Electronic Bulletin Number 63 - September, 2009

 
Critical Telecommunication Infrastructure Protection in Brazil: Results of methodology for identifying and analyzing threats (MIdA2)
Email this Article | Print this page | Home

1 Introduction

The complexity and the extent of modern infrastructures, their interdependencies and the need to use scarce resources in a cost-effective manner require a systematic approach to identify and protect critical infrastructures (CIs). This process should determine critical elements, identify threats and vulnerabilities, assess impacts and evaluate risks. Following these steps, actions can be taken to mitigate vulnerabilities and reduce risks. Finally, government policies and strategies can be defined.

This document provides a result of one of these phases: identify the most appropriate and usual threats notice in Brazilian’s telecommunication sector. The theory explains: “all the threats (discovered and not) are present in all assets”, however the intuit of this paper is to provide a survey about the perception of the actors about threats, regarding frequency, likelihood that the threat could occur (expectation), etc…

2 Results

The information presented here has been collected through the application of the MIdA² [1] by means of interviews and workshops with regulatory body, telecommunication services providers, researchers, information security professionals and professors, among others.

As a result three scenarios were created. One that represents the specialists [2], other related to telecommunication service provider and finally the consolidate scenario that represents a Brazilian’s scenario.

For the sake of brevity, this document shows the consolidated one. Also observe that this list does not represent any kind of risk involved in the sector.

2.1 Brazilian’s scenario

The results shows herein reflect in information acquired from all the services providers in Brazil in conjunction with the results obtained from specialist in the sector.

The Figure 1 represents the final results of this survey, and the Figure 2 represents the expectation of unavailability if specific threat occurs.

Figure 1. Threats identified in Brazilian’s scenario

 

Figure 2. Expectation of unavailability

3 Conclusions

This paper described the results achieved by Methodology for Threat Identification and Analysis (MIdA²) in the scenario of Brazil’s critical telecommunication infrastructure. MIdA² main objectives are twofold: 1) to establish a long-term communication and cooperation channel between Anatel and Brazil’s operators with respect to telecommunication infrastructure protection and 2) to collect information for threat analysis in order to start the risk management process, which will continue with the help of the other methodologies.

 

Sérgio Luis Ribeiro
Delegation of Brazil
 

Additional Information: This document was published as CCP.I-TEL/doc. 1795/09 r1.

References

[1] CITEL/OEA CCP.I-TEL 1576 – Critical Telecommunication Infrastructure Protection in Brazil: Methodology for Identifying and Analyzing Threats – MIdA².

[2] CITEL/OEA CCP.I-TEL 1578 – Critical Telecommunication Infrastructure Protection in Brazil: Threats and Vulnerabilities – Survey.

5 Bibliography

a. Lewis, T.G.: Critical infrastructure protection in homeland security: defending a networked nation. John Wiley & Sons, New Jersey, USA (2006).

b. Keeney, R.L.; Raiffa H.: Decisions with Multiple Objectives: Preference and Value Tradeoffs. John Wiley, New York (1976).

c. Saaty, T.L.: The Analytic Hierarchy Process. McGraw Hill (1980).

d. Zimmermann, H.J.: Fuzzy Set Theory and Its Applications. Kluwer, Boston (1991).

e. Newman, J.W.: Management Applications of Decision Theory. Harper & Row Publisher (1971).

f. Gorman, S.P. Networks, Security and Complexity – The role of public policy in critical Infrastructure protection. Edward Elgar Publishing, Cheltenham, UK (2005).

g. Elgin Brunner, E. Suter, M.: International CIIP Handbook 2008/2009, Vol. I: An Inventory of 25 National and 7 International Critical Information Infrastructure Protection Policies. Center for Security Studies. ETH Zurich (2008).


© Copyright 2009. Inter-American Telecommunication Commission
Organization of American States.
1889 F St., N.W., Washington, D.C. 20006 - United States
Tel. (202)458-3004 | Fax. (202) 458-6854 | citel@oas.org | http://citel.oas.org

To unsubscribe please follow this link: citel@oas.org