Effectiveness of security measures, BAS5- Critical infrastructure protection

Project title BAS5-Critical Information Infrastructure Protection
Project type The project is managed by FFI (www.ffi.no). HIG is a BAS5 project partner, focusing on developing new knowledge relating to the effectiveness of security measures. (HIG43704; NFR16436)
Duration  
Effort 1 PhD student
Primary contact Professor Einar Snekkenes
Staff Janne Hagen
Project web page Living site
Project summary

The complexity related to information and communication technology (ICT) vulnerability poses serious challenges to system operators. Unless these challenges are met, the vulnerabilities may lead to a serious disruption in for instance energy supply, provision of telecommunication services, traffic management, money transfer or emergency services. This will cause severe problems for society as a whole.

The principal objective of the project is to develop methodology and analyse the vulnerabilities in those infrastructures that depend on information and communication technology (ICT). The focus will be on systems and infrastructures critical to modern society. The project will also recommend a wide range of measures to reduce vulnerabilities, based on a ranking of their cost effectiveness.

Developing a methodology to analyse these vulnerabilities is a daunting task. Two aspects are especially important. First, there is a need to analyse the current status of vulnerabilities and existing protection measures. This includes a wide range of problems related to organisational, human and technological issues, and must be related to future technology trends in various sectors. Second, measures to reduce vulnerabilities must be identified, and their potential contribution to increasing robustness must be calculated. The project’s main R&D challenge is to develop a methodology and address these problems in a comprehensive way, taking into account a wide variety of potential threats and directing particular focus on potential high impact threats.

The target audience for the results of the project consists of national authorities who must identify their role in the protection of critical ICT-systems, and of system owners and operators for use in their planning and operations.

Principal objectives and subgoals The principal objective of the BAS5 project is to develop a methodology and analyse the vulnerabilities in those infrastructures that depend on information and communication technology (ICT). A particular focus will be on systems and infrastructures critical to modern society. The project will recommend a wide range of measures aimed at reducing possible vulnerabilities, based on a ranking of their cost efficiency. This will strengthen the Norwegian authorities’ ability to protect critical ICT systems. Within the project, HIG is focusing on the subgoal: * Produce and apply a methodology to rank measures aimed at reducing vulnerabilities, based on a cost effectiveness analysis approach