Presentation is loading. Please wait.

Presentation is loading. Please wait.

IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 1 Il Progetto IRRIIS.

Similar presentations


Presentation on theme: "IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 1 Il Progetto IRRIIS."— Presentation transcript:

1 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 1 Il Progetto IRRIIS e la protezione delle infrastrutture critiche informatizzate ANIPLA Giornata di studio La Security nei sistemi di controllo ed automazione, nelle reti ed infrastrutture Milano, 26 giugno 2007 Sandro Bologna Claudio Balducelli

2 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 2 IRRIIS Focus Information and Communication Technology (ICT) underpins all LCCIs (Inter-)Dependencies between LCCIs are not well understood up to now Danger of cascading, escalating or common cause failures Dependencies / Interdependencies

3 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 3 IRRIIS Focus Dependencies between critical infrastructures, especially electricity & telecommunication Modelling and simulation of systems of critical infrastructures Enabling cross-sector, cross-border communication between critical infrastructures Risk assessment and mitigation regarding dependencies

4 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 4 IRRIIS Partners LCCI Stakeholder Gruppo Telecom Italia Red Eléctrica de España, Spain ACEA, Italy Research Partners Italian National Agency for New Technology, Energy and the Environment École Nationale Supérieure des Télécommunications, France Centre for Software Reliability at City University London, Great Britain Technical University Dresden, Germany Netherlands Organisation for Applied Scientific Research Technology Provider Alcatel-Lucent, France Siemens AG, Germany Advanced Industrial Systems Ltd., Malta Consultant & Service Provider Industrieanlagen- Betriebsgesellschaft mbH, Germany Aplicaciones en Informática Avanzada, Spain Fraunhofer Institute Intelligent Analysis and Information Systems, Germany Fraunhofer Institute Secure Information Technology, Germany Technical Research Centre of Finland

5 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 5 MIT Introduction MIT is a software system aiming at enhancing the availability and survivability of LCCIs by mitigating dependency and interdependency effects. Communication Components. Add-On Components. Other software resources (Databases,GUI, Configuration Files, Run-Time Environment, etc.)

6 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 6 ITALY BLACK-OUT September 2003 Event tree from UCTE report Pre-incident network in n-1 secure state Network in (n-1) state with short- term 15 allowable overload Network in (n-2) state with excessive overload of remaining lines Separatio n of Italy from the UCTE main Grid Island operation fails due to unit tripping AND 1st tree flashover line tripping 2nd tree flashover line tripping Italy disconnected Tripping of many power units AND NETWORK STATE OVERVIEW & ROOT CAUSES 1 Unsuccessful re- closing of the Luckmainer line because of a too high phase angle difference 2 Lacking a sense of urgency regarding the San Bernardino line overload and call for inadequate countermeasures in Italy 3 Angle instability and Voltage collapse in Italy 24 min. 1-2 min. Safe network state Endangered network state Disturbed network state Collapsed network Event Root cause Legend

7 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 7 Roma Mini TELCO Black-out January 2004 Pre-incident TELCO network in secure state Station continue working with decreased battery autonomy Many external Telco services go down, as the ACEA data links between control centers The normal power supply from ACEA was restarted Return to normal state AND Trip of main power supply Loss of power supply Damaged equipment replaced Telco services restart AND NETWORK STATE OVERVIEW & ROOT CAUSES 1 Flood on the apparatus room of the Telco SGT station. UPS start from batteries 2 The battery autonomy finished as Fire Brigate was not able to eliminate water in time. 3 The full functionality of the SGT station is restored 4 hours 90 min. Safe network state Endangered network state Disturbed network state Collapsed network Event Root cause Legend

8 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 8 Control Room with MIT WorkStation LCCI 1 LCCI 2 MIT WorkStation Control Room

9 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 9 MIT integration with existing SCADA systems

10 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 10 IRRIIS Inter-LCCI Communication Highway LCCI 1 LCCI 2 MIT integration with existing SCADA systems

11 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 11 MIT Add-On Components Functional Requirements DETECT AS EARLY AS POSSIBLE the anomalous status and NOTIFY it to the dependent infrastructures. PROVIDE EARLY WARNING of deteriorating system conditions to internal and/or external LCCI operators. ESTIMATE the probability of disrupt of his own LCCI and NOTIFY to the dependent infrastructures.

12 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 12 MIT Add-On Components Requirements ASSESS the own infrastructure RISK due to information about neighbouring status. PREVENT incident to mitigate cascading effects on dependent infrastructures. HANDLE THE EMERGENCY if needed by negotiating coordinate actions

13 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 13 Overall MIT architecture

14 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 14 MIT Add-On Components Internal Assessment –Tool to extract LCCI functional status Risk Assessment –Risk Estimator –Incident Knowledge Analyser Emergency Management –Assessment of cascading/escalating effects –Display of Emergency Management Procedures –Negotiator

15 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 15 Internal Assessment functions Information extraction and fusion from different existing tools and SCADA data bases. Use the previous information to evaluate the current functional status of the LCCI. Predict the possible future states, based on the actual state and the future scheduled events.

16 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 16 Internal Assessment Workflow

17 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 17 Internal Assessment Benefits Provide the local operator with a unique picture about the current and future internal LCCI state, allowing him to enable or disable information sharing with the neighbouring LCCIs. Provide input for neighbouring LCCIs about the local infrastructure status. Provide input for neighbouring LCCIs about the future predicted infrastructure states.

18 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 18 Incident Knowledge Analyser functions It will be able to assess and fuse information from multiple databases containing past incidences. It will check immediately whether on-going failures are notified as causes of major incidents in the past. It will extract possible known cascading effects of on-going failures. It will store new incidents.

19 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 19 Incident Knowledge Analyser fire switch room for high voltage destroyed no power locally trains affected outage of antennas no mobile phone fire in distribution station Rabbits dogs Power short in 150KV-10KV transformer station High temperature weakening of cables households affected 1/7 1/1 4/4 1/1 7/7 1/7 1/1 1/2 Rabbit or dogs makes power short in 150KV-10KV transformer station. 10000 households affected. | local, medium impact in the Eindhoven area | happenend in: Veldhonen (Netherland), started 2003-08-13 at 13:00, ended 2003-08-13 at 18:00

20 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 20 Incident Knowledge Analyser Benefits Each LCCI operator can make the most of the available knowledge about all the known disruptions, being warned if an on-going failure already happened in the past and led to disruption of operation even if that occurred in other LCCIs (in fact, not all the LCCIs must have experienced the same failures and the related disruptions). LCCI can make the most of findings by other sources, for example research or training outcomes.

21 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 21 Risk Estimator functions Reasoning about the states of processes and services, mainly focusing on the services to be exchanged with other LCCIs. Estimating the levels of risks associated to services exchanges with other LCCIs. Working on a service-process model of the LCCIs by making use of a fuzzy rules-based mechanism.

22 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 22 Visualisation of the levels of risks associated to the services LCCI internal state estimation After external & internal states correlation

23 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 23 Risk Estimator workflow and relations with other add-on components ISRIA INPUTS Internal status table External status table Rule Based Correlation Module Current State DB Expert Rules DB IKA Historical status facts GUI DEMP OUTPUTSINTELLIGENCE Rule Editor Maps of Risks Maps of Risks LEGEND IA: Internal Assesment ISR: Information Subscriber & Reader IKA: Incident Knowledge Analyser DEMP: Display of Emergency Management Procedures GUI: Graphical User Interface Estimated State DB

24 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 24 Risk Estimator Benefits Make operators more aware about the global LCCIs state, correlating local LCCI and external LCCIs states. Give to the LCCIs operators schematic pictures evidencing the potential risks to loss internal and external services. Improve coordination between the LCCI operator and the neighbouring LCCIs.

25 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 25 Proposed DEMONSTRATION Logic Set up LAMPSSys RTI GUI Logger Tool 1 Electricity Simulator LCCI 1 Data Telecom Simulator Tool 2 Agent / Scenario Behaviours Analysis 1Analysis 2 Fault / Attack Tool Analysis 3 MIT LCCI 1 Ambiente di simulazione (SimCIP) MIT LCCI 2 Communication Component Add-on Component Comunicazione nellambiente reale Comunicazione nellambiente simulato Ambiente reale (Sistemi SCADA) LCCI 2 Data Middleware

26 IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 26 GUI Logger LAMPSSys RTI Agent / Scenario Behaviours Electricity Simulator Com Simulator LCCI Data Fault / Attack Tool Tool 1 Tool 2 Analysis 1, 2, 3.. SimCIP MIT 1 Electrical LCCI MIT 2 TeleCommunication LCCI Proposed TESTBED Physical Configuration


Download ppt "IRRIIS GdS: La Security nei sistemi di controllo e automazione, nelle reti e infrastrutture San Felice (MI), 26 giugno 2007 - Pagina 1 Il Progetto IRRIIS."

Similar presentations


Ads by Google