Presentation is loading. Please wait.

Presentation is loading. Please wait.

11/03/2016.

Published byDouglas Atkinson Modified over 7 years ago

Similar presentations

Presentation on theme: "11/03/2016."— Presentation transcript:

1 11/03/2016

2 PANOPTESEC Critical infrastructure protection and cyber response management
Continuous cyber monitoring and response capability Prevent, detect, manage and respond to cyber vulnerabilities and incidents

3 Consortium Participants

4 MAPE-K cycle for continuous cyber security management
Automated support for cyber vulnerability, incident detection and response management MONITOR for cyber vulnerabilities and incidents ANALYZE cyber risks and operational impacts PLAN and prioritize mitigation actions through response modeling EXECUTE mitigation actions through policy-based deployment Knowledge-base contains all raw and processed information State-of-the-art weaknesses addressed by PANOPTESEC: Complex multi-source correlations (Monitor) Operational/financial impact evaluation (Analyze) Automated decision support (Planning) Closed loop process to deployment (Execute) MAPE-K based on “An architectural blueprint for autonomic computing “, IBM, 2003.

5 Architecture Automated support for cyber vulnerability and incident detection and response management MONITOR: Data collection and correlation system ANALYZE: Attack and risk modeling PLAN: Response modeling EXECUTE: Policy deployment Knowledge base supporting entire cycle

6 PANOPTESEC General Approach
Operational use of “Dynamic Risk Approaches (DRA) for Automated Cyber Defence” Address constantly evolving state of the operations, systems and threat Accurately assess the risk (impact, likelihood) Provide continuous monitoring Proactive Response System (Strategic Response) Focus on potential attack paths to high priority systems Response optimization to minimize operational impact and financial costs Reactive Response System (Tactical Response) Focus on blocking or preventing spread of ongoing attacks Rapid response through automation

7 Functional concept (continuous proactive chain)
Analyze: Perform security analysis of collected information to: Generate the Attack Graph from hypothetical source to critical supporting assets Quantify risk to critical supporting assets Plan: Conduct automated decision support analysis to: Identify potential response plans to reduce risk Evaluate response plans against business/mission and financial impact Propose prioritized response plans Monitor: Collect network and security relevant information from diverse data sources and build the following correlated information Network Inventory Vulnerability inventory Mission Graph (identifies critical supporting assets) Network and system dependency model (from real-time flow data) Reachability matrix Execute: Prepare and issue selected response plans: Response plans may consist of several mitigation actions Defined according to acceptable policies Formatted for connected deployment capability Knowledge Base: Provides access to relevant data at different levels of detail/abstraction Contains all raw data collected by the system Contains current and historical results of analytic processes

8 Functional concept (continuous reactive chain)
Analyze: Perform security analysis of collected information to: Localize incidents on Attack Graphs Quantify risk to critical supporting assets Plan: Conduct automated decision support analysis to: Identify potential response plans to reduce risk Evaluate response plans against business/mission and financial impact Propose prioritized response plans Monitor: Augment proactive data with real-time (reactive) incident data: Network events Intrusion events Execute: Prepare and issue selected response plans: Response plans may consist of several mitigation actions Defined according to acceptable policies Formatted for connected deployment capability Knowledge Base: Provides access to relevant data at different levels of detail/abstraction Contains all raw data collected by the system Contains current and historical results of analytic processes

9 PANOPTESEC Mission Impact and Dependency Model
Device dependent Business/Mission Functions, Processes and Companies illustrated with weighted dependency links Provides capability for prioritized security response plans based on business impact Analysis of mission impact due to ‘shock events’ Shock events include Impact of known vulnerabilities Impact of incidents Impact of proposed response plans

10 Advanced visual interface
Mission impact analysis Threat-risk quantification Geographic display of risk by affected region Prioritized course of action tables Operator options for course of action selection Tailored views through versatile layering

11 Operator(s) Interface
Vulnerability view Attack and response view Network and Mission view High Level Management view Operator view(s) Component data sources

12 Vulnerability view

13 Attack and response view Vulnerability view demo (Synthetic dat

14 High Level Management demo

15 Modularized architecture
OSGi based integration framework Component Composition and Service Integration layers deliver a modular architecture Loosely coupled modules support diverse options deployment as both self contained system and distributed environments Based on Open Source widely used frameworks

16 PANOPTESEC Simulation Environment
The Simulation Environment (Sim-Env) has been created by RHEA within Work Package 7 starting from ACEA Distribution Energy environment, using the resources of the Disaster Recovery site. The Disaster Recovery systems used are real operational systems in 'cold standby' mode. These are then augmented by real (standby and test) equipment with virtual clones in order to 'emulate' the scale of the operational environment. The Sim-Env for PANOPTESEC Project is composed of several logical blocks, described below: Emulation Environment: it represents the “monitored system” from the PANOPTESEC System point of view and it is composed of real physical devices, virtualized clone of real devices, virtualized devices with the same role as the real devices, in order to have the greater affinity with real production environment. Developing Environment: it represents the environment, composed of several virtual machines, for PANOPTESEC System development. It is composed of VMs used by partners for module development and dedicated VMs for PANOPTESEC integration steps in order to create a PANOPTESEC prototype. Sim-Env Management Network: it represents the management network to control the hardware and software technologies (e.g. IaaS, VM Hypervisors, switches, etc.) used to build, control and share the Simulation Environment. Partners Portal for Panoptesec Project Development and Testing: it represents the technologies used to give access to the partner developers on VMs assigned to them inside the Simulation Environment. PANOPTESEC Demo Environment: it represents several VMs dedicated to Demonstrate the PANOPTESEC Project.

17 Project Status and Ongoing Activity
Version 2 component prototypes delivered October 2015 Ongoing experimentation and test Pre-integration complete for both Proactive and Reactive response chains Integration prototypes development ongoing Target delivery planned April 2016 Start formal System Integration and Test activities Planned operational workshop – October 2016 Hosted by ACEA, Rome, Italy Demonstration on PANOPTESEC Cyber Emulation Environment Wide and open attendance desired Not limited to Critical Infrastructure markets

18 Additional information
The PANOPTESEC project is sponsored in part by the European Commission, Seventh Framework Programme, DG Connect, Project number The following PANOPTESEC documents are publically available at Operational requirements document System high level design Data collection and correlation requirements Response system for Dynamic Risk Management Requirements Visualization Component Requirements For additional information please contact: or

19 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

20 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

21 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

22 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

23 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

24 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

25 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

26 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

27 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

28 The PANOPTESEC Data Flow: Proactive View
Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

29 The PANOPTESEC Data Flow: Reactive View
Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

30 The PANOPTESEC Data Flow: Reactive View
Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

31 The PANOPTESEC Data Flow: Reactive View
Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

32 The PANOPTESEC Data Flow: Reactive View
Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

33 The PANOPTESEC Data Flow: Reactive View
Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

34 The PANOPTESEC Data Flow: Reactive View
Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

35 The PANOPTESEC Data Flow: Reactive View
Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

36 The PANOPTESEC Data Flow: Reactive View
Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

Download ppt "11/03/2016."

Similar presentations

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
GAMMA Overview. Key Data Grant Agreement n° 312382 Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget: 14.837.981.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
ITIL: Service Transition

ITIL: Service Transition
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
8 Managing Risk Teaching Strategies

8 Managing Risk Teaching Strategies
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Introduction to Network Defense

Introduction to Network Defense
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005
Capability Cliff Notes Series HPP Capability 1—Healthcare System Preparedness What Is It And How Will We Measure It?

Capability Cliff Notes Series HPP Capability 1—Healthcare System Preparedness What Is It And How Will We Measure It?
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
BA 378: Accounting Information Systems Instructor: Dr. James R. Coakley.

BA 378: Accounting Information Systems Instructor: Dr. James R. Coakley.
Operational Capability: An underlying simplification of a data encoding standard has been developing over the past decade and is being demonstrated in.

Operational Capability: An underlying simplification of a data encoding standard has been developing over the past decade and is being demonstrated in.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Similar presentations

Ads by Google