Title: A decision support tool for optimal configuration of critical infrastructures
Authors: Andrea Tortorelli; Andrea Fiaschetti; Roberto Germanà; Alessandro Giuseppi; Vincenzo Suraci; Andrea Andreani; Francesco Delli Priscoli
Addresses: Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy; Università degli Studi eCampus, Via Isimbardi 10, 22060, Novedrate (CO), Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy ' Department of Computer, Control and Management Engineering (DIAG), 'Antonio Ruberti' of the Sapienza University of Rome, Via Ariosto 25, 00185 Rome, Italy
Abstract: In this work, a decision support system aimed at suggesting to critical infrastructure (CI) operators the optimal configuration in terms of deployed security functions Ali ties is presented. Two specific problems have been addressed: the security evaluation problem and the security configuration computation problem. Concerning the former problem, the framework provided by the Open Source Security Testing Methodology Manual (OSSTMM) has been retained and extended to capture innovative security features providing CI operators with a holistic insight on the system security level. Concerning the latter problem, the DSS has been provided with an optimisation framework based on a genetic algorithm (GA) for exploring the solution space; in this respect, three different implementations of the adopted GA have been developed and evaluated in realistic operation scenarios. Finally, the outputs of the DSS have been validated from a security point of view.
Keywords: critical infrastructures; cyber-physical security; decision support systems; DSSs; genetic algorithms.
DOI: 10.1504/IJCIS.2022.123415
International Journal of Critical Infrastructures, 2022 Vol.18 No.2, pp.105 - 127
Received: 15 May 2020
Accepted: 04 Aug 2020
Published online: 20 Jun 2022 *