Introduction to IRRIIS MIT Add-On Components Middleware Improvement Technology for Interdependent Critical Infrastructure 08 February 2007, Rome Giordano Vicoli

IRRIIS Summary Introduction to MIT Identifying MIT Add-On Components Description of MIT Add-On Components

IRRIIS MIT Introduction MIT is a software system aiming at enhancing the availability, survivability and the resilience of LCCIs by mitigating dependency and interdependency effects. Communication Components. Add-On Components. Other software resources (Databases,GUI, Configuration Files, Run-Time Environment, etc.)

IRRIIS MIT System Add-On Components Communication Components Other resources LCCI MIT System SCADA SYSTEM SCADA SYSTEM LOG Files DataBases LCCI resources

IRRIIS MIT Communication Components A single MIT System doesn’t make sense if it can’t communicate with other MIT Systems installed on other LCCIs. Communication Components are in charge of exchanging data and information with other MIT Systems installed on other LCCIs.They are the same for each LCCI.

IRRIIS MIT Communication Add-On Components Communication Components Other resources LCCI 1 Add-On Components Communication Components Other resources LCCI 2

IRRIIS MIT Communication Add-On Components Communication Components Other resources LCCI 1 Add-On Components Communication Components Other resources LCCI 2 Add-On Components Communication Components Other resources LCCI 3

IRRIIS MIT Add-On Components They can be several. Collect and process internal data and information. They will implement different algorithms according to the LCCI where they are installed and to the data they have to process. Perform analysis and diagnosis useful for the LCCI where they are installed. Process data coming from other LCCI in order to allow the operator preventing potential cascading effects.

IRRIIS Identifying Add-On Components Possible incidents Classes of functions Add-On Components Requirements Goal

IRRIIS Identifying Add-On Components The goal of each LCCI:maintain proper state and deliver the expected services in all circumstances. Probable causes of severe incidents are: – extraordinary natural conditions (floods, eartquake,..) – human errors – malicious attacks

IRRIIS Identifying Add-On Components Incidents Extraordinary natural conditions: – Against this type of events the keyword is cooperation. – Mutual support between LCCIs is always needed. – Add-On Components should support consultation and coordinate actions between neighbouring systems for the establishment of effective mitigation measures, as well as early warning notification of coming threat.

IRRIIS Identifying Add-On Components Incidents Human errors – Simple situation: Add-On Components should provide automatic reaction. – Complex situation: Add-On Components should support the operator for emergency handling. Malicious attacks – They include cyber attacks and malicious operation. – Add-On Components should improve security by preventing or at least detecting them as early as possible.

IRRIIS Identifying Add-On Components Requirements DETECT AS EARLY AS POSSIBLE the anomalous status and NOTIFY it to the dependent infrastructures. PROVIDE EARLY WARNING of deteriorating system conditions so operators can take corrective actions. Prevent incident to AVOID cascading effects on dependent infrastructures.

IRRIIS Identifying Add-On Components Requirements ESTIMATE the probability of disrupt of his own LCCI and NOTIFY to the dependent infrastructures. ASSESS THE own infrastructure RISK due to information about neighbouring status. HANDLE THE EMERGENCY if needed by negotiating coordinate actions

IRRIIS Identifying Add-On Components Classes of functions Previous requirements allows to identify the following Classes of Functions: – Internal assessment. – Risk assessment. – Emergency management.

IRRIIS Identifying Add-On Components Classes of functions Internal assessment (situation awareness about home LCCI) – to provide early warning of deteriorating system conditions and enable the operator to take corrective actions and to prevent an incident. – to help the operator to be more aware about the internal status of the system.

IRRIIS Identifying Add-On Components Classes of functions Risk assessment (situation awareness about home LCCI and neighbouring LCCIs) – to correlate the internal status of the LCCI with the status of neighbouring LCCIs. – to estimate the probability of occurrence of undesirable event based on both internal and neighbouring status.

IRRIIS Identifying Add-On Components Classes of functions Emergenecy management (computer supported systems to manage the emergencies) – to support the operator during an emergency. – to support the local LCCI operator in the negotiation process with operators of the neighbouring LCCIs during an emergency.

IRRIIS

Add-On Components Internal Assessment – Tool to extract LCCI functional status Risk Assessment – Risk Estimator – Data Miner from Incident DataBase Emergency Management – Assessment of cascading/escalating effects – Display of Emergency Management Procedures – Negotiator

IRRIIS Add-On Components Internal Assessment – Tool to extract LCCI functional status A tool able to interface with existing tools and merge their output in order to have a clear and complete picture taking into account various functional status. This Add-On Component is mandatory to provide information to dependent LCCIs. This Add-On Components should interface with SCADA Systems and other LCCI components.

IRRIIS Add-On Components Risk Assessment – Risk Estimator This Add-On Components will estimate immediate risk and potential cascading effects taking into account real time info on internal assessment, other LCCI status and other information. – Data Miner from Incident DataBase This Add-On Components could be useful to exploit stored experience and identify if current situation has some similarity with one of precondition which led to a disrupt of operation in the past.

IRRIIS Add-On Components Emergency Management – Assessment of cascading/escalating effects This Add-On Component should show the direct and indirect effects of actions and evaluate cascading or escalating effects in own and dependent LCCI. – Display of Emergency Management Procedures This Add-On Component should identify if on-going contingency has any match in the preconditions of any procedure and then prompt the relevant procedure. If no match is found this tool should work out emergency management plans by intelligent adaption of existing procedures from all the available sources.

IRRIIS Add-On Components Emergency Management – Negotiator This Add-On Components should agree or negotiate contingency plans with dependent LCCIs. It also could be used to verify some assumptions about neighbouring LCCI status.

IRRIIS Information Publisher (FhG-IAIS) Information Subscriber & Reader (FhG-IAIS) Information Filtering (VTT) Tool to extract LCCI functional status (ENST) SCADADSASSA MIT GUI Operator LCCI 1LCCI 2 LCCI 3 Risk estimator (ENEA) Data Mining from incident DB (ENEA) Display of Emergency Management Procedures (IABG-SIEMENS-AIA) Assessment of cascading or escalating effects (IABG-SIEMENS-AIA) Negotiator (IABG-SIEMENS-AIA) LCCI 4 Subscription Get Data

IRRIIS Information publisher Information subscriber&reader Negotiator Risk assessment Information filtering Internal assessment Emergency Management Subscription Get Data Ask for action Get request feedback Information publisher Information subscriber&reader Negotiator Risk assessment Information filtering Internal assessment Emergency Management Subscription Get Data Ask for action Get action feedback subscribe publish subscribe publish Process action request Provide action feedback Process action request LCCI 1 LCCI 2