Technologies for Critical Infrastructure Protection on cyber-attacks

Funded by the Spanish Ministry of Industry (AVANZA I+D program) within the National Plan of Scientific Research, Technological Development and Innovation (2008-2011) and FEDER (TSI-020302-2008-46 y TSI-020302-2009-10)
Duration: 01/01/2008 to 31/12/2010

Project Overview: 

PROTECT-IC is mainly focused on providing security mechanisms for critical control systems  [1] in charge of monitoring and protecting other critical infrastructures, such as electric energy systems . This protection includes the design of a sustainable and robust control network based on property remote terminal units and specialized protection mechanisms to face any type of anomaly caused within the system, such as failures or threats. The implementation of these mechanisms supposes the analysis of events and alarms, the design of auditing services and forensic mechanisms in order to detect and explain in detail the whole sequence of involved events.

NICS has played an important role in the execution of several tasks and, of course, it has participated in the leadership of one of the main workpackages of this project, in particular on the forensic services for critical infrastructures [2]. To be more precise, NICS has collaborated in the localization of the most vulnerable and threatened points in the system, in the specification and design of a control network composed by different technologies and communication systems [3], standards, protocols and security mechanisms [4], as well as in the performance assessment when different security mechanisms and control processes are concurrently used.

Regarding to the forensic part, NICS has been very involved in the identification and classification of preventive mechanisms and forensic techniques for critical environments. These activities have been the basis for the definition of a specific forensic methodology and the implementation of a forensic mechanism. Finally, NICS has participated in the validation process to analyze its feasibility in real environments, and more specifically, in a remote substation provided by Endesa.


  1. Citekey Alcaraz2011a_ChapterBook not found
  2. C. Alcaraz, A. Balastegui, and J. Lopez, "Early Warning System for Cascading Effect Control in Energy Control Systems", In 5th International conference on Critical Information Infrastructures Security (CRITIS’10), LNCS 6712, Springer, pp. 55-67, September, 2010. More..


    A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.

  3. C. Alcaraz, R. Roman, P. Najera, and J. Lopez, "Acceso seguro a redes de sensores en SCADA a través de Internet", In XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 337-342, September, 2010. More..


    Las Infraestructuras Críticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisición de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria está actualmente demandando la integración en el modelo tradicional de dos avances tecnológicos: Internet y las redes de sensores inalámbricas. Sin embargo, su incorporación requiere analizar los requisitos de seguridad que surgen en dicho contexto, así como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimización) y, en base a estos, la estrategia de integración más adecuada para satisfacer dichos requisitos. Este artículo proporciona dicho análisis en profundidad con el fin de ofrecer un modelo de integración seguro adecuado para entornos críticos.

  4. C. Alcaraz, et al., "Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems", In 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), Springer-Verlag, pp. 86-94, September, 2009. DOI More..


    SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.

Research Project Funded by: