Cascading Effects of Common-Cause Failures in Critical Infrastructures

  • Panayiotis Kotzanikolaou
  • Marianthi Theoharidou
  • Dimitris Gritzalis
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 417)


One of the most challenging problems in critical infrastructure protection is the assessment and mitigation of cascading failures across infrastructures. In previous research, we have proposed a model for assessing the cumulative security risk of cascading threats due to high-order dependencies between infrastructures. However, recent empirical studies indicate that common-cause failures may result in extremely high impact situations, which may be comparable with or even more devastating than the cascading effects of high-order dependencies. This paper presents an extension to our model, which permits the assessment of the risk arising from complex situations involving multiple cascading failures triggered by major or concurrent common-cause events. The paper also discusses a realistic scenario that is used as a test case for the model extension.


Infrastructure dependencies common-cause failures cascading effects 


  1. 1.
    G. Andersson, P. Donalek, R. Farmer, N. Hatziargyriou, I. Kamwa, P. Kundur, N. Martins, J. Paserba, P. Pourbeik, J. Sanchez-Gasca, R. Schulz, A. Stankovic, C. Taylor and V. Vittal, Causes of the 2003 major grid blackouts in North America and Europe and recommended means to improve system dynamic performance, IEEE Transactions on Power Systems, vol. 20(4), pp. 1922–1928, 2005.CrossRefGoogle Scholar
  2. 2.
    J. Iliadis, D. Spinellis, D. Gritzalis, B. Preneel and S. Katsikas, Evaluating certificate status information mechanisms, Proceedings of the Seventh ACM Conference on Computer and Communications Security, pp. 1–8, 2000.CrossRefGoogle Scholar
  3. 3.
    C. Johnson, The telecoms inclusion principle: The missing link between critical infrastructure protection and critical information infrastructure protection, in Critical Information Infrastructure Protection and Resilience in the ICT Sector, P. Theron and S. Bologna (Eds.), IGI Global, Hershey, Pennslyvania, pp. 277–303, 2013.CrossRefGoogle Scholar
  4. 4.
    P. Kotzanikolaou, M. Theoharidou and D. Gritzalis, Interdependencies between critical infrastructures: Analyzing the risk of cascading effects, Proceedings of the Sixth International Conference on Critical Information Infrastructure Security, pp. 107–118, 2011.Google Scholar
  5. 5.
    P. Kotzanikolaou, M. Theoharidou and D. Gritzalis, Assessing n-order dependencies between critical infrastructures, International Journal of Critical Infrastructures, vol. 9(1/2), pp. 93–110, 2013.CrossRefGoogle Scholar
  6. 6.
    P. Kotzanikolaou, M. Theoharidou and D. Gritzalis, Risk assessment of multi-order dependencies between critical information and communication infrastructures, in Critical Information Infrastructure Protection and Resilience in the ICT Sector, P. Theron and S. Bologna (Eds.), IGI Global, Hershey, Pennslyvania, pp. 153–172, 2013.CrossRefGoogle Scholar
  7. 7.
    W. Kroger and E. Zio, Vulnerable Systems, Springer-Verlag, London, United Kingdom, 2011. CrossRefGoogle Scholar
  8. 8.
    C. Lambrinoudakis, D. Gritzalis, V. Tsoumas, M. Karyda and S. Ikonomopoulos, Secure electronic voting: The current landscape, in Secure Electronic Voting, D. Gritzalis (Ed.), Kluwer Academic Publishers, Boston, Massachusetts, pp. 101–122, 2003.CrossRefGoogle Scholar
  9. 9.
    D. Lekkas and D. Gritzalis, Long-term verifiability of electronic healthcare record authenticity, International Journal of Medical Informatics, vol. 76(5-6), pp. 442–448, 2007.CrossRefGoogle Scholar
  10. 10.
    L. Mitrou, D. Gritzalis and S. Katsikas, Revisiting legal and regulatory requirements for secure e-voting, Proceedings of the Seventeenth IFIP International Conference on Information Security: Visions and Perspectives, pp. 469–480, 2002.Google Scholar
  11. 11.
    L. Mitrou, D. Gritzalis, S. Katsikas and G. Quirchmayr, Electronic voting: Constitutional and legal requirements and their technical implications, in Secure Electronic Voting, D. Gritzalis (Ed.), Kluwer Academic Publishers, Boston, Massachusetts, pp. 43–60, 2003.CrossRefGoogle Scholar
  12. 12.
    A. Nieuwenhuijs, E. Luiijf and M. Klaver, Modeling dependencies in critical infrastructures, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Boston, Massachusetts, pp. 205–213, 2008.Google Scholar
  13. 13.
    A. Popescu, B. Premore and E. Zmijewski, Impact of the Middle East cable breaks: A global BGP perspective, presented at the Forty-Second North American Network Operators Group Meeting, 2008.Google Scholar
  14. 14.
    S. Rinaldi, Modeling and simulating critical infrastructures and their interdependencies, Proceedings of the Thirty-Seventh Hawaii International Conference on System Sciences, 2004.Google Scholar
  15. 15.
    S. Rinaldi, J. Peerenboom and T. Kelly, Identifying, understanding and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol. 21(6), pp. 11–25, 2001.CrossRefGoogle Scholar
  16. 16.
    M. Theoharidou, M. Kandias and D. Gritzalis, Securing transportation-critical infrastructures: Trends and perspectives, in Global Security, Safety and Sustainability and e-Democracy, C. Georgiadis, H. Jahankhani, E. Pimenidis, R. Bashroush and A. Al-Nemrat (Eds.), Springer, Heidelberg, Germany, pp. 171–178, 2012.CrossRefGoogle Scholar
  17. 17.
    M. Theoharidou, P. Kotzanikolaou and D. Gritzalis, Risk-based criticality analysis, in Critical Infrastructure Protection III, C. Palmer and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 35–49, 2009.CrossRefGoogle Scholar
  18. 18.
    M. Theoharidou, P. Kotzanikolaou and D. Gritzalis, A multi-layer criticality assessment methodology based on interdependencies, Computers and Security, vol. 29(6), pp. 643–658, 2010.CrossRefGoogle Scholar
  19. 19.
    M. Theoharidou, P. Kotzanikolaou and D. Gritzalis, Risk assessment methodology for interdependent critical infrastructures, International Journal of Risk Assessment and Management, vol. 15(2/3), pp. 128–148, 2011.CrossRefGoogle Scholar
  20. 20.
    M. van Eeten, A. Nieuwenhuijs, E. Luiijf, M. Klaver and E. Cruz, The state and the threat of cascading failures across critical infrastructures: The implications of empirical evidence from media incident reports, Public Administration, vol. 89(2), pp. 381–400, 2011.CrossRefGoogle Scholar
  21. 21.
    E. Zio and G. Sansavini, Modeling interdependent network systems for identifying cascade-safe operating margins, IEEE Transactions on Reliability, vol. 60(1), pp. 94–101, 2011.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Panayiotis Kotzanikolaou
    • 1
  • Marianthi Theoharidou
    • 2
  • Dimitris Gritzalis
    • 2
  1. 1.Department of InformaticsUniversity of PiraeusPiraeusGreece
  2. 2.Department of InformaticsAthens University of Economics and BusinessAthensGreece

Personalised recommendations