Integrated On-Line Risk Prediction: Think Globally and Act Locally. Dr. Chiara Foglietta,

Transcription

1 Integrated On-Line Risk Prediction: Think Globally and Act Locally Dr. Chiara Foglietta, Final Workshop Rome, December 16th, 2014

2 Motivation and Background

3 Power Grid Operating States Normal State Secure or Insecure Blackouts Restorative State Violated Operational Limits Emergency State

4 Vulnerability Sources for Power Grids Natural calamities Component failures Protection and control failures Faults Human errors Inadequate security margin Gaming in the market Missing or uncertain information Sabotage or cyber-intrusion

5 Vulnerability Sources for Power Grids Natural calamities Component failures Protection and control failures Faults Human errors Inadequate security margin Gaming in the market Missing or uncertain information Sabotage or cyber-intrusion

6 The Reality Blackouts will occur again in the future Our power grid is too complex to make it fail-safe! The challenge is: To prevent the cascading, uncontrolled spread of an initiating blackout! To restore power to affected customers ASAP!

7 IRP inside CockpitCI system

8 IRP & Detection Layer & Secure Mediation GW SCADA REMOTE IRP SMGW SMGW IRP Honeypot & IDS Detection Layer FUSION OF ALL RISK ALERTS

9 FROM HOLISTIC ASSESSMENT TO COMBINED IMPACT EVALUATION CYBER DETECTION CYBER DETECTION SCADA Operator CYBER DETECTION SCADA HMI NATIONAL CERT OPERATIVE LEVEL TRANSLATION COMBINED IMPACT EVALUATION (CISIA) EXTENDED Situation Assessment RISK LEVEL SECURITY Operator OTHER CIs Cyber- Physical inferences REMOTE IRP NATIONAL CONTROL ROOM (CERT) Holistic estimation Reductionistic decomposition for cascading effects evaluation

10 QoS Assessment Security Factors Thanks to Matthieu Aubigny from itrust Consulting

11 QoS Assessment Security Factors Thanks to Matthieu Aubigny from itrust Consulting

12 THE MIXED HOLISTIC-REDUCTIONISTIC MODELLING PERSPECTIVE Behaviours (physical or logical or political) not emerging from Reductionistic layer Expressions of both holistic and reductionistic models Intra-Inter- Infrastructure homogeneous layer capturing interdependencies

13 CISIApro: an agent based simulator Reductionistic decomposition for cascading effects evaluation

14 CISIApro: an output of CockpitCI project Output Entity Maker Resources Faults & Variables

15 Medium Voltage Electric Grid Thanks to IEC (Israel Electric Corporation)

16 Interconnected telecommunication and SCADA network Thanks to IEC (Israel Electric Corporation)

17 PortScan attack Step 1

18 PortScan attack Step 2

19 PortScan attack Step 3

20 Syn Flood attack Step 1

21 Syn Flood attack Step 2

22 Syn Flood attack Step 3

23 Integrated Risk Prediction Aim Increase the situational awareness of the operator including information and data that usually are missing

24 Smart RTU and Reaction Strategies

25 SMART Industrial Control Systems Standard ICS SMART ICS Process optimization Monitor and manage information on all levels Identify the optimal response strategies in case of attack or contingency Perform (or suggest to the operator) automatic reactions at global level Coordinate automatic reactions at local level

26 Smart Extension and Smart RTU From/to other SE or IDS PLANT RTU Smart Extension From/to SCADA control Smart RTU The Smart Extension is an application level commands filter device, inserted in the SCADA communication channel. If the risk level of a cyber attack is increased, the Smart Extension may block inputs to the RTU (or reduce the accepted input messages to a minimum), in order to maintain a safe state.

27 Smart Ecosystem and Cluster Awareness Smart Cluster Local IDS & Honeypot SCADA Smart Extension Smart Extension Smart Extension IRP Smart Control Detection Layer

28 Smart RTU Extension Aim Put intelligence and logic reasoning at the RTU level increasing the reaction strategies in event of cyber attacks

29 Conclusions and Ongoing Works Refine the model of the power grid beyond the topology analysis and the load shedding procedures. Refine the model of the telecommunication network beyond the connectivity model. Integrate other CIs in CISIA software such as water distribution network and gas pipelines. Integrate other sources of data into the Integrated Risk Prediction Connect the Smart RTU to the Integrated Risk Prediction Standardize rules and countermeasures for the Smart RTU.

30 Any question? Dr. Chiara Foglietta,

31 Thank you for your attention

32 Thanks to Roma3 Team: Prof. Stefano Panzieri, Riccardo Santini, Giovanni Corbò, Cosimo Palazzo, Simone Palmieri, Antonio Di Pietro, bachelor students, master students and everyone I forget.