resiliency threats to critical infrastructurestitle microsoft powerpoint - andy - keynote.ppt...
TRANSCRIPT
![Page 1: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/1.jpg)
Resiliency Threats to CriticalInfrastructuresInfrastructures
Andy Snow, PhDSchool if Information & Telecommunication
SystemsOhio University
Copyright 20014 Andrew Snow AllRights Reserved
1
![Page 2: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/2.jpg)
Outline
A. Telecom & Network Infrastructure Risk
B. Telecommunications Infrastructure
C. RAM (Reliability, Availability,Maintainability) and Resiliency
Copyright 20014 Andrew Snow AllRights Reserved
2
Maintainability) and Resiliency
![Page 3: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/3.jpg)
Outline
A. Telecom & Network Infrastructure Risk
B. Telecommunications Infrastructure
C. Reliability, Availability, Maintainability(RAM) and Resiliency
Copyright 20014 Andrew Snow AllRights Reserved
3
(RAM) and Resiliency
![Page 4: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/4.jpg)
A. Telecom & Network Infrastructure Risk
• Human Perceptions of Risk
• Threats (natural and manmade)
• Vulnerabilities
• Faults Taxonomy
• Service Outages
Copyright 20014 Andrew Snow AllRights Reserved
4
• Service Outages
• Single Points of Failure
• Over-Concentration
• Risk as a f(Severity, Likelihood)
• Protection through fault prevention, tolerance, removal,and forecasting
• Best Practices
![Page 5: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/5.jpg)
Human Perceptions of Risk
• Perceptions of “Rare Events”
– Overestimate the chance of good outcomes
– Underestimate the chance of bad outcomes
• Which is more likely?
Copyright 20014 Andrew Snow AllRights Reserved
5
• Which is more likely?1. Winning the “Big Lotto”
2. Getting hit by lightning
3. Being killed by a large asteroid over an 80-yearlifetime
![Page 6: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/6.jpg)
Human Perceptions of Risk
• Perceptions of “Rare Events”
– Overestimate the chance of good outcomes
– Underestimate the chance of bad outcomes
• Which is more likely?1. Winning the “Big Lotto”
About 1 in 5 Million
Copyright 20014 Andrew Snow AllRights Reserved
6
1. Winning the “Big Lotto”
2. Getting hit by lightning
3. Being killed by a large asteroid over an 80-year lifetime(about 1 chance in 1 Million)*
*A. Snow and D. Straub, “Collateral damage from anticipated or real disasters: skewed
perceptions of system and business continuity risk?”, IEEE Engineering Management
Conference (IEMC2005), 2005, pp. 740-744.
About 1 in 5 Million
![Page 7: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/7.jpg)
We Expect Dependability attributesfrom our Critical Infrastructure
• Reliability
• Maintainability
• Availability
• Resiliency1
Copyright 20014 Andrew Snow AllRights Reserved
7
• Resiliency1
• Data Confidentiality
• Data Integrity
1This perspective replaces “Safety” with “Resiliency”. Attributes werefirst suggested in A. Avizienis, et al, “Basic Concepts & Taxonomy ofDependable & Secure Computing”, IEEE Transactions onDependable & Secure Computing, 2004
![Page 8: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/8.jpg)
We Expect Dependability from ourCritical Infrastructure
• Reliability
– We expect our systems to fail very infrequently
• Maintainability
– When systems do fail, we expect very quick
Copyright 20014 Andrew Snow AllRights Reserved
8
– When systems do fail, we expect very quickrecovery
• Availability
– Knowing systems occasionally fail and takefinite time to fix, we still expect the services tobe ready for use when we need it
![Page 9: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/9.jpg)
We Expect Dependability from ourCritical Infrastructure (Continued)
• Resiliency– We expect our infrastructure not to fail cataclysmically
– When major disturbances occur, we still expectorganizational missions and critical societal servicesto still be serviced
Copyright 20014 Andrew Snow AllRights Reserved
9
to still be serviced
• Data Confidentiality– We expect data to be accessed only by those who
are authorized
• Data Integrity– We expect data to be deleted or modified only by
those authorized
![Page 10: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/10.jpg)
Are our Expectations Reasonable?
• Our expectations for dependable ICTsystems are high
• So is the cost– Spend too little – too much risk– Spend too much – waste of money
Copyright 20014 Andrew Snow AllRights Reserved
10
– Spend too much – waste of money
• There is an elusive equilibrium point
![Page 11: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/11.jpg)
We Focus on More Reliable andMaintainable Components
• How to make things more reliable– Avoid single points of failure (e.g. over concentration to achieve
economies of scale?)
– Diversity• Redundant in-line equipment spares
• Redundant transmission paths
Copyright 20014 Andrew Snow AllRights Reserved
11
• Redundant transmission paths
• Redundant power sources
• How to make things more maintainable– Minimize fault detection, isolation, repair/replacement, and test
time
– Spares, test equipment, alarms, staffing levels, training, bestpractices, transportation, minimize travel time
![Page 12: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/12.jpg)
But Things Go Wrong!
• Central Office facility in Louisiana
• Generators at ground level outside building
• Batteries installed in the basement
• Flat land 20 miles from coast a few feet abovesea levelsea level
• Hurricane at high tide results in flood
• Commercial AC lost, Generators inundated,basement flooded
• Facility looses power, communications down
• Fault tolerant architecture defeated by improperdeployment Copyright 20014 Andrew Snow All
Rights Reserved12
![Page 13: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/13.jpg)
Fukushima Nuclear Accident
• Nuclear reactor cooling design required AC power
• Power Redundancy
– Two sources of commercial power
– Backup generators
– Contingency plan if generators fail? Fly in portable– Contingency plan if generators fail? Fly in portablegenerators
• Risks?
– Power plant on coast a few meters above sea-level
– Tsunami protection: a 10 meter wall
Copyright 20014 Andrew Snow AllRights Reserved
13
![Page 14: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/14.jpg)
Fukushima Nuclear Accident (Continued)
• Design vulnerabilities?
– Nuclear plant requires AC Power for cooling
– Tsunami wall 10 meters high, in a country where inthe last 100 years numerous > 10 meter tsunamisoccurredoccurred
– Remarkably, backup generators at ground level (noton roofs !!! )
• Where do tsunamis come from?
– Ocean floor earthquakes
• What can a severe land-based earthquake do?
– Make man-made things fall, such as AC power linesCopyright 20014 Andrew Snow All
Rights Reserved14
![Page 15: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/15.jpg)
Sequence of Events:Fukushima Nuclear Accident
1. Large land based and ocean floor earthquake– AC transmission lines fall
– Twelve meter tsunami hits Fukushima
2. Backup Generators– Startup successfully, then
– Flooded by tsunami coming over wall– Flooded by tsunami coming over wall
3. Portable generators– Flown in
– Junction box vault flooded
4. Nuclear reactors overheat, go critical, and explode
For 40 years, people walked by AC generators at groundlevel and a 10 meter tsunami wall !!!!
Copyright 20014 Andrew Snow AllRights Reserved
15
![Page 16: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/16.jpg)
9-11 EffectGeographic Dispersal of Human
Copyright 20014 Andrew Snow AllRights Reserved
16
Geographic Dispersal of Humanand ITC Assets
![Page 17: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/17.jpg)
Pre 9-11 IT Redundancy
PrimaryFacility
Copyright 20014 Andrew Snow AllRights Reserved
17
Back-upFacility
Scenario Single IT FacilityReliability
Redundant IT FacilityReliability
1 0.90 0.9900
2 0.95 0.9975
3 0.99 0.9999
![Page 18: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/18.jpg)
Key Assumptions
PrimaryFacility
Copyright 20014 Andrew Snow AllRights Reserved
18
1. Failures are independent
2. Switchover capability is perfect
Back-upFacility
![Page 19: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/19.jpg)
9-11: Some Organizations ViolatedThese Assumptions
PrimaryFacility
Copyright 20014 Andrew Snow AllRights Reserved
19
1. Failures not independent• Primary in WTC1• Backup in WTC1 or WTC2
2. Switchover capability disrupted• People injured or killed in WTC expected to staff backup facility
elsewhere• Transportation and access problems
Back-upFacility
![Page 20: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/20.jpg)
Post 9-11 IT Redundancy Perspectives
Site 2
Site 3
..
Site 1
.
Capacity
11-N
Capacity
11-N
Capacity1
1-N
Copyright 20014 Andrew Snow AllRights Reserved
20
• No concentrations of people or systems to one large site
• Geographically dispersed human and IT infrastructure
• Geographic dispersal requires highly dependable networks
• Architecture possible with cloud computing !!
Site N.
Capacity
11-N
![Page 21: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/21.jpg)
Geographic Dispersal
• A. Snow, D. Straub, R. Baskerville, C. Stucke, “Thesurvivability principle: it-enabled dispersal oforganizational capital”, in Enterprise InformationSystems Assurance and System Security: Managerial
Copyright 20014 Andrew Snow AllRights Reserved
21
Systems Assurance and System Security: Managerialand Technical Issues, Chapter 11, Idea GroupIdea GroupPublishingPublishing, Hershey, PA, 2006.
![Page 22: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/22.jpg)
Challenges in Ensuring ResilientCritical Infrastructure
• Communication Infrastructure Convergence
• Communication Industry Sector Consolidations
• Intra- and Inter - Sector Dependence
Copyright 20014 Andrew Snow AllRights Reserved
22
• Intra- and Inter - Sector Dependence
• High Resiliency = = $$$$
• Assessing Risk is difficult
• Vulnerability Dilemma: Secrecy vs. Sunshine
![Page 23: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/23.jpg)
Convergence, Consolidation andInterdependence
• The outages of yester-year affected voice, dataOR video
• The outages of today and tomorrow affect allthree.– Technological convergence
Copyright 20014 Andrew Snow AllRights Reserved
23
– Technological convergence
– Telecom mergers and acquisitions
• Inter-sector dependence– Geographic overlay of telecom, natural gas,
electricity, and water?
– Telecom needs power…..power needs telecom
– SCADA separate from IT?
![Page 24: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/24.jpg)
High Resiliency Levels = = $$$$
– Who Pays??
– Regulatory Regime: Unregulated vs. PriceCap vs. Rate-of-Return (RoR)
– Competitive vs. Noncompetitive markets
Copyright 20014 Andrew Snow AllRights Reserved
24
– Competitive vs. Noncompetitive markets
– Service Provider Economic Equilibrium Points
• Economies of Scale vs. Vulnerability Creation
• Proactive vs. Reactive Restoration Strategies
• Geography: Urban vs Rural
![Page 25: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/25.jpg)
Assessing Risk is Difficult
• Severity
– Economic impact
– Geographic impact
– Safety impact
Copyright 20014 Andrew Snow AllRights Reserved
25
– Safety impact
• Likelihood
– Vulnerabilities
– Means and Capabilities
– Motivations
![Page 26: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/26.jpg)
Vulnerability Dilemma:Secrecy vs. Sunshine
• Market correction of vulnerabilities vs. ExposingCIP to exploitation
• Known vs. Unknown vulnerabilities
• Customer knowledge of service providervulnerabilities?
Copyright 20014 Andrew Snow AllRights Reserved
26
vulnerabilities?
• Data sharing– National, Regional, State, County, Municipal
• Tracking outages as a bellwether for Resiliencydeficits– Establishing measures and reporting thresholds
• Tracking frequency, size, duration of events
![Page 27: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/27.jpg)
Infrastructure Protection and Risk
• Outages
• Severity
• Likelihood
• Fault Prevention, Tolerance, Removal and
Copyright 20014 Andrew Snow AllRights Reserved
27
• Fault Prevention, Tolerance, Removal andForecasting
![Page 28: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/28.jpg)
Infrastructure Protection and Risk
• Outages
• Severity
• Likelihood
• Fault Prevention, Tolerance, Removal and
RISK
Copyright 20014 Andrew Snow AllRights Reserved
28
• Fault Prevention, Tolerance, Removal andForecasting
![Page 29: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/29.jpg)
Risk – ID & Map VulnerabilitiesS
EV
ER
ITY
OF
SE
RV
ICE
OU
TA
GE
IIII
High SeverityHigh Chance
High SeverityLow Chance
29
LIKLIHOOD OF SERVICE OUTAGE
SE
VE
RIT
YO
FS
ER
VIC
EO
UTA
GE
IIIV
Low SeverityLow Chance
Low SeverityHigh Chance
Copyright 20014 Andrew Snow AllRights Reserved
![Page 30: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/30.jpg)
RiskS
EV
ER
ITY
OF
SE
RV
ICE
OU
TA
GE
IIII
High SeverityHigh Chance
High SeverityLow Chance
Copyright 20014 Andrew Snow AllRights Reserved
30
LIKLIHOOD OF SERVICE OUTAGE
SE
VE
RIT
YO
FS
ER
VIC
EO
UTA
GE
IIIV
Low SeverityLow Chance
Low SeverityHigh Chance
![Page 31: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/31.jpg)
RiskS
EV
ER
ITY
OF
SE
RV
ICE
OU
TA
GE
IIII
High SeverityHigh Chance
High SeverityLow Chance ??
Copyright 20014 Andrew Snow AllRights Reserved
31
LIKLIHOOD OF SERVICE OUTAGE
SE
VE
RIT
YO
FS
ER
VIC
EO
UTA
GE
IIIV
Low SeverityLow Chance
Low SeverityHigh Chance
??
![Page 32: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/32.jpg)
Vulnerabilities and Threats
• Vulnerability is a weakness or a state ofsusceptibility which opens up the infrastructureto a possible outage due to attack orcircumstance.
• The cause of a vulnerability, or error state, is a
Copyright 20014 Andrew Snow AllRights Reserved
32
• The cause of a vulnerability, or error state, is asystem fault.
• The potential for a vulnerability to be exploited ortriggered into a disruptive event is a threat.
• Vulnerabilities, or faults, can be exploitedintentionally or triggered unintentionally
![Page 33: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/33.jpg)
Proactive Fault Management
• Fault Prevention by using design, implementation, andoperations rules such as standards and industry bestpractices
• Fault Tolerance techniques are employed, whereinequipment/process failures do not result in serviceoutages because of fast switchover toequipment/process redundancy
Copyright 20014 Andrew Snow AllRights Reserved
33
outages because of fast switchover toequipment/process redundancy
• Fault Removal through identifying faults introducedduring design, implementation or operations and takingremediation action.
• Fault Forecasting where the telecommunication systemfault behavior is monitored from a quantitative andqualitative perspective and the impact on servicecontinuity assessed.
![Page 34: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/34.jpg)
Telecommunication InfrastructureThreats and Vulnerabilities
• Natural Threats• Water damage• Fire damage• Wind damage• Power Loss• Earthquake damage• Volcanic eruption damage
Copyright 20014 Andrew Snow AllRights Reserved
34
• Volcanic eruption damage
• Human Threats• Introducing or triggering vulnerabilities• Exploiting vulnerabilities (hackers/crackers, malware
introduction)• Physical Vandalism• Terrorism and Acts of War
• Fault Taxonomy
![Page 35: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/35.jpg)
Vulnerability or Fault Taxonomy
BoundaryPhase
Developmental
Operational
Dimension
Equipment
Facility
Phenomenon
Natural
Human
Internal
External
Copyright 20014 Andrew Snow AllRights Reserved
35
Operational FacilityHuman
Objective
Malicious
Non-Malicious
Intent
Deliberate
Non-Deliberate
Capability
Accidental
Incompetence
Persistence
Permanent
Transient
External
![Page 36: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/36.jpg)
Reference
• A. Avizienis, et al, “Basic Concepts &Taxonomy of Dependable & SecureComputing”, IEEE Transactions onDependable & Secure Computing, 2004.
Copyright 20014 Andrew Snow AllRights Reserved
36
Dependable & Secure Computing, 2004.
![Page 37: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/37.jpg)
Probabilities
• Risk assessments requiring “probabilities”have little utility for rare events
• Why? Can’t rationally assess probability
• Such probabilistic analysis attempts may
Copyright 20014 Andrew Snow AllRights Reserved
37
• Such probabilistic analysis attempts mayalso diminish focus of the root cause of theoutage, and may detract from remediatingvulnerabilities
• In the 9-11 case the issue was one ofTCOM “over-concentration” or creation ofa large SPF
![Page 38: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/38.jpg)
September 11, 2001
• A large telecommunications outage resulted from thecollapse of the world trade centers– Over 4,000,000 data circuits disrupted
– Over 400,000 local switch lines out
• Pathology of the event– Towers collapsed
Copyright 20014 Andrew Snow AllRights Reserved
38
– Towers collapsed
– Some physical damage to adjacent TCOM building
– Water pipes burst, and in turn disrupted TCOM facility powerand power backup facilities
• What was the a priori probability of such an event andensuing sequence?– P = Pr{ Successful hijack} x Pr{ Building Collapse} x Pr{ Water Damage}
– Infinitesimal??
![Page 39: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/39.jpg)
Some Conclusions about Vulnerability
• Vulnerability highly situational, facility byfacility
Copyright 20014 Andrew Snow AllRights Reserved
39
![Page 40: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/40.jpg)
Outline
A. Telecom & Network Infrastructure Risk
B. Telecommunications Infrastructure
C. RAMS and Resiliency
Copyright 20014 Andrew Snow AllRights Reserved
40
![Page 41: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/41.jpg)
B. Telecommunications Infrastructure
• Wireline architecture and vulnerabilities
• Wireless architecture and vulnerabilities
Copyright 20014 Andrew Snow AllRights Reserved
41
![Page 42: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/42.jpg)
PSTN End to End Connections
Copyright 20014 Andrew Snow AllRights Reserved
42
![Page 43: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/43.jpg)
Switching InfrastructureDispersal/Concentration
Copyright 20014 Andrew Snow AllRights Reserved
43
Retrieved from Wikipediahttp://en.wikipedia.org/wiki/Image:Central_Office_Locations.png
![Page 44: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/44.jpg)
US Growth in Fiber & High Speed DigitalCircuits to Customer Premises
Copyright 20014 Andrew Snow AllRights Reserved
44
![Page 45: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/45.jpg)
Transmission Vulnerabilities
• Fiber cuts with non-protected transmissionsystems
• Fiber over Bridges
• Fiber transmission failures inside carrier
Copyright 20014 Andrew Snow AllRights Reserved
45
• Fiber transmission failures inside carrierfacilities
• Digital Cross Connect Systems
• Local Loop Cable Failures
![Page 46: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/46.jpg)
Transmission Vulnerabilities
• Fiber cuts with non-protected transmissionsystems:– No backup path/circuits deployed.– Often done for economic reasons– In urban areas where duct space is at a premium
Copyright 20014 Andrew Snow AllRights Reserved
46
– In rural areas where large distances are involved.
• Fiber over Bridges:– Fiber is vulnerable when it traverses bridges to
overcome physical obstacles such as water orcanyons
– There have been reported instances of fires andauto/truck accidents damaging cables at these points
![Page 47: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/47.jpg)
Transmission Vulnerabilities
• Fiber transmission failures inside carrier facilities:– Studies by FCC staff and other researchers have demonstrated
that the majority of fiber transmission problems actually occurinside carrier facilities
– Caused by installation, and maintenance activities.
• Digital Cross Connect Systems:
Copyright 20014 Andrew Snow AllRights Reserved
47
• Digital Cross Connect Systems:– Although hot standby protected equipment, DACSs have failed
taking down primary and alternate transmission paths.
– These devices represent large impact SPFs.
![Page 48: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/48.jpg)
Means same fiber,cable, duct, or conduit
Cut
Proper SONET Ring Operation
Copyright 20014 Andrew Snow AllRights Reserved
48
Failure
![Page 49: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/49.jpg)
Improper Operation of SONET Rings
Cut
Means same fiber,cable, duct, or conduit
Improper Maintenance:Node’s previous failure,and subsequent fiber cutprior to spare on hand
Un-repaired
Copyright 20014 Andrew Snow AllRights Reserved
49
cable, duct, or conduit
Improper Deployment:“Collapsed” or “Folded” Ringsharing same path or conduit
Cut
Un-repairedFailure
![Page 50: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/50.jpg)
SS7 A-Links
SS7Network
STP
STP
ProperDeployment
Cut
Switch 1
Switch 2
Copyright 20014 Andrew Snow AllRights Reserved
50
SS7Network
STP
STP
ImproperDeployment
Cut
Switch 1
Switch 2
Means same fiber,cable, duct, or conduit
![Page 51: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/51.jpg)
ProperDeployment
F.O.Transceiver
‘A’ Link
‘A’ Link
Fiber Cable 1
Fiber Cable 2
Cut
DS3Mux
DS3Mux
SW
F.O.
SS7 A-Links
Copyright 20014 Andrew Snow AllRights Reserved
51
ImproperDeployment
‘A’ Link
‘A’ LinkFiber Cable
CutDS3Mux
F.O.Transceiver
SW
Fiber Cable 2
MuxF.O.
Transceiver
![Page 52: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/52.jpg)
F.O.Transceiver
‘A’ LinkFiber Cable 1
DS3Mux
DC
SS7 A-Links
Copyright 20014 Andrew Snow AllRights Reserved
52
‘A’ Link
Fiber Cable 2
DS3Mux
SW
F.O.Transceiver
DCPowerSource
Fuse
![Page 53: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/53.jpg)
Power Architecture & Vulnerabilities
• Redundant Power
– Commercial AC
– AC Generator backup
– Batteries for uninterruptible power systems
Copyright 20014 Andrew Snow AllRights Reserved
53
– Batteries for uninterruptible power systems(UPS)
![Page 54: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/54.jpg)
Inoperative Alarms
•Loss of commercial power•Damaged generator•Untested or inoperable alarms prior to loss and damage•Batteries Deplete
Copyright 20014 Andrew Snow AllRights Reserved
54
BackupGenerator
Commercial ACRectifiers
DCDistribution
Panel
DC
Battery Backup
Alarms Inoperable
![Page 55: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/55.jpg)
Economy of Scale Over-ConcentrationVulnerabilities
SW1
SW1
Distributed Topology Switches Concentrated
ToTandem
ToTandem
Copyright 20014 Andrew Snow AllRights Reserved
55
SW2
SW3
SW2
SW3
Local Loop
Fiber Pair Gain
Trunks
Building
![Page 56: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/56.jpg)
PCS Architecture
BSC BSC
BSC
MSC
HLR VLR
BSBS
Copyright 20014 Andrew Snow AllRights Reserved
56
BSC
BSCBSC
BSC
MSC PSTNSWITCH
SS7STP
BS
BS
BSBS
![Page 57: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/57.jpg)
PCS Component Failure Impact
Components Users PotentiallyAffected
Database 100,000
Mobile Switching Center 100,000
Copyright 20014 Andrew Snow AllRights Reserved
57
Mobile Switching Center 100,000
Base Station Controller 20,000
Links between MSC and BSC 20,000
Base Station 2,000
Links between BSC and BS 2,000
![Page 58: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/58.jpg)
Outages at Different Times of DayImpact Different Numbers of People
Copyright 20014 Andrew Snow AllRights Reserved
58
![Page 59: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/59.jpg)
Concurrent Outages are a Challengefor Network Operators
PSTNGateway
MSC
MSC
MSCMSC
MSC
Copyright 20014 Andrew Snow AllRights Reserved
59
Gateway
AnchorSW MSC
MSC MSC
MSC
MSC
![Page 60: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/60.jpg)
Circuit to Packet Switch Interface
PSTNInfrastructure
Voice over IPInfrastructure
Core Packet
800DB
LNPDB
CallConnection
Agent
Copyright 20014 Andrew Snow AllRights Reserved
60
SS7Network
CircuitSwitch
CircuitSwitch
TrunkGateway
AccessGateway
Core PacketNetwork
PBX
BillingAgent
PBX Traffic
Control
SignalingGateways
![Page 61: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/61.jpg)
Outline
A. Telecom & Network Infrastructure Risk
B. Telecommunications Infrastructure
C. RAMS and Resiliency
Copyright 20014 Andrew Snow AllRights Reserved
61
![Page 62: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/62.jpg)
Dependability
• Reliability – f( MTTF )
• Maintainability – f( MTTR )
• Availability – f( MTTF, MTTR)
• Resiliency -- f( MTTF, MTTR, Severity)
Copyright 20014 Andrew Snow AllRights Reserved
62
• Resiliency -- f( MTTF, MTTR, Severity)
• Resiliency Metrics and Thresholds
![Page 63: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/63.jpg)
Reliability Curves
0.60
0.80
1.00
Rel
iab
ilit
y
MTTF = 1/2 Yr
MTTF = 1 Yr
MTTF = 2 Yrs
Copyright 20014 Andrew Snow AllRights Reserved
63
0.00
0.20
0.40
0.60
0 1 2 3 4 5
Years
Rel
iab
ilit
y
MTTF = 2 Yrs
MTTF = 3 Yrs
MTTF = 4 Yrs
MTTF = 5 Yrs
![Page 64: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/64.jpg)
Availability
• Availability is an attribute for either a service or apiece of equipment. Availability has twodefinitions:– The chance the equipment or service is “UP” when
needed (Instantaneous Availability), and
Copyright 20014 Andrew Snow AllRights Reserved
64
– The fraction of time equipment or service is “UP” overa time interval (Interval or Average Availability).
• Interval availability is the most commonlyencountered.
• Unavailability is the fraction of time the service is“Down” over a time interval AU 1
![Page 65: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/65.jpg)
Availability (Continued)
TIMEINTERVAL
UPTIMEA
_
MTTRMTTF
MTTFA
HistoricalActual
Point EstimateOf RV
Copyright 20014 Andrew Snow AllRights Reserved
65
MTTRMTTF Of RV
A MTTF MTTR
![Page 66: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/66.jpg)
Resiliency
• RAM isn’t enough!• Large telecommunication infrastructures are
rarely completely “up” or “down”.• They are often “partially down” or “mostly up”• Rare for an infrastructure serving hundreds of
Copyright 20014 Andrew Snow AllRights Reserved
66
• Rare for an infrastructure serving hundreds of• Resiliency describes the degree that the network
can service users when experiencing serviceoutages
![Page 67: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/67.jpg)
Outage Profiles
100%
75%
Perc
entU
sers
Serv
ed
SV1
D1
SV2
D2
Outage 1
Time
Outage 1: Failure andcomplete recovery. E.g.
Copyright 20014 Andrew Snow AllRights Reserved
67
50%
25%
0%
Perc
entU
sers
Serv
ed
Outage 2
SV = SEVERITY OF OUTAGED = DURATION OF OUTAGE
complete recovery. E.g.Switch failure
Outage 2: Failure and gracefulRecovery. E.g. Fiber cut withrerouting
![Page 68: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/68.jpg)
Resiliency Thresholds
• RESILIENCY deficits arenot small eventphenomena.
Copyright 20014 Andrew Snow AllRights Reserved
68
• Filter out the smalleroutages with thresholds
![Page 69: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/69.jpg)
Severity
• The measure of severity can be expressed a number ofways, some of which are:– Percentage or fraction of users potentially or actually affected
– Number of users potentially or actually affected
– Percentage or fraction of offered or actual demand served
– Offered or actual demand served
Copyright 20014 Andrew Snow AllRights Reserved
69
– Offered or actual demand served
• The distinction between “potentially” and “actually”affected is important.
• If a 100,000 switch were to fail and be out from 3:30 to4:00 am, there are 100,000 users potentially affected.However, if only 5% of the lines are in use at that time ofthe morning, 5,000 users are actually affected.
![Page 70: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/70.jpg)
User & Carrier Perspectives
• User Perspective – High End-to-EndReliability and Availability
– Focus is individual
• Carrier Perspective – High System
Copyright 20014 Andrew Snow AllRights Reserved
70
• Carrier Perspective – High SystemAvailability and Resiliency
– Focus is on large outages and largecustomers
![Page 71: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/71.jpg)
Minimizing Severity of OutagesMakes Infrastructure More Resilient
• It is not always possible to completely avoidfailures that lead to outages.
• Proactive steps can be taken to minimize theirsize and duration.– Avoid overconcentration and single points of failure
Copyright 20014 Andrew Snow AllRights Reserved
71
– Avoid overconcentration and single points of failurethat can affect large numbers of users (“Mega-SPF”)
– Don’t defeat fault tolerance by improper deployment– Have recovery assets optimally deployed to minimize
the duration of outages.– Track outages and their root causes– Identify vulnerabilities, assess risk, prioritize them and
remove the high impact/probability ones
![Page 72: Resiliency Threats to Critical InfrastructuresTitle Microsoft PowerPoint - andy - keynote.ppt [Read-Only] [Compatibilit Author owner Created Date 5/2/2014 11:51:06 AM](https://reader034.vdocuments.site/reader034/viewer/2022050116/5f4ca37809b5fa18f7092e66/html5/thumbnails/72.jpg)
Thankyou.
Have a great conference!!Have a great conference!!
Copyright 20014 Andrew Snow AllRights Reserved
72