Global test beds for control, safety, security and dependability in ICT-Enabled Critical Infrastructures From SAFEGUARD Intrusion Detection Test Environment.

Slides:

Advertisements

Similar presentations

Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.

Advertisements

Chapter 19: Network Management Business Data Communications, 5e.

Arrow color indicates specific subset of Security Service Desk Common Backplane API. is DC Backplane API impledmented by the Backplane Services. Devices.

and Trend for Smart Grid

IRRIIS SimCIP Demo (version 0.8- May 2009) IRRIIS European Project – Antonio Di Pietro – ENEA.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

ENEA APPROACHES TO SUPERCOMPUTING AND CRITICAL INFRASTRUCTURES PROTECTION Sandro Bologna, Silvio Migliori, Andrea Quintiliani, Vittorio Rosato ENEA

IRRIIS – Integrated Risk Reduction of Information-based Infrastructure Systems Workshop - Middleware Improved Technology for Interdependent Critical Infrastructures.

I.1 Distributed Systems Prof. Dr. Alexander Schill Dresden Technical University Computer Networks Dept.

Chapter 19: Network Management Business Data Communications, 4e.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

Distributed Database Management Systems

Architecture and Real Time Systems Lab University of Massachusetts, Amherst I Koren and C M Krishna Electrical and Computer Engineering University of Massachusetts.

Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania.

Chapter 9: Moving to Design

Distributed System Concepts and Architectures Summary By Srujana Gorge.

Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

August 8, 2015ECI Confidential. AccessWave Smart Grid Market Trends& Applications Matthias Nass VP Field Marketing EMEA.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

MIT Requirements for TLC IRRIIS MIT Conference ROME 8 February 2007 Giustino FUMAGALLI Arnaud ANSIAUX.

Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.

LECTURE 9 CT1303 LAN. LAN DEVICES Network: Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and.

College of Engineering and Architecture Using Information to Increase Power Reliability and Reduce Vulnerability Anjan Bose Washington State University.

CSCI-235 Micro-Computer in Science The Network. © Prentice-Hall, Inc Communications  Communication is the process of sending and receiving messages 

La Modellazione delle Reti Complesse: il Grand Canyon tra Ricerca e Realtà Sandro Bologna ENEA – CAMO CR Casaccia, Roma

IMPROUVEMENT OF COMPUTER NETWORKS SECURITY BY USING FAULT TOLERANT CLUSTERS Prof. S ERB AUREL Ph. D. Prof. PATRICIU VICTOR-VALERIU Ph. D. Military Technical.

Project 3.4 Integrated Data Management and Portals Dr. Hassan Farhangi, Dr. Ali Palizban, Dr. Mehrdad Saif, Dr. Siamak Arzanpour,

Active Monitoring in GRID environments using Mobile Agent technology Orazio Tomarchio Andrea Calvagna Dipartimento di Ingegneria Informatica e delle Telecomunicazioni.

S. Bologna, C. Balducelli, A. Di Pietro, L. Lavalle, G. Vicoli ENERSIS 2008 Milano, 17 Giugno, 2008 Una strategia per.

A Review by Raghu Rangan WPI CS525 September 19, 2012 An Early Warning System Based on Reputation for Energy Control Systems.

Sandro Bologna - ENEA Claudio Balducelli – YLICHRON (ENEA) Massimo Gallanti - CESI Ricerca Workshop – AICT Roma 6 Dicembre, 2007 ICT nella gestione del.

Introduction to IRRIIS MIT Add-On Components IRRIIS, CRUTIAL & GRID Review Meeting 15 March 2007, Brussels Sandro Bologna.

Week 5 Lecture Distributed Database Management Systems Samuel ConnSamuel Conn, Asst Professor Suggestions for using the Lecture Slides.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

SIMPLE TRANSMISSION OUTAGE. Nodal Protocol Definition 2.26 Simple Transmission Outage A Planned Outage or Maintenance Outage of any Transmission Element.

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

Advanced Controls and Sensors David G. Hansen. Advanced Controls and Sensors Planning Process.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

Department of Electronic Engineering Challenges & Proposals INFSO Information Day e-Infrastructure Grid Initiatives 26/27 May.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

One or More Topologies ? One or More Topologies ? A methodological reflection IRRIIS Project, WP2.1 “Topology Analysis” Rome Meeting, 6,7 April 2006 IST.

“Systematic Experimentation and Demonstration activities” IRRIIS AB Meeting Ottobrunn, 20th May 2008 Sandro Bologna ENEA.

Sandro Bologna - ENEA Workshop – AICT Roma 25 Settembre, 2008 Alcune iniziative di ricerca in.

Self-healing Architectures based on context DEpendent adaptive Software Agents (SADESA) – an extension of EU-IST Project SAFEGUARD DeSIRE Workshop Pisa,

Introduction to the IRRIIS Simulation SimCIP Césaire Beyel.

NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.

Introduction to IRRIIS MIT Add-On Components Middleware Improvement Technology for Interdependent Critical Infrastructure 08 February 2007, Rome Giordano.

MIT Communication & Risk Management Language Workshop - Middleware Improved Technology for Interdependent Critical Infrastructures 8 February 2007, Rome.

1 © A. Kwasinski, 2015 Cyber Physical Power Systems Fall 2015 Security.

Rehab AlFallaj.  Network:  Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and do specific task.

Simulation Experiments: Emerging Instruments for CIP Dresden 5 th of October 2007 Walter Schmitz.

9 Systems Analysis and Design in a Changing World, Fifth Edition.

IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.

SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.

CompTIA Security+ Study Guide (SY0-401)

Electricity is produced at the power station.

Products/Solutions/Expertise of C-DAC Mumbai in Smart City Domain

CHAPTER 3 Architectures for Distributed Systems

#01 Client/Server Computing

CompTIA Security+ Study Guide (SY0-401)

An Introduction to Computer Networking

Substation Automation System

Wenyu Ren, Timothy Yardley, Klara Nahrstedt

Cyber Security of SCADA Systems Remote Terminal Units (RTU)

#01 Client/Server Computing

Presentation transcript:

Global test beds for control, safety, security and dependability in ICT-Enabled Critical Infrastructures From SAFEGUARD Intrusion Detection Test Environment to IRRIIS Information Sharing Testing Environment Joint US-EU Workshop Washington D.C. 16-17 March, 2006 Sandro Bologna – ENEA bologna@casaccia.enea.it

Three Layers Model for the Critical Infrastructure Organisational Layer Intra-dependency Cyber Layer Inter-dependency Physical Layer

Three Layers Model for the Electrical Infrastructure Electrical Components generators, transformers, breakers, connecting cables etc Control and supervisory hardware/software components (Scada/EMS systems) Electrical Power Operators Independent System Operator for electricity planning and transmission Intra-dependency National Electrical Power Transmission Infrastructure Telecomunication Infrastructure Oil/Gas Transport System Infrastructure Foreign Electrical Transmission Infrastructure Inter-dependency

US CANADA BLACK-OUT Power System Outage Task Force Interim Report

SAFEGUARD vs. IRRIIS SAFEGUARD is a collection of Software Agents developed to detect anomalies on the Cyber Layer of a single LCCI. IRRIIS (MIT) is a system to support information coordination and information sharing between different LCCIs. These information regard all the three layers of a LCCI, with special emphasis to organisational and cyber layer. IRRIIS (MIT) could make use of some Safeguard Agents

SAFEGUARD ARCHITECTURE Network global protection Cyber Layer of Electricity Network Home LCCIs Topology agent Negotiation agent MMI agent Other LCCIs Foreign Electricity Networks Telecommunication Networks ------------------- Correlation agent Action agent Low-level agents High-level agents Diagnosis wrappers Intrusion Detection wrappers Hybrid Anomaly Detection agents Actuators Safeguard agent Architecture for Large Complex Critical Infrastructures (LCCIs) Commands and information Information only Network global protection Local nodes protection

Data management network General layout of typical control and supervisory infrastructure of the electrical grid Control and management layer (SCADA system) SIA-R CNC CC SIA-C Remote Units Control Centres Data management network WAN (Wide Area Network) Data Concentrator Area 1 Area 2 Area 3 Substations Loads Generator Physical Network Physical electrical layer (high-medium voltage)

SAFEGUARD Test Environment: distributed SCADA component emulation on a local network Load-flow electrical grid simulator(e-Agorà) “Broker” di messaggi Detector di riconoscimento di “invarianti” nei dati Detector di riconoscimento di sequenze di eventi Detector di anomalie sulle porte Alberi di attacco progettazione esecuzione logs Generatore di Attacchi RTU 1 Centro Controllo Regionale RTU 2 Data Base Regionale RTU 3 Piattaforma di esecuzione agenti SAFEGUARD Data Base Nazionale RTU n Centro Controllo Nazionale Local Network

SAFEGUARD Test Environment Objectives To test the funcionalities of the single Agents developed for reducing the vulnerabilities of a single infrastructure To test the overall architecture and information sharing among the different Agents for a single infrastructure To test the different algorithms implemented in low-level Agents (Neural-Network, Case Based Reasoning, Data Mining).

Physical Electric Grid Layer e-Agora Simulator Is simulated by the e-Agora electrical powerflow simulator (AIA). It provides editing capabilities to edit an electrical network model. It calculates the load flow of an electrical network model under all systems conditions. It can work in client-server mode: the algorithms to calculate the load flow reside on the server while the network model resides on the client application.

SCADA Emulator Architecture Control Center (CC) GUI DAC SIA-R-1 SIA-R-2 SIA-R-3 AD

Some examples of functionalities implemented in the SCADA emulator Polling of Tele-Measures (each 4 seconds) Sending of Tele-Commands (opening/closing breakers) Receiving of Tele-Signals All these functionalities generate EVENTS and DATA. They are monitored by the Safeguard System (Instrumentation). Sending malicious attacks to disable a SIA-R Data Sending message to re-start a SIA-R

SCADA Emulator Instrumentation SAFEGUARD System Communication BUS SCADA-SAFEGUARD Data/Events Instrumentation: SCADA  SAFEGUARD Recovery Actions: SAFEGUARD  SCADA

Attack Trees Editor and Scenarios Running Console Attacks/faults Console design attacks or faults in form of tree Generate from a tree all possible scenarios Run a scenario as a timed sequence of malicious actions or faults

COMMUNICATION PROTOCOL IRRIIS Infrastructure Information Sharing LCCI3 MIT 1 LCCI1 Application Server MIT 3 LCCI3 Application Server Interdependency LCCI1 Communication MIT LCCI Business Components COMMUNICATION PROTOCOL MIT IRRIIS MIT 2 LCCI2 Application Server LCCI2 LCCI4 MIT 4 LCCI4 Application Server

IRRIIS MIT Implementation

IRRIIS Test Environment Objectives To test the capabilities of the Middleware Improved Tecnology (MIT) components to exchange fast, reliable and secure information about the state of different infrastructure among the different operators To test information coordination and information sharing between different LCCIs.

IRRIIS Synthetic Simulation Environment

IRRIIS Synthetic Simulation Environment and Services Exchanging between two infrastructures (to study vulnerabilities and interdependency) Electrical Infrastructure Telecomunication Infrastructure Telec. Contr. Centres Telec. Traff. Simulator

IRRIIS Synthetic Simulation Environment Services Exchanging and MIT (to test and validate MIT components) Electrical Infrastructure Telecomunication Infrastructure Telec. Contr. Centres Telec. Traff. Simulator

POSSIBLE RESEARCH AREAS FOR A JOINT EU/US COLLABORATION IRRIIS - WP3.6: International cooperation for benchmarking Objectives Establish an international network for definition of benchmarks Definition of international benchmarks for at least two application areas Comparison of IRRIIS results with results from other projects Suggested Collaboration EU-IRRIIS Project, US-TRUST, US-TCIP works together to define common high quality benchmarks with high practical relevance Constraints to support an international adaptation and wide cooperation it is likely that the benchmarks definitions shall be platform independent.

International Workshop on Complex Network and Infrastructure Protection CNIP06 March 28-29, 2006 - Rome, Italy http://ciip.casaccia.enea.it/cnip06