S. Bologna, C. Balducelli, A. Di Pietro, L. Lavalle, G. Vicoli ENERSIS 2008 Milano, 17 Giugno, 2008 Una strategia per.

Slides:



Advertisements
Similar presentations
IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno Pagina 1 Il Progetto IRRIIS.
Advertisements

Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.
CIRAS PROJECT OVERVIEW
Distributed Intelligence Provides Self-Healing for the Grid
Preparing for Power Outages Like any other part of the infrastructure, electrical power to the campus can fail, either as an isolated incident (e.g., tripped.
and Trend for Smart Grid
Reliability Software1 Reliability Software Minimum requirements & Best practices Frank Macedo - FERC Technical Conference July 14, 2004.
August 14, 2003 Blackout Final Report
IRRIIS SimCIP Demo (version 0.8- May 2009) IRRIIS European Project – Antonio Di Pietro – ENEA.
1 MISO Business Plan: Enhanced Reliability, Customer Service & Market Implementation James P. Torgerson, President & CEO Midwest ISO December 17, 2003.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
IRRIIS – Integrated Risk Reduction of Information-based Infrastructure Systems Workshop - Middleware Improved Technology for Interdependent Critical Infrastructures.
Tsunamis Detection The Mission  Tsunamis Detection can help to minimize loss of life and property from future tsunamis. Mission Introduction Mechanism.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
RiversidePublicUtilities.com Arts & Innovation RiversidePublicUtilities.com Challenges and Solutions for Large-Scale PV Integration on RPU’s Distribution.
Testing - an Overview September 10, What is it, Why do it? Testing is a set of activities aimed at validating that an attribute or capability.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Business Crisis and Continuity Management (BCCM) Class Session
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Software Evolution Planning CIS 376 Bruce R. Maxim UM-Dearborn.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Review of Power Blackout on Telecom P. J
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
FUNCTION 6 – CONTINGENCY PLAN, PREPAREDNESS AND CAPACITY BUILDING
MIT Requirements for TLC IRRIIS MIT Conference ROME 8 February 2007 Giustino FUMAGALLI Arnaud ANSIAUX.
SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.
1st IRRIIS Workshop, April 26th, 2006 Key challenges for Critical Information Infrastructure Protection 1st IRRIIS Workshop Sankt Augustin April 26th,
1 EVALUATING INTELLIGENT FLUID AUTOMATION SYSTEMS USING A FLUID NETWORK SIMULATION ENVIRONMENT Ron Esmao - Sr. Applications Engineer, Flowmaster USA.
Test Organization and Management
Applying the Distribution System in Grid Restoration/NERC CIP-014 Risk Assessment Srijib Mukherjee, Ph.D., P.E. UC Synergetic.
BLACKOUT POWER OUTAGE By Masih Madayeni Class 3/6 English Presentation.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Cognitive Task Analysis and its Application to Restoring System Security by Robin Podmore, IncSys Frank Greitzer, PNNL.
Global test beds for control, safety, security and dependability in ICT-Enabled Critical Infrastructures From SAFEGUARD Intrusion Detection Test Environment.
1 Process Engineering A Systems Approach to Process Improvement Jeffrey L. Dutton Jacobs Sverdrup Advanced Systems Group Engineering Performance Improvement.
Project design & Planning The Logical Framework Approach An Over View Icelandic International Development Agency (ICEIDA) Iceland United Nations University.
Living markets ® living agents ® Adaptive Execution in Business Networks January 21 st, 2002.
Control Systems Security Working Group Report CIPC Meeting Denver, CO September 2005 Tom Flowers Public Release.
ADM 677 Crisis Management in Educational Settings Karen McCuiston Kentucky Center For School Safety.
Sandro Bologna - ENEA Claudio Balducelli – YLICHRON (ENEA) Massimo Gallanti - CESI Ricerca Workshop – AICT Roma 6 Dicembre, 2007 ICT nella gestione del.
Introduction to IRRIIS MIT Add-On Components IRRIIS, CRUTIAL & GRID Review Meeting 15 March 2007, Brussels Sandro Bologna.
IRRIIS-FP6-2005–IST-4 IRRIIS Project Overview 3rd Public IRRIIS Workshop September 6, 2007, Bonn, Hotel Königshof Erich Rome, FhG-IAIS.
Sandro Bologna ENEA-UBC Meeting Casaccia May 8 th, 2009 ENEA's Platform for Critical Infrastructures.
Assessing the influence on processes when evolving the software architecture By Larsson S, Wall A, Wallin P Parul Patel.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
©2009 Mladen Kezunovic. Improving Relay Performance By Off-line and On-line Evaluation Mladen Kezunovic Jinfeng Ren, Chengzong Pang Texas A&M University,
“Systematic Experimentation and Demonstration activities” IRRIIS AB Meeting Ottobrunn, 20th May 2008 Sandro Bologna ENEA.
Self-healing Architectures based on context DEpendent adaptive Software Agents (SADESA) – an extension of EU-IST Project SAFEGUARD DeSIRE Workshop Pisa,
Introduction to the IRRIIS Simulation SimCIP Césaire Beyel.
Introduction to IRRIIS MIT Add-On Components Middleware Improvement Technology for Interdependent Critical Infrastructure 08 February 2007, Rome Giordano.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
NERC Lessons Learned Summary LLs Published in September 2015.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Goals The DNP3 protocol is widely used in electrical power systems as a means of communicating observed sensor state information back to a control center.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
Carnegie Mellon University Software Engineering Institute Lecture 4 The Survivable Network Analysis Method: Evaluating Survivability of Critical Systems.
T EST T OOLS U NIT VI This unit contains the overview of the test tools. Also prerequisites for applying these tools, tools selection and implementation.
Simulation Experiments: Emerging Instruments for CIP Dresden 5 th of October 2007 Walter Schmitz.
Business Continuity Disaster Planning
IS3220 Information Technology Infrastructure Security
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Atos, Atos and fish symbol, Atos Origin and fish symbol, Atos Consulting, and the fish symbol itself are registered trademarks of Atos Origin SA. June.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran.
Information Systems Security
DT249/4 Information Systems Engineering Lecture 0
Security Engineering.
Presentation transcript:

S. Bologna, C. Balducelli, A. Di Pietro, L. Lavalle, G. Vicoli ENERSIS 2008 Milano, 17 Giugno, 2008 Una strategia per mitigare l’effetto delle interdipendenze tra infrastrutture critiche E NTE PER LE N UOVE TECNOLOGIE L’ E NERGIA E L’ A MBIENTE

ITALY BLACK-OUT September 2003 Event tree from UCTE report Pre-incident network in n-1 secure state Network in (n-1) state with short- term 15’ allowable overload Network in (n-2) state with excessive overload of remaining lines Separatio n of Italy from the UCTE main Grid Island operation fails due to unit tripping AND 1st tree flashover line tripping 2nd tree flashover line tripping Italy disconnected Tripping of many power units AND NETWORK STATE OVERVIEW & ROOT CAUSES 1 Unsuccessful re- closing of the Luckmainer line because of a too high phase angle difference 2 Lacking a sense of urgency regarding the San Bernardino line overload and call for inadequate countermeasures in Italy 3 Angle instability and Voltage collapse in Italy 24 min. 1-2 min. Safe network state Endangered network state Disturbed network state Collapsed network Event Root cause Legend

Roma Mini TELCO Black-out January 2004 Pre-incident TELCO network in secure state Station continue working with decreased battery autonomy Many external Telco services go down, as the ACEA data links between control centers The normal power supply from ACEA was restarted Return to normal state AND Trip of main power supply Loss of power supply Damaged equipment replaced Telco services restart AND NETWORK STATE OVERVIEW & ROOT CAUSES 1 Flood on the apparatus room of the Telco SGT station. UPS start from batteries 2 The battery autonomy finished as Fire Brigate was not able to eliminate water in time. 3 The full functionality of the SGT station is restored 4 hours Safe network state Endangered network state Disturbed network state Collapsed network Event Root cause Legend 90 min.

MIT is a software system to enhance the availability and survivability of LCCIs by mitigating (inter)dependency effects. It is composed of: communication components. add-on components. other software resources (databases,GUI, configuration files, run-time environment, etc.) MIT Introduction

Control Room with MIT WorkStation LCCI 1 LCCI 2 MIT WorkStation Control Room

MIT integration with existing SCADA systems

IRRIIS Inter-LCCI Communication Highway

Middleware Improved Technology System: component oriented architecture LCCI 1 LCCI 2 LCCI 3 LCCI 5 LCCI 4 LCCI 6 MIT 4 Client-server peer to peer communication LCCIs -> Critical Infrastructures MIT 2 MIT 1 MIT 5 MIT 6 MIT 3 MIT Communication Components MIT Add-On Components

COMMUNICATION COMPONENTS Communication components are responsible on how sending/receiving information from neighbouring LCCIs, using the appropriate time constraints and security levels. Middleware Improved Technology System: component oriented architecture

ADD-ON COMPONENTS Add-on components are responsible on what internal information has to be sent to neighbouring LCCIs, and what information received from neighbouring LCCIs may influence the internal LCCI state. Middleware Improved Technology System: component oriented architecture

MIT Add-On Components Internal Assessment –Tool to extract LCCI functional status Risk Assessment –Risk Estimator –Incident Knowledge Analyser Emergency Management –Assessment of cascading/escalating effects –Display of Emergency Management Procedures –Negotiator

Risk Estimator functions Reasoning about the states of processes and services, mainly focusing on the services to be exchanged with other LCCIs. Estimating the levels of risks associated to services exchanges with other LCCIs. Working on a service-process model of the LCCIs by making use of a fuzzy rules-based mechanism.

Visualisation of the levels of risks associated to the services LCCI internal state estimation After external & internal states correlation

Make operators more aware about the global LCCIs state, correlating local LCCI and external LCCIs states. Give to the LCCIs operators schematic pictures evidencing the potential risks to loss internal and external services. Improve coordination between the LCCI operator and the neighbouring LCCIs. Risk estimator Benefits

Incremental development & testing process of the components DEVELOPING COMPONENTS INTEGRATION TESTING & VALIDATION Experimentation of the integrated capabilities SimCIP CRIPS TEFS MIT Comp

Laboratory experimentation LABORATORY EXPERIMENTATION TEST BEDS TO VERIFY THE INTEGRATED CAPABILITIES

Experimentation strategy (Step 1) SimCIP Normal behaviours Test-Bed SimCIP Attack/fault behaviours Attack/faults scenario tables Build an experimentation infrastructure Simulation Environment Knowledge elicitation about a set of scenarios COMPARE BEHAVIOURS WITHOUT MIT Test-Bed NO ATTACKS/ FAULTS ATTACKS/FAULTS EVENTS TREE

SimCIP Attack/fault behaviours Attack/faults scenario tables Build an experimentation infrastructure Simulation Environment Knowledge elicitation about a set of scenarios COMPARE BEHAVIOURS & EFFECTS WITH MIT ATTACKS/FAULTS EVENTS TREE Test-Bed MIT Communication Add-on #n Add-on #2 Add-on #1 Experimentation strategy (Step 2) Test-Bed SimCIP Normal behaviours

SimCIP TelecomSimulator LCCI Telecom Data Base ElectricitySimulator LCCI Electricity Data Base MITcommunication Electricity MIT Add-on Telecom MIT Add-on Electrical SCADA Emulator Telecom Electrical Control Room Telecom Control Room Optional External Components Physical set-up of the experimentation environment

LCCIs for experimentation LCCI Owner Power Carrier Telco Carrier Primary LCCI PT Supporting CI PTTP P  Power (electrical) network PT  Power Telecom network (SCADA systems including also telecom network owned by Power Network Operator) T  Telecom network (Telecom Infrastructure) TP  Telecom Power network (Telecom backup power systems) LCCIs INVOLVED IN THE ROME MINI TELCO BLACK-OUT

P – Power Network Simulation PT – Power Telecom Network Simulation (SCADA) TP –Telco Power Network Simulation T – Telecom Network Simulation Scenario Table Simulating different LCCIs components within SimCIP

P – Power Network Simulation PT – Power Telecom Network Simulation (SCADA) TP –Telco Power Network Simulation T – Telecom Network Simulation Scenario Table Using scenario tables to define different scenario event sequences

Scenarios execution and evaluation Scenario Tables ……… Compiling Selecting Configure Run Logs of the events Experimentation of MIT integrated capabilities RE TEFS MIT Communication IKACRIPS

Evaluating the expected results Expected results tables Scenario tables MIT Behavior 1 Detection t1 Local info t2 Remote Info t3 ……… Scenario 1 Event 1 Event 2 Event 3 ……… MIT Components IKA TEFS CRIPS RE PT TP T P Knowledge from analysts/experts Verify results Iterativeimprovements

Experimentation steps for RE Knowledge from analysts/experts RE Knowledge Base Generalrules Specificrules Services Processes relations MIT Behavior 1 Detection t1 Local info t2 Remote Info t3 ……… Scenario 1 Event 1 Event 2 Event 3 ……… MIT Behavior 1 Detection t1 Local info t2 Remote Info t3 ……… Scenario 1 Event 1 Event 2 Event 3 ……… 2 tables fail First experimental step MIT Behavior 1 Detection t1 Local info t2 Remote Info t3 ……… Scenario 1 Event 1 Event 2 Event 3 ……… 1 table fails Second experimental step Final Updating rules & services/processes relations System ready for demonstration to stakeholders All tables ok

To prevent cascading effects among interdependent LCCIs is a new challenge LCCIs modelling capacity, exploiting also commercial simulation tools, is necessary to develop realistic testing environment. Strategies/guidelines to implement exhaustive experimentation sessions must be developed Producing/evaluating experiments with/without introducing the MIT solutions may help to obtain an assessment of the MIT benefits. Final considerations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.