Secure design of Next Generation Infrastructures

MS&A allows designers of NGI to experiment with different architectures and to explore the effect of various design choices including the security architecture. MS&A makes it possible to assess various options amongst different conditions, for instance varying in cyber threats, climate change effects, and other challenges. MS&A of (critical) infrastructures, their dependencies, vulnerabilities and related effect of uncertainty on objectives
[Click for more information]risk to the population may provide insight in the pros and cons of the various zoning options. The visualisation that MS&A provides may show benefits or disadvantages from the various options to all stakeholders. 

Therefore, CIPRNet started with the idea that the secure design of NGI requires new infrastructure models and efforts to a) A single simulation model that interoperates with other simulations in a federation. (source: [Rathnam2004]) b) In the DIESIS context, a federate also refers to the aggregate of a simulator and its specific..
[Click for more information]federate existing infrastructure models and outreached to various NGI communities. Discussions with both the NGI research communities and (critical) infrastructure operators made clear that the design of NGI mostly uses single fine-grained technical models at the one end of the spectrum, or coarse grain (EU-wide) grid assessment models with a nation being a grid node. 

When looking at the life-cycle of infrastructures on the one hand, NGI stakeholders either look at the design and planning phase of infrastructures, and at the Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]modelling of optimising maintenance of infrastructures from a cost perspective. Security aspects that are covered focus on the physical protection, and on the security of supply of the service from a capacity-based point of view. 

On the other hand, the federated models that are used by, for instance, the CIPRNet community, mostly address the prevention, preparation, response and recovery phases of crisis management. Some models bridge both worlds, e.g. analysis which aim to reduce infrastructure failure effect of uncertainty on objectives
[Click for more information]risk by finding less risky routing of new infrastructure and by pinpointing areas where additional infrastructure strengthening is required. 

Both communities face a set of similar challenges: 

• Availability of data. It is often hard to acquire sensitive detailed data on the one hand, and to ask for the proper granularity of data for a proper See conceptual model
  [Click for more information]model outcome on the other hand. 
• The cyber A (network) component is an object in a ŽCI model e.g. a generator, a pump, a transmission line, a physical transport, a node, a substation. Components have Žattributes and Žuser-specified behaviour.
  [Click for more information]component in infrastructure and the cyber security of cyber-physical systems in (critical) infrastructures are hard to See conceptual model
  [Click for more information]model, e.g. smart grids. 
• NGI often looks at the economic impact of infrastructure design and infrastructure use and maintenance redesign. The interaction of these economic models less often takes place in the realm of crisis management support, but could help in what-if analysis during the preparation and recovery phases. 
• Validation of models is not easy as there is a lack of proper reference data sets and studied outcomes. 

To top