Berg Heinz-Peter
How to investigate and assess combination of hazards
Operating experience from different types of industrial installations has shown that combinations of different types of different hazards occur during the entire lifetime of the installations. Typically site specific occurring hazards cause or induce other hazards to occur. In particular, natural hazards rarely happen alone. Thus, it is very important to note that almost any event combination of hazards is possible and that it is necessary to identify these interactions and find ways to mitigate the effects of hazard combinations. Therefore, it is a basic task to investigate and assess the relevant combination of hazards not only for a single installation but for the respective site/industrial park. In that context domino effects and cascade effects pose particular challenges for risk management to prevent industrial accidents.
[full text]
Caballé Nuria C., Castro Inma T.
A Degradation-Threshold-Shock model for a system. The case of dependent causes of failure in finite-time
This paper deals with a condition-based maintenance strategy (CBM) in finite-time horizon for a system subject to two different causes of failure, internal degradation and sudden shocks. Internal degradation is modelled under a gamma process and sudden shocks arrive at the system following a non-homogeneous Poisson process (NHPP). Both causes of failure are considered as dependent. When a sudden shock takes places, the system fails. In addition, the system is regarded to fail when the deterioration level reaches a critical threshold. Under this functioning scheme, a CBM strategy is developed for controlling the reliability of the system. Traditionally, this strategy is developed under an asymptotic approach. Hence, considering an infinite-time horizon is not always possible. In this paper, we analyse a CBM strategy under a finite-time horizon developing a recursive method which estimates the expected cost rate based on numerical integration and Monte Carlo simulation. A numerical example is provided in order to illustrate this complex maintenance model.

[full text]
Charalambous Elisavet, Bratskas Romaios, Koutras Nikolaos, Karkas George, Anastasiades Andreas
Email forensic tools: A roadmap to email header analysis through a cybercrime use case
Email is one of the primary sources of numerous criminal activities, on the Internet, of which some threaten human lives. Email analysis is challenging due to not only various fields that can be forged by hackers or the wide range email applications in use, but also due to imposed law restrictions in the analysis of email body.
Despite this being a relatively new area, a number of both open source and proprietary forensic tools, with varying possibilities and versatility, have been developed aiding use by practitioners. In this paper, we review existing email forensic tools for email header analysis, as part of email investigation, with emphasis on aspects related to online crime while still considering legal constraints. Through our analysis, we investigate a common case of cybercrime and examine the breadth of information one may gain solely through email forensics analysis. Additionally, a roadmap for email forensic analysis is presented, combining features and functionality already available, to assist the process of digital forensic analysis. [full text]
Cieślikiewicz Witold, Dudkowska Aleksandra, Gic-Grusza Gabriela
Port of Gdańsk and Port of Gdynia’s exposure to threats resulting from storm extremes
This study is intended to make a first estimate of the exposure of the two Polish largest ports – Gdańsk and Gdynia, localized in the Gulf of Gdańsk – to threats from storm extremes. These ports are elements of the Polish critical infrastructure and presented analysis is one of the tasks related to critical infrastructure protection. Hypothetical extreme meteorological conditions have been defined based on 138-year NOAA data and assumed wave fields for those conditions have been generated. Using HIPOCAS project database the 21 extreme historical storms over the period 1958–2001 were selected to simulate realistic conditions in the vicinity of the ports. The highest significant wave height was found to be nearly 4 m in the vicinity of Port of Gdańsk and nearly 2 m in the vicinity of Port of Gdynia. A future intensification of these wave conditions should be considered due to the climate change and sea level rise.
[full text]
Drzazga Michał, Kołowrocki Krzysztof, Soszyńska-Budny Joanna, Torbicki Mateusz
Port oil piping transportation critical infrastructure assets and interconnections
This article aims to analyze the problem of the port oil piping transportation critical infrastructure assets and their interconnections identification. As a result, there are distinguished direct assets, auxiliary assets, flow of people, goods and services, accessibility and capacity of the port oil piping transportation critical infrastructure. Moreover, the interconnections and interdependencies of this critical infrastructure are fixed and described.
[full text]
Dziula Przemysław, Kołowrocki Krzysztof
Identification of climate related hazards, the Global Baltic Network of Critical Infrastructure Networks, is exposed to
The paper presents issues concerning identification of climate related hazards at the Baltic Sea area and their exposure for the Global Baltic Network of Critical Infrastructure Network. As a result, possible natural hazards coming from following climate/weather change are distinguished: sea water temperature changes, change in ice cover, sea level rise/ decrease, coastal erosion, precipitation, storm surges and winds, and air temperature change, for particular critical infrastructure networks operating within the Baltic Sea area.
[full text]
Efstathiou Nectarios, Psaroudakis Chrysostomos, Skitsas Michael, Koutras Nikolaos
WARSYS: An efficient data warehouse to support decision support components of health services in major crises
Critical infrastructures (CI) are organizations and facilities of major importance and form the backbone of a national economy, security and health. Due to their significance, they may become target of an attack such as terrorist resulting in crisis event. Decision making systems to support and facilitate the operation of emergency health services in major incidents and crises, could play a significant role. In order to support those systems, efficient databases that could store and manage data from different sources, multiple levels of user privileges within a secure environment become a necessity. In this work, we propose and develop the WARSYS component. The main advantage of WARSYS database, is the ability to collect and store information from different sources providing appropriate interfaces. The WARSYS database structure will be developed within IMPRESS framework, with a view of extracting in real time, medical and logistics information from available repositories.
[full text]
Eid Mohamed, Hakkarainen Tuula, Terhi Kling, Souza de Cursi Eduardo, El-Hami Abdelkhalak
Critical infrastructure preparedness: cascading of disruptions considering vulnerability and Dependency
Critical Infrastructures’ disruptions may result in crises of unacceptable outcomes in modern societies. Thus, it is important to develop models that allow describing CIs’ disruptions and their propagation characteristics. CI disruptions depend on both the type of the threat and on the nature of the CIs’ mutual dependencies. A model describing the cascade of disruptions should, then, be able to consider the CI-threat vulnerability and the CI-CI dependency. The paper presents a model where cascades are exactly described using an integral equation. The integral equation admits an analytical solution if the occurrence probability distribution functions (pdf) of the disruptions obey Stochastic Poisson Processes (SPP). The introduction of the “vulnerability to the threat” and the “CIs’ (inter)dependencies” is carried out with the help of time constant factors called: “vulnerability strain factor” and “disruption strain factor”, respectively. An academic case is presented in order to demonstrate the applicability of the model and illustrate some interesting features of the model. A complete set of numerical applications will be published separately.
[full text]
Grabski Franciszek
Monte Carlo method for reliability of parallel system with dependent failures of component
A problem of parallel system reliability with dependent failures of components is presented in the paper. It is assumed that lifetimes of components are independent random variable having Weibull distribution. We take under consideration a parallel (in reliability meaning) system consisting of n independent at the beginning of work and identical components. We assume that a load of the working system affects on the reliability of its components and the load of the system is distributed on all working components. Therefore, a failure rate of each component is changeable during run of the system and depends on a number of working elements at this point in time. As a model of the system failures we construct a stochastic process which value at the moment t denotes the number of working components. Generally it is neither Markov nor semi-Markov process. To assess the reliability characteristics of the system we simulate this stochastic process using the Monte-Carlo method and we calculate values of nonparametric kernel density and reliability functions estimators.
[full text]
Grabski Franciszek
Constructing stochastic models for investigation of dangerous events and accidents number in Baltic Sea region ports
The stochastic processes theory provides concepts and theorems that allow to build probabilistic models concerning incidents or (and) accidents. Counting processes are applied for modelling number of the dangerous events and accidents number in Baltic Sea region ports in the given time intervals. A crucial role in construction of the models plays a Poisson process and its generalizations. Three models of the incidents or (and) accidents number in the seaports are here constructed. Moreover some procedures of the model parameters identification and the computer procedures for anticipation of the dangerous events number are presented in the paper.
[full text]
Grabski Franciszek
Reliability and maintainability characteristics in semi-Markov models
The characteristics of semi-Markov process we can translate on the reliability characteristics in the semi-Markov reliability model. The cumulative distribution functions of the first passage time from the given states to subset of states, expected values and second moments corresponding to them which are considered in this paper allow to define reliability function of the system. The equations for many reliability characteristics and parameters are here presented.
[full text]
Iancu Alexandra, Berg Heinz-Peter, Krauß Matias
Hazard assessment in case of external flooding
Risks relating to external hazards, either natural or man-made, have to be taken into consideration in the design of nuclear and other industrial facilities. These risks have to be studied to guarantee the availability and efficiency of safety functions which, e.g. in the case of power reactors, enable a safe shutdown, maintain the reactor in a safe shutdown state, ensure the residual heat removal and the containment of radioactive products. With a view to design protection against risks related to external hazards, these hazards have to be assessed in an appropriate manner. The methods used can be either deterministic or probabilistic. In both cases, the method strongly relies on observations (e.g. flood records) that are processed to define a maximum event for the respective facility design. Moreover, the validity of these records over a certain time frame like 100 years has to be checked. Coping with external hazards such as flooding in the future requires an in-depth assessment taking into account new data, further developed methodologies and criteria. Some of these ideas, developments and applications are provided.
[full text]
Jakusik Ewa, Kołowrocki Krzysztof, Kuligowska Ewa, Soszyńska-Budny Joanna
Identification of climate related hazards at the Baltic Sea area
The article is created to identify the climate related hazards at the Baltic Sea area and their extreme event parameters exposure for maritime ferry analysis. As a result, there are distinguished possible natural hazards coming from climate/weather change: strong winds, sea water level, precipitation, ice, fog, large waves, water temperature and air temperature.
[full text]
Kołowrocki Krzysztof, Kuligowska Ewa, Soszyńska-Budny Joanna
Maritime ferry critical infrastructure assets and interconnections
This article aims to analyze the problem of maritime ferry critical infrastructure assets and their interconnections identification. As a result, there are distinguished direct assets, auxiliary assets, flow of people, goods and services of the maritime ferry as a component of the shipping critical infrastructure network. Additionally, the identification of interconnections and interdependencies of this critical infrastructures network are identified.
[full text]
Kołowrocki Krzysztof, Kuligowska Ewa, Soszyńska-Budny Joanna
Climate related hazards and their critical / extreme event parameters exposure for maritime ferry critical infrastructure
The article is created to identify the climate related hazards at the Baltic Sea area and their extreme event parameters exposure for maritime ferry analysis. As a result, there are distinguished possible natural hazards coming from climate/weather change: strong winds, sea water level, precipitation, ice, fog, large waves, water temperature and air temperature.
[full text]
Kołowrocki Krzysztof, Kwiatuszewska-Sarnecka Bożena
General approach to Baltic electric cable critical infrastructure network operation process Modelling
In the paper, the critical infrastructure operation process is defined and its main parameters are fixed. Next, a general model of operation process of critical infrastructure network is defined and its parameters are described. A special case of the general when its component critical infrastructures are independent model is considered and applied to the Baltic Electric Cable Critical Infrastructure Network.[full text]
Kołowrocki Krzysztof, Soszyńska-Budny Joanna, Torbicki Mateusz
Identification of climate related hazards at the Baltic Sea area and their critical / extreme event parameters’ exposure for port oil piping transportation critical infrastructure
In the paper, the critical infrastructure operation process is defined and its main parameters are fixed. Next,
a general model of operation process of critical infrastructure network is defined and its parameters are described. A special case of the general when its component critical infrastructures are independent model is considered and applied to the Baltic Electric Cable Critical Infrastructure Network.
[full text]
Kosmowski Kazimierz T., Śliwiński Marcin
Organizational culture as prerequisite of proactive safety and security management in critical infrastructure systems including hazardous plants and ports
This article addresses selected aspects of organizational culture to be considered in the context of knowledge based proactive safety and security management of plants, ports and systems of critical infrastructure. It has been often emphasized in the domain literature that business effectiveness of such plants and their resilience against hazards and threats to avoid major accidents depends substantially on human and organizational factors. It becomes obvious that appropriate shaping of these factors is crucial and should be considered in life cycle. Some terms have been also introduced such as safety culture and security culture. Current research topic in this domain includes an interface between safety and security. The article discusses these issues in the context of knowledge based proactive safety and security management being a new challenge, especially in cases of hazardous plants, ports and other complex systems of critical infrastructure.
Nevertheless a crucial role plays the human-operator undertaking safety-related decisions during potential abnormal situations and accidents. Below some issues concerning requirements for the alarm system design
in context of human factors are outlined and discussed.

[full text]

Kosmowski Kazimierz T., Śliwiński Marcin, Piesik Emilian, Gołębiewski Dariusz
Procedure based proactive functional safety management for the risk mitigation of hazardous events in the oil port installations including insurance aspects
This article addresses selected technical and organization aspects of risk mitigation in the oil port installations with regard to functional safety requirements specified in standards IEC 61508 and IEC 61511. The procedure for functional safety management includes the hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of safety functions. Based on risk assessment results the safety integrity level (SIL) is determined for consecutive safety functions. These functions are implemented within industrial control system (ICS) that consists of the basic process control system (BPCS) and/or safety instrumented system (SIS). Determination of required SIL related to required risk mitigation is based on semi-quantitative evaluation method. Verification of SIL for considered architectures of BPCS and/or SIS is supported by probabilistic models with appropriate data and model parameters including security-related aspects. The approach proposed is illustrated on example of oil port installations. In final part of the article the insurance aspects are discussed in managing risks, as some risks are to be transferred to an insurance company.
[full text]
Kostogryzov Andrey, Stepanov Pavel, Nistratov Andrey, Nistratov George, Zubarev Igor, Grigoriev Leonid
Analytical modelling operation processes of composed and integrated information systems on the principles of system engineering
The approach for analytical modelling operation processes of composed and integrated information systems is proposed. It allows to estimate the reliability and timeliness of information producing, the completeness, validity and confidentiality of the used information from users’ point of view. In application to composed and integrated systems the existing models are developed by introducing the space of elementary events for operation processes from system engineering point of view. It is intended for systems analysts for any IS. Some effects are demonstrated by examples.
[full text]
Mazurkiewicz Jacek
Video detection data as important factor for transport systems safety improvement
The paper presents the analysis and discussion of video detection data usage for discrete transport systems safety improvement. The Autonomous Vehicles (AV) and the Augmented Reality (AR) research in connection with a Driving Assistance (DA) are presented. This article is going to show where the border between those two fields of interest is and how they are going to influence on the future of automotive. The proposal of the AR system – based on soft-computing methods used for an object classification problem – is given. The input data are taken from the real traffic monitoring system located at the set of roads in Poland. Data from the monitoring devices are used to analyze the travel time of vehicles – elements of the transportation system. The travel time model taking into account the real road situation is built. The proposed solution can be an essential tool for the owner and administrator of the transportation systems.
[full text]
Nowakowski Tomasz, Młyńczak Marek,Tubis Agnieszka, Werbińska-Wojciechowska Sylwia
Conception of decision support system for resilience management of seaport supply chains
The target of this paper is to present the preliminary concept of decision support system for seaports supply chain risk management in the aspect of vulnerability and resilience engineering. As a result, there is discussed a literature review connected with resilience engineering of seaport infrastructure systems and their supply chains. Later, the decision support system conception is investigated. The developed solution is to be based on the What if? approach and Bow-Tie method. The work ends up with summary and directions for further research.
[full text]
Skitsas Michael, Efstathiou Nectarios, Charalambous Elisavet, Koutras Nikolaos, Efthymiou Costas
Towards the Protection of Critical Information Infrastructures using a Lightweight, Non-intrusive Embedded System
Critical Infrastructures (CIs), such as those that are found in the energy, financial, transport, communications, water, health and national security sectors, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a wide variety of highly interconnected information systems for their smooth, reliable and continuous operation. Cybercrime has become a major threat for such Critical Information Infrastructures (CIIs). To mitigate this phenomenon, several techniques have been proposed within the space of Intrusion Detection Systems (IDSs). IDS is an important and necessary component in ensuring network security and protecting network resources and network infrastructures. In this paper, we propose a lightweight, non-intrusive generic embedded system that aids in the protection of CIIs. The operation of the proposed system is based on state of the art IDS and other open source frameworks for the monitoring and supporting services and aims to fulfill the end-user’s requirements. The generic and non-intrusive nature of the system along with the low configuration effort allows rapid deployment to a wide range of CII nodes such as telecommunication routers and smart grid nodes, as well as for single endpoint protection.
[full text]
Sugier Jarosław
Implementing SHA-3 candidate BLAKE algorithm in Field Program¬mable Gate Arrays
BLAKE is a cryptographic hash function proposed as a candidate in SHA-3 contest where he successfully qualified to the final round with other 4 candidates. Although it eventually lost to KECCAK it is still considered as a suitable solution with good cryptographic strength and great performance especially in software realizations. For these advantages BLAKE is commonly selected to be a hash function of choice in many contemporary IT systems in applications like digital signatures or message authentication. The purpose of this paper is to evaluate how the algorithm is suitable to be implemented in hardware using low-cost Field Programmable Gate Array (FPGA) devices, particularly to test how efficiently its complex internal transformations can be realized with FPGA resources when overall size of the implementation grows substantially with multiple rounds of the cipher running in parallel in hardware and capacity of the configurable array is used up to its limits. The study was made using the set of 7 different architectures with different loop unrolling factors and with optional application of pipelining, with each architecture being implemented in two popular families of FPGA devices from Xilinx. Investigation of the internal characteristic of the implementations generated by the tools helped in analysis how the fundamental mechanism of loop unrolling with or without pipelining works in case of this particular cipher.
[full text]
Tchórzewska-Cieślak Barbara, Pietrucha-Urbanik Katarzyna
Analysis and assessment methods of water network failure in terms of belonging to critical Infrastructure
In paper issues connected with safety and operation of the water supply system were presented. The study paid special attention to the safety aspect of water consumers in terms of belonging to critical infrastructure. In the paper the consumer risk of the first type associated with the lack or interruptions in water supply was defined, as well as the consumer risk of the second type associated with the consumption of water with incompatible quality with the regulation. The subject of risk assessment refers to the current trends in the world, which
are intended to ensure the safety and comfort use of public water supplies.

[full text]

Tchórzewska-Cieślak Barbara, Pietrucha-Urbanik Katarzyna, Szpak Dawid
Developing procedures for hazard identification
The reliable operation of critical infrastructure has a direct impact on the energy security of country. Due to the complexity and vastness of such system it is exposed to various types of events that could lead to failure. These risks may result directly from the operation and also be the result of external factors. Especially dangerous are the undesirable events with incidental character or unlikely events that constitute a serious threat to people and the environment and resulting in significant loss.
[full text]
Tsadiras Alexandros, Bachtsetzis Christos-Stergios, Georgiou Michalis, Boustras George, Mylona Vasiliki
Legal implications of critical infrastructure protection; the experience of the Cyprus Cybercrime Center
Cyber related crime is an important aspect of Critical Infrastructure. The recent accession of Cyprus to the EU, its small size and its remoteness are important factors that have influenced its ability to characterize its CI’s as well as create (rather harmonize) its legal background. The paper discusses Directive 2011/-93/EU on combating the sexual abuse and sexual exploitation of children and child pornography and its transposition into the Cyprus legal order. The Directive was incorporated in the Cypriot law with the Prevention and Combating of Sexual Abuse, Sexual Exploitation of Children and Child Pornography Law 91(I)/2014, as amended by Law 105(I)/2014 on Legal Aid, aiming at preventing, suppressing and combating crimes of sexual abuse and sexual exploitation of children, child pornography and solicitation of children for sexual purposes.
[full text]
Türschmann Michael, Röwekamp Marina
Probabilistic safety assessment of fire hazards
An as far as possible exhaustive conceptual approach has been developed to systematically address all kinds of internal and external hazards and their potential combinations in Level 1 PSA in a comprehensive manner. The approach assumes a comprehensive generic compilation of hazards being available. By means of site-specific screening process it is decided which hazards need to be analysed in detail by means of probabilistic methods. The requested extension of the plant model is carried out by a systematic approach for those hazards to be analysed in detail. For this purpose, lists of hazard relevant structures, systems and components and their failure dependencies according to the hazards are derived. The comprehensive extension of Level 1 PSA by hazards is demonstrated at the example of plant internal fires.
[full text]
Walkowiak Tomasz
A repair time model of a web based system including administrator working hours
The paper presents a web based system reliability analysis. We propose to model different types of faults (hardware one, software and security incidents) taking consideration only the effect of the failure, not the source of the fault. It is assumed that failure events are independent and the time to failure is exponential. Whereas the time to repair is not exponential since repair actions are taken only when administrators are at work. We assume that administrators are not working 24/7. The paper presents an algorithmic model of the repair time including administrator working hours. The model is used to estimate reliability parameters (mean time, standard deviation and 90th percentile of yearly down time) by a use of Monte-Carlo simulation. The numerical results are compared with results from the analytical model (Markov one) that assumes exponential distribution of all repair times. Results for two web exemplar web systems (with reliability model consisting of two and five states) show the range of error caused by the exponential distribution assumption.
[full text]
Woch Marta, Kamiński Grzegorz, Matyjewski Marek
Risk and reliability analysis of the selected Boeing types
This article presents the analysis of risk and reliability of the Boeings 727, 737, 747 fleet. This analysis includes the study of reliability and risk of the number of aircrafts in operation for those Boeings, considering the long list of accidents that the aircraft has suffered around all the series and the unfortunate fatalities which are the result of each catastrophe. Beside this, it is possible to see the analysis of accidents caused by each phase of flight, undesirable event and weather. Nevertheless, it is worth noting that the number of flight hours and the number of flights of the Boeings fleet, among other data, was obtained from official sources pages.
[full text]