research-article

The DYNABIC approach to resilience of critical infrastructures

Authors:

Jean-Yves Tigli,

Stéphane Lavirotte,

Wissam Mallouli,

Ana Rosa CavalliAuthors Info & Claims

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

Article No.: 136, Pages 1 - 8

https://doi.org/10.1145/3600160.3605055

Published: 29 August 2023 Publication History

Abstract

With increasing interdependencies and evolving threats, maintaining operational continuity in critical systems has become a significant challenge. This paper presents the DYNABIC (Dynamic business continuity of critical infrastructures on top of adaptive multi-level cybersecurity) approach as a comprehensive framework to enhance the resilience of critical infrastructures. The DYNABIC approach provides the resilience enhancement through dynamic adaptation, automated response, collaboration, risk assessment, and continuous improvement. By fostering a proactive and collaborative approach to resilience, the DYNABIC framework empowers critical infrastructure sectors to effectively mitigate disruptions and recover from incidents. The paper explores the key components and architecture of the DYNABIC approach and highlights its potential to strengthen the resilience of critical infrastructures using the concept of Digital Twins in the face of evolving threats and complex operating environments involving cascading effects.

References

[1]

Mehdi Amoui, Mazeiar Salehie, Siavash Mirarab, and Ladan Tahvildari. 2008. Adaptive action selection in autonomic software using reinforcement learning. In Fourth International Conference on Autonomic and Autonomous Systems (ICAS’08). IEEE, 175–181.

Digital Library

[2]

Richard Baskerville, Paolo Spagnoletti, and Jongwoo Kim. 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information & management 51, 1 (2014), 138–151.

[3]

CM Colson, MH Nehrir, and RW Gunderson. 2011. Distributed multi-agent microgrids: a decentralized approach to resilient power system self-healing. In 2011 4th International Symposium on Resilient Control Systems. IEEE, 83–88.

[4]

Cisco Csirt. [n. d.]. Welcome to GOSINT’s documentation! — gosint 0.0.1 documentation. https://gosint.readthedocs.io/en/latest/. Accessed: 2023-5-24.

[5]

Rustem Dautov and Hui Song. 2023. Context-Aware Digital Twins to Support Software Management at the Edge. In Research Challenges in Information Science: Information Science and the Connected World, Selmin Nurcan, Andreas L. Opdahl, Haralambos Mouratidis, and Aggeliki Tsohou (Eds.). Springer Nature Switzerland, Cham, 239–255.

[6]

Alex de Ruijter and Frank Guldenmund. 2016. The bowtie method: A review. Safety science 88 (2016), 211–218.

[7]

European Commission. 2022. EUR-Lex - 32022L2555 - EN - EUR-Lex. https://eur-lex.europa.eu/eli/dir/2022/2555. Accessed: 2023-5-24.

[8]

European Commission. 2022. EUR-Lex - 32022L2557 - EN - EUR-Lex. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022L2557. Accessed: 2023-5-19.

[9]

Nicolas Ferry, Jacek Dominiak, Anne Gallon, Elena González, Eider Iturbe, Stéphane Lavirotte, Saturnino Martinez, Andreas Metzger, Victor Muntés-Mulero, Phu H. Nguyen, Alexander Palm, Angel Rego, Erkuden Rios, Diego Riviera, Arnor Solberg, Hui Song, Jean-Yves Tigli, and Thierry Winter. 2020. Development and Operation of Trustworthy Smart IoT Systems: The ENACT Framework. In Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment, Jean-Michel Bruel, Manuel Mazzara, and Bertrand Meyer (Eds.). Springer International Publishing, Cham, 121–138.

[10]

Nicolas Ferry, Phu Nguyen, Hui Song, Pierre-Emmanuel Novac, Stéphane Lavirotte, Jean-Yves Tigli, and Arnor Solberg. 2019. GeneSIS: Continuous Orchestration and Deployment of Smart IoT Systems. In 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. 870–875. https://doi.org/10.1109/COMPSAC.2019.00127

[11]

Nicolas Ferry, Phu H. Nguyen, Hui Song, Erkuden Rios, Eider Iturbe, Satur Martinez, and Angel Rego. 2020. Continuous Deployment of Trustworthy Smart IoT Systems. Journal of Object Technology 19, 2 (July 2020), 16:1–23. https://doi.org/10.5381/jot.2020.19.2.a16 The 16th European Conference on Modelling Foundations and Applications (ECMFA 2020).

[12]

Filigran. 2022. Filigran - OpenCTI - Open platform for cyber threat intelligence. https://www.filigran.io/en/solutions/products/opencti/. Accessed: 2023-5-24.

[13]

Francesco Flammini. 2021. Digital twins as run-time predictive models for the resilience of cyber-physical systems: a conceptual framework. Philosophical Transactions of the Royal Society A 379, 2207 (2021), 20200369.

[14]

Michael Haus, Muhammad Waqas, Aaron Yi Ding, Yong Li, Sasu Tarkoma, and Jörg Ott. 2017. Security and privacy in device-to-device (D2D) communication: A review. IEEE Communications Surveys & Tutorials 19, 2 (2017), 1054–1079.

Digital Library

[15]

Seyedmohsen Hosseini, Kash Barker, and Jose E Ramirez-Marquez. 2016. A review of definitions and measures of system resilience. Reliability Engineering & System Safety 145 (2016), 47–61.

[16]

Dmitry Ivanov and Alexandre Dolgui. 2021. A digital supply chain twin for managing the disruption risks and resilience in the era of Industry 4.0. Production Planning & Control 32, 9 (2021), 775–788.

[17]

Adnan Khan, Martin Dahl, Petter Falkman, and Martin Fabian. 2018. Digital twin for legacy systems: Simulation model testing and validation. In 2018 IEEE 14th International Conference on Automation Science and Engineering (CASE). IEEE, 421–426.

Digital Library

[18]

Zhiyi Li, Mohammad Shahidehpour, Farrokh Aminifar, Ahmed Alabdulwahab, and Yusuf Al-Turki. 2017. Networked microgrids for enhancing the power system resilience. Proc. IEEE 105, 7 (2017), 1289–1310.

[19]

Mass Soldal Lund, Bjørnar Solhaug, and Ketil Stølen. 2010. Model-driven risk analysis: the CORAS approach. Springer Science & Business Media.

Digital Library

[20]

Azad M Madni, Carla C Madni, and Scott D Lucero. 2019. Leveraging digital twin technology in model-based systems engineering. Systems 7, 1 (2019), 7.

[21]

Quan Mao and Nan Li. 2018. Assessment of the impact of interdependencies on the resilience of networked critical infrastructure systems. Natural hazards 93 (2018), 315–337.

[22]

John Mern, Kyle Hatch, Ryan Silva, Jeff Brush, and Mykel J Kochenderfer. 2021. Reinforcement learning for industrial control network cyber security orchestration. arXiv preprint arXiv:2106.05332 (2021).

[23]

Andreas Metzger. 2022. Data quality issues in online reinforcement learning for self-adaptive systems (keynote). In Proceedings of the 2nd International Workshop on Software Engineering and AI for Data Quality in Cyber-Physical Systems/Internet of Things. 1–1.

Digital Library

[24]

MISP. [n. d.]. MISP open source Threat Intelligence platform & open standards for threat information sharing. https://www.misp-project.org/. Accessed: 2023-5-24.

[25]

Talha Ongun, Simona Boboila, Alina Oprea, Tina Eliassi-Rad, Alastair Nottingham, Jason Hiser, and Jack Davidson. 2021. Collaborative information sharing for ml-based threat detection. arXiv preprint arXiv:2104.11636 (2021).

[26]

OWASP. [n. d.]. OWASP Risk Rating Methodology. https://owasp.org/www-community/OWASP_Risk_Rating_Methodology. Accessed: 2023-5-24.

[27]

Ali Pala and Jun Zhuang. 2019. Information sharing in cybersecurity: A review. Decision Analysis 16, 3 (2019), 172–196.

Digital Library

[28]

Jacopo Parri, Fulvio Patara, Samuele Sampietro, and Enrico Vicario. 2021. A framework for model-driven engineering of resilient software-controlled systems. Computing 103, 4 (2021), 589–612.

Digital Library

[29]

Qianzhe Qiao, Jinjiang Wang, Lunkuan Ye, and Robert X Gao. 2019. Digital twin for machining tool condition prediction. Procedia CIRP 81 (2019), 1388–1393.

[30]

Yuanqing Qin, Qi Zhang, Chunjie Zhou, and Naixue Xiong. 2018. A risk-based dynamic decision-making approach for cybersecurity protection in industrial control systems. IEEE Transactions on Systems, Man, and Cybernetics: Systems 50, 10 (2018), 3863–3870.

[31]

Mahshid Rahnamay-Naeini and Majeed M Hayat. 2016. Cascading failures in interdependent infrastructures: An interdependent Markov-chain approach. IEEE Transactions on Smart Grid 7, 4 (2016), 1997–2006.

[32]

Habibollah Raoufi, Vahid Vahidinasab, and Kamyar Mehran. 2020. Power systems resilience metrics: A comprehensive review of challenges and outlook. Sustainability 12, 22 (2020), 9698.

[33]

Erkuden Rios, Angel Rego, Eider Iturbe, Marivi Higuero, and Xabier Larrucea. 2020. Continuous quantitative risk management in smart grids using attack defense trees. Sensors 20, 16 (2020), 4404.

[34]

Mazeiar Salehie and Ladan Tahvildari. 2009. Self-adaptive software: Landscape and research challenges. ACM transactions on autonomous and adaptive systems (TAAS) 4, 2 (2009), 1–42.

[35]

Stefan Schauer, Thomas Grafenauer, Sandra König, Manuel Warum, and Stefan Rass. 2020. Estimating cascading effects in cyber-physical critical infrastructures. In Critical Information Infrastructures Security: 14th International Conference, CRITIS 2019, Linköping, Sweden, September 23–25, 2019, Revised Selected Papers 14. Springer, 43–56.

Digital Library

[36]

Diomidis H Stamatis. 2003. Failure mode and effect analysis: FMEA from theory to execution. Quality Press.

[37]

Nallan C Suresh, G Lawrence Sanders, and Michael J Braunscheidel. 2020. Business continuity management for supply chains facing catastrophic events. IEEE Engineering Management Review 48, 3 (2020), 129–138.

[38]

Jean-Paul Watson, Ross Guttromson, Cesar Silva-Monroy, Robert Jeffers, Katherine Jones, James Ellison, Charles Rath, Jared Gearhart, Dean Jones, Tom Corbet, 2014. Conceptual framework for developing resilience metrics for the electricity oil and gas sectors in the United States. Sandia national laboratories, albuquerque, nm (united states), tech. rep (2014).

[39]

Tianqi Zhao, Wei Zhang, Haiyan Zhao, and Zhi Jin. 2017. A reinforcement learning-based framework for the generation and evolution of adaptation rules. In 2017 IEEE International Conference on Autonomic Computing (ICAC). IEEE, 103–112.

Cited By

Rajamäki JJarzemski DKucera JNyman VPura IVirtanen JHerlevi MKarlsson L(2024)Implications of GDPR and NIS2 for Cyber Threat Intelligence Exchange in HospitalsWSEAS TRANSACTIONS ON COMPUTERS10.37394/23205.2024.23.123(1-11)Online publication date: 1-Apr-2024
https://doi.org/10.37394/23205.2024.23.1
Nguyen PDautov RSong HRego AIturbe ERios ESagasti DNicolas GValdés VMallouli WCavalli AFerry N(2023)Towards Smarter Security Orchestration and Automatic Response for CPS and IoT2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom59040.2023.00055(298-302)Online publication date: 4-Dec-2023
https://doi.org/10.1109/CloudCom59040.2023.00055

Index Terms

The DYNABIC approach to resilience of critical infrastructures
1. Information systems
  1. Information systems applications
    1. Decision support systems
2. Security and privacy
  1. Systems security
    1. Distributed systems security

Recommendations

PRAETORIAN: A Framework for the Protection of Critical Infrastructures from advanced Combined Cyber and Physical Threats
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

Combined cyber and physical attacks on Critical Infrastructures have disastrous consequences on economies and in social well-being. Protection and resilience of CIs under combined attacks is challenging due to their complexity, reliance on ICT systems ...
Vulnerability Assessment for Critical Infrastructure Control Systems

Assessing security in critical control systems is a particular task that can have dangerous real-world consequences if done poorly or according to more traditional security assessments. In 2006, the North American Electric Reliability Corporation ...
Critical Infrastructures: IT Security and Threats from Private Sector Ownership

The critical infrastructures of industrialized countries depend on an interconnected “system of systems” that physically spans the globe and exists virtually everywhere. Often, the governments and industries responsible for the critical infrastructures ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

August 2023

1440 pages

ISBN:9798400707728

DOI:10.1145/3600160

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

European Commission

Conference

ARES 2023

ARES 2023: The 18th International Conference on Availability, Reliability and Security

August 29 - September 1, 2023

Benevento, Italy

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
101
Total Downloads

Downloads (Last 12 months)91
Downloads (Last 6 weeks)5

Reflects downloads up to 14 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rajamäki JJarzemski DKucera JNyman VPura IVirtanen JHerlevi MKarlsson L(2024)Implications of GDPR and NIS2 for Cyber Threat Intelligence Exchange in HospitalsWSEAS TRANSACTIONS ON COMPUTERS10.37394/23205.2024.23.123(1-11)Online publication date: 1-Apr-2024
https://doi.org/10.37394/23205.2024.23.1
Nguyen PDautov RSong HRego AIturbe ERios ESagasti DNicolas GValdés VMallouli WCavalli AFerry N(2023)Towards Smarter Security Orchestration and Automatic Response for CPS and IoT2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom59040.2023.00055(298-302)Online publication date: 4-Dec-2023
https://doi.org/10.1109/CloudCom59040.2023.00055

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents