!

Towards a Safe, Secure Society!- Resilience and IT Risks in Social Infrastructures -

Contact: Dr. Sven WOHLGEMUTH – DAAD Postdoctoral Scholar at the Digital Content and Media Sciences Research Division TEL : 03-4212-2594 FAX : 03-3556-1916 (c/o Prof. Dr. Echizen) E-mail : wohlgemuth@nii.ac.jp WWW: www.nii.ac.jp/jeisec

Social Infrastructures and ICT ICT as a Basic Infrastructure of Social Infrastructures

•  In 2050, 70% of the world population will live in cities (UN) •  Cities face major challenges like logistic bottlenecks, pollution,

employment, elderly society, education, public security, … •  ICT supports cities' social infrastructures by making service

processes, security measures, and coordination activities more efficient: observe, evaluate, coordinate, and optimize status and flows of a city (e.g. resources and people)

•  Social infrastructures are protected against expected threats from crime, terrorism, and natural disasters

But: What about risks from unexpected, inevitable threats?

Resilience and IT Risks in Social Infrastructures

Resilient ICT: Transparency by Evidences

Isao Echizen Sven Wohlgemuth Noboru Sonehara National Institute of Informatics, Tokyo, JP"

A Min Tjoa Vienna University of Technology, A"

Social infrastructures

Secu

rity

dom

ain

of E

cono

my

Secu

rity

dom

ain

of E

mpl

oym

ent

Secu

rity

dom

ain

of E

nerg

y

Secu

rity

dom

ain

of E

lder

ly S

ocie

ty

Secu

rity

dom

ain

of E

duca

tion

Employm

ent

Elderly

Society

Education

Energy

Criteria for Resilient ICT

Economy

Resilience: Resistance against attacks + Mitigate attacks (prevent & protect + respond & recover)

Equilibrium

•  ICT still has to provide its services and data according to the protection goals of IT-Security (confidentiality, integrity, availability)

•  Availability: Replace failed ICT services on-demand by similar ICT services But: On-demand flexibility of ICT raises new risks due granting access to "outsider" of a security domain

Günter Müller University of Freiburg, D"

Transparency by Evidences

•  Possibility to understand and restore all ICT states at anytime •  Enable to monitor ICT systems and to identify indirect

relationships between ICT services •  No central point of control/coordination •  Evidences indicates an ICT system's state transition differing from

target states

Research Areas

Resilient Risk Assessment (RA1)

Resilient ICT Services (RA2)

Resilient ICT Infrastructure (RA3)

Technical

Human Legal et al.

Interferences

1. Identification of basic services

2. Identification of risk scenarios

3. Usage control mechanisms

4. Evaluation of evidences

Risks

Interferences Interferences

Risks RisksRisks

5. Process re-engineering

Approach

- New processes

- Modified processes

2) Consequences

Economy

Employm

ent

Elderly

Society

Education

Energy

Social infrastructures

- Crime, terrorism, and natural disasters

- Damages/Failure of ICT services

1) Unexpected, inevitable Interferences by

- Cascading interferences

- Interoperability

3) Additional Risk: "Outsider" becomes "Insider"

- Controllability

- Non-availability of services/data

- Non-authorized access to services/data

- Incorrect data

4) Resultant Interferences by

- Privacy violation

- Physical damages

ICT