INDEXINDEX

1.1. Asymmetric Warfare e.g. Unrestricted WarfareAsymmetric Warfare e.g. Unrestricted Warfare

2.2. Definition of Critical InfrastructureDefinition of Critical Infrastructure

3.3. A Network of Interconnected Macro SystemsA Network of Interconnected Macro Systems

4.4. Implications & ComplicationsImplications & Complications

5.5. Threat ExpositionThreat Exposition

6.6. Threat Scenario Threat Scenario –– Cyber AttacksCyber Attacks

7.7. Threat Scenario Threat Scenario –– Cyber AttackersCyber Attackers

8.8. Threat Scenario Threat Scenario –– ContextContext

9.9. Defense Strategies Defense Strategies –– Risk ManagementRisk Management

10.10. Defense Strategies Defense Strategies –– Resistance and ResilienceResistance and Resilience

11.11. Resilience, Redundancy and Attack ResistanceResilience, Redundancy and Attack Resistance

12.12. An Efficient SolutionAn Efficient Solution

Technology

HighLow

Pow

er

Strong

Weak

Mechanic War

Peace War

Systemic WarDirty War

ICT War

WeWe are are rapidlyrapidly movingmoving towardstowards the ICT the ICT War…War… High High technologicaltechnological skillsskills versusversus weakweakpower…power… In In otherother wordswords the epitome of THE ASYMMETRIC WARthe epitome of THE ASYMMETRIC WAR

1.1. Asymmetric Warfare e.g. Unrestricted WarfareAsymmetric Warfare e.g. Unrestricted Warfare

2.2. Definition of Critical InfrastructureDefinition of Critical InfrastructureA system that is so vital for the equilibrium of an organizationA system that is so vital for the equilibrium of an organization that its destruction or that its destruction or incapacitation could have a debilitating impactincapacitation could have a debilitating impact

energy

air traffic

public transport

banks and financial systemstelecommunication

s

critical communications hubs

emergency

utilitiesmilitary intrusion

During the last decades, critical infrastructures have increasedDuring the last decades, critical infrastructures have increased their dependence on ICTtheir dependence on ICT

3.3. A network of Interconnected Macro SystemsA network of Interconnected Macro Systems

Each system is composed of different layers:Each system is composed of different layers:

••PhysicalPhysical

••DigitalDigital--cybercyber

••OperativeOperative

••StrategicStrategic--organizationalorganizational

Interconnection and Interconnection and InterdependencyInterdependency are are essentialessential featuresfeatures of macro of macro systemssystems

CI 2

CI 1

CI 4CI 3

4.4. Implications & ComplicationsImplications & Complications

Fading bordersFading borders

Cascade effectsCascade effects UnpredictabilityUnpredictability

ComplexityComplexity InterconnectionInterconnection

Different layersDifferent layers

Different Different modelizationmodelization

5.5. Threat ExpositionThreat ExpositionSpeeding up of internal processes + Growing demand for interactiSpeeding up of internal processes + Growing demand for interactivity vity

= Great number of access points and doors to critical infrastruc= Great number of access points and doors to critical infrastructurestures

A long term approach is needed when dealing with Critical InfrasA long term approach is needed when dealing with Critical Infrastructure Protectiontructure Protection

6.6. Threat Scenario Threat Scenario –– Cyber AttacksCyber Attacks

Cyber attacks are the main threat against critical systems due tCyber attacks are the main threat against critical systems due to their increased dependence o their increased dependence upon information technologyupon information technology

7.7. Threat Scenario Threat Scenario –– Cyber AttackersCyber AttackersIt is vital to identify the motives behind cyber attackersIt is vital to identify the motives behind cyber attackers

Monetary gain is the key motivatorMonetary gain is the key motivator

8.8. Threat Scenario Threat Scenario -- ContextContextCommon attacks Common attacks exploitexploit systems’ vulnerabilities at the interconnection and interdependsystems’ vulnerabilities at the interconnection and interdependence ence layerlayer

9.9. Defense Strategies Defense Strategies –– Risk ManagementRisk Management

Risk Management applied to the protection of Critical InfrastrucRisk Management applied to the protection of Critical Infrastructures is affected by a high tures is affected by a high degree of uncertainty deriving from:degree of uncertainty deriving from:

complexitycomplexity

low predictabilitylow predictability

incessant technological changeincessant technological change

10.10. Defense Strategies Defense Strategies –– Resistance and ResilienceResistance and Resilience

Resistance is futile when dealing with highly unpredictable riskResistance is futile when dealing with highly unpredictable riskss

Resilience, or the ability to recover from unexpected events, caResilience, or the ability to recover from unexpected events, can be the appropriate strategy n be the appropriate strategy

11.11. Resilience, Redundancy and Attack ResistanceResilience, Redundancy and Attack Resistance

Redundancy is a typical resilience strategy for highly unpredictRedundancy is a typical resilience strategy for highly unpredictable systemsable systems

Redundancy = Less Efficiency and Greater Complexity Redundancy = Less Efficiency and Greater Complexity

12.12. An Efficient Solution An Efficient Solution

Shared backup facilitiesShared backup facilities

Separation between Cyber and Separation between Cyber and Strategic layersStrategic layers

Higher Higher DinamicityDinamicity

Lower CostsLower Costs

““Structural sink” at the hub level Structural sink” at the hub level

Domande?Domande?Italian

fabio.ghioni@telecomitalia.it

Fabio Ghioni أ��� أ��� ��� ���Arabic

ΕρωτήσειςΕρωτήσεις??Greek

¿¿PreguntasPreguntas??Spanish

вопросывопросы??Russian

Japanese

Questions?Questions?English/French

tupoQghachmeyKlingon

Sindarin

PerguntasPerguntas??Portuguese

FragenFragen??German