In this paper we propose a holistic Criticality Assessment methodology, suitable for the development of an infrastructure protection plan in a multi-sector or national level. The proposed methodology aims to integrate existing security plans and risk assessments performed in isolated infrastructures, in order to assess sector-wide or intra-sector security risks. In order to achieve this, we define three different layers of security assessments with different requirements and goals; the operator layer, the sector layer and the intra-sector or national layer. We determine the characteristics of each layer, as well as their interdependencies. In this way, existing security plans can be fully exploited in order to provide a "shortcut" for the development of security plans for complex inter-dependent infrastructures. A key element in the proposed methodology is the formal definition of interdependencies between different infrastructures and their respective sectors. Interdependencies between infrastructures belonging to the same or to a different sector, as well as interdependencies between different sectors, act as interfaces through which threats and their impacts occurring on different layers or different sectors, are conveyed to others. Current risk assessment methodologies fail to address effectively this issue, thus, the formalization of these interfaces and their interference is an important element for the definition of a holistic Criticality Assessment methodology.

• 出版日期2010-9