CITI Fault Report Classification and Encoding for Vulnerability and Risk Assessment of Interconnected Infrastructures
Hafiz Abdur Rahman ; Konstantin Beznosov
26 October 2005
Abstract: Effective functionalities of many of the critical infrastructures depend on Communication and Information Technology Infrastructure (CITI). As such, any fault in CITI can disrupt the operation of these infrastructures. Understanding the origin of these faults, their propagation pattern and their impact on other infrastructures can be very valuable for secure and reliable infrastructures design and operation. However, up to now there is no well-defined technique to comprehend these interinfrastructure fault scenarios. Public domain CITI fault reports can serve as a useful source to identify vulnerability patterns and impact of those vulnerabilities on other infrastructures. But, as most of these reports are unstructured description of fault events, this make their use limited and ineffective for formal research. Until now, not much work was done to methodically classify and interpret these reports. However, such classification could give infrastructure research community huge benefit to explore this massive amount of open source information. In this paper, we propose a classification method and a report layout format, which will enable meaningful analysis of these fault reports and will enable selective query and filtering when kept in a database. We have demonstrated our method by classifying and analyzing some of those reports and have explained the results in the context of interdependency research.
Keyword(s): Security of Critical Infrastructures ; JIIRP ; CITI ; infrastructure interdependcies
Published in: Hafiz Abdur Rahman, Konstantin Beznosov, "CITI Fault Report Classification and Encoding for Vulnerability and Risk Assessment of Interconnected Infrastructures," Laboratory for Education and Research in Secure Systems Engineering, Vancouver, B.C., Canada, University of British Columbia, technical report LERSSE-TR-2005-03, 4 October, 2005, pp.40.: