A decision support tool for optimal configuration of critical infrastructures

In this work, a decision support system aimed at suggesting to critical infrastructure (CI) operators the optimal configuration in terms of deployed security functions Ali ties is presented. Two specific problems have been addressed: the security evaluation problem and the security configuration computation problem. Concerning the former problem, the framework provided by the Open Source Security Testing Methodology Manual (OSSTMM) has been retained and extended to capture innovative security features providing CI operators with a holistic insight on the system security level. Concerning the latter problem, the DSS has been provided with an optimisation framework based on a genetic algorithm (GA) for exploring the solution space; in this respect, three different implementations of the adopted GA have been developed and evaluated in realistic operation scenarios. Finally, the outputs of the DSS have been validated from a security point of view.