Companies and public administrations depend on secure networks. But how to measure the reliability of these networks? The Agency for Network and Information Security (ENISA) has published "Main challenges and recommendations for Reliability Metrics in networks and services", as well as a technical report. This is the first report written in Europe aimed at pointing out the lack of a holistic review of the area.
A metrics and measurement framework is essential for advice on practices and policies to improve the reliability of networks and services. The publication prepared by ENISA shows that:
a) There are very few frameworks and none are globally accepted
b) There are no standardized practices and different organizations use different sets of initial metrics and frameworks
(c) It is difficult to combine or aggregate various frameworks in a high-level assessment
The main challenges of reliability metrics include:
The main consensus recommendations are:Creation of a common interpretation / good practices or standards in reliability metrics (Taxonomy, Description and starting point for the metric, impact factors)Undertake a deeper investigation into open topics in reliability metrics (aggregation, composition, thresholds, data analysis)Development of tools / software to automate the deployment of reliability measurementsRecopilation and analysis of dataPromoting good practices and information sharingDeploying a conservative proposal for the introduction of metrics (for example, starting with a small collection of metrics)
The white paper is the first step toward building common knowledge, best practices, and standards for reliability metrics. The report holistically reviews frameworks, existing models, metric classification, and baseline metrics.
"It is imperative and a cornerstone for the Protection of Critical Information Infrastructures to be able to accurately measure the security and reliability of infrastructures and services in Europe," said Professor Udo Helmbrecht, Executive Director of ENISA.
Link to a video about reliability metrics.
The full reports are at the following link.
Source: INTECO-CERT
