Quantitative Security Risk Assessment and Management for Railway Transportation Infrastructures

  • Francesco Flammini
  • Andrea Gaglione
  • Nicola Mazzocca
  • Concetta Pragliola
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5508)

Abstract

Scientists have been long investigating procedures, models and tools for the risk analysis in several domains, from economics to computer networks. This paper presents a quantitative method and a tool for the security risk assessment and management specifically tailored to the context of railway transportation systems, which are exposed to threats ranging from vandalism to terrorism. The method is based on a reference mathematical model and it is supported by a specifically developed tool. The tool allows for the management of data, including attributes of attack scenarios and effectiveness of protection mechanisms, and the computation of results, including risk and cost/benefit indices. The main focus is on the design of physical protection systems, but the analysis can be extended to logical threats as well. The cost/benefit analysis allows for the evaluation of the return on investment, which is a nowadays important issue to be addressed by risk analysts.

Keywords

Security Quantitative Approaches Risk Analysis  Cost/Benefit Evaluation Critical Infrastructure Protection Railways 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Asis International: General Security Risk Assessment Guideline (2008), http://www.asisonline.org/guidelines/guidelinesgsra.pdf
  2. 2.
    Broder, J.F.: Risk Analysis and the Security Survey. Butterworth-Heinemann (2006)Google Scholar
  3. 3.
    Garcia, M.L.: Vulnerability Assessment of Physical Protection Systems. Butterworth-Heinemann (2005)Google Scholar
  4. 4.
    Lewis, T.G.: Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation. John Wiley, Chichester (2006)CrossRefGoogle Scholar
  5. 5.
    Meritt, J.W.: A Method for Quantitative Risk Analysis (2008), http://csrc.nist.gov/nissc/1999/proceeding/papers/p28.pdf
  6. 6.
    Moteff, J.: Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences. CRS Report for Congress, The Library of Congress (2004)Google Scholar
  7. 7.
    Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: from dependability to security. IEEE Transactions on Dependable and Secure Computing 1(1), 48–65 (2004)CrossRefGoogle Scholar
  8. 8.
    SANDIA National Laboratories: A Risk Assessment Methodology for Physical Security. White Paper (2008), http://www.sandia.gov/ram/RAM%20White%20Paper.pdf
  9. 9.
    Srinivasan, K.: Transportation Network Vulnerability Assessment: A Quantative Framework. Southeastern Transportation Center - Issues in Transportation Security (2008)Google Scholar
  10. 10.
    U.S. Department of Transportation: The Public Transportation Security & Emergency Preparedness Planning Guide. Federal Transit Administration, Final Report (2003)Google Scholar
  11. 11.
    U.S. Department of Transportation: Transit Security Design Considerations. Federal Transit Administration, Final Report (2004)Google Scholar
  12. 12.
    Wilson, J.M., Jackson, B.A., Eisman, M., Steinberg, P., Riley, K.J.: Securing America’s Passenger-Rail Systems. Rand Corporation (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Francesco Flammini
    • 1
    • 2
  • Andrea Gaglione
    • 2
  • Nicola Mazzocca
    • 2
  • Concetta Pragliola
    • 1
  1. 1.ANSALDO STS - Ansaldo Segnalamento Ferroviario S.p.A.NaplesItaly
  2. 2.Dipartimento di Informatica e SistemisticaUniversita’ di Napoli ”Federico II”NaplesItaly

Personalised recommendations