Technologies for Critical Infrastructure Protection on cyber-attacks
Funded by the Spanish Ministry of Industry (AVANZA I+D program) within the National Plan of Scientific Research, Technological Development and Innovation (2008-2011) and FEDER (TSI-020302-2008-46 y TSI-020302-2009-10)
PROTECT-IC is mainly focused on providing security mechanisms for critical control systems in charge of monitoring and protecting other critical infrastructures, such as electric energy systems . This protection includes the design of a sustainable and robust control network based on property remote terminal units and specialized protection mechanisms to face any type of anomaly caused within the system, such as failures or threats. The implementation of these mechanisms supposes the analysis of events and alarms, the design of auditing services and forensic mechanisms in order to detect and explain in detail the whole sequence of involved events.
NICS has played an important role in the execution of several tasks and, of course, it has participated in the leadership of one of the main workpackages of this project, in particular on the forensic services for critical infrastructures . To be more precise, NICS Lab has collaborated in the localisation of the most vulnerable and threatened points in the system, in the specification and design of a control network composed by different technologies and communication systems , standards, protocols and security mechanisms , as well as in the performance assessment when different security mechanisms and control processes are concurrently used.
Regarding to the forensic part, NICS Lab has been very involved in the identification and classification of preventive mechanisms and forensic techniques for critical environments. These activities have been the basis for the definition of a specific forensic methodology and the implementation of a forensic mechanism. Finally, NICS has participated in the validation process to analyze its feasibility in real environments, and more specifically, in a remote substation provided by Endesa.
- "Secure SCADA Framework for the Protection of Energy Control Systems",
Concurrency and Computation Practice & Experience, vol. 23, no. 12, John Wiley & Sons, Inc., pp. 1414-1430, Aug 2011. DOI (I.F.: 0.636)
Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular bene¯ts of the integration of those new technologies, and also the e®ects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of di®erent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.Impact Factor: 0.636Journal Citation Reports® Science Edition (Thomson Reuters, 2011)
- "Early Warning System for Cascading Effect Control in Energy Control Systems",
5th International conference on Critical Information Infrastructures Security (CRITIS’10), LNCS 6712, Springer, pp. 55-67, September, 2010.
A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.
- "Acceso seguro a redes de sensores en SCADA a través de Internet",
XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 337-342, September, 2010.
Las Infraestructuras Críticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisición de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria está actualmente demandando la integración en el modelo tradicional de dos avances tecnológicos: Internet y las redes de sensores inalámbricas. Sin embargo, su incorporación requiere analizar los requisitos de seguridad que surgen en dicho contexto, así como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimización) y, en base a estos, la estrategia de integración más adecuada para satisfacer dichos requisitos. Este artículo proporciona dicho análisis en profundidad con el fin de ofrecer un modelo de integración seguro adecuado para entornos críticos.
- "Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems",
6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), Springer-Verlag, pp. 86-94, September, 2009. DOI
SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.
Research Project Funded by: