Tue Mar 10 20:43:03 PDT 2015

Risk Management: Interdependencies: How are real-time interdependency risks managed?


Options:

Option 0: This situation should be avoided - do not proceed under this condition.
Option 1: Real-time interdependencies should be ignored as too complex to identify in advance.
Option 2: Real-time interdependencies should be identified in advance but only to the borders of the facility or enterprise.
Option 3: Real-time interdependencies should be identified in advance as far as they reasonably extend.
Option A: Interdependent failures should be mitigated in real-time as part of the incident response process.
Option B: Interdependent failures should be mitigated in advance by adding redundancy and/or hardening interdependent systems.
Option B: Interdependent failures should be mitigated in advance through failsafe and alternative operating modes.
Option C: Event sequences leading to potentially serious negative consequences should be examined in detail for specific mitigation sequencing strategies.

Basis:

Real-time interdependencies should be ignored as too complex to identify in advance.
When the consequences are sufficiently low, inadequate expertise is available, or maturity is inadequate for interdependency analysis, analysis of real-time interdependencies is likely to be infeasible. But failure to do this analysis should limit the risk acceptance threshold to low risk situations.

Real-time interdependencies should be identified in advance but only to the borders of the facility or enterprise.
In cases where the consequences of failures don't extend beyond the facility or enterprise, the interdependency analysis can reasonably stop there. However, the enterprise may wish to extend its analysis further to further understand its risks.

Real-time interdependencies should be identified in advance as far as they reasonably extend.
For high consequence situations, interdependencies should not be limited to the facility or enterprise, as they effect the rest of society. They should extend as far as they need to go until no identified interdependencies of significant consequence remain.


Interdependent failures should be mitigated in real-time as part of the incident response process.
While it would be nice to never require real-time incident response to mitigate from failures in interdependent systems, as a practical matter, some amount of this is always likely to be required. However, as a primary mode of operation, it is really the last line of defense, and should not be the first line when consequences are high enough to justify alternatives.

Interdependent failures should be mitigated in advance by adding redundancy and/or hardening interdependent systems.
Redundancy and hardening are particularly useful in cases where large classes of failure modes can be covered, but often leave common mode failures. Their use often relieves that need for real-time response, which allows reduced operational costs and sustained operations until repair can be undertaken.

Interdependent failures should be mitigated in advance through failsafes and alternative operating modes.
Some interdependencies cannot be resolved by redundancy or hardening (e.g., common-mode failures, insider malicious acts, etc.). In these cases, coverage via failsafe modes and other alternative (often sub-optimal) modes often resolves the real-time issues.

Event sequences leading to potentially serious negative consequences should be examined in detail for specific mitigation sequencing strategies.
When consequences are sufficiently high to warrant through examination of the situation, this approach is the more definitive approach. In essence, it combines the other approaches to employ an optimal strategy which takes into account all of the identifiable event sequences (or classes of them) and likely uses each when and where appropriate in a coordinated fashion.

Copyright(c) Fred Cohen, 1988-2013 - All Rights Reserved

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>