Caldeira, Filipe2014-12-112014-12-112013-11http://hdl.handle.net/10400.19/2448Today’s critical infrastructures (CIs) depend on information and communication technologies (ICTs) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. Among the problems inherent to the operation of Critical Infrastructures, it is possible to emphasise the existence of dependencies and interdependencies among infrastructures. For example, a telecommunications service is inherently dependent on the electricity supply or, for instance, banking services are dependent on both telecommunications and energy supply services. Many of the existing approaches to security in Critical Infrastructures are focused on obtaining risk levels through the use of models based on the infrastructure. Although these models allow a solid foundation for risk monitoring, they do not have mechanisms for exchange, management and assessment of its quality. This presentation addresses the problems related to trust, reputation and risk alerts management within Critical Infrastructures. Accordingly, it is described how to introduce mechanisms to manage and measure at each instant, the degree of confidence assigned to each of the alerts received or computed internally. Allowing improvement of their accuracy and consequently improving the resilience of Critical Infrastructures when faced with inaccurate or inconsistent risk alerts. The lecture’s main goals are to address the problems related to interdependent Critical Infrastructure security and to identify the main problems related to risk information sharing. In particular, how to allow information sharing in a secure manner, the management of that sharing and how to assess the reliability of such information. The European Project MICIE is presented in order to contextualise the presented work. The application of Policy Based Management mechanisms for the management of the risk alert information shared among Critical Infrastructures is described. In order to improve the information sharing management and the further interpretation of the risk alerts, it is described how to evaluate Trust and Reputation in order to assess the shared information and also to consider the behaviour of the entities involved. Selected application scenarios for the presented approaches will be discussed. In particular the integration of those approaches within the MICIE Project and also the integration of the trust and reputation indicators within the CI security Model.engconference object