Communication network

Download Report

Transcript Communication network

ENTE PER LE NUOVE TECNOLOGIE L’ENERGIA E L’AMBIENTE
Alcune iniziative di ricerca in Europa e in
Italia sul ruolo della ICT nella Protezione delle
Infrastrutture Critiche
Sandro Bologna - ENEA
[email protected]
http://www.progettoreti.enea.it
Workshop – AICT
Roma 25 Settembre, 2008
Three Layers Model for the Critical Infrastructure
Organisational
Layer
Intra-dependency
Cyber
Layer
Inter-dependency
Physical
Layer
Increasing importance of
the “Cyber Layer” and
“Inter-dependency”
Current Structure of the Electrical System in Europe
Transmission
National /
International
Subtransmission
Regional
Distribution
System
Low Voltage
Integrated infrastructures for active network operation
DSO 2
DSO 1
Meter
TSO
Microgrid
G2
DGop 2
Meter
Communication
network
Gx
DGop n
Gy
Communicati
on control
local area 3
storage
G3
Communicatio
n control
local area 2
storage
Demand response
DSO n
Demand response Microgrid
DGop 1
Power grid
Communicati
on control
local area 1
Meter
G1
storage
Information
Communication
control
Bulk gen.
Power flow
Microgrid
Demand response
FP7 EU Policy and Research in CIP-CIIP
Directorate General INFSO
(Internet; network and
information security)
FP7 IST Theme
Directorate General INFSO
(Security)
Joint R&D
EPCIP
Directorate General JLS
(Policy)
FP7 SECURITY Theme
Directorate General ENTR
(Security Research and
Development)
Geographical allocation of CIIP R&D relevant initiatives
44 national and 28 EU co-funded
(CI2RCO Project 2006)
30
Notice that EU projects
26
25
are counted for each
24
participating country
20
17
16
15
11
11
10
8
8
7
6
7
6
5
5
4
4
4
4
3
3
2
2
11 1
0 0
3
2
2
3
2
2
1
0 00
11
0
0 00
00 00
2
1
00 00
1
0
2
2
1
0 00
0
0
00
Au
st
Be ria
lg
iu
C
ze Bu m
ch lga
R ria
ep
u
D blic
an
m
a
Es rk
to
n
Fi ia
nl
an
Fr d
a
G nce
er
m
an
G y
re
e
H ce
un
ga
ry
Irl
an
Ic d
el
an
d
Is
ra
el
Ita
ly
Li
ec Lat
v
ht
en ia
st
e
Li in
Lu tua
xe ni
m a
bo
ur
g
M
N
et
al
he ta
rla
n
N ds
or
w
a
Po y
la
Po nd
rtu
R ga
om l
a
Sl nia
ov
a
Sl kia
ov
en
ia
Sp
a
Sw in
Sw ed
itz en
er
la
nd
U
ni
T
te
d urk
Ki ey
ng
do
m
0
EU project
National project
National initiatives – overview
(CI2RCO Project 2006)
Au
st
Be ria
lg
iu
C
ze Bu m
ch lga
R ria
ep
u
D blic
an
m
a
Es rk
to
n
Fi ia
nl
an
Fr d
a
G nce
er
m
an
G y
re
e
H ce
un
ga
ry
Irl
an
Ic d
el
an
d
Is
ra
el
Ita
ly
Li
ec Lat
ht via
en
st
e
Li in
Lu tua
xe ni
m a
bo
ur
g
M
N
et
al
he ta
rla
n
N ds
or
w
a
Po y
la
Po nd
rtu
R ga
om l
a
Sl nia
ov
a
Sl kia
ov
en
ia
Sp
a
Sw in
Sw ed
itz en
er
la
nd
U
ni
T
te
u
r
d
Ki key
ng
do
m
Geographical distribution of partners into the 28 EU cofunded initiatives
(CI2RCO Project 2006)
45
40
5
39
36
10
7
4
4
0
2
1
0
57% of the partners from 4
countries
35
34
30
26
25
20
15
15
4
2
0
2
0
0
1
0
0
15
11
8
7
5
8
5
1
0
1
0
0
CONCLUSIONS FROM GAP ANALYSIS (1/4)
(CI2RCO Project 2007)
#1 CIP/CIIP is still a very immature field of research
#2 There is not yet a real community of researchers even if there is an increasing large number of actors
interested on but not converging
#3 This is partially due to the absence of a clear policy,
both EU and MS, about CIP/CIIP and a clear vision of
what “concretely" are CIP/CIIP, which are their goals,
constraints and boundaries
CONCLUSIONS FROM GAP ANALYSIS (2/4)
(CI2RCO Project 2007)
#4 The majority of Member States have neither a
Strategic Plan on CIIP nor a Specific R&D Program
#5 The majority of the R&D activities are funded under
different labels, from IT security to Border Control.
Moreover, there is a set of different Agencies promoting
this kind of initiatives, often with limited coordination
#6 National initiatives of MS are inhomogeneous in
economical dimension and time span
#7 In several MS Ministries of interior or defence are in
charge to coordinate national initiatives
CONCLUSIONS FROM GAP ANALYSIS (3/4)
(CI2RCO Project 2007)
#8 Stakeholders involvement appears largely deficient.
They shown an application oriented vision strongly
related to their own infrastructure and business
framework, with a limited attention on border elements
and trans-domain consequences
#9 In several countries important CI stakeholders appear
quite completely absent from the scenario and there is a
limited participation from infrastructure's controllers
providers (SCADA providers)
#10 Stakeholders initiatives are mainly focused on the
risk analysis aspects more than in the technology
development to master and shape the future
development of their infrastructures
CONCLUSIONS FROM GAP ANALYSIS (4/4)
(CI2RCO Project 2007)
#11 Most of the partners for the EU-funded projects are
from a small number of EU Countries (Germany, France,
UK, Italy, Netherlands) and in particular from the same
organisations.
#12 Strong need to better harmonize EU participation
among the Member States because CIIP is a transnational problem, increasing with globalisation and
complexity
#13 Strong need to stimulate R&D involvment and
funding from Industrial Stakeholders, Regional and
National Governments
#14 Strong need to create a European Research Area on
CIIP
A Feedback from 1st CI2RCO
Conference
Rome, 30 March, 2006
Too many roadmaps and strategic
projects instead of projects from
which I can really benefit in daily
environment (source: energy
provider)
Addressing the safety and security issue:
the ENEA SAFEGUARD approach
OBJECTIVE
Development of a network of software components
(Agents) to increment the survivability of information
intensive critical infrastructures as the electrical
transport and distribution networks, during attacks,
intrusions, or anomalies caused by network
instabilities.
REFERENCE INFRASTRUCTURE
A supervisory and control system (SCADA) of the
electrical transmission network
SAFEGUARD
multi-agent architecture
Low level agents
High level agents
Other LCCIs
Foreign electrical networks
Communication networks
------------------Negotiation
agent
Correlation
agent
Topology
agent
Network state
monitors
Network
protection at
global level
MMI
agent
Intrusion
Detection
wrappers
Action
agent
Anomaly detector
agents
Actuators
Control system of electrical network (RTUs & Control Centers)
Home LCCIs
Commands and
information
Only information
Network
protection at
local level
IMPLEMENTATION OF SAFEGUARD TECHNOLOGIES
IN THE ELECTRICAL SYSTEM
CCN
CCR
Supervisory and
Control System
CCR
SIA-C
SIA-C
SIA-C
Communication Network
SIA-R
SIA-R
SIA-R
RTU
RTU
RTU
Area 1
Electrical system
physical layer
Information Network
Power transport
network
Area 3
Area 2
Remote Units
Substations
Control Centers
Loads
Data concentrators
Generators
Invariant checking agent
Communication ports checking agent
Event sequences checking agent
RTU state hybrid detector
ENEA Testing Platform of SAFEGUARD Technology
emulation on a local network of the components belonging to a
SCADA distributed system
Message “broker”
Electrical load-flow
simulator (e-Agora)
RTU 2
RTU 1
TEST PLATFORM
SCADA Control Center
National
Attacks/faults
Console
design
running
Network Data Base
log/document
RTU 3
(National DB)
Hybrid detector for State Estimation
Network Data Base
(Checking Invariants)
Level
Agents
(Case Base reasoning)
Communication hybrid detector
(Data Mining technique)
(Gegional DB)
RTU n
Low
Event sequences hybrid detector
Safeguard high level
agents
SCADA Control Center
Regional
(correlator, action ect.)
RTU state hybrid detector
(Neural Network)
SCADA data exchange bus
ENEA TEST PLATFORM OF SAFEGUARD
TECHNOLOGY
Addressing the cascading failures issue:
the ENEA IRRIIS approach
OBJECTIVE:
Provide a technology (named MIT, Middleware Improved Technology)
which will reduce the risk of cascading failures caused by
interdependency between Large Complex Critical Infrastructures (LCCI)
MIT system will support information sharing between LCCIs operators
to augment their mutual situational awareness.
MIT system will support negotiation and coordinated actions between
neighbouring systems for the establishment of effective and optimal
measures;
REFERENCES INFRASTRUTTURES:
An electrical distribution network
A public voice/data tele-communication network
Interdependencies between Electrical and
Telecommunication Networks
Interdependencies
between Tlc Net and
Electrical Net
Tlc
Net
Electric.
Net
Overall IRRIIS MIT architecture
Communication
Components
Inter LCCIs
data exchange
Add-on
Components
LCCIs Data
Bases & Alarm
logs
Electrical
Data Base
LCCI 1
Telecom
Data Base
Other
Data Bases
LCCI 2
LCCI n
The Italian IRRIIS Scenario
MANAGING “INTERDEPENDENCY” BETWEEN DIFFERENT INFRASTRUCTURES
IRRIIS - Physical set-up of the experimentation environment
Electricity
Simulator
Electrical
SCADA Emulator
Telecom
SCADA Emulator
Telecom
Simulator
LCCI Telecom
Data Base
LCCI Electricity
Data Base
Optional External Components
SimCIP
Electricity MIT Add-on
MITcommunication
Electrical Control Room
Telecom MIT Add-on
Telecom Control Room
View of the IRRIIS Test Bed at ENEA
Telecom
monitoring panel
Local attacker
Telecom
MIT
components
Telecom
Electricity
monitoring panel
Local LAN
Power
backup
simulation
Telecom
network
simulation
SCADA
emulation
Local LAN
Local attacker
Electricity
Electrical
network
simulation
MIT
components
Electricity
MIT communication channel
Experimentation Archive
Experimentation SERVER
Local LAN
Global
attacker
Experimentation
GUI
Logger
Additional
analysis tools
Test Bed
communication
channel
Addressing the cascading failures issue:
the MICIE approach
CI ‘n’ OPERATOR
CI ‘A’ OPERATOR
Real time CI ‘A’
Risk level
Real time CI ‘n’
Risk level
CI models and related
interdependency indicators
CI models and related
interdependency indicators
MICIE on-line
prediction tool
MICIE on-line
prediction tool
Aggregated
metadata
Ontology
based
metadata
DB
Aggregated
metadata
Discovery
and
Composition
Agent
Metadata
Secure
Communication
Agent
MICIE Mediation Gateway
associated to the CI ‘A’
CI-specific data
CRITICAL INFRASTRUCTURE ‘A’
SECURE
METADATA
EXCHANGE OVER
ICT LINKS
Metadata
Secure
Communication
Agent
Discovery
and
Composition
Agent
Ontology
based
metadata
DB
MICIE Mediation Gateway
associated to the CI ‘n’
CI-specific data
CRITICAL INFRASTRUCTURE ‘n’
CESI RICERCA
http://crutial.cesiricerca.it
FP6-2004-IST-4-027513
Critical Utility InfrastructurAL Resilience
communication
network
electricity
grid
CRUTIAL is a RTD Project in the area of Critical Information Infrastructure Protection launched by the European Union under the
Information Society Technologies priority of the Sixth Framework Programme.
The project addresses new networked ICT systems for the management of the electric power grid, in which artefacts controlling the
physical process of electricity transportation need to be connected with information infrastructures, through corporate networks
(intranets), which are in turn connected to the Internet.
CRUTIAL’s innovative approach resides in
modelling interdependent infrastructures
attempting at casting them into new architectural patterns
resilient to both accidental failures and malicious attacks
Objectives
Work Packages
 Investigation of models and
architectures that cope with openness,
heterogeneity and evolvability endured
by electrical utilities infrastructures
WP1 Identification and description of
Control System Scenarios
 Analysis of critical scenarios which ICT
faults provoke serious impact on the
controlled electric power infrastructures
WP3 Testbed development
 Evaluation of distributed architectures
enabling dependable control and
management of the power grid
WP2 Interdependencies modelling
WP4 Architectural solutions
WP5 Analysis and evaluation of Control
System Scenarios
WP6 Dissemination
WP7 Management
Addressing the communication resilience in
power control systems:
the CESI Ricerca CRUTIAL approach
OBJECTIVE
to develop the representative control algorithms in
the testbeds integrating the electric power system
and the information infrastructure
REFERENCE INFRASTRUCTURE
Electric Power Transmission and Distribution Grids
Control and Data Networks for Operation and
Maintenance activities
Telecontrol testbed - Control system scenarios
•
•
•
•
scenario 1: DSO teleoperation
– use of public IP backbone for DSO supervision and control
– assess redundant communication architecture
– assess vulnerabilities of standard protocols and impact on control
scenario 2: interaction between TSO/DSO in emergency
– assess defense plan actuation (automatic load shedding)
– assess security of the TSO-DSO communications
– evaluate the impact of attacks in emergency conditions
scenario 3: integration of DSO operation & maintenance
– process control and corporate intranet integration
– evaluate the impact of attacks and fault propagation
scenario 4: ICT maintenance of control infrastructures
– assess remote functional testing and operations on ICT devices
– assess remote reconfiguration of the substation automation
Telecontrol testbed – scenario 1b
Control
System
Scenarios
• Simulation
Scenario 1b: DoS attack implementation
of a DoS attack to a Centre
router/gateway by TSP insider
1 - TSP insider
starts attack
2 - Communication
bandwidth
reduction
3 - Communication
backup line
4 - Loss of remote
supervision and control
functions of all
controlled substations
from the primary
Centre
PSTN
Backu
p
Telecontrol Testbed at CESI Ricerca
Addressing the Interdependencies modelling and
simulation issue: the ENEA CRESCO approach
• The CRESCO approach wants to be a “proof of
concept” of different Simulation Tools supporting
(inter)dependencies simulation
– The “proof of concepts” is based on a limited number of
scenarios built upon a process of knowledge elicitation
from the stakeholders
• The CRESCO approach wants to be a “proof of
concept” of computational layers supporting the
Simulation Platform
– The goal is to assess major advantages/disadvantages
deriving from the use of HPC GRID, in particular ENEAGRID
• The CRESCO approach wants to be a “proof of
concept” of the basic problems with Federated
Simulation
– The “proof of concepts” is based on a limited number of
Simulators (CISIA, CIAB, eAgora, NS2, Omnet)
USERS/GIS INTERFACE
ENEA
CRIAI
MIDDLEWARE (Request Management)
Agent-based
model
Entity – Resource
Model
CAMPUS
BIOMEDICO
Tor Vergata
CRIAI
MIDDLEWARE (SIMULATORS INTERFACE)
POWER GRID
SIMULATOR
TELECOMM
NETWORK
SIMULATOR
Infrastrutture n
SIMULATOR
ENEA
CRESCO Simulation Platform running on the top of
ENEA GRID
Agent-based
model
•
Power Grid
•
Simulator
Entity-Resource
•
model•
•
Telecomm
Network
Smulator
CRESCO middleware
ENEA GRID layer
•
DIESIS ARCHITECTURE
Design of an Interoperable European federated Simulation network for critical
InfraStructures
Power
Grid
simulator
@ENEA
Public
transportation
traffic simulator
@CRIAI
User
@IAIS
DIESIS middleware
GRID layer
Railway
traffic
simulator
@TNO
Network
Simulator
@ICL
NEISAS – National and European Information
Sharing and Alerting System
• Funded by EC DG JLS EPCIP 2008 program
• Objective: deployment of a prototype of a
National and European Information Sharing and
Alerting System
• Partners: ENEA, Italian Cabinet Office, UK Home
Office, UK CPNI, Dutch NICC, Booz & co,
Symantec
35
36
ECCRAMM – Energy Control Centre Risk
Analsysis and Management Methodology
• Funded by EC DG JLS EPCIP 2007 program
• Objective: deployment of Risk Management
methodology to protect Energy Control Centres
• Partners: Symantec, UCTE, 9 UCTE TSOs,
Estonian Ministry of Economics, Eesti Energia
(Estonian TSO)
37
Some of the Projects with participation of
ENEA and/or CESI Ricerca (1/5)
•
RdS 2006-2008 AdP con MSE: Area “Governo del Sistema” e Area
“Trasmissione e Distribuzione” funded by MSE
•
SECURE: Security of Energy considering Uncertainty, Risk and
Economic Implications funded by EU-FP7
•
REALISEGRID: REseArch methodoLogIes and technologieS for the
effective development of pan-European GRID funded by EU-FP7
•
HARRISON: Galileo Time and Synchronization Applications funded by
EC/ESA
•
MORE MICROGRIDS: Advanced Architectures and Control Concepts
for Microgrids funded by EU-FP6
Some of the Projects with participation of
ENEA and/or CESI Ricerca (2/5)
•
DERRI: Distributed Energy Resources Research Infrastructure
funded by EU-FP7
•
DER-LAB: Network of DER LABoratories funded by EU-FP6
•
OSN: Osservatorio sulla Sicurezza Nazionale supported by RdS 20062008 AdP, funded by MSE
•
GRID: Coordination Action on ICT vulnerabilities of power systems
and relevant defense methodologies funded by EU-FP6
•
CRUTIAL: Critical UTility InfrastructurAL resilience funded by EU-FP6
•
DAMSE: European Methodology for Dams Security Assessment
funded by EU-EPCIP
Some of the Projects with participation of
ENEA and/or CESI Ricerca (3/5)
•
MIA: Methodology for Interdependence Assessment between ICT and
electricity infrastructures, funded by EU-EPCIP
•
ASTROM: ASsessment of resilience to ThReaths of cOntrol and data
Management systems of electrical network, funded by EU-EPCIP
•
ESTEC: Feasibility Study for a European Network of Secure Test
Centres for Reliable ICT-controlled Critical Energy Infrastructures,
funded by EU-EPCIP
•
IRRIIS: Integrated Risk reduction of Information-based Infrastructure
Systems, funded by EU-FP6
•
MICIE: Tool for systemic risk analysis and secure mediation of data
exchanged across linked CI information infrastructures, funded by
EU-FP7
Some of the Projects with participation of
ENEA and/or CESI Ricerca (4/5)
•
CRESCO.LAIII: Sviluppo di Modelli di Simulazione ed Analisi delle
Reti Tecnologiche Complesse e delle loro Interdipendenze, funded by
MIUR-PON
•
GIACS: General Integration of the Application of Complexity in
Science, funded by EU-FP6
•
DIESIS: Design of an Interoperable European federated Simulation
network for critical Infrastructures, funded by EU-FP7
•
COST MP0801: Physics of Competition, Cooperation and Conflict,
funded by ESF 2008
•
TeRN: Sviluppo di sistemi di Early-Warning in Val d’Agri, funded by
Regione Basilicata
Some of the Projects with participation of
ENEA and/or CESI Ricerca (5/5)
•
NEISAS: National and European Information Sharing and
Alerting System, funded by EU-EPCIP
•
TRAMP: Sistema Integrato di Gestione e Controllo per il
TRAsporto in Sicurezza di Merci pericolose, funded by MIUR