130 likes | 246 Views
RIUNIONE ESPLORATIVA PER UNA CANDIDATURA ITALIANA ALL’INIZIATIVA EUROPEA ERN-CIP CYBERSECURITY. ENEA – Lungotevere Thaon di Revel, 76 – ROMA. Esperienza maturata in ERSE. G. Dondossola ERSE – Dpt. Sviluppo Sistema Elettrico. 9 Luglio, 2009. Background. Periodo: 20 anni Settore: elettrico
E N D
RIUNIONE ESPLORATIVA PER UNA CANDIDATURA ITALIANA ALL’INIZIATIVA EUROPEA ERN-CIP CYBERSECURITY ENEA – Lungotevere Thaon di Revel, 76 – ROMA Esperienza maturata in ERSE G. Dondossola ERSE – Dpt. Sviluppo Sistema Elettrico 9 Luglio, 2009
Background • Periodo: 20 anni • Settore: elettrico • Aree di attività • Specifiche formali, Validazione e Verifica Sistemi Real Time • Sistemi Distribuiti, Reti di comunicazione, Architetture ICT Automazione Stazione e Sistemi SCADA • Performance, Dependability, Cyber Security CIIP • CIIP - Risk Assessment • CIIP - Testbeds
Critical Information Infrastructure Protection – CIIP • Infrastructures owned/operated/used by Power Utilities • Fundamental to national and international • Security • Economy • Quality of life
Critical Utility InfrastructurAL Resilience CESI RICERCA communication network electricity grid http://crutial.cesiricerca.it FP6-2004-IST-4-027513 CRUTIAL is a RTD Project in the area of Critical Information Infrastructure Protection launched by the European Union under the Information Society Technologies priority of the Sixth Framework Programme. The project addresses new networked ICT systems for the management of the electric power grid, in which artefacts controlling the physical process of electricity transportation need to be connected with information infrastructures, through corporate networks (intranets), which are in turn connected to the Internet. CRUTIAL’s innovative approach resides in modelling interdependent infrastructures attempting at casting them into new architectural patterns resilient to both accidental failures and malicious attacks • Objectives • Investigation of models and architecturesthat cope with openness, heterogeneity and evolvability endured by electrical utilities infrastructures • Analysis of critical scenarios which ICT faults provoke serious impact on the controlled electric power infrastructures • Evaluation of distributed architectures enabling dependable control and management of the power grid Work Packages WP1 Identification and description of Control System Scenarios WP2Interdependencies modelling WP3Testbed development WP4 Architectural solutions WP5 Analysis and evaluation of Control System Scenarios WP6 Dissemination WP7 Management
Standards • NERC, IEC, IEEE, NIST, ISA • IEC 62351 - TC 57 WG 15 – Network Security, Protocol Security • ISA WG4 TG5 – Security Metrics • Cigrè – WG D2.22 – Information Security • Å. Torkilseng, S. Duckworth: "Security Frameworks for Electric Power Utilities - Some Practical Guidelines when developing frameworks including SCADA/Control System Security Domains", Electra, No. 241, December 2008. • G. Dondossola: “Risk Assessment of Information and Communication Systems - Analysis of some practices and methods in the Electric Power Industry”, CIGRÉ Electra, No. 239, August 2008. • M. Tritschler, G. Dondossola: “Information Security Risk Assessment of Operational IT Systems at Electric Power Utilities”, Paper D2-01 D03, Cigré D2 Colloquium, October 21-22, 2009, Fukuoka, Japan. • A. Bartels, L. Piètre-Cambacédès, S, Duckworth: “Security Technologies Guideline – Practical Guidance for Deploying Security Technology within Electric Utility Data Networks”, Electra, No. 244, June 2009. • L. Piètre-Cambacédès, T. Kropp, J. Weiss, R Pellizzonni: “Cybersecurity standards for the electric power industry – a survival kit” – Paper D2-217, CIGRÉ Paris Session 2008, France • G. Ericsson, A. Bartels, D. Dondossola, Å. Torkilseng: “Treatment of information security for electric power utilities – progress report from Cigré WG D2.22” Paper D2-213, Cigré Paris 2008 Session, France
Exploitation • at industrial level • To support the sector industry – decision processes and technological development - with security know-how • To set-up and experiment realistic attack scenarios • To mitigate the vulnerabilities of the standard application protocols (e.g. IEC 60870-6, IEC 60870-5-104, IEC 61850) • To facilitate the development of cyber security standards, guidelines and practices for industrial usage (e.g. NERC,, IEEE, NIST, ISA, IEC 62351 under development by the WG15-TC57) • To assess the capability of secure and redundant architectures to tolerate the threat hypotheses • To develop advanced technological solutions and tools • To offer a cyber securitytesting infrastructure for advanced SCADA, automation and control systems • To support risk assessment with statistics from experiments • To support on-line security analysis with monitoring, detection and recovery modules • at research level • To feed in model based evaluations with experimental measures
Sicurezza Infrastruttura Elettrica Sicurezza Elettrica Piani di difesa flessibili/integrati/ multioperatore Esercizio Sistema Elettrico Risk Management grazie Linee di difesa stratificate controlli stratificati Protezione ICT