Introduction to Integral Security

Preface to the electronic transcript of the dissertation on the topic Integral Security

The articles on integral safety are a transcript of the dissertation by Ing. Tomáš Kertis titled “Assessment of the Safety of a Selected Critical Object from the Perspective of Integral Safety and Proposal for Reducing the Criticality of the Object,” defended on October 31, 2021, at the Faculty of Transportation Engineering at the Czech Technical University in Prague. The full, unedited version of the dissertation on integral safety is available for download on the ČVUT website F6-D-2021-Kertis-Tomas.pdf (cvut.cz).

The transcript contains largely the original text, with original references to literature, but it may also be slightly modified according to the current knowledge at the time of the transcription, or supplemented with notes. Modifications and notes will be properly marked in the text.

The texts of the dissertation will be gradually published by chapters in the section Integral Safety – KINT S.r.o. Some important parts contributing to science for further use will also be in Science and Research – KINT S.r.o.

Lives and health of people, their property and well-being, the environment, as well as technology and critical infrastructure are the basic public assets of the human system, which is the model of the world in which we live [1,2]. Critical infrastructure is an important asset because it provides essential products and services to people. Therefore, in case of critical conditions, such as the occurrence of large natural, technological, and other disasters, it is necessary for the elements of critical infrastructure to safely fulfill their tasks.

The task at hand is now more complicated and difficult because of the increasing introduction of new untested technologies and their interconnection. By connecting systems, so-called complex (complex) systems and new functions arise, which would not have existed under normal conditions of individual unconnected systems, hence the term system of systems. With the help of desired links created according to standards, these complex systems of systems have high reliability under normal operating conditions, i.e., conditions considered in the project. Operational regulations manage deviations that occur under abnormal operating conditions.

Problems arise under critical conditions when undesirable and unwanted links often occur, leading to the failure of critical assets, thus endangering the entire system and its surroundings. Therefore, it is necessary to search for critical assets of the system, assess their criticality, and ensure their operability even under unfavorable conditions. The assessment of asset criticality allows identifying and managing significant risks, analyzing system vulnerabilities, and proposing measures to increase its safety (integral safety).

When managing the safety of critical infrastructure, it is essential to account for assets and links that under certain conditions may lead to system failure. That is, they must be included in the analysis of assets and their criticality, and rules for working with them must be defined [3]. Current knowledge, methods, and tools allow ensuring the safety (integral safety) of infrastructures at a certain level, but due to the continuous development of technologies, demands on interfaces between systems and operating entities, it still appears that there are unsecured areas.

The area of security and protection of critical infrastructure, due to the complexity of critical infrastructure, is characterized by working with many soft factors, objects, and entities within the system of systems (hereinafter referred to as SoS). Due to the scope and complexity of many internal connections in the studied object, the system can only be analyzed using expert and heuristic methods. There are many methods and tools for system analysis and engineering, but there is no formalized methodological procedure for determining the criticality of individual elements (assets) of critical infrastructure, the level of safety, and proposing measures to increase safety. Therefore, I focused on the issue of critical infrastructure security in my doctoral study.

I continued my doctoral studies in the field of Engineering Informatics in Transportation and Communications at the Department of Security Technologies and Engineering, building on my Master’s thesis focused on the safety plan for a model metro station [4]. During my doctoral studies, I conducted research on the safety of the operation of the Prague metro with case studies in collaboration with the Transport Company of the Capital City of Prague [5]. The goal was to find and verify an appropriate methodological procedure, propose a method for analyzing and determining asset criticalities, and then verify the procedures on a specific case, i.e., ensuring the safe operation of the metro as a critical infrastructure element.

The results of the work, including defined methods or specific case studies and events, were presented at several Czech and international conferences and also published in a number of peer-reviewed and impact-factor publications.

The presented dissertation consists of a first part focused on a review of the latest methods in the field of safety management and the state of engineering practice and techniques. The next part introduces a methodology for identifying and analyzing the assets of a critical infrastructure object, determining their criticalities, and then processing them for the analysis of primary risks, searching for scenarios of impacts from various events, and thus enabling their management, respectively, their control. In addition to heuristic methods, it also applies sensitivity theory and graph theory. In the last two parts, it presents the results of research on the safety of the operation of the Prague metro, their discussion, evaluation, and proposals for measures to increase metro safety.

The results of the dissertation can be applied to other similar complex systems where it is necessary to identify and manage weak points, considering the vulnerability and importance of their assets, criticality, and safety. The areas of applicability of the dissertation results are critical infrastructures, elements of critical infrastructure, management of critical assets, and safety management in the area or in complex technological systems.

1.1 Objectives and scope of scientific work

The topic of the thesis is the assessment of the safety of a selected critical object from the perspective of integral safety and the proposal to reduce the criticality of the object, i.e., to increase its safety. The selected critical object is the metro in Prague.

The main goal of the thesis is to increase the safety of the metro by applying methods for identifying and working with assets, their criticalities, and risks, so that it is possible to ensure the overall (integral) safety of the metro based on increasing knowledge of the problems and vulnerabilities of assets, in the technical area, in the cybersecurity area, where it involves increasing the information performance of the system, and in other areas of management that are important for safe operation.

Specific objectives of the dissertation are:

  • to increase knowledge about the problems, risks of systems, and their management,
  • data on the observed problem, i.e., data on the operation of the Prague metro,
  • to establish a methodological procedure, describe methods and tools for working with assets,
  • to identify and determine the criticalities of assets for safe operation management of the Prague metro,
  • to appropriately interpret and evaluate results for further work with assets,
  • to transform the results into graphs to find weak points in the metro’s operation from the perspective of safety (integral safety),
  • to analyze and evaluate a selected scenario of impacts on disasters,
  • to propose measures to reduce the criticalities of metro assets and thus reduce its overall criticality and increase its safety (integral safety).

1.2 Formulation of a scientific problem

The presented dissertation focuses on the study of complex systems of the type SoS (system of systems) in the real world and ensuring their safety (integral safety). Due to the complexity of systems, it is necessary to consider the criticality of assets depending on various sources of risks in the real world. Especially when implementing supra-project phenomena that are the sources of risks, critical situations arise due to the creation of unwanted connections in the complex system, i.e., unexpected connections are formed that lead to failure, often resulting in entire cascades of failures [6]. As a result, traffic accidents occur, leading to the loss of human lives, damages to public property, the transport company, and the environment.

Mutual dependencies (engl. Interdependences), both desired and undesired, have physical, logical, cyber, and local nature [6], which means the issue is very broad. Considering the nature of SoS (i.e., socio-cyber-physical system), which is also the case for the Prague metro, it can be further stated that it is a soft system, where many problems arise mainly from insufficient management, i.e., management, at various levels and in various contexts between technology, information systems, and the human factor.

Under certain conditions of the technical work, or the solved system, some situations can be addressed with exact methods, but safety (integral safety) primarily extends beyond the given limits and conditions of systems, i.e., supra-project phenomena. Under these conditions, and due to anisotropies and inhomogeneities in the system and its surroundings, connections that were not considered in the project arise in SoS [6]. Therefore, for very complex systems with a large number of known and unknown states, it is not possible to predict their behavior with certainty under these conditions, i.e., so-called emergent phenomena (phenomena that arise spontaneously and cannot be simply deduced from the properties of the system’s elements and their connections).

Due to the above-mentioned scope and complexities, the presented dissertation thus uses multi-criteria and heuristic methods and focuses only on selected parts of the problems in managing safety (integral safety) of the solved system. To address the problem, the procedure outlined below is used.

1.3 Methodology of dissertation work

The following procedure was used to achieve the results of the work:

  1. Selection and design of methods and tools for:
  2. data collection – identification of assets, vulnerabilities (selection),
  3. data processing – determination of criticalities and their interpretation (selection),
  4. transformation of sensitivity (vulnerability) matrices into a graph (design),
  5. creation of impact scenarios (design).
  6. Identification of assets of the critical infrastructure (operation of the Prague metro).
  7. Determination of vulnerabilities and criticalities of assets.
  8. Assessment of the real state of system security against specific and critical disasters.
  9. Interpretation of results using sensitivity matrices.
  10. Transformation of matrices into a graph.
  11. Modeling of impact scenarios for the selected critical disaster.

1.4 Expected contribution of the dissertation

The dissertation contributes to increasing the integral safety of the system by applying advanced methods, tools, and recent knowledge, as required by the UN concept UN[9]. The results of the work, i.e., the proposal for measures to improve the safety of the operation of the Prague metro, were handed over to the Prague Public Transport Company for implementation in practice [7].

The work presents a number of open unresolved vulnerabilities, thereby opening the possibility for new research projects. The proposed methods and tools of the dissertation can be further developed and supported with appropriate software tools, thus opening opportunities for other projects within the development and innovation framework. The contribution of the work is a summary of knowledge, the establishment and verification of a method that allows achieving higher goals than just the safety of processes or individual technical devices, i.e., achieving integral safety. This is in line not only with the objectives of professional knowledge but also with the requirements of the UN and EU for a safe and sustainable world [2,8,9].

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Contact us

  • We provide guidance on safety, risk management, and the security of industrial systems and emerging technologies.
  • We’ll propose solutions to identified issues. We help identify and effectively address weaknesses in your processes, systems, or technologies.
Scroll to Top