online identification of Failure and Attack on interdependent Critical InfrastructurES
Funded by the EU FP7 (HOME/2011/CIPS/AG/4000002115)
Modernization of critical infrastructures is causing important architectural complexities with strong dependences on information systems. The need to integrate distributed automatic systems with the capability to prevent and mitigate anomalous situations is imminently necessary so as to ensure an acceptable level of protection. These anomalous situations can become: from hardware/software errors to failures, natural incidents, accidents and attacks (either physical and cyber attacks).
The FACIES project  therefore aims to the provision of distributed and automatic preventive solutions that help underlying systems guarantee their resilience and survivability at all times. This way, it is possible to offer a robust cooperation between entities which can share data streams irrespectively of the situation; i.e. either a normal situation or a threatening situation. This also means to foresee concrete solutions able to improve information management, delivering useful hints for information sharing during crisis situations, in addition to facilitating cooperation between public authorities and private entities under a continued control of threats.
Given that the vast majority of critical infrastructures are controlled by SCADA systems, the goals to achieve by NISC Lab within the FACIES project are twofold. On the one hand, NICS is in charge of addressing the detection of anomalies  and stealth attacks  in SCADA systems, as well as the provision of a SOTA related to advanced automatic detection  and response  for these of types of threats. On the other hand, NICS Lab has actively collaborated with the rest of partners for discussion and resolution on-going of existing problems, data dissemination, integration of solutions and validation in laboratory.
- "FACIES: online identification of Failure and Attack on interdependent Critical InfrastructurES",
European CIIP Newsletter, vol. 7, European_CIIP_Newsletter, pp. 11-13, Nov 2013.
FACIES aims to protect water treatment systems and their control systems against accidental or intentional incidents such as failures, anomalies and cyber-attacks with a particular emphasis on stealth attacks.
- "Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection",
Computer Standards & Interfaces, vol. 36, issue 3, Elsevier, pp. 501-512, 2014. DOI (I.F.: 0.879)
Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.Impact Factor: 0.879Journal Citation Reports® Science Edition (Thomson Reuters, 2014)
- "Towards Automatic Critical Infrastructure Protection through Machine Learning",
8th International Conference on Critical Information Infrastructures Security, vol. 8328, Springer, pp. 197-203, 2013. DOI
Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology
- "Cyber Stealth Attacks in Critical Information Infrastructures",
IEEE Systems Journal, vol. 12, issue 2, IEEE, pp. 1778-1792, 06/2018. DOI (I.F.: 4.463)
Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.Impact Factor: 4.463Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
- "Awareness and Reaction Strategies for Critical Infrastructure Protection",
Computers and Electrical Engineering, vol. 47, issue October, Elsevier, pp. 299-317, 2015. DOI (I.F.: 1.084)
Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.Impact Factor: 1.084Journal Citation Reports® Science Edition (Thomson Reuters, 2015)