Real-Time Security Monitoring of Interdependent Services in Critical Infrastructures. Case study of a Risk-Based Approach

In today’s world, where most of the critical infrastructures (CIs) are based on distributed systems, security failures have become very common, even within large corporations. The critical infrastructures are tightly interconnected, mutually dependent, and are exposed everyday to new risks. These (inter)dependencies generate potential cascading effects that may spread a malfunction or an attack from one part of the system to another dependent infrastructure. In this paper, we propose a risk-based methodology that aims to monitor interdependent services based on generic risks and assurance levels using the classical security properties: confidentiality, integrity and availability (C,I,A). This allows to determine the security state of a critical infrastructure service, taking it’s dependencies to other services into account. Furthermore, our approach allows to monitor the system state on-line during system operation. Monitoring of the security state of a service helps to determine the quality of the provided service (QoS) and allows each CI provider to react and adopt the best behaviour corresponding to the security status of its different services.