Publication Type: Journal Article
Source: Information & Security : An International Journal, Volume 17, p.120-143 (2005)
Keywords: Critical Infrastructure
, Gamma Methodology
, Modelling and Simulation
, System Dynamics
The paper presents a set of model prototypes developed to simulate the most critical areas of a highly-developed region in social, economic, technical and informational terms. The models were developed inspired by the fact that the highly integrated information infrastructure creates risks of failure and intrusions with a possible consequence of total loss of vital resources, such as energy or traffic. The models are seen on three levels of abstraction and are programmed and executed with tools from System Dynamics. On the highest level of abstraction, the modelled region is described and calculated using system attributes and variables like pro¬ductivity, social pressure, satisfaction, etc. Different layers of social, informational and physical realities are defined. On the medium level of abstraction, critical areas of an advanced society are identified and calculated using variables that represent an entity in the reality and that, in general, have an empirical context. Identified critical areas for the first experiments with the model were the sectors of energy, communications, traffic, security, government, and defence. Applying a methodol¬ogy to identify value drivers and to visualise the interrelations of components in complex systems helped in developing the model inputs and descriptive factors. This approach was used together with a group of experts in each area. On a low level of abstraction, a model prototype was developed using variables that in gen¬eral can be measured and quantified based on real-life empirical sources. The latter approach is very complex and resource-intensive and requires detailed insight and knowledge. The first application of the models was related to an exercise that demonstrates the risks of software attacks in information networks and the possible consequences for other sensitive areas. Sensitivity analyses with the models showed that the threat of intrusion into the information networks with the consequence of loss of vital resources is likely to be overestimated in comparison to the threat of a direct attack on the relevant vital sectors.