ENEA s Critical Infrastructures Protection Program. ENEA s Critical Infrastructures Protection Program. Meeting AIIC-ENEA Roma, 29 March, 2010

Transcription

1 ENEA s Critical Infrastructures Protection Program ENEA s Critical Infrastructures Protection Program Sandro Bologna sandro.bologna@enea.it Meeting AIIC-ENEA Roma, 29 March, 2010

2 ENEA s Critical Infrastructures Protection Program: SCADA Cybersecurity ISTITUTIONAL TASKS To increase stakeholders awareness of SCADA cyber threats To foster collabora?on and joint analysis of this topic with/between stakeholders To find suitable solu?ons to manage with this issue RESEARCH OBJECTIVES Assessment of threats, vulnerabili?es and resilience of SCADA Early detec?on of apacks throught new technological solu?ons Implementa?on of a Test Facility for SCADA Cybersecurity

3 Some Funded Projects supporting ENEA s Program on SCADA Cybersecurity SAFEGUARD "Intelligent Agent Organisa?on to enhance dependability and survivability of LCCIs" Partners: QMUL (UK), LiU (SE), AIA (ES), Swisscom (CH) Funded by: EU FP5 ESTEC "Feasibility Study for a European Network of Secure Test Centres for Reliable ICT controlled Cri?cal Energy Infrastructures" Partners: D Appolonia (IT), ET TS (IT) Funded by: EU EPCIP ASTROM "Assessment of resilience to threats of control and data management systems of electrical transmission network" Partners: ERSE (IT), D Appolonia (IT), B&C (IT), TERNA (IT), ElsagDatamat (IT) Funded by: EU EPCIP AFTER A Framework for electrical power systems vulnerability iden?fica?on, defense and Restora?on Partners: ERSE (IT), SINTEF (N), ADELARD (UK), SIEMENS (D), ELIA (B), TERNA (IT),.. Under funding process by: EU FP7

4 Integrated ENEA Testbed for Cybersecurity

5 SIMULATION CAPABILITIES SIMULATORS: E Agora PowerWorld simulator PSS Sincal DIgSILENT Power Factory ELECTRICAL NETWORKS IEEE RTS 96 Distribu?on Network in Rome Italian Transmission Network

6 ENEA s planned facilities in the Cybersecurity field An improved SCADA test bed, which allows To plug SCADA provided by different vendors (HW and SW) To simulate different power grids To plug add on new modules for improving CI resilience Ac?vi?es To iden?fy vulnerabili?es and threats of SCADA currently employed by different operators To understand the impact of SCADA vulnerabili?es on the power grid To iden?fy, test and demonstrate algorithms and tools aimed at improving CIs resilience To Benchmark different algorithms and solu?ons COULD BE PART OF A MULTI SITED ITALIAN CYBERTEST FACILITY IN THE FRAMEWORK OF ERN CIP INITIATIVE

7 ENEA Critical Infrastructures Protection Program : Modeling and Simulation ISTITUTIONAL TASKS To increase the Italian governmental bodies and stakeholders awareness about interdependency modeling and simula?on issues To foster collabora?on and joint ac?vi?es on interdependency modeling and simula?on issues within Italy To find suitable solu?ons to manage with this issue RESEARCH OBJECTIVES Analysis of technological networks vulnerabili?es and resilience Studying cascading effects Modeling interdependency Establishing an integrated simula?on plaform to analyze interdependencies and assess the impact of events or failures

8 Some Projects supporting ENEA Program on CI Modeling and Simulation CRESCO LAIII "Modeling, Analysis and Simula?on of Complex Networks and their interdependencies Partners: Several Italian Universi?es Funded by: MIUR PON DIESIS "Design of an Interoperable European federated Simula?on Network for Cri?cal Infrastructures" Partners: FhG (DE), CRIAI (IT), ICL (UK), TNO (NL) Funded by EU FP7 IRRIIS "Integrated Risk Reduc?on of Informa?on based Infrastructure Systems" Partners: FhG (DE), IABG (DE), TNO (NL), SIEMENS (DE), ALCATEL (FR), TI (IT), ACEA (IT), REE (ES), AIA (ES), ENST (FR), CU (UK), VTT (FI), ETH (CH) Funded by EU FP6 MIA "Defini?on of a methodology for the assessment of mutual interdependencies between ICT and electricity genera?on/ transmission infrastructures" Partners: ERSE (IT), B&C (IT), TERNA (IT), TI (IT), ENEL (IT) Funded by EU EPCIP MICIE "Tool for systema?c risk analysis and secure media?on of data exchanged across linked CI informa?on infrastructures Partners: Selex Communica?ons (IT), CRAT (IT), IEC (IL), Henri Tudor (LX), itrust (LX), IRIAM (PL), Un. Roma TRE (IT) Funded by EU FP7 MOTIA Modeling Tools for Interdependencies Assessment in ICT systems Partners: CNIPA (IT), GARR (IT), TI (IT) Funded by EU EPCIP

9 ENEA Modeling and Simulation Platform Architecture Decision Maker Repositories Scenarios Setup PresentaJon Add-on -on Tools Results PresentaJon Simulators Output Results End User Interface Scenarios configurajon Scenarios deployment and design interface Scenarios Repository Models Repository (3rd parjes) Interdep Model Repository Simulators Knowledge base Interdependency Simulators Diesis Cisia Ciab Simcip Middleware Interoperable SimulaJon Middleware Scenario expert Domain Simulators Hardware CommunicaJon Layer

10 Interdependency Simulation: DIESIS Project Paradigma IONT A FONT IONT C IONT B IONT D Sim A FM A Sim C FM C FCM Sim B FM B Sim D FM D FCM Federated Control Module Sim CI domain simulator FM Federated manager IONT: Infrastructure ONTology FONT: Federation ONTology World ONTology (WONT) template

11 DIESIS Demonstrator Telecommunica?on Network Simulator NS2 Power Network Simulator SINCAL Federated CI Simula?on Couplings ( Bridges, Links ) Flooding Simulator Aqua Railway Traffic Simulator Opentrack Designing EISAC a Research Infrastructure for CIP

12 Looking to the future: EISAC Paradigma Vnet 0 Vnet 1 Vnet 2 Federated Approach to European Infrastructures Simulation and Analysis Center (EISAC)

13 MIDRECI Multidisciplinary Approach

14 DR-NEP Community

15 ENEA s Critical Infrastructures Protection Program: Information Exchange ISTITUTIONAL TASKS To increase stakeholders awareness about the importance of Informa?on Exchange and Public Private Partnership (PPP) To foster collabora?on of this topic with/between stakeholders To find suitable solu?ons to manage with this issue RESEARCH OBJECTIVES Modeling the Informa?on Exchange in a trusted way Develop the appropriate technology suppor?ng Informa?on Exchange Improving situa?onal awareness and mutual coordina?on among CIs operators Implement a Test Facility for Informa?on Exchange

16 Some Projects supporting ENEA Program on Information Exchange IRRIIS "Integrated Risk Reduc?on of Informa?on based Infrastructure Systems" Partners: FhG (DE), IABG (DE), TNO (NL), SIEMENS (DE), ALCATEL (FR), TI (IT), ACEA (IT), REE (ES), AIA (ES), ENST (FR), CU (UK), VTT (FI), ETH (CH) Funded by EU FP6 MICIE "Tool for systema?c risk analysis and secure media?on of data exchanged across linked CI informa?on infrastructures Partners: Selex Communica?ons (IT), CRAT (IT), IEC (IL), Henri Tudor (LX), itrust (LX), IRIAM (PL), Un. Roma TRE (IT) Funded by EU FP7 NEISAS "Na?onal and European Informa?on Sharing and Aler?ng System" Partners: B&C(IT), LanditD(UK), NICC(NL), PdCM(IT) Funded by EU EPCIP

17 The IRRIIS MIT Paradigma The Risk EsJmator supports operators of Control Centres to take acjons that can leverage the risk of outage due to interdependency relajons among CIs. SOME LINES DISCONNECTED TELCO NODES POWERED BY BATTERIES OPERATOR The operator, by observing the Risk Est. is aware of the potential Telco outage and decides to disconnect AREA_2 (less critical area) to benefit AREA_1 MIT Communicator MIT Communicator HVA Risk EsJmator panel AREA_1 AREA_2 OPERATOR

18 IRRIIS MIT experimentation environment TEST BED Power grid Control Room Electrical Simulator (Sincal) SCADA Emulator SIMCIP Telco simulator (NS2) Telco Control Room Electrical RE (Risk EsJmator) TTelco RE (Risk EsJmator) MIT CommunicaJon components Electrical MIT TECHNOLOGY TO BE TESTED Telco MIT

19 NEISAS is based on real steakholders requirements from interveviews and workshops Sectors addressed: ICT/Telecomms, Mass Transportantion and Energy (SCADA)

20 CPNI Information Exchanges Model

21 NEISAS envisages a common platform model for Public Private Partnership Information Sharing Emerging standards such as ISO will allow for information sharing among circles of trust

22 NEISAS will deploy pilot platforms in the Netherlands, the UK and Italy Peer to peer architecture will require no European Central Repository of Information