Vasileios Gkioulos PostDoc, NTNU Nils Kalstad Svendsen Head of Department and Center Host

Transcription

1 NTNU CCIS En resurs for energisektoren Vasileios Gkioulos PostDoc, NTNU Nils Kalstad Svendsen Head of Department and Center Host Department of Information Securitry and Communication Technology & Center for Cyber and Information Security

2 Critical Infrastructure Security and Resilience Information Security and Privacy Management Cyber Defence CCIS Centre for Cyber and Information Security e-health and Welfare Security NTNU Digital Forensics Group Norwegian Biometrics Laboratory 2

3

4

5

6 Operational ability 10 % increase in digitalization 0.75% increas of GDP 1) Estimated cost of cyber crime in Norway: 0.64% fo GDP 2) NOK/yr vs NOK/yr 1) World Economic Forum: The Global Information Technology Report 2013 ( 2)

7 ITU Global Cyber Security Index 2017:

8

9

10

11

12 ENHANCING CYBER SECURITY SITUATIONAL AWARENESS IN THE ENERGY SECTOR Gkioulos Vasileios, PhD - vasileios.gkioulos@ntnu.no Norwegian University of Science & Technology Department of Information Security and Communication Technology Center for Cyber and Information Security (CCIS) Critical Infrastructure Security and Resilience group Tel: , Skype: vgkioulos, Office: A106 (NTNU i Gjøvik)

13 SITUATIONAL AWARENESS 1-Perception: 3-Projection: Of the future status 2-Comprehension: Of the current situation Of elements within a current situation Progressively increasing situational awareness levels, towards decision making within a current environmental state. Attaining situational awareness involves both technical and cognitive challenges, primarily in reference to data processing and analysis, while resolving these challenges allows the progression across situational awareness levels.

14 CYBER SECURITY SITUATIONAL AWARENESS Suitable mechanism for assessing, evaluating and inferring knowledge about security incidents, across both the time and space dimensions. A holistic approach for enhancing cyber security situational awareness across the energy sector, seeking to facilitate the integration of: I. information sources, II. analysis tools, III. decision makers, IV. and effectors.

15 A GENERIC ARCHITECTURAL APPROACH FOR CSSA

16 TOWARDS CSSA SP-1: Definition and refinement of the overall CSSA architecture, requirements, constraints, interfaces etc

17 TOWARDS CSSA Situation recognition / comprehension SP-2: Identification of domain specific information instances and sources that require monitoring from distributed sensors, along with the corresponding semantics, such as their relationships and evolving attributes. Accordingly, SP2 will classify these elements across a stratified compartmentalization of CSSA within the energy sector (e.g. network/ system awareness, threat awareness, operational awareness).

18 TOWARDS CSSA Situation recognition / comprehension SP-3: Development of suitable data pre-processing methods for the information sources identified within SP2. SP3 will investigate pre-processing methods (e.g. sanitization, fusion, normalization, collation), seeking to facilitate the efficient conversion and combination of unstructured data for further processing (e.g. storage, context inference, visualization).

19 TOWARDS CSSA Situation recognition / comprehension SP-4: Development of automated event processing and correlation mechanisms for dynamic inference. Within SP4 automated methods (e.g. machine learning, pattern mining, pattern analysis, inference engines) will be utilized for the transformation of raw data to meaningful information, and subsequently to trustworthy/ actionable intelligence.

20 TOWARDS CSSA Situation comprehension / mitigation SP-5: Consolidating the orthogonal viewpoints of automated CSSA mechanisms (bottom-up) and human cognition (top-down). SP5 will seek methods for automating human expert cognitive SA processes, and integrating them at a layer higher to the results of SP3. SP4 will allow for a layered human-in-the-loop approach in CSSA, aiming to enable automated situational assessment and incident management, while maintaining human expertise (e.g. intuition, insights, experience).

21 TOWARDS CSSA Situation comprehension / mitigation SP6: Development of suitable visualization tools, for the projection of the systems runtime state, but also incidents and incident patterns. Such tools must allow the analysis and projection of past states and correlated data (e.g for forensics analysis), but also current and potential future incident-evolution projections.

22

23 ADDITIONAL CHALLENGES Uncertainty Impact assessment Adversarial behavior and situation tracking Quality of Information Abstraction Target System Evolution Adversarial noise

24 RESEARCH COLLABORATIONS (INDICATIVE LIST) NTNU IDI: Cybersecurity, Safety, and Resilience of Smart cities NTNU ITK: Navigation System Security in Unmanned Autonomous Marine Vessels ΙInstitutt for energiteknikk IFE Statnett Statkraft Eidsiva Telenor KraftCERT NC-spectrum Mnemonic KALOS IIIT Kanpur, India IIIT Allahabad, India CERTH, Greece University of Geneva Imperial College London Istituto di Informatica e Telematica IIT Singapore University of Technology and design University of Cape Town, South Africa University of Pretoria, South Africa

25 CURRENT PROJECTS: CYBER-PHYSICAL SECURITY IN ENERGY INFRASTRUCTURE OF SMART CITIES (CPSEC) Start date: 1 June 2018; End date: 31 May 2021 Budget: NOK 13,982,000; Funding: NFR, NOK 6,977,000 Partners: NTNU CCIS, IFE, IIIT Allahabad, IIIT Kanpur The Cyber-Physical Security in Energy Infrastructure of Smart Cities (CPSEC) project proposes a comprehensive and systemic approach combining cyber and physical security solutions to protect energy installations in smart cities. The main technical output of the project will be the Integrated Security, Safety and Site Management (IS3M) platform which will cover a wide variety of concepts, including, systemic risk management, prevention by design, monitoring and detection, response and mitigation, and information sharing.

26 CURRENT PROJECTS: FUTURE TAMPER-PROOF DEMAND RESPONSE FRAMEWORK THROUGH SELF-CONFIGURED, SELF-OPTIMIZED AND COLLABORATIVE VIRTUAL DISTRIBUTED ENERGY NODES (DELTA) Start date: 1 May 2018; End Date: 30 April 2021 Budget: 3,873,625 EUROs; Funding: H2020 Partners: CERTH (GR), HIT (CY), AIK (CY), UoC (CY), KIWI (UK), JRC (BE), CCICC (IE), E7 (AT), UPM (ES), NTNU (NO) DELTA proposes a Demand-Response management platform that distributes parts of the Aggregator s intelligence into lower layers of a novel architecture, based on Virtual Power Plant principles. DELTA will set the milestone for data security in future DR applications by not only implementing novel block-chain methods & authentication mechanisms, but also by making use of Smart Contracts which would further secure & facilitate Aggregators-to- Prosumers transactions.

27 CURRENT PROJECTS: CYBER POWER PRAXIS: A STUDY OF WAYS TO IMPROVE UNDERSTANDING AND GOVERNANCE IN THE CYBER DOMAIN Start date: Spring 2018; End Date: Spring 2021 Budget: 1 PhD candidate (Ben Knox); Funding: Self-funded This project aims to implement and validate methods and approaches designed to enhance understanding and develop modes of leadership agile enough to improve praxis when faced with multiple dilemmas from the emerging effects of cyber power in multiple domains.

28 THE DEPARTMENT OF INFORMATION SECURITY AND COMMUNICATION TECHNOLOGY 80 employees in Gjøvik and Trondheim Research in areas of biometrics, cyber defence, critical infrastructure protection, cryptography, digital forensics, e-health and well being, intelligent transportation systems, internet of things, information security management, malware, quantitative modelling of dependability and performance 1 bachelor (90), 2 master ( ), 5 yrs master (45) and PhD (2) educations Offer flexible and part time study programs Forskningsprosjekter: EU H2020 (5), EU FP7 (4), EU Cost (1), EDA (1), IARPA Odin Thor (1), NFR FME (1), NFR IKT+ (4), NFR ENERGIX (1), NFR BIA (2), NFR Forskerskole (1), NFR NæringsPhD (1), RFF (4) Totally 40 MNOK in 2017 (45% of the department budget) Public private partnership: NTNU Center for Cyber and Information Security Innovation platform: Norwegian Cyber Range