Title: A decision support tool for optimal configuration of critical infrastructures

Authors: Andrea Tortorelli; Andrea Fiaschetti; Roberto Germanà; Alessandro Giuseppi; Vincenzo Suraci; Andrea Andreani; Francesco Delli Priscoli

Addresses: Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy; Università degli Studi eCampus, Via Isimbardi 10, 22060, Novedrate (CO), Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy

Abstract: In this work, a decision support system aimed at suggesting to critical infrastructure (CI) operators the optimal configuration in terms of deployed security functions Ali ties is presented. Two specific problems have been addressed: the security evaluation problem and the security configuration computation problem. Concerning the former problem, the framework provided by the Open Source Security Testing Methodology Manual (OSSTMM) has been retained and extended to capture innovative security features providing CI operators with a holistic insight on the system security level. Concerning the latter problem, the DSS has been provided with an optimisation framework based on a genetic algorithm (GA) for exploring the solution space; in this respect, three different implementations of the adopted GA have been developed and evaluated in realistic operation scenarios. Finally, the outputs of the DSS have been validated from a security point of view.

Keywords: critical infrastructures; cyber-physical security; decision support systems; DSSs; genetic algorithms.

DOI: 10.1504/IJCIS.2022.123415

International Journal of Critical Infrastructures, 2022 Vol.18 No.2, pp.105 - 127

Received: 15 May 2020
Accepted: 04 Aug 2020

Published online: 20 Jun 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article