Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
www.improverproject.eu@improverproject
2ND IMPROVER/ ERNCIPWORKSHOPIMPROVEDRISKEVALUATIONANDIMPLEMENTATIONOFRESILIENCECONCEPTSTOCRITICAL
INFRASTRUCTURE
DavidLange,[email protected]
Assessmentofcriticalinfrastructureresilience§ There are several nationaldefinitionsof CIResilience inEurope
§ There isnoEUdefinitionof theterm
§ Mostofficial European documents refer to societal resilience§ e.g. EUStrategyforSupportingDisasterRiskReductioninDevelopingCountries
§ Relativelysmallbodyofworkfocussingonimplementationofresiliencetoinfrastructure:§ ArgonnelaboratoriesRMI§ AIICGuidelinesforcriticalinfrastructureresilienceevaluation§ Hollnagels ResilienceAssessmentGrid
§ Allrelyonasummationofdifferentlevelsofindicators
Analysingresilience(1)§ Guidelinesforcriticalinfrastructures
resilienceevaluation(AIIC)§ BenchmarkResilienceTool(Resilient
Organisations)
Analysingresilience(2)§ ResilienceMeasurementIndexand
InfrastructureSurveyTool(Argonne)
Measuringresilience(3)§ ResilienceAssessmentGrid
CriticalInfrastructureResilienceIndex(IMPROVER)§ Level1– thecrisis
managementcycle
§ Level2– genericindicators
§ Level3– given,measureableindicators§ Technological
§ Organisational
§ …
§ Level4– Sector/applicationspecific,measurableindicators
X1.2.l
...X1.2.b
Thecontext(Domain,Hazard,Situation)
A B C D E F GLevel1Given
B1Level2Given,A/NA,Additionspossible
B2
Bn
B1.1
B1.2
B1.m
Level3Mainlygiven,A/NA,Weighted,Additionspossible
Transformationofspecificindicatormetricstoprocessmaturitylevels
X1.2.a
Level4Specificindiactors
CIRIAccumulatedresilience
index
§ Cobit1. Non-existing
2. Initial/ad-hoc
3. Repeatablebutintuitive
4. Definedprocess
5. Managedandmeasurable
6. Optimised
§ Measured/Calculated
Discussion§ Theintendeduseofthesemethodologiesvariessignificantly§ Comparisonagainstsimilarinfrastructuresororganisations§ Measuringtheresilienceofasingleasset§ Monitoringresilienceovertime
§ Radarcharts
§ Maturityscales
IMPROVERFramework
§ WeproposeageneralframeworkforresilienceassessmentofCI,whichremainscompatiblewiththecurrentguidelinesfortheMS
§ IntegratestheparadigmofresilienceintotheRAprocessaccordingtoISO31000
§ Consistsofthreelevels,namelythe§ (a)asset (focusonindividualCIassets),§ (b)system (focusondependenciesbetweenCIassets)and§ (c)nationalor regional (focusonsocietalaspects)levels
§ Outputsriskandresiliencetreatmentplansonbothanassetandasystemlevel
§ Flexible– neitherdomainoranalysismethodologydependent
ThesuccessfulimplementationoftheconceptofresiliencetoCIreliesonitssuccessfulintegrationinexistingsecurityactivities;includingtheriskassessmentsataCIoperator,asystemandanational(orregional)level.
9
Definitions§ StartingfromdefinitionsusedinISO31000forRAwemapthesetoresilience:§ Resilienceanalysisistheprocesstocomprehendandtodeterminethelevelofresilience,basedonselectedresilienceindicators
§ Resilienceevaluationistheprocessofcomparingtheresultsofresilienceanalysiswithcriteriaorobjectivestodeterminewhetherresiliencelevelisacceptableandidentifyareasforimprovement
§ Resilienceassessmentistheoverallprocessofresilienceanalysisandevaluation§ Resiliencetreatmentis theprocesstomodifyresilience,focusingontheabsorptive,adaptiveorrestorativecapacity
§ Resiliencemanagementcomprisescoordinatedactivitiestodirectandcontrolanorganisationwithregardtoitsresilience,includingtheaboveprocesses
ThisprojecthasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnovationprogrammeundergrantagreementno.653390
DavidLange,[email protected]