Beruflich Dokumente
Kultur Dokumente
Managing Risk
Propagation
in Extended
Enterprise
Networks
C. Derrick Huang, Ravi S. Behara, and Qing Hu
Florida Atlantic University
computer.org/ITPro
15
Figure 1. Network topologies. (a) A randomly connected network and (b) a scale-free network.
( 2000, Macmillan Publishers. Adapted by permission.7 )
A Network Perspective
Much like the spread of epidemics among living
organisms, the cascading of attacks is characterized by the network connectivity and the defense
mechanisms taken up by the nodes. Researchers
have proposed adopting epidemic models such as
susceptible-infected-removal (SIR) and susceptibleinfected-removal-susceptible (SIRS) to study such
phenomena. Understanding an ISCs network topology is the key to applying these models to examine its network-interconnection risk.
Rather than follow random connection patterns,
computer networks often resemble common social
networks or even the metabolic pathways found in
living mechanisms; although the majority of the
nodes have only few direct links, a small number
of highly connected nodes (called hubs) directly
connect to many nodes (see Figure 1).6 In an ISC
that serves as a retail network, for instance, most
vendors and suppliers connect only to their customers and perhaps a few other vendors, whereas a
few large retailers and wholesalers have direct connections to many of the vendors and thus act as
hubs. Compared to a distributed network in which
nodes connect randomly to others, such a topology exhibits two key differences:6,7
dom nodes in the networkis small. For instance, one study6 calculated that the Webs
diameter is 19, a remarkably small number
considering the Internets hundreds of millions
of nodes.
The connectivity follows a power-law distribution, such that the probability that a node
connects with k other nodes is proportional to
k, where is between 2 and 3 for most real
networks such as the Internet; this distribution
doesnt change as new nodes are added.
Such a small-world (the former point), scalefree (the latter point) network topology best represents the networking attributes of the Internet
and its variations, such as peer-to-peer file sharing networks and ISCs.
Small-world, scale-free ISCs exhibit interesting behaviors with respect to the spread of security attacks. A key characteristic of a randomly
connected network under threat is the existence
of an epidemic threshold, below which the attacks
wouldnt spread throughout the network, even
when defensive mechanisms were absent. However, such a threshold doesnt exist in a scale-free
network.8 This implies that even an attack with a
low epidemic rate on one nodesuch as a badly
designed worm that doesnt replicate itself very
effectivelycan eventually affect every node in
an ISC if most of the nodes have little or no information security measures. On the other hand,
a scale-free network as a whole demonstrates a
high degree of tolerance against random failure
of its nodes, a property that randomly interconnected networks dont share. However, when
just a few highly connected nodes are down, the
networks diameter increases dramatically as the
whole network quickly collapses into many isolated fragments.9 In other words, a scale-free network is robust against random attacks but highly
susceptible to targeted attacks against its hubs.
We can identify a few lessons on managing the
ISC network-interconnection risks. To prevent
even the most impotent attack from spreading,
all firms in an extended enterprise network must
have a minimal level of information security.
Although an ISC with properly protected nodes
is resilient to common opportunistic attacks
such as viruses and worms, however, informed
adversaries attempting to damage such an ISC
probably wouldnt direct their attacks randomly.
A Supply-Chain Perspective
Businesses of member firms are unavoidably interconnected via ISCswhether for collaboration
network, information-sharing arrangement, or
supply and logistics coordinationas are their
risks. Two main classes of risks, disruption and
coordination, often cascade through such business
interconnections. A physical supply chain expe-
computer.org/ITPro
17
Principle
ISC action
Challenge
Scale-free
Lack of epidemic threshold
All nodes in ISC need minimal
Mechanism for setting standards
networks
level of security measures
and enforcing and monitoring
security measures of all nodes
Resilience against random Highly connected nodes need Incentive for hubs to spend extra
attacks, but susceptible to
higher level of security protection
on information security
targeted attacks
than the rest of the nodes
Supply-chain Minimizing disruption risks
Critical members need to be
management
protected from failure
Minimizing coordination risks Member firms share security Infrastructure and incentive for
information and coordinate activities coordination
Reference
1.
2.
computer.org/ITPro
19