Home // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article

Identifying and Managing Risks in Interconnected Utility Networks

Authors:
Stefan Schauer
Sandra König
Martin Latzenhofer
Stefan Rass

Keywords: risk management; interconnected utility networks; game theory; ISO 31000

Abstract:
Critical infrastructures and especially their utility networks play a crucial role in the societal and individual day-to-day life. Thus, the estimation of potential threats and security issues as well as a proper assessment of the respective risks is a core duty of utility providers. Despite the fact that utility providers operate several networks (e.g., communication, control and utility networks), most of today’s risk management tools only focus on one of these networks. In this article, we will give an overview of a novel risk management process specifically designed for estimating threats and assessing risks in highly interconnected networks. Based on the international standard for risk management, ISO 31000, our risk management process integrates various methodologies and tools supporting the different steps of the process from risk identification to risk treatment. At the heart of this process, a novel game-theoretic framework for risk minimization and risk treatment is applied that is able to deal with uncertainty by using distribution-valued payoffs. This approach is specifically designed to take information generated by various tools into account and model the complex interplay between the heterogeneous networks, systems and operators within a utility provider. It operates on qualitative and semi-quantitative information as well as empirical data, including expert opinions.

Pages: 79 to 86

Copyright: Copyright (c) IARIA, 2017

Publication date: September 10, 2017

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-582-1

Location: Rome, Italy

Dates: from September 10, 2017 to September 14, 2017