mit communication & risk management language workshop - middleware improved technology for...
DESCRIPTION
IRRIIS Distribution Systems Clients Transmission System Generators Qualified Clients IPP Trading Companies Market Operator System Operator Private Communications Network Public Communications Network Source: Antoni Diu Masferrer, Aplicaciones en Informática Avanzada, Spain Example: Dependency of Electricity on TelecommunicationTRANSCRIPT
IRRIIS- FP6-2005–IST-4
EC - LOGO
MIT Communication &Risk Management LanguageWorkshop -Middleware Improved Technology for Interdependent Critical Infrastructures 8 February 2007, Rome
Felix Flentge
IRRIIS
MIT Communication
Need of Communication Concepts for Communication Example Internal Processes Risk Management Language Summary
IRRIIS
Distribution Systems ClientsTransmission System
Generators QualifiedClientsIPP Trading
CompaniesMarketOperat
or
SystemOperator
Private Communications Network
Public Communications NetworkSource: Antoni Diu Masferrer, Aplicaciones en Informática Avanzada, Spain
Example: Dependency ofElectricity on Telecommunication
IRRIIS
Distribution Systems ClientsTransmission System
Generators QualifiedClientsIPP Trading
CompaniesMarketOperat
or
SystemOperator
Private Communications Network
Public Communications NetworkSource: Antoni Diu Masferrer, Aplicaciones en Informática Avanzada, Spain
Example: Dependency ofElectricity on Telecommunication
Communication within the electricpower infrastructureEven more communication ???
IRRIIS
Need for Communication
Recommendation #4 „Information Sharing“:Member States and the Private Sector should establishformal means for sharing information that can improve the protection and rapid restoration of infrastructure critical to the reliability of communications within and throughout Europe.Source: Study on Availability and Robustness of Electronic Communications Infrastructures
MIT Communication as bottom up approach for information sharing.
IRRIIS
Need for Communication Within the same sector communication between
different actors exist (e.g. UCTE information highway)
Usually, between different sectors even between dependent actors no (formal) communication exists
IRRIIS
First Use Cases
Distribution System Operator Qualified Client Electricity– Information about a possible outage– Negotiation about time or place
Mobile or Fixed Telecommunication Qualified Client Telecommunication– Information about a degradation of a telecommunication
service ???
IRRIIS
Concepts:Implementation – Service - Effect
Eff
ect
Serv
ice
Impl
emen
t. Infrastructure physical
cyber
human / management
ProductsFor example:
delivery of electricity
provision of communication
Effects (internal) monetary
image
…
Complex Structures Confidential Information Modells are available
Manageable Number Public Information Definitions are available
Measures / Models exist Confidential Information Procedures are available
IRRIIS
Concepts:Implementation – Service - Effect
Eff
ect
Serv
ice
Impl
emen
t. Infrastructure physical
cyber
human / management
ProductsFor example:
delivery of electricity
provision of communication
Effects (internal) monetary
image
…
Eff
ect
Serv
ice
Impl
emen
t.Infrastructure physical
cyber
human / management
ProductsFor example:
delivery of electricity
provision of communication
Effects (internal) monetary
image
…
Provision of a serviceService Level Agreement
Communication
IRRIIS
Risk Management Language
Different sectors speak different languages Common language is needed
IEC 61850 ???
IRRIIS
Risk Management Language
Risk Management Language XML based Extensible, open design Independent from specific ways of communication
RMLservice A, QoS
!!!
IRRIIS
Information & NegotiationService Providerprovides service A RML Service Consumer
consume service A
internal process
internal processrisk risk „50% prob. of failure for A
at time X and place Y“
proposal proposal „Preference to have failureat place Z.“
accept accept„Proposal accepted“
InfoN
egotiation
InfoN
egotiation
IRRIIS
Example:DSO – Telco communication
DSO Rome Telco; ServiceInfoService power supply, 19.00-23.00, Rome West, probability 1.0,
inoperability 1.0
The DSO of Rome informs a telecommunicationcompany of a planned outage.
IRRIIS
Example:DSO – Telco communication
Telco DSO Rome; ServiceNegotiationProposal 1, priority 1 Suggestion: Service power supply, 19.00-23.00, Rome South,
inoperability 1.0
Suggestion: Service power supply, 19.00-23.00, Rome West, inoperability 0
Proposal 2, priority 2 Suggestion: Service power supply, 19.00-21.00, Rome West,
inoperability 0 Suggestion: Service power supply, 21.00-01.00, Rome West,
inoperability 1
IRRIIS
Example:DSO – Telco communication
DSO Rome Telco; ServiceNegotiationProposal 1
rejectProposal 2
accept
The DSO accepts to change the time.
IRRIIS
Example:DSO – Telco communication
DSO Rome Telco; ServiceInfoService power supply, 21.00-01.00, Rome West, probability 1.0,
inoperability 1.0
A new info message with the change time is send.
IRRIIS
Generation of Info Messages
Other Risk Indicators
time, weather, current load, maintenance,
etc.
Service Risk Indicators
risk service A, risk service B, etc.
Risk EstimationEstimates risk of failure for services / components.
RMLMessages
InternalRisk
Assessment
Risk Evaluation & TranslationEvaluates the internal risk assessment and generates RML messages.
Risk Communication & FilteringFilters risks and sends RML messages to the relevant parties.
Infra-structure
Model
HistoricalData
OtherCompanies
SubscriptionReceives risk information concerning the services the infrastructure is depedent on.
Risk MitigationFind measures to reduce the risk or to limit the effects.
Mitigation Actions
IRRIIS
Generation of Negotiation Msg.
Proposal Accept / Reject
Answes to prior proposals
Service Risk Indicators
risk service A, risk service B, etc.
Risk EstimationEstimates risk of failure for services / components for each proposal.
RMLMessages
Internal Risk Assessment
Risk Communication & FilteringFilters risks and sends RML messages to the relevant parties.
Infra-structure
Model
HistoricalData
OtherCompanies
SubscriptionReceives risk information concerning the services the infrastructure is depedent on.
Risk MitigationFind measures to reduce the risk or to limit the effects.
Mitigation Actions
Risk NegotiationGenerate RML negotiation messages.
Proposals / Preferences
Other Risk Indicators
time, weather, current load, maintenance,
etc.
Accepted Proposals
Past Proposals
IRRIIS
Responding to Negotiation Msg.
Other Risk Indicators
time, weather, current load, maintenance,
etc.
Service Proposals
proposal A, proposal B
Proposal EvaluationEvaluates proposals and decides whether to accept or reject.
RMLMessages
Risk Communication & FilteringFilters risks and sends RML messages to the relevant parties.
Infra-structure
Model
HistoricalData
OtherCompanies
SubscriptionReceives proposals concerning the services provided.
Actions
IRRIIS
Distributed Risk Assesment
company A company B
company C
+service A
+service B
+service C
Message ArelatedMessages:
Message BrelatedMessages:- encrypted <<msgID A>>
Message CrelatedMessages:- encrypted <<msgID A>>- encrypted <<msgID B>>
IRRIIS
Structure of an RML Message
IRRIIS
ServiceInfo Element
IRRIIS
ServiceNegotiation Element
IRRIIS
ServiceSubscription Element
IRRIIS
TCP/IP based XML Encryption XML Signature
Service-oriented Architecture for whole MIT system
LCCI 1
LCCI 2
LCCI 3
LCCI 5
LCCI 4
LCCI 6
MIT 2MIT 2
MIT 1MIT 1
MIT 5MIT 5
MIT 4
MIT 6MIT 6
MIT 3MIT 3
Technical Implementation
IRRIIS
Summary
(Intra-sector) communication between service provider and service consumer
Risk Management Language– Information about estimated (future) QoS– Negotiation about (future) QoS– open, extensible design based on XML
Integration in company internal (MIT) processes Distributed risk assessment