Preemptive PREventivE Methodology and Tools to protect utilities

Transcription

1 Preemptive PREventivE Methodology and Tools to protect utilities With the financial support of FP7 Seventh Framework Programme Grant agreement no:

2 Preemptive description Project objectives The Preemptive aims at enhancing existing procedures and methods and conceiving tools to prevent against cyber-attacks. In particular, operative objectives are: Realization of a prototype on utility environment Define guidelines for improving Critical Infrastructure (CI) surveillance and standard practices to improve prevention threats Project sector: Utilities mainly on electricity, water and gas Project topics: Threats and Vulnerability Project duration: 36 Months Other relevant information: Prevention of cyber-attacks against hardware and software systems such as DCS, SCADA, PLC, networked electronic sensing, and monitoring and diagnostic systems used by the utilities networks Web 2

3 Preemptive outcomes The Preemptive main outcomes are: Software detection (network and host-based) and event correlation tools - software prevention and detection tools to improves security on SCADA utility networks - expected for february 2017 Cyber Defence Methodology Framework guidelines Risk and Vulnerability Assessment methods standard policies, procedures and guidelines to prevent cyber attacks - expected for September 2016 Taxonomy report classifying the utility networks taking into account type and communication technology, sensibility to Cyber threats - already available Modelling software models and virtual environment for simulating and gathering data on cyber attacks - expected for December

4 Preemptive tools description In particular, the Software detection (network and host-based) and event correlation tools is composed by : Detection and prediction tool based on a dual approach : low level direct detection and process misbehavior detection a network-based intrusion detection system a host-based intrusion detection system an integrity system for removable storage devices an industrial process misbehaviour detection system Correlation and event mining of events/alarm coming from network, host and process detection tool to detect and prevent cyber attacks Final test plant on electricity utility Availabilty of real SCADA data on operational plant Knowledge of SCADA operational process 4

5 Preemptive target stakeholders The Preemptive target stakeholders are: Utilities SCADA control systems of utilities Monitoring tool to detect/prevent cyber attacks Increase security levels of infrastructures guidelines and practices to improve prevention detection procedures against cyber threats Research center, standardization bodies knowledge acquired relevant knowledge during project realization which may become a common base 5

6 H2020 identified opportunities H2020 identified opportunities to exploit Preemptive main outcomes Work Programme Secure societies - Protecting freedom and security of Europe and its citizens - DS : The role of ICT in Critical Infrastructure Protection deadline 27 th August Suitable as call and sub topics, but too early for Preemptive significant results to be showed. To be evaluated again in next call around March 2016 Work Programme are currently under preparations. The closest topic is Future and Emerging Technologies - to be analysed because at the moment details are not available Other financing opportunities considered, but no appropriate call was found at the moment: NATO funding ESA fundings DG home fundings ongoing analysis on italian PON (European Structural Funds) ongoing analysis on italian POR FESR Lazio ongoing analysis on italian PON R&C 6

7 PREEMPTIVE HOST DETECTION Host-based detection for standard IT components Integrity of personal and company storage devices Host-based detection for embedded devices 7

8 Thank You for Your attention! Giorgio Sinibaldi Project Coordinator (Vitrociset) Alessia Valentini Dissemination (Vitrociset) With the financial support of FP7 Seventh Framework Programme Grant agreement no: