اولویت بندی و وابستگی زیرساخت های حیاتی جمهوری اسلامی ایران از منظر سایبری
محورهای موضوعی : فناوری اطلاعات و ارتباطاتابوذر صولت رفیعی 1 , حسین قرایی گرکانی 2 , فاطمه ثقفی 3 , محمد ملکی نیا 4
1 - پژوهشگاه ارتباطات و فناوری اطلاعات
2 - پژوهشگاه ارتباطات و فناوری اطلاعات
3 - دانشیار دانشگاه تهران
4 - دانشگاه آزاد اسلامی واحد تهران جنوب ایران تهران
کلید واژه: زیرساخت های حیاتی, وابستگی زیرساخت¬های حیاتی, DANP ,
چکیده مقاله :
سال های اخیر حملات سایبری به زیرساخت های حیاتی کشورها به طور چشمگیری افزایش یافته است. انواع زیرساخت حیاتی و وابستگی های آن ها مبتنی بر مقتضیات ملی، از کشوری به کشور دیگر متفاوت است، اختلال در ماموریت یا خدمات یک زیرساخت حیاتی بصورت آبشاري در دیگر زيرساخت ها اثر گذاشته و آن ها را با مشکلات جدي در امر خدمات رساني روبرو می نماید، در مطالعات مختلف رویکردهای متفاوتی جهت مدلسازی این وابستگی ها اتخاذ شده است نکته مهم عدم تعمیم آن مدل ها برای دیگر کشورها به واسطه مقتضات ملی هر کشور است. در این پژوهش با تشکیل 11 گروه کانونی متشکل از مدیران عالی و میانی هر حوزه زیرساختی از روش تحلیل شبکه مبتنی بر تکنیک DEMATEL استفاده شد و تاثیر گزارترین و تاثیر پذیرترین زیرساخت حیاتی از منظر سایبری بر دیگر زیرساخت های حیاتی شناسائی شد و ارتباط بین زیرساخت های حیاتی و اولویت بندی آن ها از منظر سایبری مشخص شد. نتایج این پژوهش می تواند در طراحی سامانه ملی اشتراکگذاری هشدار به منظور احصاء آگاهی وضعیتی ملی در حوزه سایبری و دیگر پژوهش های متکی بر وابستگی زیرساخت های حیاتی مفید واقع شود.
In recent years, cyber attacks on the critical infrastructures of countries have increased significantly. The types of critical infrastructure and their dependencies based on national requirements are different from one country to another. Disruption in the mission or services of a critical infrastructure has a cascading effect on other infrastructures and causes them serious problems. In different studies, different approaches have been taken to model these dependencies, the important point is not to generalize those models to other countries due to the national requirements of each country. In this research, by forming 11 focus groups consisting of top and middle managers of each infrastructure area, the network analysis method based on the DEMATEL technique was used, and the most influential and influential critical infrastructure from a cyber perspective on other critical infrastructures was identified and the relationship between the infrastructure Critical issues and their prioritization were determined from a cyber perspective. The results of this research can be useful in the design of the national warning sharing system in order to calculate the national situational awareness in the cyber field and other researches based on the dependence of critical infrastructures.
1. Neal Ziring, NATIONAL CYBER RESILIENCE AND ROLES FOR PUBLIC AND PRIVATE SECTOR STAKEHOLDERS © IFIP International Federation for Information Processing 2022
Published by Springer Nature Switzerland AG 2022
2. J. Staggs and S. Shenoi (Eds.): Critical Infrastructure Protection XVI, IFIP AICT 666, pp. 3–46, 2022.
https://doi.org/10.1007/978-3-031-20137-0_1
3. Cyber Security and Infrastructure Security Agency, Critical Infrastructure Sectors, Arlington, Virginia (www.dhs.gov/CISsa/criti cal-infrastructure-sectors), 2020
4. S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependenCISes, IEEE Control Systems, vol. 21(6), pp. 11–25, 2001.
5. European CounCISl. (2004). Communication from the commission to the counCISl and the European Parliament: Critical infrastructure protection in the fight against terrorism (pp. 1–11).
6. Brussels, Belgium: Commission of the European Communities. Retrieved from http://eur-lex.
7. europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52004DC0702:EN:NOT.
8. GAO. (2004). Critical infrastructure protection: Challenges and efforts to secure control systems (pp. 1–47). Washington, DC: US Government Accountability Office.
9. Thissen, W. A., & Herder, P. M. (2003b). Critical infrastructures: State of the art in research and
10. application. Boston, MA: Kluwer Academic Publishers.
11. Clinton, W. J. (1996). Executive order 13010: Critical infrastructure protection. Federal Register, 61(138), 37345–37350.
12. US Congress. (2001). Uniting and strengthening America by providing appropriate tools required to intercept and obstruct terrorism (USA PATRIOT ACT) Act of 2001 (No. 147) (p. 115 Stat.
13. 271–402). Washington, DC: 107th Congress. Retrieved from http://www.gpo.gov/fdsys/pkg/ PLAW 107publ56/content-detail.html.
14. European CounCISl. (2004). Communication from the commission to the counCISl and the European Parliament: Critical infrastructure protection in the fight against terrorism (pp. 1–11). Brussels, Belgium: Commission of the European Communities. Retrieved from http://eur-lex. europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52004DC0702:EN:NOT.
15. Gheorghe, A. V., Masera, M., Weijnen, M. P. C., & De Vries, J. L. (Eds.). (2006). Critical infrastructures at risk: Securing the European electric power system (Vol. 9). Dordrecht: Springer.
16. ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008)
17. NATO: Tallinn Manual on the International Law Applicable to Cyber Warfare (2013)
18. National Cybersecurity Strategy - Towards A Secure Cyberspace 2020-2023 (2020)
19. Danish Cyber and Information Security Strategy (2022-2024)
20. https://fm.dk/media/25359/national-strategi-for-cyber-og-informationssikkerhed_web-a.pdf
21. NIST Glossary/ NIST SP 800-30 / CNSSI 4009-2015
22. https://csrc.nist.gov/glossary/term/Operational-technology
23. ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems speCISfic to the energy utility industry.
24. IETF RFC449 Internet Security Glossary 2: https://tools.ietf.org/html/rfc4949
25. CounCISl Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
26. UK.: Centre for the Protection of National Infrastructure (CPNI)
27. https://www.cpni.gov.uk/about/cni/
28. RUSSIA: NATIONAL SECURITY OF RUSSIA - Information security (February 3, 2012, № 803)
29. http://www.scrf.gov.ru/documents/6/113.html
30. QATAR National Cyber Security Strategy (May 2014)
31. http://www.ictqatar.qa/ar/cyber-security/national-cyber-security-strategy
32. Australian :Critical Infrastructure Resilience Strategy, 2010
33. https://www.CISsc.gov.au/Documents/Australian+Government+s+Critical+Infrastructure+Resilience+Strategy.pdf
34. Service Public Fédéral Intérieur/Federale Overheidsdienst Binnenlandse Zaken F./N. 2011-1799; C-2011/00399 (2011)
35. Germany FRG. (2009). National strategy for critical infrastructure protection (pp. 1–18). Berlin, Germany:
36. Federal Ministry of the Interior. Retrieved from http://www.bmi.bund.de/cae/servlet/contentblob/598732/publicationFile/34423/kritis_englisch.pdf.
37. Canada: An Emergency Management Framework for Canada (Second Edition)
38. https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-en.aspx (2022)
39. Cuba : Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del CISberespaCISo
40. http://www.cscuba.cu/es/glosario-de-terminos/A (2018)
41. India : workshop presentation by the NATIONAL CRITICAL INFORMATION INFRASTRUCTURE PROTECTION CENTRE (NCISIPC), 2015
42. http://workshop.nkn.in/2015/sources/speakers/sessions/NKN_NCISIPC.pdf
43. Israel : https://ironscales.com/blog-how-machine-learning-can-stop-phishing-attacks-critical-infrastructure/(2023)
44. Japan: The Information Security Policy CounCISl, The Second Action Plan on Information Security Measures for Critical Infrastructures, Japan (2009)
45. Kingdom of Saudi Arabia : Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7(2022)
46. http://www.mCISt.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf
47. Calida, B. Y., & Katina, P. F. (2012). Regional industries as critical infrastructures: A tale of two modern CISties. International Journal of Critical Infrastructures, 8(1), 74–90
48. Krimgold F, Bigger J, Willingham M, Mili L. Power systems, water, transportation and communications lifeline interdependencies, prepared for American lifeline alliance, March. 〈www.americanlifelinesalliance.org〉; 2006.
49. McDaniels T, Chang S, Peterson K, Mikawoz J, Reed D. Empirical framework for characterizing infrastructure failure interdependencies. Journal of Infrastructure Systems 2007;13(3):175–84.
50. McDaniels T, Chang S, Reed DA. Characterizing infrastructure failure interdependencies to inform systemic risk. Wiley Handbook of Science and Technology for Homeland Security 2008:1–16.
51. Conrad SH, LeClaire RJ, O′Reilly GP, Uzunalioglu H. Critical national infrastructure reliability modeling and analysis. Bell Labs Technical Journal 2006;11(3):57–71
52. Zimmerman R. Decision-making and the vulnerability of interdependent critical infrastructure. In: Proceedings of the 2004 IEEE international conference on systems, man and cybernetics; 2004, p. 4059–63
53. Utne IB, Hokstad P, Vatn J. A method for risk modeling of interdependenciesin critical infrastructures. Reliability Engineering and System Safety2011;96:671–8.
54. Kjølle GH, Utne IB, Gjerde O. Risk analysis of critical infrastructures emphasizing electricity supply and terdependencies. Reliability Engineering and System Safety 2012;105:80–9.
55. Basu N, Pryor R, Quint T, Arnold T. ASPEN: a micro-simulation model of the economy. Sandia report. SAND96-2459; 1996
56. Tolone WJ, Wilson D, Raja A, Xiang W, Hao H, Phelps S, et al. Critical infrastructure integration modeling and simulation. Intelligence and Security Informatics Lecture Notes in Computer Science 2004;3073:214–25, http://dx. doi.org/10.1007/978-3-540-25952-7_16
57. Ehlen MA, Scholand AJ. Modeling interdependencies between power and economic sectors using the N-ABLE agent based model. In: Proceedings of the IEEE conference on power systems. San Francisco; July 2005
58. Kelic A, Warren DE, Phillips LR. Cyber and physical infrastructure interdependencies. Sandia report, SAND2008-6192; 2008.
59. Barrett C, Beckman R, Channakeshava K, Huang F, Kumar VSA, Marathe A, et al.. Cascading failures in multiple infrastructures: From transportation to communication network. In: Proceedings of the fifth international CRIS conference on critical infrastructures. Beijing; 2010.
60. Fair JM, LeClaire RJ, Wilson ML, Turk AL, DeLand SM, Powell DR, et l.. An integrated simulation of pandemic influenza evolution, mitigation and infrastructure response. In: Proceedings of the IEEE conference on technologies for homeland security; May 16–17, 2007.
61. Bush B, Dauelsberg L, LeClaire R, Powell D, DeLand S and Samsa M. Critical infrastructure protection decision support system (CIP/DSS) overview. Los Alamos National Laboratory Report LA-UR-05-1870, Los Alamos, NM 87544; 2005
62. Min HJ, Beyeler W, Brown T, Son YJ, Jones AT. Toward modeling and simulation of critical national infrastructure interdependencies. IEEE Transactions 2007;39:57–71.
63. Santella N, Steinberg LJ, Parks K. Decision making for extreme events: modeling critical infrastructure nterdependencies to aid mitigation and response planning. Review of Policy Research 2009;26(4):409–22.
64. Santos JR, Haimes YY. Modeling the demand reduction input–output (I–O) inoperability due to terrorism of interconnected infrastructures. Risk Analysis 2004
65. Pant R, Barker K, Grant FH, Landers TL. Interdependent impacts of interoperability at multi-modal transportation container terminals. Transportation Research Part E 2011;47:722–37.
66. Jung J, Santos JR, Haimes YY. International trade inoperability input–output model (IT-IIM): theory and application. Risk Analysis 2009;29(1):137–53.
67. Crowther KG, Haimes YY. Development of the multiregional inoperability input–output model (MRIIM) for spatial explicitness in preparedness of interdependent regions. Systems Engineering 2010;13(1):28–46.
68. Cagno E, Ambroggi MD, Grande O, Trucco P. Risk analysis of underground infrastructures in urban areas. Reliability Engineering and System Safety 2011;96:139–48.
69. Cavdaroglu B, Mitchell JE, Sharkey TC, Wallace WA. Integrating restoration and scheduling decisions for disrupted interdependent infrastructure systems. Annals of Operations Research 2013;203:279–94.
70. Patterson SA, Apostolakis GE. Identification of critical locations across multiple infrastructures for terrorist actions. Reliability Engineering and System Safety 2007;92:1183–203
71. Eusgeld I, Nan C. Creating a simulation environment for critical infrastructure interdependencies study. In: .Proceedings of the IEEE international.conference on industrial engineering and engineering management (IEEM); 2009, p. 2104–8.
72. Eusgeld I, Nan C, Dietz S. System-of systems approach for interdependent critical infrastructures. Reliability Engineering and System Safety 2011;96:679–86.
73. Cooper, D.R., & Schindler, P.S. (2006). Business Research Methods. McGraw- Hill/Irwin, New York
74. Fisher, E. (2011). What practitioners consider to be the skills and behaviors of an effective people project manager. Int. J. Proj. Manag. 29, 994–1002.
75. Nan Li a,b, , Fei Wang a, Joseph Jonathan Magoua a, Dongping Fang (2022) .Interdependent effects of critical infrastructure systems under different types of disruptions.
76. 2212-4209/© 2022 Elsevier Ltd. All rights reserved. https://doi.org/10.1016/j.ijdrr.2022.103266
77. Fei Wang a, Joseph Jonathan Magoua a, Nan L .(2022) Modeling cascading failure of interdependent critical infrastructure systems using HLA-based co-simulation, 0926-5805/© 2021 Elsevier B.V. All rights reserved.
78. https://doi.org/10.1016/j.autcon.2021.104008
79. Deniz Berfin Karakoc , Kash Barker *, Andr ́es D. Gonz ́alez. (2023). Analyzing the tradeoff between vulnerability and recoverability investments for interdependent infrastructure networks, 0038-0121/© 2023 Elsevier Ltd. All rights reserved. https://doi.org/10.1016/j.seps.2023.101508
80. May Haggag, Mohamed Ezzeldin, Wael El-Dakhakhni and Elkafi Hassini, Resilient cities critical infrastructure interdependence: a meta-research , © 2020 Informa UK Limited, trading as Taylor & Francis Group https://doi.org/10.1080/23789689.2020.179
81. Lee, E., Mitchell, J., & Wallace, W. (2007). Restoration of services in interdependent infrastructure systems: A network flows approach. IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews, 37 (6), 1303–1317. doi:10.1109/TSMCC.2007.905859