Assessing Cascading Effects for Critical Infrastructures
The technical and processual interconnection among critical infrastructures (CIs) has drastically increased over the last decade, amplified by the ongoing digitalization in this sector. With the application of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, CIs have evolved into highly complex ecosystems, becoming more and more dependent on each other. In such ecosystems, an incident happening within one infrastructure is no longer limited to this infrastructure alone but can have wide-ranging effects on dependent CIs as well as the society as a whole. The cascading effects of such incidents show that it is nowadays no longer sufficient to analyze and assess risks from the perspective of one organization alone. In this talk, we will take a closer look at these interdependencies within and among CIs and how to capture them in a structured way. Further, we will discuss a modelling and simulation approach that is able to describe on an abstract level, how much a critical entity (either a technical component or an entire infrastructure) is affected by an incident. This approach will set the basis for describing how the effects can propagate through the network of interdependent critical systems and infrastructures and for assessing the overall consequences of an incident as part of CI risk management.