Standard developed to assist U.K. government’s critical infrastructure protection authority
There’s a need to rely and trust forces outside our direct control for security — and that awareness spurred the United Kingdom’s national infrastructure protection authority to push for a standard way to model the implications of relying on technology, services, people and more.
The U.K. Centre for Protection of National Infrastructure, a government authority that provides security advice to business and organizations to protect against both physical threats and cyberthreats, asked the standards organization Open Group to create a method that anyone (including outside of the U.K.) can use to model dependencies they have in terms of security. The Open Group has done that with its “Dependency Modeling Standard” published this week, plus a prototype software tool from U.K.-based firm Intradependency that can be used to define dependence on systems, whether it’s a network of physical sensors or a supply chain.
RELATED: Trustworthy systems, trustworthy vendors and how to identify them
The U.K. government wants to use the modeling standard to help clearly define dependencies in the military sphere, but it’s also supposed to be useful for enterprises that depend on energy supplies, goods and services from partners or other relationships in order to operate.
“What is the business goal? What do you want to achieve?” said Richard Byford, senior director at Intradependency about what the Dependency Modeling Standard and the software tool for it are intended to do. “It’s a way of understanding what needs to be there to create success.” The modeling tool, still in prototype, makes use of XML to import data to model dependency scenarios.
With cloud-based services and mobile adding more complexity to the IT environment, the tool should be useful to model this, too. Ian Dobson, director of the Open Group’s Security Forum and Jericho Forum, says the intent is to build resilience in operations to cope with issues that arise based on what you depend on.