Int. J. Critical Infrastructures, Vol. 9, Nos. 1/2, 2013 93 Copyright © 2013 Inderscience Enterprises Ltd. Assessing n -order dependencies between critical infrastructures Panayiotis Kotzanikolaou* Department of Informatics, University of Piraeus, 85 Karaoli and Dimitriou, GR-18534, Piraeus, Greece E-mail: pkotzani@unipi.gr *Corresponding author Marianthi Theoharidou and Dimitris Gritzalis Department of Informatics, Athens University of Economics and Business, 76 Patission Ave., GR-10434, Athens, Greece E-mail: mtheohar@aueb.gr E-mail: dgrit@aueb.gr Abstract: The protection of critical infrastructures (CI) is a complex task, since it involves the assessment of both internal and external security risk. In the recent literature, methodologies have been proposed that can be used to identify organisation-wise security threats, or even first-order dependency risk (i.e., risk deriving from direct dependencies). However, there is a lack of work in the area of multi-order dependencies, i.e., assessing the cumulative effects of a single incident, on infrastructures that are connected indirectly. In this paper, we propose a method to identify and assess multi-order dependencies. Based on previous work, we utilise existing first-order dependency graphs, in order to assess the effect of a disruption to consequent infrastructures. In this way, it may be possible to identify and prevent security threats of very high impact from a macroscopic view, which would be hard to identify if we only examine first-order dependencies. We also present a scenario, which provides some evidence on the applicability of the proposed approach. Keywords: critical infrastructure; risk assessment; criticality; dependencies. Reference to this paper should be made as follows: Kotzanikolaou, P., Theoharidou, M. and Gritzalis, D. (2013) ‘Assessing n -order dependencies between critical infrastructures’, Int. J. Critical Infrastructures, Vol. 9, Nos. 1/2, pp.93–110. Biographical notes: Panayiotis Kotzanikolaou is a Lecturer of IT Security and Privacy at the University of Piraeus, Greece, and a senior member of the Information Security and Critical Infrastructure Protection Research Group at Athens University of Economics and Business (AUEB), Athens, Greece. His research interests include applied cryptography, critical infrastructure protection, network security and communication privacy.