CRICTISIM, the Critical Infrastructure Protection Project, is brought to completion

The CRICTISIM project comes under the CIPS program of the European Commission’s Directorate General of Home Affairs. Its main objective is to study the behaviour of the information systems of critical infrastructure, detecting the critical points and vulnerabilities to head off any attacks. Critical infrastructure is continually exposed to diverse threats. This infrastructure is crucial for our socio-economic development and sustainability, so the consequences would be particularly grave if it ever came under concerted attack or failed in any way.

The project consortium has developed a methodology for evaluating the Critical ICT Infrastructure (CII) by calculating its availability, maintainability and reliability and assessing the impact of infrastructure modifications in each of these parameters, using a simulation tool to do so. This methodology, called MIMICS (Modeling Infrastructure Method for ICT Critical Systems) based on RAMS (Reliability, Availability, Maintainability and Safety) has been enhanced to include hardware, software, processes and operational procedures, IT security, network and contingency events. Work has also begun on drawing up a set of templates with pre-designed models of common CIIs, to make the whole methodology much easier to apply.

For the six areas under evaluation MIMICS has been designed to analyze the inter-dependencies of each component in relation to the rest. Stress scenarios can also be simulated to test infrastructure resilience in any specific aspect.

The use of MIMICS and IRIS (IT RAMS Infrastructure Simulator) for critical healthcare infrastructure would allow managers to set up test drills of stress situations that would otherwise be impossible to simulate.

Based on simulation results, a specific and statistical numerical base has been drawn up covering, for example, the following terms: data center redundancy, the communications network, the commissioning processes of new software versions and operational processes.

We are convinced that certain aspects of the design and operation of critical infrastructure are eminently improvable. Examples might be the service-managing software applications, the implemented controls, the performance of the human resources and analysis of the impact of contingency situations.

The analysis unearthed a base problem. Up to now the analysis had been made on a piecemeal, area-by-area approach without allowing for their interdependencies. The CRICITISIM consortium (GMV, Isdefe, CTTI and CNPIC) is going down a different road, specifically designed to protect ICT infrastructure, boost critical-infrastructure resilience and pave the way for compliance with future requisites.

For this very reason the MIMICS methodology and the simulation environment will continue to be developed even after the CRICTISIM project has been completed. Over the next few months, based on the feedback from current results, GMV will increase the levels of customization, enhance precision and add on new functions.

The results of this project have been possible thanks to the participation of the consortium members ISDEFE, CNPIC, CTTI and GMV, as well as the collaboration of other organizations like the Medical Emergencies system (Sistema de Emergencias Médicas) of the Generalitat de Catalunya.
 

This project has been financed with the support of the Prevention, Preparedness and Consequence Management of Terrorism and Other Security-Related Risks programme of the European Commission – Directorate General Home Affairs". This publication [communication] is the exclusive responsibility of the author and the Commission does not hold itself accountable for such use as might be made of the information it contains