**4.1 Dependency graph**

government offices, *San Giovanni Calibita Fatebenefratelli Hospital* located in the Tiber Island and *Termini Railway Station*, one of the most important railway sta-

*The area of interest: an urban district of Rome. The map was anonymized and MV Electric substations and*

*Base Transceiver Stations were removed to hide sensitive information.*

tions of Italy as it connects Northern and Southern Italy.

*Issues on Risk Analysis for Critical Infrastructure Protection*

**Figure 2.**

**Figure 3.**

**98**

*The dependency graph used in the case study.*

In order to model the interdependencies among the different nodes, we assumed a cyber risk assessment as the case scenario. In particular, we considered a *dependency matrix* [26] that allows to reveal the potential vulnerability of a given node to the unavailability, corruption or disclosure of data from an interdependent node regardless of the current state of the shared data infrastructure. In other words, we assume a cyber threat *threat*∈ affecting the considered nodes and we use a *precomputed* dependency matrix as a means to assign a cyber vulnerability to each node w.r.t. the data disruption from all interdependent nodes.


#### **Table 1.**

*CI categories and components modeled in the case study.*

each other sector, and how much that BTS station depends from that data, infor-

intradependencies and the low intradependencies. In other words, we treated the cyber vulnerability of a node as a likelihood that the node being affected. The

Given the absence of information regarding the security controls implemented by the considered nodes, we assumed that each node *vi* having a dependency with *v <sup>j</sup>*

*threat*. We assumed that the likelihood values of the restoration controls *Lvi*,*<sup>v</sup> <sup>j</sup>* ¼ *const:* ∀ *j*∈ f g 1, *::*, *Ni* . **Table 3** shows the likelihood values of the restoration controls.

In order to assess the impact of cyber attacks on the nodes, we considered the work of Fekete [27] that defines three impact assessment criteria in terms of critical proportion, time and quality aspects. Critical proportion refers to the number of elements or nodes of a CI such as critical number of services, size of population or number of customers affected and redundancies. Critical time considers aspects such as duration of outage, Mean Time to Repair (MTTR), Mean Time to Functionality (MTTF) and business continuity or interruption. Critical quality refers to the quality of the services delivered (e.g., the water quality) or the public trust in

In the following subsections, a description of how the mentioned impact assess-

**Inbound Dependencies**

**CI Sector ES BTS CD GO EM RS DO PH HP RE WP ES** — 0.36 — 0.34 0.34 0.43 0.39 0.39 0.39 — 0.31 **BTS** 0.7 — 0.45 0.4 0.4 0.44 0.51 0.51 0.51 — 0.34 **CD** 0.71 0.72 — 0.4 0.4 0.4 0.42 0.42 0.42 0.44 0.5 **GO** 0.59 0.51 0.7 — — 0.36 0.61 0.61 0.61 0.36 0.51 **EM** 0.59 0.51 0.7 — — 0.36 0.61 0.61 0.61 0.36 0.51 **RS** 0.68 0.4 0.42 0.29 0.29 — 0.5 0.5 0.5 0.51 0.3 **DO** 0.41 — 0.3 0.51 0.51 ————— 0.44 **PH** 0.41 — 0.3 0.51 0.51 ————— 0.44 **HP** 0.41 — 0.3 0.51 0.51 ————— 0.44 **RE** ——— 0.27 0.27 — 0.38 0.38 0.38 — — **WP** 0.49 — — 0.29 0.29 0.32 0.36 0.36 0.36 — —

ment criteria were applied to the case study will be provided. In particular, the assumptions that were made to take into account such criteria will be described in order to model the expected time-related impact *I t*ð Þ in terms of the maximum expected impact *I*, the impact time *T* and the impact growth rate *G*, as defined

*vi* security controls against the examined

Based on this matrix, we normalised the values and neglected the

*Integrating Resilience in Time-based Dependency Analysis: A Large-Scale Case Study…*

mation or service.

**4.3 Security Controls**

in Section 3.

**Table 2.**

**101**

*The likelihood matrix used in the case study.*

resulting matrix is shown in **Table 2**.

*DOI: http://dx.doi.org/10.5772/intechopen.97809*

where *j*∈f g 1, *::*, *Ni* , is equipped with *l*

**4.4 Impact Assessment Criteria**

quality (e.g., trust in finance, feeling of security).

**Figure 4.**

*A set of dependency risk paths with cumulative dependency risk. Dashed/continuous lines indicate the risk without/with the implementation of security controls.*

The dependency matrix is consistent with the main cyber interdependencies that exist among the nodes modelled in the scenario although only a limited number of CI were considered for each sector present in the dependency matrix. Indeed, the electric substations (ES) supply energy to all nodes of other CI and thus a failure occurring in an ES would be disruptive for all nodes that receive energy from that ES. In addition, some of the ES are Remotely controlled and thus a failure occurring in those BTS nodes that in turn provide telecommunication services to the Remotely Controlled ES may compromise the control operations of the EDN.

In the absence of information regarding specific interdependencies, we employed a proximity criterion to model the relations among specific nodes. For example, we assumed that each energy consumer (i.e., all nodes that are not ES) is supplied by the nearest ES as well as each internet/telephony consumer is supplied by the nearest BTS. In addition, we did not model the intra-sector dependencies i.e. any dependency among the nodes of the same CI sector was not considered.

#### **4.2 Likelihood matrix**

As described previously, we employed the dependency matrix defined in [26] to model the interdependencies of the case study. That matrix was filled by gathering over 4*:*000 distinct data dependency metrics from CI stakeholders and reports the same CI sectors that were modelled in the case study and the cyber vulnerability of each sector w.r.t. all CI sectors. **Table 2** shows the value for both Inbound and Outbound data dependencies. Inbound data dependency represents information and data consumed by the examined CIs, while outbound data dependency represents the data leaving each examined CI, to be used by other CIs.

The columns for each sector represent how that sector is dependent by data coming into that sector. Most organisations can intuitively estimate this value, and that's how the data was collected in [26]. For example, in **Table 2**, column *BTS* represents the data, informations and services any BTS station would receive from

*Integrating Resilience in Time-based Dependency Analysis: A Large-Scale Case Study… DOI: http://dx.doi.org/10.5772/intechopen.97809*

each other sector, and how much that BTS station depends from that data, information or service.

Based on this matrix, we normalised the values and neglected the intradependencies and the low intradependencies. In other words, we treated the cyber vulnerability of a node as a likelihood that the node being affected. The resulting matrix is shown in **Table 2**.

### **4.3 Security Controls**

Given the absence of information regarding the security controls implemented by the considered nodes, we assumed that each node *vi* having a dependency with *v <sup>j</sup>* where *j*∈f g 1, *::*, *Ni* , is equipped with *l vi* security controls against the examined *threat*. We assumed that the likelihood values of the restoration controls *Lvi*,*<sup>v</sup> <sup>j</sup>* ¼ *const:* ∀ *j*∈ f g 1, *::*, *Ni* . **Table 3** shows the likelihood values of the restoration controls.

#### **4.4 Impact Assessment Criteria**

In order to assess the impact of cyber attacks on the nodes, we considered the work of Fekete [27] that defines three impact assessment criteria in terms of critical proportion, time and quality aspects. Critical proportion refers to the number of elements or nodes of a CI such as critical number of services, size of population or number of customers affected and redundancies. Critical time considers aspects such as duration of outage, Mean Time to Repair (MTTR), Mean Time to Functionality (MTTF) and business continuity or interruption. Critical quality refers to the quality of the services delivered (e.g., the water quality) or the public trust in quality (e.g., trust in finance, feeling of security).

In the following subsections, a description of how the mentioned impact assessment criteria were applied to the case study will be provided. In particular, the assumptions that were made to take into account such criteria will be described in order to model the expected time-related impact *I t*ð Þ in terms of the maximum expected impact *I*, the impact time *T* and the impact growth rate *G*, as defined in Section 3.


#### **Table 2.**

*The likelihood matrix used in the case study.*

The dependency matrix is consistent with the main cyber interdependencies that exist among the nodes modelled in the scenario although only a limited number of CI were considered for each sector present in the dependency matrix. Indeed, the electric substations (ES) supply energy to all nodes of other CI and thus a failure occurring in an ES would be disruptive for all nodes that receive energy from that ES. In addition, some of the ES are Remotely controlled and thus a failure occurring in those BTS nodes that in turn provide telecommunication services to the Remotely

*A set of dependency risk paths with cumulative dependency risk. Dashed/continuous lines indicate the risk*

As described previously, we employed the dependency matrix defined in [26] to model the interdependencies of the case study. That matrix was filled by gathering over 4*:*000 distinct data dependency metrics from CI stakeholders and reports the same CI sectors that were modelled in the case study and the cyber vulnerability of each sector w.r.t. all CI sectors. **Table 2** shows the value for both Inbound and Outbound data dependencies. Inbound data dependency represents information and data consumed by the examined CIs, while outbound data dependency represents the data leaving each examined CI, to be used by other CIs.

The columns for each sector represent how that sector is dependent by data coming into that sector. Most organisations can intuitively estimate this value, and that's how the data was collected in [26]. For example, in **Table 2**, column *BTS* represents the data, informations and services any BTS station would receive from

Controlled ES may compromise the control operations of the EDN.

**4.2 Likelihood matrix**

**100**

**Figure 4.**

*without/with the implementation of security controls.*

*Issues on Risk Analysis for Critical Infrastructure Protection*

In the absence of information regarding specific interdependencies, we employed a proximity criterion to model the relations among specific nodes. For example, we assumed that each energy consumer (i.e., all nodes that are not ES) is supplied by the nearest ES as well as each internet/telephony consumer is supplied by the nearest BTS. In addition, we did not model the intra-sector dependencies i.e. any dependency among the nodes of the same CI sector was not considered.

*Issues on Risk Analysis for Critical Infrastructure Protection*


**Table 3.**

*Resilience influence of security control cvi on node v <sup>j</sup> for the given threat with dependency risk subchain vi* ! *<sup>v</sup> j.*

#### *4.4.1 Maximum expected impact matrix*

In order to apply the critical proportion criterion, given the difficulty of obtaining the number of customers supplied by a specific node from the CI owners, we assumed the number of inhabitants living in the geographical area where the specific node is located as the number of customers. Indeed, the areas considered are the census areas delivered by the *Italian National Institute of Statistics* (ISTAT) of which the number of inhabitants is known. This criterion was applied to model the maximum expected impact *I* for each couple of nodes *i* and *j* belonging to Energy, Telecommunication, Transport and Finance sectors. Thus, *I* was computed by combining the total number of customers supplied by *i* and *j* nodes so that the more customers are involved in the disruption of the nodes, the more impact we obtain.

Furthermore, the critical quality criterion was applied to compute *I* for each couple of nodes *i* and *j* belonging to Government, Health, Food and Water. In this case, we set a subjective value that takes into account the importance of the unavailability of the data for the specific nodes.

**Table 4** summarises the criteria applied based on the sector nodes considered. It should be noticed that while *I* is time dependent when considering ES, BTS, RS and CD nodes (case *A*), this is not true when considering GO, EM, DO,PH, HP and RE nodes (case *B*) where *I* was set higher for the nodes that could be more impacted by the lack of data services. For case *C*, the two criteria were both considered and *I* was computed according to the metric reported in **Table 4**. The resulting impact matrix is shown on **Table 5**.

Let *v*0, *v*1, *::*, *vn* be a subchain of risk. We assumed that the reduction of impact *Ivi*�1,*vi* on node *vi* due to the restoration action *cvi*�<sup>1</sup> implemented by *vi*�<sup>1</sup> is given by:

$$
\bar{I}\_{v\_{i-1}, v\_i} = \ a \cdot I\_{v\_{i-1}, v\_i} \tag{8}
$$

that produce a quick impact such as Energy and Telecommunication and Finance and assigning a higher value to other sectors such as Water and Food that produce their negative effect in a longer period. The resulting impact time matrix is shown

*Percentage of reduction α of the initial estimated damage Ivi*�1,*vi for the dependency risk subchain vi*�<sup>1</sup> ! *vi.*

*Maximum expected impact matrix used in the case study.* ⋆ *represents node-dependent impact.*

*vi*�**<sup>1</sup>** *vi α* ES, BTS any 0.5 CD, GO, EM, RS, DO, PH, HP, RE, WP any 1

Regarding the recovery time matrix, we modeled a time *T* ¼ 15*m* for the electric substations ES are remotely controled as the SCADA system of the electric network allows to reactivate the electric supply in the order of minutes whereas *T* ¼ 1*h* for a generic ES only a manual intervention performed by a repair crew can be operated with a longer time (approximately 1 hour). The resulting recovery time matrix is

**Inbound dependencies**

**CI Sector ES BTS CD GO EM RS DO PH HP RE WP ES** — ⋆ — 7 4 ⋆ 447 — 7 **BTS** ⋆ — ⋆ 7 4 ⋆ 336 — 6 **CD** ⋆ ⋆ — 3 222 242 2 **GO** 88 3 — — ⋆ 3353 5 **EM** 44 2 — — 32 242 4 **RS** ⋆ ⋆ 2 ⋆ 3 — 3 343 3 **DO** 2 — 232 ————— 3 **PH** 2 — 232 ————— 3 **HP** 7 — 454 ————— 5 **RE** ——— 3 2 — 222 — — **WP** 3 — — 3 33333 — —

*Integrating Resilience in Time-based Dependency Analysis: A Large-Scale Case Study…*

*DOI: http://dx.doi.org/10.5772/intechopen.97809*

Regarding the impact growth rate, **Table 9** shows the the criterion adopted and **Table 10** shows the resulting values for each couple of nodes. We considered the

The execution of the model based on the graph of 182 nodes produced about 750.000 risk paths with order ranging from five to eight and potential risk values between 0.27 and 9.53. **Figure 4** shows some significant dependency paths together

The charts show that one dependency path (*CD*1-*ES*1-*BTS*1-*GO*1-*ES*2) exhibits its highest risk value at time *t* ¼ 1*h* and then the implementation of mitigation strategies with a rapid response decreases the overall dependency risk. In general,

on **Table 7**.

**Table 5.**

**Table 6.**

**4.5 Results**

**103**

shown on **Table 8**.

same growth rate for the recovery actions.

with their cumulative dependency risk values.

**Table 6** shows the percentage of reduction *α* of the initial estimated damage *Ivi*�1,*vi* for the generic dependency risk subchain *vi*�<sup>1</sup> ! *vi*.

#### *4.4.2 Impact time and Impact growth rate matrices*

Regarding the critical time criterion, we considered the expected duration of failure of nodes to compute the impact and growth time matrices. In particular, we assigned a low value to sectors that are highly dependent on the data availability and


**Table 4.**

*Maximum expected impact criteria for the dependency risk subchain vi*�<sup>1</sup> ! *vi.*

*Integrating Resilience in Time-based Dependency Analysis: A Large-Scale Case Study… DOI: http://dx.doi.org/10.5772/intechopen.97809*


**Table 5.**

*4.4.1 Maximum expected impact matrix*

**Table 3.**

unavailability of the data for the specific nodes.

*Ivi*�1,*vi* for the generic dependency risk subchain *vi*�<sup>1</sup> ! *vi*.

*4.4.2 Impact time and Impact growth rate matrices*

is shown on **Table 5**.

**Table 4.**

**102**

In order to apply the critical proportion criterion, given the difficulty of obtaining the number of customers supplied by a specific node from the CI owners, we assumed the number of inhabitants living in the geographical area where the specific node is located as the number of customers. Indeed, the areas considered are the census areas delivered by the *Italian National Institute of Statistics* (ISTAT) of which the number of inhabitants is known. This criterion was applied to model the maximum expected impact *I* for each couple of nodes *i* and *j* belonging to Energy, Telecommunication, Transport and Finance sectors. Thus, *I* was computed by combining the total number of customers supplied by *i* and *j* nodes so that the more customers are involved in the disruption of the nodes, the more impact we obtain. Furthermore, the critical quality criterion was applied to compute *I* for each couple of nodes *i* and *j* belonging to Government, Health, Food and Water. In this case, we set a subjective value that takes into account the importance of the

*Resilience influence of security control cvi on node v <sup>j</sup> for the given threat with dependency risk subchain vi* ! *<sup>v</sup> j.*

*vi Lvi***,***<sup>v</sup> <sup>j</sup>* ES, BTS, CD, GO, EM 0.3 RS, HP, WP 0.1 DO, PH, RE 0

*Issues on Risk Analysis for Critical Infrastructure Protection*

**Table 4** summarises the criteria applied based on the sector nodes considered. It should be noticed that while *I* is time dependent when considering ES, BTS, RS and CD nodes (case *A*), this is not true when considering GO, EM, DO,PH, HP and RE nodes (case *B*) where *I* was set higher for the nodes that could be more impacted by the lack of data services. For case *C*, the two criteria were both considered and *I* was computed according to the metric reported in **Table 4**. The resulting impact matrix

Let *v*0, *v*1, *::*, *vn* be a subchain of risk. We assumed that the reduction of impact *Ivi*�1,*vi* on node *vi* due to the restoration action *cvi*�<sup>1</sup> implemented by *vi*�<sup>1</sup> is given by:

**Table 6** shows the percentage of reduction *α* of the initial estimated damage

Regarding the critical time criterion, we considered the expected duration of failure of nodes to compute the impact and growth time matrices. In particular, we assigned a low value to sectors that are highly dependent on the data availability and

A ES, BTS, RS, CD Nr. of customers node-dependent B GO, EM, DO, PH, HP, RE Service criticality sector-dependent

**Case** *v <sup>j</sup>* **Impact assessment criterion** *Ivi***,***<sup>v</sup> <sup>j</sup>*

*Maximum expected impact criteria for the dependency risk subchain vi*�<sup>1</sup> ! *vi.*

*Ivi*�1,*vi* ¼ *α* � *Ivi*�1,*vi* (8)

*Maximum expected impact matrix used in the case study.* ⋆ *represents node-dependent impact.*


#### **Table 6.**

*Percentage of reduction α of the initial estimated damage Ivi*�1,*vi for the dependency risk subchain vi*�<sup>1</sup> ! *vi.*

that produce a quick impact such as Energy and Telecommunication and Finance and assigning a higher value to other sectors such as Water and Food that produce their negative effect in a longer period. The resulting impact time matrix is shown on **Table 7**.

Regarding the recovery time matrix, we modeled a time *T* ¼ 15*m* for the electric substations ES are remotely controled as the SCADA system of the electric network allows to reactivate the electric supply in the order of minutes whereas *T* ¼ 1*h* for a generic ES only a manual intervention performed by a repair crew can be operated with a longer time (approximately 1 hour). The resulting recovery time matrix is shown on **Table 8**.

Regarding the impact growth rate, **Table 9** shows the the criterion adopted and **Table 10** shows the resulting values for each couple of nodes. We considered the same growth rate for the recovery actions.

#### **4.5 Results**

The execution of the model based on the graph of 182 nodes produced about 750.000 risk paths with order ranging from five to eight and potential risk values between 0.27 and 9.53. **Figure 4** shows some significant dependency paths together with their cumulative dependency risk values.

The charts show that one dependency path (*CD*1-*ES*1-*BTS*1-*GO*1-*ES*2) exhibits its highest risk value at time *t* ¼ 1*h* and then the implementation of mitigation strategies with a rapid response decreases the overall dependency risk. In general,


**Table 7.** *The maximum impact time matrix used in the case study.*


we observed an high risk value of subchains including the electric nodes due both to the high number of dependencies of nodes on the electric nodes and the high

**CI Sector ES BTS CD GO EM RS DO PH HP RE WP ES** — F — F F FF F F — L **BTS** F — L L L LL L L — S **CD** F L — L L LL L L LS **GO** FL L — — LL L L LS **EM** FL L — — LL L L LS **RS** FL L L L — L LLLS **DO** F — LLL —— ——— S **PH** F — LLL —— ——— S **HP** F — LLL —— ——— S **RE** —— — S S — S SS — — **WP** L — — S S SS S S — —

*Integrating Resilience in Time-based Dependency Analysis: A Large-Scale Case Study…*

**Figure 5** shows a map representation of the dependency risk paths considered in **Figure 4** with the census areas involved. In particular, let *CA*1,*CA*2, *::*,*CAM* be the set of generic census area containing the CI nodes of all possible dependency chains.

, ∣*CAk*∣ ≤*n* is associated specific a color

*<sup>v</sup>*0, … ,*vn* of a *v*0, *v*1, *::*, *vn* dependency

*<sup>v</sup>*0, … ,*vn* <sup>&</sup>lt; *DRk*

*<sup>p</sup>*0, … ,*pg* with some

maximum impact associated.

**Table 10.**

**Figure 5.**

**105**

The generic *CAk* s.t. 1≤ *k*≤ *M*, *CAk* ¼ *v <sup>j</sup>*

*Result map showing the risk value of each census area.*

*The impact growth rate matrix used in the case study.*

according to the cumulative risk value *DRk*

**Inbound dependencies**

*DOI: http://dx.doi.org/10.5772/intechopen.97809*

subchain s.t. ∄ a *p*0, *p*1, *::*, *pg* dependency chain s.t. *DRk*

#### **Table 8.**

*The maximum recovery time matrix used in the case study.*


**Table 9.** *Impact growth rate metric.*


*Integrating Resilience in Time-based Dependency Analysis: A Large-Scale Case Study… DOI: http://dx.doi.org/10.5772/intechopen.97809*

**Table 10.**

**Inbound dependencies**

**Growth rate node** *i*

**Linear** Slow Linear Fast **Fast** Linear Fast Fast

*G* **Slow Linear Fast** Growth rate node *j* **Slow** Slow Slow Linear

**Inbound dependencies**

**CI Sector ES BTS CD GO EM RS DO PH HP RE WP ES** — 3 h — 3h 3h 3h 3h 3h 3h — 24 h **BTS** 3 h — 1h 3h 3h 3h 3h 3h 3h — 3 h **CD** 3h 3h — 3 h 3 h 3 h 12 h 12 h 3 h 2w 24 h **GO** 3h 3h 3h — — 12 h 12 h 12 h 12 h 2w 24 h **EM** 3h 3h 3h — — 12 h 12 h 12 h 12 h 2w 24 h **RS** 3 h 3 h 3 h 12 h 12 h — 12 h 12 h 12 h 2w 24 h **DO** 3 h — 3 h 24 h 24 h — — — —— 24 h **PH** 3 h — 3 h 24 h 24 h — — — —— 24 h **HP** 3 h — 3 h 24 h 24 h — — — —— 24 h **RE** — —— 2w 2w — 2w 2w 2w — — **WP** 24 h — — 24 h 24 h 24 h 24 h 24 h 24 h — —

**CI Sector ES BTS CD GO EM RS DO PH HP RE WP ES** — 15 m — 15 m 15 m 15 m 15 m 15 m 15 m — 15 m **BTS** 3 h — 1h 1h 1h 1h 1h 1h 1h — 1 h **CD** 3h 3h — 3 h 3 h 3 h 12 h 12 h 3 h 2w 24 h **GO** 3h 3h 3h — — 12 h 12 h 12 h 12 h 2w 24 h **EM** 3h 3h 3h — — 12 h 12 h 12 h 12 h 2w 24 h **RS** 3 h 3 h 3 h 12 h 12 h — 12 h 12 h 12 h 2w 24 h **DO** 3 h — 3 h 24 h 24 h — — — —— 24 h **PH** 3 h — 3 h 24 h 24 h — — — —— 24 h **HP** 3 h — 3 h 24 h 24 h — — — —— 24 h **RE** — —— 2w 2w — 2w 2w 2w — — **WP** 24 h — — 24 h 24 h 24 h 24 h 24 h 24 h — —

**Table 8.**

**Table 9.**

**104**

*Impact growth rate metric.*

**Table 7.**

*The maximum recovery time matrix used in the case study.*

*The maximum impact time matrix used in the case study.*

*Issues on Risk Analysis for Critical Infrastructure Protection*

*The impact growth rate matrix used in the case study.*

we observed an high risk value of subchains including the electric nodes due both to the high number of dependencies of nodes on the electric nodes and the high maximum impact associated.

**Figure 5** shows a map representation of the dependency risk paths considered in **Figure 4** with the census areas involved. In particular, let *CA*1,*CA*2, *::*,*CAM* be the set of generic census area containing the CI nodes of all possible dependency chains. The generic *CAk* s.t. 1≤ *k*≤ *M*, *CAk* ¼ *v <sup>j</sup>* , ∣*CAk*∣ ≤*n* is associated specific a color according to the cumulative risk value *DRk <sup>v</sup>*0, … ,*vn* of a *v*0, *v*1, *::*, *vn* dependency subchain s.t. ∄ a *p*0, *p*1, *::*, *pg* dependency chain s.t. *DRk <sup>v</sup>*0, … ,*vn* <sup>&</sup>lt; *DRk <sup>p</sup>*0, … ,*pg* with some

**Figure 5.** *Result map showing the risk value of each census area.*

*ph* ∈*CAk* (0≤ *h*≤*g*). In other words, each census area is colored according to the maximum risk value of a subchain that includes some nodes *v <sup>j</sup>* that are located in that area (i.e. *v <sup>j</sup>* ∈*CAk*).

Results depicted in **Figure 4** indicate cascading events between infrastructures. Each one of the four scenarios was validated to be true against real world data and historical analysis of such infrastructures. Following this, results indicate that the presented methodology is able to both (i) effectively project adverse effects from cascading events and accurately predict potential impact over time periods, and also (ii) highlight direct and indirect dependency vulnerabilities between highly dependent CIs.

On the latter, results delineate the criticality behind dependencies of Telecommunications and the Electrical sector. The sharp increase in impact over a very short time period (purple line, scenario 1) clearly shows that potential unavailability of the Electrical sector quickly and critically affects the Telecommunications. We followed up on this finding and results are proven true both from empirical analysis and also from historical data on locations analyzed by the tool.

Another potential use of the presented methodology includes capturing the effect of applying security controls and how these controls affect the resilience of systems over time. By analyzing the impact escalation and trajectory in analyzed attack paths, we see that the level of risk reduction for each of the presented scenarios is directly related with the time of deployment. Early application of security controls (scenario CD1, ES1, BTS1, GO1, ES2) seems to reduce the overall risk by 25% in less than two hours after the initiation of the attack path, while controls implemented later during the exposure to the adverse event show relatively smaller mitigation percentages of the overall risk (around 18%).

Red areas shown in **Figure 5** are highly populated areas containing electric nodes thus producing possible high impact in case of failure. This explains why several nodes of the subchains with high cumulative dependency risk are concentrated in this area.

**Author details**

Vittorio Rosato<sup>1</sup>

\*, Antonio Di Pietro<sup>1</sup>

2 Department of Informatics, University of Piraeus, Greece

\*Address all correspondence to: vittorio.rosato@enea.it

provided the original work is properly cited.

George Stergiopoulos<sup>3</sup> and Giulio Smedile<sup>4</sup>

Research Centre, Rome, Italy

of Aegean, Samos, Greece

**107**

, Panayiotis Kotzanikolaou<sup>2</sup>

1 Laboratory for Analysis and Protection of Critical Infrastructures, Enea, Casaccia

*Integrating Resilience in Time-based Dependency Analysis: A Large-Scale Case Study…*

*DOI: http://dx.doi.org/10.5772/intechopen.97809*

3 Department of Information and Communication Systems Engineering, University

© 2021 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium,

4 Degree in Informatics Engineering, Rome Tre University, Rome, Italy

,
