Resilience Assessment: Accidental and Malicious Threats Mohamed Kaâniche CNRS; LAAS; Université de Toulouse – 7, Avenue du colonel Roche, F-31077 Toulouse, France Université de Toulouse; UPS; INSA; INP; LAAS; F-31077 Toulouse, France mohamed.kaaniche@laas.fr A large body of research has been dedicated to the analysis, assessment and protection of cyber- physical systems and critical infrastructures against potential threats that might affect the dependability, the security or the resilience of the services delivered to the users. Traditionally, accidental and malicious threats have been taken into account separately. In this talk we will address the challenges raised by the resilience assessment and analysis of such systems considering accidental and malicious threats in an integrated way and we will present some examples of research studies carried out in this context. Critical infrastructures, resilience, assessment, accidental threats, malicious threats 1. SUMMARY delivered to the users. The resilience term is used differently, by different communities. It is defined in In the past decade, several concerns have been (Laprie 2011) as the persistence of service delivery raised about the vulnerability of critical that can justifiably be trusted, when facing infrastructures and cyber-physical systems and changes. their efficient protection in the presence of accidental and malicious threats (Rahman et al. Traditionally, accidental and malicious threats have 2009). been taken into account separately. In this talk we will address the challenges raised by the resilience Historically, most of the efforts were dedicated to assessment and analysis of such systems the protection of critical infrastructures against considering accidental and malicious threats in an accidental faults and natural disasters with a integrated way and we will present some examples specific focus on safety. The situation changed of research studies carried out in this context. significantly after the September 11, 2001 tragic events that led to increased international concerns In particular this objective has been addressed in about the security and robustness of critical the context of the CRUTIAL project infrastructures in response to evolving malicious (http://crutial.rse-web.it/) considering the example threats of power grid critical infrastructures and the associated information infrastructures dedicated to The vulnerability of critical infrastructures has their management and control. increased as a result of the wider use of open networks and information infrastructures, and the CRUTIAL focussed on the failures resulting from proliferation of vulnerable operating systems and interdependencies between these infrastructures. control devices. Recent events targeting critical The characterization of such failures and the infrastructures show that the threat is real. A widely modelling of their impact on relevant properties of reported example is the Stuxnet sophisticated power systems have been investigated by means malware discovered in July 2010 that targeted of models at different abstraction levels: i) from a specific industrial computer control equipment and very abstract view expressing the essence of the software, used for instance in nuclear power plants typical phenomena due to the presence of in Iran [(Langner 2011). interdependencies, ii) to an intermediate detail level representing in a rather abstract way the structure A large body of research has been dedicated to the of the infrastructures, in some scenarios of interest, analysis, assessment and protection of cyber- iii) to a quite detailed level where the infrastructures physical systems and critical infrastructures against components and their interactions are investigated potential threats that might affect the dependability, at a finer grain, considering elementary events the security or the resilience of the services occurring at the components level and analysing BIO their impact at the system level. Mohamed Kaâniche has been at LAAS-CNRS, Accordingly, the proposed resilience assessment Toulouse, France, since 1988 where he currently framework (Kaâniche et al. 2009) is based on a holds a position of “Directeur de Recherche”, hierarchical modelling approach that heading the Dependable Computing and Fault accommodates the composition of different types of Tolerance Group. From March 1997 to February models and formalisms, including generalized 1998, he was a Visiting Research Assistant stochastic Petri nets, fault trees, Stochastic Well Professor at the University of Illinois at Urbana- formed Nets, and Stochastic Activity Networks. Champaign, IL, USA. Additionally, a new formalism called “Dependent Automata” has been developed to provide a His research addresses the dependability and rigorous definition of interdependencies related security assessment of hardware and software fault failures. Also, unified models for describing tolerant computer systems and critical cascading and escalating failures considering infrastructures, using analytical modelling and accidental and malicious threats in an integrated experimental measurement techniques. way have been defined (Laprie et al. 2007) He has been involved in several national and Besides these models, the CRUTIAL project European research projects and acted as a resilience assessment activities included consultant for companies in France and as an architecture validation activities as well as testbed expert for the European Commission. He has based experiments to analyse the impact of served on program and organization committees of different attack scenarios on control applications. international dependability related conferences. He was Program Chair of PRDC-2004, EDCC-5, DSN- We will outline some of the results obtained in the PDS 2010, LADC-2011 and SAFECOMP- 2013. He context of this project and discuss some open is General co-Chair of DSN-2016 that will be held research problems. in Toulouse, France in June 2016. 3. REFERENCES Kaâniche, et al. (2009) CRUTIAL Project Deliverable D16 - Final version of the modelling framework. http://crutial.rse- web.it/Dissemination/DELIVERABLES-OF-THE- PROJECT.asp Laprie, Jean-Claude, Kanoun, Karama, Mohamed Kaâniche, (2007) Modelling interdependencies between Electricity and Information Infrastructures. The 26th International Conference on Computer Safety, Reliability, and Security (SAFECOMP-2007), Nuremberg, Germany, LNCS 4680, Springer, pp. 54-67. Laprie, Jean-Claude “From Dependability to Resilience”, IEEE International Conference on Dependable Systems and Networks (DSN- 2008), Supplemental volume, Anchorage, Alaska, USA, pp. G8-G9, 2008. Langner, R. “Stuxnet: Dissecting a Cyberwarfare Weapon,” IEEE Security & Privacy, vol. 9, no. 3, 2011, pp. 49–51. Rahman, H.A., Beznosov, K., Marti, J.R., “Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports“, Int. Journal on Critical Infrastructures, vol.5, n°3, 2009