Risk management is a core task in the security of critical infrastructures. Nowadays available risk management tools usually provide only a one-dimensional analysis, in the sense of being focused on a single security goal. Although standard methods permit quantification of risk related to arbitrary security goals, a simultaneous consideration taking the interplay and potential conflicts between different goals into account is yet missing. Hence, many approaches to risk management offer only limited support for decision-making, as they miss out on conflict management between goals. A simple example is confidentiality versus availability. While confidentiality is easily achieved by encryption, careless key-management and loss of keys can inhibit decryption so that confidentiality directly counteracts availability. Existing solutions usually employ catalogues like the German Federal Office for Information Security. However, such analysis practices are often limited in the sense of not giving many clues on how to account for interdependencies between goals, as exemplified above.
The goal of the project is the development of a method for risk management in communication networks within or among critical infrastructures for several security goals that explicitly takes interdependencies into account. Contrary to other methods of risk management that are focused on a single goal, the new method uses game-theory to go for a combined analysis, in particular regarding authenticity, availability and confidentiality. Using techniques from multi-criteria game-theory, we obtain simultaneously optimal (i.e. not uniformly improvable) strategies for infrastructure utilization and risk estimation that accounts for dependencies in a natural way.
The method yields quantitative risk estimates that can be cast into any unit of convenience and specific for the application at hand. For instance, risk can be measured via probabilities (of failure) or in monetary terms (expected loss of business assets). The results therefore can naturally be integrated in reporting tools for a compact and comprehensive risk picture. This is believed to offer better support for a decision-maker, when it comes to extensions or enhancements of the security with in a critical infrastructure.
The goal of the project is the development of a software-solution for risk quantification. This will provide a tool for a security officer, which permits a quantitative rather than qualitative assessment of the security system at hand. Moreover, the method lets us directly link costs for a security system to its expected benefits within the overall system. Contrary to many competing solutions, we can therefore directly quantify – in monetary terms – the tradeoff between investment and benefit when implementing new security mechanisms. So, the pros and cons of a new security system can be weighed against each other effectively and easily.