Critical Systems Working Group

The critical systems and networks that constitute the critical infrastructure of society are often taken for granted. We rely on them and may only realize our dependence on them when they fail to deliver their services, and in those cases the consequences could be very serious.

Today, the systems are automated and interlinked through computers and communication facilities and the trend shows an increase of both automation and linkage. We expect the future to increase the interdependencies between different critical infrastructures, leading to a complex "mesh of systems". We realize that having systems linked improves their efficiency and adds new capabilities to them, something that makes them more competitive. On the other hand, the interlinked capabilities also render the systems much more vulnerable to disruption and attack. The possible attack vectors and possibilities for harmful influence are multiplied and the detrimental effect of a service disruption is increased.

In fact, the cascading effects between several systems might lead to a global outage, affecting systems and networks even in seemingly unrelated sectors. If such cascading effects cannot be contained, they will directly influence both the economy of society and the physical safety of its citizens.

Goals

The goals of this working group are:

1. to identify and discuss future and emerging threats to those critical systems that society in general depends upon. Threats may be technical, but also e.g. societal or natural.
2. to try identifying appropriate ways and developments to counter the identified threats.
3. to network and coordinate the efforts between players in academia and industry that are active in these areas.
4. to inform and influence decision makers about the results of our activities, something that should help them initiate necessary action to thwart the identified threats.
5. to prepare a chapter in a white book that highlights the most important threats in this area. This text will contain clear recommendations for policymakers to address the identified challenges.
6. to facilitate the creation of a roadmap for research in the identified areas.

Scope

In this working group, we discuss society's dependence of critical infrastructures in general and the consequences of disruption of the services from these infrastructures. We try to identify the possible reasons for such disruption and how to prevent it, i.e. to guarantee that the critical services are continually and correctly delivered. We do not address critical systems that are stand-alone, i.e. not connected to any network or communicating with any other entity. In this working group, we discuss all threats in smart environments. This includes threats to the users, to organizations, and possibly the larger impact to society. The following list enumerates the topics that are in scope. Moreover, it provides exemplary questions that belong to these different topics.

The following list provides issues and questions that are within scope of the working group

• Which are the concrete threats to Critical Systems?
• In particular, how do we deal with terrorsit action?
• How should we cope with cascading effects between different systems?
• Internet is by far the most critical system in society. The implications of this must be investigated.
• What kind of data can we gather that would help us draw the right conclusions?
• Critical infrastucture protection is not only technical. There are important issues that are related to issues such as cooperation between authorities, information dissemination, preparation and training with the aid of scenarios as well as planning for recovery action.

Mechanisms

This section describes the way in which the working group attempts to achieve the goals outlined in Section I. We envision four mechanisms to achieve the outlined goals:

1. First, we have two mailing lists. One mailing list is public and allows participants to exchange ideas about possible future threats, to point out an emerging threat that starts to manifest in the wild, and to provide pointers to material (publications, presentations, events) that is related to the addressed areas. This mailing list is public, that is, anyone is invited to join and express her opinion. Of course, the mailing list owner (the consortium) moderates the list to prevent spam or postings that are unrelated to the topic.

   The second mailing list is private and provides access only to trusted, vetted members. Initially, the list members are the participants of the first Forward workshop that expressed interest in this working group. Any list member can suggest new members. The approval of a new addition to the list requires the positive recommendation of at least two other list members. Also, the existing list members can voice qualified objections against the approval of a new member. This list is closed because it serves as a platform to exchange data that is more sensitive in nature, e.g. information about novel threats that are not known to a larger audience yet.

2. In addition to the mid-term working group meeting, there are regular telephone conferences in which participants can directly engage in lively discussions. Email correspondence and use of common working areas will be the most common way of interacting between group members. If need be the working group can temporarily be split into sub-groups to discuss specific topics.

3. Third, the working group maintains an open, living document that captures the discussions in the mailing lists and telephone meetings. This document is actively maintained by the members of the consortium. It provides a first structure of the topics that are relevant for the working group. It also contains questions that the are identified as important and should be addressed.

4. Fourth, the working group members will maintain an active dialogue with other researchers, industrialists and members of appropriate authorities, both in order to get input to the project and to test and discuss intermediate results. We shall also keep contact with other relevant EU projects, e.g. Think-Trust.