ISSN 2516-0087 (Print) ISSN 2516-0095 (Online)
Critical Infrastructure Protection Review Autumn 2017
SYSTEM TRANSFORMATION: THE ANALYSIS OF SMART SYSTEMS IN THE INTEGRATIVE CONTEXT OF RISK, RESILIENCE, AND SUSTAINABILITY ENHANCEMENT OF PUBLIC-PRIVATE PARTNERSHIPS WITHIN CRITICAL INFRASTRUCTURE PROTECTION PROGRAMS RISK MANAGEMENT AND BUSINESS CONTINUITY ASSESSMENT: IMPORTANCE OF CONSIDERING LOGICAL INTERDEPENDENCIES SECURITY CHALLENGES IN THE NHS INDIA’S CRITICAL INFRASTRUCTURE PROTECTION FOR AN INTEGRATED NATIONAL PLAN DEVELOPING SMART CITY RESILIENCE THROUGH CRITICAL FACTORS ANALYSIS CLIMATE CHANGE IMPACTS TO CRITICAL INFRASTRUCTURE
Global Visitors
S : r IS M te r M RO is T F in P te N’ TE y M e M oun ce DO NO urit llac l C eren Y c a ba f KE Se n W Glo Con UK Be ne ism y O ror Da Ter
10,000+
250+ 100+ High-End Countries Exhibitors
Represented
LONDON HOSTS WORLD CLASS INTERNATIONAL SECURITY EVENT TOPICS COVERED: Global Counter Terrorism Protecting Crowded Places Critical National Infrastructure Cyber Security Designing Out Terrorism Major Events & Stadiums Building & Facilities Management Aviation & Borders Transport Security
250+ High-End Exhibitors, 200+ Speakers, 250+ Sessions!
GOVERNMENT AGENCIES & DEPARTMENT ZONE
LIVE DEMONSTRATIONS
NEW CYBER INTELLIGENCE ZONE
Featuring
In association with:
In association with:
Alternatively register a delegate pass to access the high-level Global Counter Terrorism Conference. Readers can save 15% on published rates with discount code UKSEC15
REGISTER FOR A FREE VISITOR PASS NOW N
www.uksecurityexpo.com/cipr
EDITORIAL CONTRIBUTORS
Critical Infrastructure Protection Review Published by Delta Business Media Limited 3rd floor, 207 Regent Street London, W1B 3HH United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com www.criticalinfrastructureprotectionreview.com
ISSN 2516-0087 (Print) ISSN ISSN 2516-0095 (Online)
UPCOMING EVENTS
The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the publisher. While every care has been taken in the preparation of this edition, the publisher is not responsible for such opinions and views or for any inaccuracies in the articles. Š 2017. The entire contents of this publication are protected by copyright. Full details are available from the publisher. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner. criticalinfrastructureprotectionreview.com
3
CONTENTS
CONTENTS
IFC UK SECURITY EXPO 2017 6 FOREWORD
By Ian Fletcher
8
CRITICAL INFRASTRUCTURE PROTECTION AND RESILIENCE AMERICAS 2017
9
SYSTEM TRANSFORMATION: THE ANALYSIS OF SMART SYSTEMS IN THE INTEGRATIVE CONTEXT OF RISK, RESILIENCE, AND SUSTAINABILITY
18
SECURITY & COUNTER TERROR EXPO 2018
19
ENHANCEMENT OF PUBLIC-PRIVATE PARTNERSHIPS WITHIN CRITICAL INFRASTRUCTURE PROTECTION PROGRAMS
28
BEHAVIOURAL ANALYSIS 2018
29
RISK MANAGEMENT AND BUSINESS CONTINUITY ASSESSMENT: IMPORTANCE OF CONSIDERING LOGICAL INTERDEPENDENCIES
36
ENFORCE TAC 2018
37
DO SMART TECHNOLOGIES IMPROVE RESILIENCE OF CRITICAL INFRASTRUCTURES? CHALLENGES, OPPORTUNITIES, PRACTICAL APPLICATIONS
4
By Merja Hoppe and Ralf Mock, Institute of Sustainable Development, Zurich University of Applied Sciences
By Pepijn Vos, researcher and consultant at TNO, Brian Tjemkes, associate professor of Strategy and Organization at VU University Amsterdam, Marieke Klaver, researcher and project manager at TNO, and Duane R. Verner, AICP, program manager within the Global Security Sciences Division at Argonne National Laboratory
By Frédéric Petit, Research Scientist, Risk and Infrastructure Science Center, Global Security Sciences Division, Argonne National Laboratory; Computation Institute, University of Chicago and Lawrence Paul Lewis, Technical Programs Attorney, Risk and Infrastructure Science Center, Global Security Sciences Division, Argonne National Laboratory; Lecturer, Threat and Response Management Program, University of Chicago
By Aleksandar Jovanović, Steinbeis Advanced Risk Technologies & EU-VRi, Stuttgart, Germany and Maike Vollmer, Fraunhofer Institute for Technological Trend Analysis – INT, Euskirchen, Germany
Critical Infrastructure Protection Review - Autumn 2017
CONTENTS
48
EUROSATORY 2018
49
SECURITY CHALLENGES IN THE NHS
54
NATSEC ASIA 2018 - DSA 2018
55
INDIA’S CRITICAL INFRASTRUCTURE PROTECTION – FOR AN INTEGRATED NATIONAL PLAN
61
COUNTER-IED REPORT
62
TRANSPORT SECURITY & SAFETY EXPO 2018
63
DEVELOPING SMART CITY RESILIENCE THROUGH CRITICAL FACTORS ANALYSIS
69
CYBER SECURITY REVIEW
70
ISNR 2018 - INTERNATIONAL EXHIBITION FOR NATIONAL SECURITY & RESILIENCE
71
CLIMATE CHANGE IMPACTS TO CRITICAL INFRASTRUCTURE
76
DELTA BUSINESS MEDIA - PRINT AND ONLINE SPECIALIST PUBLISHER
77
CYBERSECURITY, CYBER WEAPONS AND CYBER-ATTACKS: RESPONSIBILITY AND DIFFERENT REFLECTIONS ON THE SUBJECT
83
CALL FOR PAPERS - CRITICAL INFRASTRUCTURE PROTECTION REVIEW
By Mike Lees MSc DipHEP CSyP FSyI FBCI, Head of Business Security, Barnsley Hospital NHS Foundation Trust
By Colonel H R Naidu Gade - Indian Army Veteran
By Victor R. Morris, civilian contractor and instructor at the U.S. Army Europe’s Joint Multinational Readiness Center (JMRC) in Germany
By Louisa Marie Shakou, Research Associate, Centre for Risk, Safety and Environment, European University of Cyprus
By Rogério Winter, Colonel, Brazilian Army and Rodrigo Ruiz, researcher, CTI - Information Technology Center Renato Archer
criticalinfrastructureprotectionreview.com
5
FOREWORD
FOREWORD By Ian Fletcher
T
he inaugural issue of Critical Infrastructure Protection Review comes at an important time. Recent months have seen a growing awareness of three convergent trends which are sharpening the challenges facing those of us charged with identifying and protecting against the risks and threats facing critical infrastructure around the world. The first of these is the growing awareness of the threat to infrastructure from natural hazards, as weather events grow more extreme, and affect especially the low lying and coastal areas where a large portion of the world’s population lives. The second trend has been convergence among systems, often using the internet as the backbone for system integration, remote management and a kind of operator disintermediation – for example, taking drivers out of cars and miners out of mines, courtesy of as combination of remote control, automation and artificial intelligence. It’s happening in transport, in many services, now retailing, and may extend even to food production in future. The internet and the data ecology and economy it supports is becoming the single ‘system of systems’, providing vital linkages, feedback and control to other, critical infrastructures. 6
Critical Infrastructure Protection Review - Autumn 2017
The third trend is the realisation at a social and political level that these risks are serious, and may well be beyond governments alone to manage. Much of this realisation is focused on cyber and data risks, where ordinary people find themselves exposed, and where governments may be especially ill-equipped to respond effectively. Helpfully, one of the papers in this issue of Critical Infrastructure Protection Review looks at the way public-private partnership arrangements can be organised to help manage risks. It’s an important contribution. There is a human dimension to all this too. I urge you to read the paper in this edition on security provision at Barnsley NHS Hospital for a genuinely moving insight to the human frailties and needs that often depend on critical infrastructures to survive and to thrive. This is an important lesson: protecting critical infrastructures is an intellectually demanding and conceptually challenging task, but it is ultimately a human story, where ordinary people’s needs, and aspirations depend on the systems we describe as critical. The papers in this edition each makes an important, and – taken overall - a balanced contribution to the painstaking task of mapping the way critical infrastructures operate, interact,
FOREWORD
and sometimes fail. Each paper helps fill in some important gap in our knowledge, our thinking and our understanding. Looking ahead, there are some emerging themes which arise from these papers, and which seem likely to shape future analytical work in this field. The first is the consistent application of systems theory and systems thinking to the analyses which underpin work to protect crucial infrastructures. Applying these established tools in a consistent, yet exploratory way is likely to yield very big insights, especially when some of the delayed and non-linear feedback systems being analysed come to be fully appreciated. The second, related theme must be the development of a coherent framework for looking and describing the timescales in critical infrastructure protection. Some systems can fail instantly; others have sufficient built in resilience, or capacity, or physical attributes, to fail over a period of time, or to contain incidents within part of the relevant system. As we come to study the interaction of systems, and the role of the internet as a connective system, a whole-of-discipline framework for considering, and even describing timescales will be a powerful tool. And the final theme is about our ability to respond: the whole study of critical infrastructure protection is purposive: we want the protection we describe to be effective, so the lights stay on, the water works, and ICT systems continue to function. Increasingly, I consider that we will want to develop models to test reaction, response and recovery over complex, interconnected systems. Building the analytical frameworks for such simulations, tests and exercises will be an important step, building on the careful and painstaking work you see in this edition. Let me end by thanking each of the contributors to what is an extremely thoughtful edition. Each of them has put significant time and effort into their papers. ■
ABOUT IAN FLETCHER Ian Fletcher is widely known for his role as Director of the GCSB, where he led the organization through great change between 2012 and 2015, including transforming its legislation and core focus to support for cyber defence initiatives. He is an experienced organizational leader and diplomat, highly regarded for his organizational change management work. Among other roles, Ian is a partner of cyber and physical security consultancy InPhySec. From 2002 to 2004 he was Principal Private Secretary (PPS) to the UK Cabinet Secretary and managed his office. The Cabinet Secretary is Head of the UK Civil Service as well as the Senior Adviser to the Prime Minister and UK Cabinet; Ian’s time there included the Iraq War and its aftermath. Before joining the GCSB Ian was Director General of the Queensland Department of Employment, Economic Development and Innovation from 2009 to 2012. Before this he spent three years as CEO and Comptroller-General of the UK Intellectual Property Office, (ie, the Patent Office). In this capacity he chaired the G8 Group on Intellectual Property and Innovation and established the ‘Vancouver Group’ of UK, US, Canadian and Australian patent offices. Ian Fletcher spent seven years with UK Trade & Investment (UKTI), in two separate periods between 1998 and 2009, culminating in his appointment as Managing Director, International, in 2005. He came to the Cabinet Office after a UN posting in Kosovo, where he managed the Customs Service and established a nascent Department of Trade and Industry, complete with a body of company and insolvency law. Ian joined the UN team in Kosovo from a series of assignments in the UK government and the European Commission working on trade policy, trade promotion and utility regulation. His early career was spent in the New Zealand Diplomatic Service. criticalinfrastructureprotectionreview.com
7
To receive a full version of the Critical Infrastructure Protection Review, please complete the Subscription Form. Please provide a valid corporate, government or academic email address.We reserve the right to refuse to accept any subscription at our discretion. If you have any queries, please email to: editorial@deltabusinessmedia.com
www.criticalinfrastructureprotectionreview.com
Published by Delta Business Media 3rd floor, 207 Regent Street, London, W1B 3HH, United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com