Hannu Sivonen 1
Risk assessment based on interdependencies
Helsinki, FinlandHannu Sivonen, Senior ResearcherMANMADE Castellanza 28-29 June 2007
Hannu Sivonen 2
National Emergency Supply Agency (NESA)Fund, independent of the state budgetPublic Private Partnership coordinator (23 branches, 800 experts)
Government defines objectives for security of supply
NESA finances security of supply when not provided by the market mechanism
Focus areas: Critical technical infrastructure Food supply Energy supply Logistics Critical medical substances and supplies Defence related industries
NESA balance is 1000 million €
Hannu Sivonen 3
A method for assessing the risk caused by interdependencies between technical infrastructures, basic services, and threats
Linear mathematical model similar to that used by Google Simplifying assumptions Complex interdependencies and accumulating effects and risks
handled
Information system failures and weather conditions are major risks in Finland
Published in FinnishYhteiskunnan huoltovarmuuden kannalta keskeisten toimintojen riskiarviointi http://www.huoltovarmuus.fi/julkaisut/esittely/?id=72
Risk assessment based on interdependencies
Hannu Sivonen 4
Finnish government decision 305/2002
Technical infrastructures (14)energy supplycommunicationsinformation systems
Basic services and supplies (29)food supplytransport logisticsmass mediahealth carefinancial services
Hannu Sivonen 5
Threats from outside the infrastructure and services (17)
economic threats threats to information systems crisis in international logistics
weather phenomenastructural damagestrikesenvironment and health threatsnational security threats
Hannu Sivonen 6
Interdependencies
= reasons for failures recurrent (ratio 1)
expected (ratio 0.1)
rare (ratio 0.01)
theoretical (ratio 0.001)
nonexistent
█████
Hannu Sivonen 7
Dependent factor Eff
ecti
ve f
acto
r
elec
tric
ity
fuel
su
pp
ly
dat
a co
mm
un
icat
ion
soft
war
e se
rvic
es
tran
spo
rt c
hai
n
- t
ran
spo
rt m
gm
t
- r
oad
tra
nsp
ort
wea
ther
ph
eno
men
a
electricity █ █ █ █ █ █fuel supply █ █ █ █ █ █data communication █ █ █ █software services █ █ █transport chain (end-to-end) █ █ - transport management █ █ █ █ █ - road transport █ █ █ █ █ █weather phenomena █
Input: Interdependencies (sample)
Hannu Sivonen 8
Mean time between failures
█████
recurrent (< 1 year)
expected (1-10 years)
rare (10-100 years)
theoretical (>100 years)
nonexistent
Hannu Sivonen 9
Input: Duration and mean time between failures
Mean time between failures (years) █ █ █ █
classified by duration of failure
less than more than
Factor 1 h 1 - 10 h 10 - 100 h 100 h
electricity █ █ █fuel supply █ █data communication █ █ █software services █ █ █transport management █ █ █ █road transport █ █ █weather phenomena █ █ █
Hannu Sivonen 10
Output: Relative risks pertinent to inter-dependent infrastructures
CALCULATED OUTPUT
Näkökulma ja vaikutusyksikkö Probability of Combined effect Combined risk
KOKO SUOMI: Toisistaan riippuvat infrastruktuurit ja perushuoltoalat one or more
Mittarina häiriöaikapisteet R3.0failures per year units / 24 h units / year
Factor %
software services 97 804 402data security services 97 717 358server systems 97 713 356work station networks 97 691 346electricity 84 1 547 135air traffic 98 99 127data communication 32 286 25transport management 98 17 22
Hannu Sivonen 11
Output: Relative risks pertinent to outside threats
CALCULATED OUTPUT
Näkökulma ja vaikutusyksikkö Probability of Combined effect Combined risk
KOKO SUOMI: Toimintojen ulkopuoliset häiriösyyt ja uhat R3.0 one or more
failures per year units / 24 h units / year
Factor %
weather phenomena 32 4 776 418threats to information systems 97 395 197crisis in international logistics 2 58 24structural damage 2 55 23crime and terrorism 2 115 10
Hannu Sivonen 12
Relative component risks in food logistics
CALCULATED OUTPUT
Probability of Combined effect Combined riskone or more
failures per year units / 24 h units / year
Factor %
logistics centres 84 308 358ordering systems 84 349 317cashier systems 84 296 269wholesale companies 18 337 147retail outlets 84 150 136meat operators *) 18 231 101dairy operators *) 18 231 101grain and vegetable operators *) 18 226 99medium size markets 18 207 90hypermarkets 18 153 67cooling equipment 17 296 54 … … … …
*) operator = processing plant + logistics operator
Hannu Sivonen 13
The model applied to criticality of ICT functions72 functions, 6 scenarios (3x2):
Duration of failure short term (hours) medium term (days) long term (months)
Dependency type cause of failure to others obstacle to recovery of others
No assessment for MTB, just interdependencies = potential effect, criticality
Hannu Sivonen 14
Top ten critical functions from 6 scenariosHours Days Months
As Cause of Failure1 Electricity Electricity Electricity2 Base network operations Base network repair HW / SW problem mgmt3 Common net services e.g. DNS Common net services e.g. DNS HW / SW repair4 Machine room network mgmt Machine room network mgmt Change mgmt5 IT production control IT production control Version magmt6 IT production environment mgmt Database mgmt Configuration mgmt7 Transaction mgmt Data backups Common net services e.g. DNS8 HW / SW problem mgmt Data recovery Air logistics9 Database mgmt IT production control Road logistics
10 Data backup Transaction mgmt Base network repair
As Obstacle to Recovery1 Data recovery Base network operations Electricity2 Electricity Electricity Air logistics3 Battery backup Client network operations Road logistics4 Common net services e.g. DNS Spare generators Common net services e.g. DNS5 Machine room network mgmt Common net services e.g. DNS Base network planning6 IT production control Data backup Base network building7 Transaction mgmt Data recovery Base network procurement8 HW / SW problem mgmt HW / SW repair Client network procurement9 Computer installing HW / SW security mgmt Client network planning
10 SW mgmt Base network repair Client network building