-DPC, FUB, FORMIT, THEOREMATICA
Partner : UK, Bulgaria, France
Started march 2010, end march 2012
Commonly recognized CI sectors
EU
G8
USA
ICT
ICT
Information technology +
Communications
Water
Energy
Water + Dams
Energy
Energy
Nuclear fuel-cycle industry (for
radiological hazard)
Nuclear
Food
Agricolture and food
Health
Public health care
Public health care
Financial
Finance
Banking and Finance
Transport
Transport and Logistic
Transportation system +
Postal and shipping
Chemical industry
Chemical
Space
Monuments and icons
Government and administration
Government facilities
Defense industrial base
Commercial facilities
Emergency response organization
Emergency services
Critical manufacturing
Social sciences: classification of needs
From Maslow hierarchy
to School of "Human Scale Development" developed by Manfred Max-Neef and others
“Fundamental human needs are seen as ontological (stemming from the condition of being
human), are few, finite and classifiable (as distinct from the conventional notion of
conventional economic “desires" that are infinite and insatiable)”
NACE
NACE is derived from the French title
“Nomenclature générale des Activités
économiques dans les Communautés
Européennes”
(Statistical classification of economic
activities in the European Communities)
NACE Sections
NACE structure (Rev.2, 2008)
Item definition criteria
Enabling factor
to satisfy needs
(e.g. finance, crude oil)
Directly satisfies
a need (e.g.
food)
Items
Typical Generation
Chain
Refinement based on the generation chain
(e.g. frozen food, fresh food, …)
Production
Transport
Distribution
Fruition
DOMINO “working” list of items (1)
Agriculture, forestry and
fishing
• agricolture and its products
• animals and their products
• fishing and its products
• forestry
• wood
Water
• drinkable water
• irrigation water
• water for industrial use
Food
• frozen food
• fresh food
• unperishable food
• beverages (including bottled
water)
Energy
• electricity
• LPG (GPL)
• oil
• fuel
• coal
• methane
DOMINO “working” list of items (2)
Transport and logistic
• road transport infrastructures
• road transport logistic
• air transport infrastructures
• air transport logistic
• rail transport infrastructures
• rail transport logistic
• sea/oceanic transport
infrastructures
• sea/oceanic transport logistic
• inland waterway transport
infrastructures
• inland waterway transport
logistic
Health services
• public and private medical
services
• social motivation
(psychological wellness,
availability to work)
• manpower
• social assistance
• medicines and medical aids
• emergency services
• veterinary services
• pharmaceutics
DOMINO “working” list of items (3)
Commerce
• wholesale
• retail sales
Finance
• cash
• financial services
• reinsurance and pension
funding
• stock market and
securities
Information and
communication
• radio information
• television information
• internet information
• publishing
• postal service
• data exchange
• fixed phone services
• internet phone services
• mobile phone services
• satellite services
DOMINO “working” list of items (4)
Environment
• hazardous sites
• environment
• dams
• wastewater
• hazardous materials
• waste removal
Culture, icons, aggregation
sites
• education
• research
• associationism
• creative, arts, sports,
amusement and
entertainment activities,
cultural heritage
• religion, religious
organizations
DOMINO “working” list of items (5)
Istitutions and public administration
• political institutions (national, regional and local)
• public safety
• services to the population (registry office,
elections, licences, concessions, authorizations,
etc.)
• justice
• defence
DOMINO “working” list of items (6)
Industry
• textile supply chain
• leather and fur supply chain
• chemical supply chain
• metallurgical supply chain
• electronic supply chain
• timber, straw and similar
(fornitures)supply chain
• wood products supply chain
• paper and paper supply chain
• rubber and plastic supply chain
• glass supply chain
•
•
•
•
•
•
•
•
non-metallic minerals
quarrying
ceramics, terracotta, china,
non metallic mineral products
supply chain
metals quarrying
metallic products supply chain
electrical devices, electric
domestic appliances and non
electric domestic appliances
supply chain
machineries and metal
equipments supply chain
construction supply chain
other goods
DOMINO “working” list of items (7)
Services
• accommodation services
• restaurants and food
services
• software, informatics and
linked activities
• real estate activities
• legal and accounting
activities
• advertising and market
research
• laundry and hygiene
• employment activities
(temporary employment
services)
• other services (graphics,
photography, advice..)
Step 1 – item identification
Step 1
Step 2
Step 2
Step 3
Step 4
Step 5
Step 6
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Agriculture, forestry and fishing
Water
Food
Energy
Transport and logistic
Health services
Commerce
Finance
Information and communication
Environment
Institutions and public
administration
Culture, icons, aggregation
sites
Industry
Services
We have a unifying factor
Quality of Service is a
“global” standard, due to
competitiveness,
investments, technological
standards, laws…
Member States share most
of the expected values
(indexes) of Quality of
Services/Goods
Detailing QoS we can narrow the confidence interval
Quality of Service
• In DOMINO project we broadly apply
the concept of QoS to both services
and products
• First of all, QoS gives us information
about the availability (coverage,
market %) of the service/product
• In each specific case, more parameters
can be used
Step 2 – Item analysis
Step 1
n = item number
Step 2
Array of direct dependencies
Step 2
1
Step 3
Step 4
Step 5
Step 6
n
Every X can be generated by a
different component
Array evolution Direct dependencies affecting QoS degradation
Step 3 – Analysis of dependencies
Step 1
Step 2
Step 2
Matrix
of direct dependencies
x x
Step 3
x
x
x
Step 4
x
Step 5
x
Step 6
EU level:
per item
MS level:
per operator
or per asset
Maps
of evolution
of QoS
Degradation
x
Step 4 – DOMINO maps
Step 1
Step 2
Step 2
Step 3
Maps
of evolution
of QoS
Degradation
Step 4
affected
a
f
f
e
c
t
s
Step 5
Step 6
Forecasting of domino effects (large
Forecasting ofscale)
domino effects (local scale)
DOWN TO
OPERATOR ITEM
From QoS degradation maps to DOMINO maps
4 hours
4 hours
4
5
6
24 hours
1
2
3
32 hours
5
6
Item
1
2
3
4 days
4 weeks
Item 6
Item 1
Item 4
4
1
4
2
2
3
4
5
Item 6
8 hours
Item
3
3
4
2
1
1
2
2
3
4
5
Item 6
t=0
Item
5
6
Item 6
5
1
4
3
3
4
2
5
1
1
Item
4 weeks
4 days
24 hours
Item 6
t=0
Item 5
Item 3
Item 2
5
6
Step 5 – From degradation to
severity
Step 1
Step 2
Consequency evolution maps
Step 2
Step 3
Step 4
Severity
Consequences
Fatalities
# deaths
Step 5
Economics
€
Step 6
Pub. Conf…
null low med high
Consequency quantification, gives a value
to the domino map of step 4
per item, per operator, potentially up to asset
tim
e
Public ef. (3)
Step 6 – Figure evaluation
Step 1
Step 2
Figure evaluation based on consequence
quantification, for each ccc dimension
Step 2
Step 3
t=0
VCtot(t=0)
Item x, VC(0)
Step 4
Item k, VC(0)
Step 5
t=4
Item x, VC(4)
VCtot(t=4)
Item t, VC(0)
Step 6
Item n, VC(0)
Item k, VC(20)
t=24
Item m, VC(0)
Item x, VC(24)
VCtot(t=24)
Item t, VC(20)
Item g, VC(0)
Note:
VC= Criticality value
VCtot(t)=ΣVC (t)
.
.
.
5 (2+3) Figures to be
compared to thresholds
SCIIC
Tavolo PIC (Protezione delle Infrastrutture
Critiche)
In 2006 a new body, named “Tavolo interministeriale di
coordinamento ed indirizzo nel settore della protezione delle
infrastrutture critiche (Tavolo PIC)”, has been established,
chaired by the Military Advisor to the President of the
Council of the Ministers.
Tavolo PIC harmonizes national activities and national
position in international fora, so that initiatives taken by
national bodies and Ministries are coherent and synergic.
UCM - SCIIC
31
Tavolo PIC tasks
• It is a task of Tavolo PIC to define national criteria for the
identification of Critical Infrastructures, accounting for what is
already established by NATO, EU and possible other
international fora. Work is in progress on this issue.
• Based on national criteria, each Ministry will identify Critical
Infrastructures, also prioritizing them
• Tavolo PIC will deploy a unique list, ordered by priority
• Tavolo PIC also coordinates national activities for the
identification of ECI, according to Directive 114/08 CE
UCM - SCIIC
“Tavolo PIC” members
• PCM - DIPARTIMENTO DELLA PROTEZIONE CIVILE
• PCM - DIPARTIMENTO PER LE POLITICHE COMUNITARIE
• PCM - DIPARTIMENTO PER L’INNOVAZIONE E LE TECNOLOGIE
• PCM - DIPARTIMENTO PER L’INFORMAZIONE E L’EDITORIA
• PCM - DIPARTIMENTO PER GLI AFFARI GIURIDICI E LEGISLATIVI
• PCM - DIPARTIMENTO PER LE RISORSE STRUMENTALI
• PCM - DigitPA (ex CNIPA)
• PCM - DIPARTIMENTO DELLE INFORMAZIONI PER LA SICUREZZA (DIS)
• PCM - AGENZIA INFORMAZIONI E SICUREZZA ESTERNA (AISE)
• PCM - AGENZIA INFORMAZIONI E SICUREZZA INTERNA (AISI)
•MINISTERO DEGLI AFFARI ESTERI
•MINISTERO DELL’INTERNO
•MINISTERO DELLA DIFESA
•MINISTERO DELLE INFRASTRUTTURE E DEI TRASPORTI
•MINISTERO DELLO SVILUPPO ECONOMICO
•MINISTERO DELLA SALUTE
Segreteria di Coordinamento
Interministeriale per le IC - SCIIC
O.P.C.M. 30 dicembre 2009, n. 3836, Art. 2:
“Al fine di assicurare la più proficua coerenza e
sinergia tra le iniziative ed attività delle
amministrazioni interessate, il nucleo operativo
3275/03, oltre alle attribuzioni derivanti dalla
medesima ordinanza, costituisce anche segreteria
per il coordinamento interministeriale delle
attività nazionali, anche in consessi
internazionali, riguardanti le infrastrutture
critiche, alle dipendenze funzionali del
Consigliere Militare del Presidente del Consiglio dei
Ministri.”
UCM - SCIIC
Tavoli di lavoro misti pubblico-privato
La SCIIC intende promuove l’attività dei Tavoli Settoriali
Trasporti
ICT
Energia
Finanza
Acqua
Tavolo intersettoriale
Sanità
Industria
Alimentazione
…
UCM - SCIIC
Information sharing in Italy
• First experience in 2006, established ISAC TLC,
Information Sharing and Analysis Center
on TLC security
Features
• Under Italian Communication Ministry coordination
• Main Italian Operators in fixed and mobile
communications
• NO real time alerting or warning
• Implementation of an e-room for information sharing
E-ROOM for TLC
E-ROOM for TLC:
Repository for sharing
E-ROOM for TLC:
Anonymity
La partecipazione italiana ai progetti
finanziati dal programma EPCIP 2007/09
UCM - SCIIC
Ripartizione dei finanziamenti per progetti
nel programma EPCIP 2007/09
SE
BE CY
HU
EE
FR
DE
GR
ES
RO
CZ
Nessun progetto finanziato
AT
BG
DK
SF
IE
LV
LT
LU
MT
PT
SK
SI
IT
UK
PL
NL
UCM - SCIIC
41