GMV is collaborating with the EU to protect information systems in critical infrastructure

Our security is under constant threat nowadays. Certain services and infrastructure are crucial for our socio-economic development and sustainability and would lead to particularly grave consequences if they ever came under concerted attack.

The National Plan for the Protection of Critical Infrastructure defines critical infrastructure as follows: “Those facilities, networks, technical and physical equipment and services and information technology whose interruption or destruction would have a major impact on health, security or the economic welfare of the public or the functioning of the state institutions and public authorities”. These systems have therefore been targeted by terrorists or even military foes.

CRICTISIM (Critical ICT Infrastructure Simulation of Interdependency Models) is a project that kicked off in June 2010 as part of the CIPS program of the European Commission’s Directorate General of Home Affairs. The GMV-led project also involves the participation of the Information Technologies and Telecommunications Center (CTTI) of the Regional Government of Catalunya (Generalitat de Catalunya), Systems Engineering for the Defense of Spain (ISDEFE) and the National Center for the Protection of Critical Infrastructure (CNPIC). Its main objective is to establish a common framework for studying the behaviour of the information systems of critical infrastructure, detect the critical points and head off any attacks.

CRICTISIM has the following objectives: analysis and detection of critical points in the analyzed infrastructure, analysis and design of CIIs (Critical ICT Infrastructure); architecture modeling; analysis of the CII-associated processes; evaluation of the dependencies between components and their impact on the global system; determination of top priority actions to improve reliability and security; scenario drills and evaluation, stress tests and identifying areas of improvement for tools, working frameworks and procedures.

The project applies security techniques that have been well developed elsewhere, such as the RAMS methodology (Reliability Availability, Maintainability, Safety), traditionally used in the aerospace and defense sectors, combining them with new CII-simulation techniques through interdependent models. The RAMS model consists of a set of practices, procedures and methodologies, based on mathematical probability concepts and statistics and designed for analyzing, classifying and eliminating (or mitigating) faults and their consequences.

To test and evaluate the project a drill will be conducted on infrastructure run by the Information Technologies and Telecommunications Center of the Generalitat de Catalunya.

GMV has a long and proven track record in applying the RAMS methodology in various fields, including ICTs, and also on critical ICT infrastructure (CII). Two successful projects in this field are the application of RAMS for the Galileo and EGNOS projects

This project has been funded with the support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs”. This communication reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein.