ENTE PER LE NUOVE TECNOLOGIE L’ENERGIA E L’AMBIENTE
ENEA’s Project on Management, Safety and Security
of Technological and Energy Networks
(Critical Infrastructure Protection)
http://www.progettoreti.enea.it
Sandro Bologna
[email protected]
JRC-ENEA Meeting
Ispra, September 11, 2008
Three research Objectives
Three different Demonstrators
1. Technological solutions to reduce networks vulnerabilities
caused by attacks and faults on SCADA (Supervision
Control And Data Acquisition) systems. Improve mutual
coordination
of
LCCIs
(Large
Complex
Critical
Infrastructures)
operators
to
manage
potentially
dangerous events.
2. Simulation, evaluation and
cascading
failures,
using
interdependency effects.
prevention
advanced
of networks
models
of
3. Integrate the data about the state of LCCIs, including
territorial information, with the scope to support the
emergency management operators, and to make available
“early-warning” indications about possible scenario
evolutions.
D1 Demonstrator – General Objective
Implementation, of a “TestBed”
for
developing and testing technologies and
ICT solutions, which are aimed at
lowering vulnerabilities of Large and
Complex
Technological
Networks
(LCCIs) and at preventing or mitigate
cascading failures through real time
information
shared
between
LCCIs
operators
INCREASING OF SCADA SYSTEM VULNERABILITY
Increasing of attacks
Internal/external/accidental attacks
Analyses carried out at BCIT
(British Columbia Institute of Technology)
Classification of attack typologies
ENEA TESTBED TO EXPERIMENT SCADA SAFEGUARD TECHNOLOGY
Workstation 2
RTUs
emulators
Workstation 3
Control Centre
emulator
Workstation 1
Electrical Network
Simulator Data Source
Communication Network
Workstation 4
Messages
communication
broker
Workstation 6
Disturbance/attacks
generator
Workstation 5
Alarms monitoring
interface
D1 Demostrator
ENEA Safeguard SCADA Testing Facility
Rome Mini TELCO Black-out January
2004
NETWORK STATE OVERVIEW & ROOT CAUSES
Pre-incident
TELCO
network in
secure
state
AND
Station
continue
working with
decreased
battery
autonomy
Loss of
power
supply
Trip of main
power
supply
1
Flood on the
apparatus room of
the Telco SGT
station. UPS start
from batteries
AND
2
The battery autonomy
finished as Fire
Brigate was not able to
eliminate water in
time.
Many external
Telco services
go down, as
the ACEA data
links between
control centers
AND
The normal
power
supply
from ACEA
was
restarted
Damaged
equipment
replaced
Telco
services
restart
90 min.
3
The full
functionality of the
SGT station is
restored
Legend
4 hours
AND
Safe network
state
Collapsed
network
Endangered
network state
Event
Disturbed
network state
Root cause
Return
to
normal
state
IRRIIS - Physical set-up of the experimentation environment
Electricity
Simulator
Electrical
SCADA Emulator
Telecom
SCADA Emulator
Telecom
Simulator
LCCI Telecom
Data Base
LCCI Electricity
Data Base
Optional External Components
SimCIP
Electricity MIT Add-on
MITcommunication
Electrical Control Room
Telecom MIT Add-on
Telecom Control Room
ERC-CIP: European Reference Network
for Critical Infrastructure Protection
Some of the D1 activities may support
the European Reference Network
for Critical Infrastructure Protection
at the JRC
ERC-CIP is a DG JLS initiative
D2 Demonstrator – General Objective
Implementation
of
a
National
Infrastructure Simulation and Analysis
Center open to contribution from other
subject involved in the area.
It will develop models and technological
solutions to be used for the purpose of
interdependency analysis based on "what
if" approach.
ENEA
USERS/GIS INTERFACE
MIDDLEWARE (Request Management)
CRIAI
CAMPUS
BIOMEDICO
Agent-based
model
Entity – Resource
Model
Tor Vergata
MIDDLEWARE (SIMULATORS INTERFACE)
POWER GRID
SIMULATOR
TELECOMM
NETWORK
SIMULATOR
Infrastrutture n
SIMULATOR
CRIAI
ENEA
11
CRESCO Simulation Platform running on the top of ENEA GRID
Agent-based
model
Power Grid
Simulator
Telecomm
Network
Smulator
CRESCO middleware
ENEA GRID layer
Entity-Resource
model
A Simple view of ENEA GRID
WEB
ICA
User programs & commercial code
Graphic User Interface
LSF multi-cluster as integrator
Load LevelerTelnet
LSF
WEB
WEB
ICA
ICA
Cluster 5° ( Portici)
Graphic User Interface
Load Leveler
Telnet
User programs & commercial code
Graphic User Interface
LSF multi-cluster as integrator
LSF
Load Leveler
& File System
Telnet
LSF
AFS Geographical cross platform& File System
Cluster 6° ( Brindisi)
WEB
Cluster 2° (Casaccia)
ICA
WEB
ICA
WEB
User programs & commercial code
Graphic User Interface
LSF multi-cluster as integrator
Load Leveler
Telnet
LSF
AFS Geographical cross platform& File System
User programs & commercial code
Graphic User Interface
LSF multi-cluster as integrator
Load Leveler
Telnet
LSF
AFS Geographical cross platform& File System
ICA
User programs & commercial code
Graphic User Interface
LSF multi-cluster as integrator
Load Leveler
Telnet
LSF
AFS Geographical cross platform& File System
Cluster 1° ( Bologna)
Cluster 3° (Frascati)
Cluster 4° (Trisaia )
D2 Demonstrator
EU-FP7 DIESIS Project Schema
Public
transportation
traffic simulator
Power Grid
simulator
User
DIESIS middleware
GRID layer
TLC network
Simulator
Railway traffic
simulator
NAT
(http://www.progettoreti.enea.it//nat)
LEONTIEF Tool
(http://www.progettoreti.enea.it//leontief)
Each node of a network corresponds to a CI. rij is an “interdependency” matrix
A time-dependent solution of the
inoperability xi of the i-th CI upon disturbance
di(t) can be written as:
Time-dependent
inoperabilities
Effort done to design a method
to estimate rij
ESFRI : European Strategy Forum on Research
Infrastructures
The final goal of D2 and DIESIS is the
feasibility study of EISAC (European
Infrastructures
Simulation
and
Analysis Center) in the framework of
ESFRI.
EISAC should be the European eInfrastructure similar to the U.S.
NISAC
(National
Infrastructure
Simulation and Analysis Center)
D3 Demonstrator – General Objective
Implementation of an “Early Warning”
system for the protection of the Oil,
Gas, Electricity and Water distribution
networks localised inside the territory of
Val D’Agri, in the Basilicata region, South
of Italy
D3 Demonstrator
Early Warning System for the Val D’Agri oil field
CIWIN : Critical Infrastructure Warning Information
Network
EU Communication COM (2006)786 of EPCIP
(European
Programme
on
Critical
Infrastructure
Protection)
requires
the
implementation of a European CIWIN, linked
to National CIWINs
The Early Warning System for the Val D’Agri
oil field can be a suitable experience for the
implementation of the Italian CIWIN
List of funded Projects supporting the ENEA
Project (1/4)
• SE-TEC "Feasibility Study for a European Network of Secure Test
Centres for Reliable ICT-controlled Critical Energy Infrastructures"
funded by EU-EPCIP
Contact: Giordano Vicoli email: [email protected]
• IRRIIS "Integrated Risk Reduction of Information-based
Infrastructure Systems" funded by EU-FP6
Contact: Sandro Bologna email: [email protected]
• CRESCO-LAIII“Sviluppo di Modelli di Simulazione ed Analisi delle
Reti Tecnologiche Complesse e delle loro Interdipendenze” funded
by MIUR-PON
Contact: Sandro Bologna email: [email protected]
• CRESCO-LAII "Sviluppo di tecnologie e modelli computazionali
per la descrizione di sistemi complessi di origine biologica e di
materiali innovativi" funded by MIUR-PON
Contact: Vittorio Rosato email: [email protected]
List of funded Projects supporting the ENEA
Project (2/4)
• MIA "Definition of a methodology for the assessment of mutual
interdependencies between ICT and electricity
generation/transmission infrastructures" funded by EU-EPCIP
Contact: Vincenzo Fioriti email: [email protected]
• GIACS "General Integration of the Application of Complexity in
Science" funded by EU-FP6
Contact: Vittorio Rosato email: [email protected]
• DIESIS "Design of an Interoperable European federated
Simulation network for critical Infrastructures" funded by EU-FP7
Contact: Giovanni Dipoppa email:
[email protected]
• MICIE "Tool for systemic risk analysis and secure mediation of
data exchanged across linked CI information infrastructures"
funded by EU-FP7
Contact: Michele Minichino email: [email protected]
List of funded Projects supporting the ENEA
Project (3/4)
• TeRN "Sviluppo di sistemi di early-warning in Val d'Agri"
funded by Regione Basilicata
Contact: Gerardo De Canio email: [email protected]
• ASTROM “Assessment of resilience to threats of control
and data management systems of electrical transmission
network” funded by EU-EPCIP
Contact: Giordano Vicoli email:[email protected]
• TRAMP “Sistema Integrato di Gestione e Controllo per il
TRAsporto in Sicurezza di Merci Pericolose" funded by MIUR
Contact: Giovanni Dipoppa email:
[email protected]
• COST MP0801 "Physics of Competition, Cooperation and
Conflict" funded by ESF 20058
Contact: Vittorio Rosato email: [email protected]
List of funded Projects supporting the ENEA
Project (4/4)
• NEISAS “National and European Information Sharing and
Alerting System” funded by EU-EPCIP
Contact: Arcangelo Tripi email:[email protected]