1 Introduction
The complexity and the extent of modern
infrastructures, their interdependencies and the
need to use scarce resources in a cost-effective
manner require a systematic approach to identify and
protect critical infrastructures (CIs). This process
should determine critical elements, identify threats
and vulnerabilities, assess impacts and evaluate
risks. Following these steps, actions can be taken
to mitigate vulnerabilities and reduce risks.
Finally, government policies and strategies can be
defined.
This document provides a result of one of these
phases: identify the most appropriate and usual
threats notice in Brazilian’s telecommunication
sector. The theory explains: “all the threats
(discovered and not) are present in all assets”,
however the intuit of this paper is to provide a
survey about the perception of the actors about
threats, regarding frequency, likelihood that the
threat could occur (expectation), etc…
2 Results
The information presented here has been collected
through the application of the MIdA² [1] by means of
interviews and workshops with regulatory body,
telecommunication services providers, researchers,
information security professionals and professors,
among others.
As a result three scenarios were created. One
that represents the specialists [2], other related
to telecommunication service provider and finally
the consolidate scenario that represents a
Brazilian’s scenario.
For the sake of brevity, this document shows the
consolidated one. Also observe that this list does
not represent any kind of risk involved in the
sector.
2.1 Brazilian’s scenario
The results shows herein reflect in information
acquired from all the services providers in Brazil
in conjunction with the results obtained from
specialist in the sector.
The Figure 1 represents the final results of this
survey, and the Figure 2 represents the expectation
of unavailability if specific threat occurs.
Figure 1.
Threats identified in Brazilian’s scenario
Figure 2. Expectation of
unavailability
3 Conclusions
This paper described the results achieved by
Methodology for Threat Identification and Analysis
(MIdA²) in the scenario of Brazil’s critical
telecommunication infrastructure. MIdA² main
objectives are twofold: 1) to establish a long-term
communication and cooperation channel between Anatel
and Brazil’s operators with respect to
telecommunication infrastructure protection and 2)
to collect information for threat analysis in order
to start the risk management process, which will
continue with the help of the other methodologies.
Sérgio Luis Ribeiro
Delegation of Brazil
|