Final Report Summary - SCOUT (Multitech SeCurity system for intercOnnected space control groUnd staTions)
Executive Summary:
SCOUT (Multitech SeCurity system for intercOnnected space control groUnd staTions) is a project funded by the European Commission in the 7th Framework Programme with Grant Agreement #607019. This framework programme, which is the previous of the current Horizon 2020 programme (H2020), supported research and development activities resulting in new knowledge, new products and services, and also in non-technological and social innovation. The SCOUT project is a proposal submitted to the Call FP7-SEC-2013-1, in the topic “SEC-2013.2.2-5 Security of ground based infrastructure and assets operating space systems”.
The SCOUT system uses multiple innovative and low impact technologies for the protection of space control ground stations against physical and cyber attacks.
The SCOUT system consists of three different subsystems: SENSNET for physical attack detection; CYBERSENS for cyber attack detection; RECOVER for automatic restoration and reconfiguration of the space control ground station network in case of physical or cyber attacks. Finally, the SCOUT Main Control Unit manages and coordinates the functionalities of the three SCOUT subsystems. It is composed of a data processing unit that collects and processes data coming from SENSNET and CYBERSENS to create situational awareness picture and decide countermeasures to be applied by the RECOVER subsystem. It is completed a risk assessment tool, to identify the vulnerabilities of the ground station against physical and cyber attacks.
Project Context and Objectives:
The main goal of SCOUT is the study, design and assessment of a security system based on multiple technologies to protect space control ground stations and the satellite links against physical and cyber attacks, and to activate automatic restoration and intelligent reconfiguration mechanisms in case of failure concerning the ground stations networks and the satellite links.
The SCOUT Project is an answer to the Call SEC-2013.2.2-5 “Security of ground based infrastructure and assets operating space systems – Capability Project”. The task is to assess the vulnerabilities of the space control ground stations, in particular those used by earth observation and satellite navigation systems, and secure communication links to satellites which are seen as critical infrastructure and when possible to propose new methods of protection without making strong assumption about the satellite itself. Regarding the definition of critical infrastructure, we can refer to the document “Critical Infrastructure Protection in the fight against terrorism – COM (2004) 702”: Critical infrastructures consist of those physical and information technology facilities, networks, services and assets which, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens or prevent the effective functioning of governments in the Member States. Critical infrastructures extend across many sectors of the economy, including banking and finance, transport and distribution, energy, utilities, health, food supply and communications, as well as key government services. In this scenario, the project provides a security system for protecting these critical infrastructures against physical and cyber attacks by ensuring an efficient and continuous functioning of the services of the governmental assets and of the citizens, which are based on satellite communications. The SCOUT project is based on the use of multiple innovative and low impact technologies for the protection of space control ground stations and the satellite links against physical and cyber attacks. It also considers the ground station network intelligent reconfiguration in case of failure due to physical or cyber attacks.
The SCOUT system consists of three different subsystems: SENSNET for physical attack detection; CYBERSENS for cyber attack detection; RECOVER for automatic restoration and reconfiguration of the space control ground station network in case of physical or cyber attacks. Finally, the SCOUT Main Control Unit manages and coordinates the functionalities of the three SCOUT subsystems. It is composed of a data processing unit that collects and processes data coming from SENSNET and CYBERSENS to create situational awareness picture and decide countermeasures to be applied by the RECOVER subsystem. It is completed a risk assessment tool, to identify the vulnerabilities of the ground station against physical and cyber attacks.
To achieve SCOUT project, the following specific objectives have to be reached:
− Objective 1. Define the operative and system requirements.
− Objective 2. Define and develop two risk analysis tools, one devoted to physical intrusions and the other to cyber attacks.
− Objective 3. Define an architectural solution for the SCOUT systems.
− Objective 4. Study, design and analyse a scalable distributed multi-sensor network for protection against physical attacks.
− Objective 5. Study, design and analyse a distributed telecommunication network sensing system, for the detection and protection of telecommunication links against cyber attacks.
− Objective 6. Study, design and analyse a management network system for automatic restoration and intelligence reconfiguration of a space control ground station network.
− Objective 7. Study, design and analyse a centralized Main Control Unit to manage and coordinate the functionalities of the three SCOUT subsystems.
− Objective 8. Develop a proof of concept demonstrator
− Objective 9. Define a roadmap for the exploitation of the SCOUT project results.
SCOUT consortium comprises nine partners: Italian National Consortium for Telecommunications (CNIT) from Italy, Vitrociset spa from Italy, Fraunhofer from Germany, MetaSensing from Netherlands, Warsaw University of Technology from Poland, LNDES at the Usikov Institute of Radiophysics & Electronic, National Academy Sciences of Ukraine (LNDES - IRE NASU) from Ukraine, Universidad de Alcalà (UAH) from Spain, OESIA from Spain, Agenzia Spaziale Italiana (ASI) from Italy.
Project Results:
4.1.3 A description of the main S&T results/foregrounds
The SCOUT consortium has devised a structured 36 months' work plan, in order to enable the accomplishment of all the project objectives. Nevertheless, ASI unavailability of CGS (Centro di Geodesia Spaziale - CSK satellite control site) facilities to deploy the SCOUT trial in June 2017 led the SCOUT consortium to request an amendment to extend the duration of the originally submitted proposal by an additional six months (overall 42 months of project lifetime). New dates for the experiments have been scheduled on the last week of September and the first week of October 2017. A pre-testing phase was also planned for the end of July 2017, via remote connections of all the SCOUT subsystems.
The workplan is structured on the basis of seven major work areas, which form work packages. In terms of their timing these work areas can be clustered into the following three categories:
1. Horizontal work packages spanning the whole duration of the project. These work packages deal with umbrella areas that are pertinent to all the activities of the SCOUT projects. Such umbrella areas are: (a) The project management work package, which will ensure the proper administrative, scientific and quality management of the project. These management activities are applicable to all activities of the project, (b) Activities associated with ethical management, legal and societal aspects, which are also relevant to all the technical activities of the project. In this way the SCOUT workplan take provisions to make all results to be in-line with ethical and societal management principles and privacy mandates and (c) Dissemination and exploitation activities, spanning almost the whole duration of the workplan (except from an initial lag of a few months). Dissemination and exploitation activities are also relevant to all the rest technical results of the project, since they will be trying to promote the project’s results, while also ensuring their sustainability.
2. Technological development work packages, dealing with the core RTD areas of the project, such as the design and analysis of the whole SCOUT system including the architecture definition, the risk analysis tools, the three main subsystems (SENSNET, CYBERSENS, RECOVER) and the Main Control Unit (MCU). The objective is to enable the project to produce its main deliverables well in advance before the end of the project, with a view to facilitate the timely and systematic integration, validation and evaluation of the approach.
3. Integration, validation, testing and evaluation activities. The integration phase is represented by the design and realization of the SCOUT demonstrator. Instead the validation and test assessment is accomplished by suitable experiments on test sites aimed to show the capability of the proposed systems. These activities start prior to the conclusion of the technical developments of the project and run for the rest of the project duration. The rationale is to enable early commencement of the integration tasks, in order to be able to remedy potential problems, while also producing multiple iterations of the SCOUT integrated framework.
Overall, SCOUT is organized in 7 work packages (WPs) each with a set of deliverables. The WPs follow the logical phases of the implementation of the project and include project management and assessment of progress and results. The WPs have been identified with appropriate leaders and contributors reflecting the skill sets of the consortium. Each WP requires scientific and technological collaborations between the participating partners and integration of their methods. The WP leader that will monitor progress and ensure continuous communication and updating among all the partners will lead each WP. The management (WP1) will ensure the connections between the different WPs as illustrated in the pert chart and will be responsible of controlling the overall project.
In terms of the timing of the work, the first step of the work plan was to analyse, with both the internal (i.e. as partner) end-user and Advisory Board, the best and common practice to short-term anticipate, prevent and respond to potential intrusion and cyber attack of space control ground stations, and to prioritize some key scenarios of typical intrusion or cyber attacks starting from the analysis of some recent and common situations in which the analysis of the used unauthorized invasion strategy and informatics hackering will be done. The scope was to extract the required capabilities through an in-depth gap analysis (WP 2-3).
The second step concerned the study, design and analysis the SCOUT system. The use of innovative sensors and their combination to other existing (RFID and infrared camera) match the operative requirements and to have an effective monitoring of the surveillance area by exploiting the complementary characteristics and performance of the sensor suite. Moreover, use of the most recent and efficient cyber attack detection based on honey net methodology match the expecting level of informatics protection. A risk assessment approach is used for the design of the system by a quantitative analysis of risk situation with proper defined tools. High performance in prediction, detection and tracking of threats is also achieved by combining data from different heterogeneous sensors according to a multi source data fusion grid. Moreover, decision aid system based on Q-AI and GUI presentation were also developed to improve the global situational awareness through the COP (Common Operational Picture) and the local situational awareness through the CROP (Common Reduced Operational Picture) in terms of spatial and temporal coverage of the area of interest, as well as the confidence in which the presence of a threats is declared.
The third and final step (partially in parallel to 2nd step) was the assessment of the operational concept through the development of a technological demonstrator (WP5) mainly designed for the specific use case of the protection of the space control ground station against physical and cyber intrusions, permitting an overall performance assessment, including integration and interoperability of all the subsystems and components, starting from the definition and prioritization of some realistic scenarios in accordance with a rigorous methodology of scenario sketching and field trial planning, testing and assessment (WP5.6).
In order to ensure that all project activities were fully compliant with ethical, privacy and data protection issues, as well as issues regarding the access to security restricted information, two dedicated tasks (WP2.1 WP7) were introduced and defined. Ethical management had therefore a prominent position within the SCOUT workplan.
Finally, two specific WPs for respectively project management and dissemination/exploitation have been defined:
• WP1 aimed at reaching technical, organisational and financial achievement, setting up the decision-making structure and bodies. It also takes care of the management of the communication flow within the Consortium and towards the commission services, monitoring appropriateness of work, as well as prompt achievement of project deliverables. WP1 handles the overall legal, contractual, financial and administrative issues.
• WP6 dealing with all the required activities towards effectively managing and facilitating the dissemination and exploitation of project results.
The list presented below reports the main outcomes achieved during the SCOUT project related to the objectives presented in the project proposal:
− Outcome 1. A detailed definition of operative and system requirements has been carried out, that are the requirements of the critical infrastructure protection system.
− Outcome 2. A risk assessment tool, which combines physical risk and cyber risk analysis has been developed. This tool is an implementation of a methodology, specifically defined for the project, which is based on the well known “Magerit” methodology.
− Outcome 3. The architecture of SCOUT system has been defined. The skeleton of the system architecture was included in the proposal, but during the project development, the architecture has been refined to take the acquired knowledge into consideration. The architecture of SCOUT is an important outcome of the project, and its intellectual property could be protected.
− Outcome 4. A distributed multi-sensor network for the protection against physical attacks has been designed, constructed and tested. This subsystem has been called SENSNET, and it is a distributed sensor network built with sensors that have the power to process the acquired signal to create their own situational awareness. The general situational awareness is constructed by combining the knowledge generated by each sensor. The sensors used in this network have been developed during the project or are part of the knowledge background of the project partners. The developed sensor, and the multi-sensor network could be exploited by the project partners.
− Outcome 5. A distributed telecommunication network sensing system has been designed, analysed (CYBERSENS), and used for the detection and protection of telecommunication links against cyber attacks.
− Outcome 6. A management network system for automatic restoration and intelligent reconfiguration of a space control ground station network has been designed, developed, and tested. This subsystem is called RECOVER.
− Outcome 7. One of the main results of SCOUT is the “Main Control Unit”, designed to manage and coordinate the functionalities of the three SCOUT subsystems. The Main Control Unit is based on artificial intelligence paradigms and can be considered as the brain of SCOUT.
− Outcome 8. All the subsystems of SCOUT have been individually built, and assembled, to obtain a proof-of-concept demonstrator, which has been tested in a relevant scenario.
− Outcome 9. The overall TRL of SCOUT is between 5 and 6, depending on the considered subsystems. A brief roadmap for exploitation has been proposed.
More detailed results for each of the proposed outcomes are presented in the following paragraphs.
4.1.3.1 Outcome 1 - Operative and system requirements definition
✓ Reference scenario definition: the reference scenario has been introduced for SCOUT system performance assessment via simulation. The selected reference scenario is the Fraunhofer TIRA radar station (Wachtberg, Germany).
✓ Demonstration scenario: the demonstration scenario has been introduced for SCOUT experimental validation. The selected site is the ASI Space Geodesy Centre (Matera, Italy).
✓ The operative requirements have been formulated taking into consideration the different nature of threats (physical or cyber). The operative requirements have been structured into three groups, specifically related to:
• Physical threats detection and prevention (PHY)
• Cyber threats detection and prevention (CYB)
• Ground station communication system recovery mechanisms (REC)
✓ Performance requirements have been defined in order to achieve the operational objectives and to identify the performance parameters of each system functionality;
Performance requirements have been structured into three groups related to:
• The SENSNET subsystem
• The CYBERSENS subsystem
• The RECOVER subsystem
4.1.3.2 Outcome 2 – Risk analysis tools
✓ The design and development of the Risk Analysis Tools have been done in parallel to the design and development of the SCOUT architecture, therefore Risk Analysis has been performed considering two use cases (TIRA and ASINET) that are examples of critical infrastructures.
✓ The tool is organized in two separate modules, one for physical security risk analysis and the other one for cyber security risk analysis.
✓ A common methodology has been identified for the design and development of the tools: facility characterization and assets analysis, threats analysis and security vulnerability assessment, and, finally, ad-hoc software creation.
✓ The risk analysis tool is based on the combined use of Spreatsheets and Databases, with a module to interchange information. The tool uses data initially inserted by the user with a friendly interface.
✓ This tool has been validated with the definition of a theoretical scenario. Although this scenario is completely theoretical, it is closely related to the demonstration scenario of SCOUT.
4.1.3.3 Outcome 3 – SCOUT architecture
✓ The SCOUT architecture has been defined in details taking into account the system requirements resulting from WP2 activities;
✓ The functionalities and the interactions of the main SCOUT subsystems (SENSNET, CYBERSENS, RECOVER, MCU and RISK ASSESSMENT) have been detailed.
The main units composing the system are:
• MCU (Main Control Unit): this subsystem is devoted to the management, display, and identification of the actions to be performed when an attack is performed; in some cases the MCU can autonomously implement the identified reactions.
• Risk Assessment Unit: this subsystem is in charge of identifying the level of risk associated with the potential threats (cyber and physical ones);
• SENSNET: is a scalable multisensor network devoted to the protection of the space ground base station against physical attacks;
• CYBERSENS: is a distributed sensor network devoted to the detection of cyber attacks to the space control ground station network;
• RECOVER: is a network management system devoted to the automatic reconfiguration of the space control ground station network in case of physical or cyber attacks
4.1.3.4 Outcome 4 – SENSNET subsystem
✓ The SENSNET general architecture and the involved sensors have been defined;
✓ SENSNET requirements have been reviewed in terms of range coverage; the associated sensor technologies have been specified;
✓ The defined case study has been detailed in terms of sensors positioning, infrastructures, digital elevation maps, available illuminators, targets of interest, risk levels definitions.
✓ A study about positioning techniques has been presented to define the basic guidelines for the design of the different sensor networks to fulfil the defined requirements in the defined case study.
✓ Studies about different data link architectures have been summarized to guide the design of the data link network: data format, transfer protocol, transmission medium.
✓
4.1.3.5 Outcome 5 – CYBERSENS subsystem
✓ Definition and design of the CYBERSENS architecture. Cyber attacks detection involves the following phases:
• Collection phase: this phase includes the deployment of network and host probes and the collection of data that will be fed later to the detection engine.
• Aggregation phase: as it is not feasible to process raw data collected from probes, dimensionality reduction and aggregation techniques are applied before performing actual detection on the data.
• Detection phase: misuse and anomaly detection methods are applied to detect malicious behaviours in the system. This process includes privacy preservation techniques that allow to detect anomalies while protecting sensitive data collected from each probe.
• Alert phase: every time an anomaly is detected, appropriate measures have to be taken. To do so, CYBERSENS must communicate with the MCU sending alerts and information about the detected incident.
✓ Definition and design of the Anomaly Detection and Misuse Detection architectures
✓ Development of a novel privacy-aware distributed architecture for network monitoring
✓ Development of novel anomaly detection techniques based on distributed approaches
✓ Study and design of the Misuse based IDS.
4.1.3.6 Outcome 6 – RECOVER subsystem
✓ Threats, cyberattacks and intrusions have been analyzed for the characterization of the RECOVER functionalities. The aim is the definition of “IF” “THEN” relationships, i.e. actions that are accomplished when conditions are satisfied;
✓ The techniques used to change the topology of the network in order to recover the communication in case of an attack affecting the network have been taken into account. Physical and cyber- attacks have been considered and proper countermeasures defined at high level. Accordingly, RECOVER capabilities have been defined and high level functionalities of the RECOVER subsystem have been specified;
✓ The design of the RECOVER subsystem has taken into account different alternatives in order to fulfil system requirements and functionalities;
✓ The general architecture for the RECOVER subsystem based on the SDN (Software Defined Network) paradigm have been proposed;
✓ The SDN controller has been designed following a flexible, modular approach;
✓ Interfaces for the interaction between the RECOVER subsystem and the other SCOUT subsystems have been specified.
4.1.3.7 Outcome 7 – MCU subsystem
✓ The role of the MCU is to manage and coordinate the operations of the three main SCOUT subsystems. Specifically, the MCU functionalities are:
o Input aggregation and analysis;
o Simulation of effects of attacks and countermeasures;
o Management of historical data;
o Decision making on the basis of processed inputs;
o Decision support for most critical decisions;
o Visualization of alarms and their risk level;
o Alert on automatic controls performed to preserve data transmission integrity and security.
✓ The MCU has three main submodules:
o Shared Data Unit (SDU): is the unit that gathers all the incoming data into a memory space that is shared among the MCU elements;
o Decision and Control Unit (DCU): executes data analysis on the data provided by the other SCOUT modules. The DCU provides decisions in two formats: automatic decision if they are not critical and safe, or suggest operations to be done by the human operator if the decision is critical or unsafe for the integrity and efficiency of the communication channel;
o Graphical User Interface (GUI): is the front end that connect users with the SCOUT system. Its main purpose is to show the status of the security of the Satellite Ground Station, or “Common Operating Picture”, in order to provide a situation awareness of both physical and cyber attacks. In the meantime, the GUI will allow user interaction and will provide user the possibility to provide commands to the system.
4.1.3.8 Outcome 8 – SCOUT demonstrator
✓ The SCOUT demonstration has been deployed from September 25th, 2017 to October 6th, 2017 at the Spatial Geodesy Centre of the Italian Space Agency (ASI CGS) which is located along the provincial road that connects Ginosa to Matera, close to the administrative border between the Italian southern regions of Basilicata and Puglia.
✓ The SCOUT demonstrator has been designed as a reduced version of the complete SCOUT system with the aim to verify major SCOUT functionalities. The main SCOUT subsystems are highlighted:
o SENSNET: A distributed multisensor network for the detection of physical attacks.
o CYBERSENS: a distributed sensor network for the detection of cyberattacks. To satisfy the demonstration requirements, the following resources have been made available: CYBERSENS server, host probes, network probes, VPN network communication, check-if-alive service, honeynet, and a packet normalization tool and communications component. Each subcomponent will be described technically in this document.
o RECOVER: A management network system for automatic restoration and intelligence reconfiguration of the space control ground segment network.
o
4.1.3.8.1 SENSNET subsystem
The SENSNET demonstrator activity was focused on surface monitoring for detecting authorized vehicles or people trying to access non-authorized areas. The surveillance inside the base was achieved by implementing the following functionalities:
✓ Detection of moving objects;
✓ Classification of detected targets as terrestrial vehicles or humans;
✓ Check the behaviour of vehicles inside the facilities area.
The SENSNET demonstrator exploited a subset of all the sensors considered in the SCOUT theoretical study.
During the trial, the main goal was to test and verify the effectiveness of the cooperation of the selected sensors in order to improve the protection of the satellite ground base station against physical attacks. The sensors involved during the trial were:
✓ A passive bistatic radar exploiting UHF DVB-T signals of opportunity used for medium range early warning;
✓ A noise radar operating in C-band for short range detection;
✓ A noise ground-based SAR radar operating in Ka-band used for short range detection of moving targets;
✓ A high resolution radar operating in Ku-band able to produce radar images of the target used for classification purposes;
✓ RFID network able to identify the presence of cooperative targets (i.e.: employers).
✓ The data acquired by the sensors were transferred to the S-MCU in charge of signal and data processing. Specifically, the Data Fusion (DF) routine was fed with the data produced by the sensors devoted to surveillance (PBR, C-band noise radar, GB noise SAR). The fused output was then passed to the MCU in order to identify potential threats. The detection of information related to the potential dangerous target was transferred to the Target Classification Management routine (TCM). The TCM applies ISAR (Inverse Synthetic Aperture Radar) techniques and micro-Doppler analysis (STFT – Short Time Fourier Transform) to the Ku-band high resolution radar data in order to produce suitable data for the target classification. ISAR and STFT images were exploited by the classifier in order to distinguish between car and human being. The classifier input and output data were transferred to the SCOUT MCU in order to activate a warning in the operator’s GUI. The overall SENSNET implementation taking into account the hardware implementing each functionality and the interaction among the different subsystems is represented.
✓ It must be outlined that the sensor GB noise SAR developed by LNDES, has not taken part to the demo in Matera, therefore the related experimental results were not integrated in the online behaviour of the SCOUT demo. However, the GB noise SAR have been described in the reports in order to show the capabilities of this sensor.
PBR – Sensor (A)
During the trials different types of targets were observed: small passenger cars, trucks, pedestrians and drones. presents an example of truck echo collected during the trials. The results of truck echo is visible on the range-velocity plane. In the tested scenario the truck was moving on a road several hundred meters away from the ASI area. The truck echo visible at around 20m/s bistatic velocity and 500m bistatic range.
During the SCOUT trials passive radar was capable of detecting and tracking the small drone up to several hundreds of meters. The data from the passive radar has been sent to the data fusion server and merged with data from different sensors and correlated with onboard GPS trackers. It has been confirmed that the vicinity of the critical infrastructure can be successfully monitored using passive radar.
Results showed that passive radar sensor can be successfully used in the future as one of the novel sensor technology to protect the critical infrastructures against physical threats. The passive radar is able to detect and track a wide spectrum of targets including ground moving object, such as vehicles or human being, as well airborne targets including planes, rockets and targets with relatively small radar cross section (RCS) like small drones
C-band Noise Radar – Sensor (B)
The NR – Sensor B has been used during the SCOUT trials for testing the possibility of detecting different targets, as people and cars inside ASI perimeter. During the SCOUT trials, detection of vehicles and people inside the protected facility have been proven with this sensor.
Results showed that noise radar sensor can be successfully used in the future as one of the novel sensor technology to protect the critical infrastructures against physical threats. The noise radar is able to detect and track a wide spectrum of targets including ground moving object, such as vehicles or human being. The potential of this technology is vast and in the near future real operational noise radars will be used as a sensor to protect various types of critical infrastructure
Ka-band GB Noise SAR – Sensor (C)
Sensor C, Ka-band GB Noise SAR trials have been carried out in the premises of the IRE NASU (Kharkiv). Two types of validations have been carried out, indoor and outdoor. Indoor validation and Outdoor validation. The main objective of the indoor measurements was: to verify that both the hardware of the Ka-band GB SAR and the radar signal processing software perform adequately with moving targets. The outdoor trials of the LNDES 8mm GB SAR radar were carried out in the grounds of LNDES mother organization, IRE. The goal was to detect still/moving objects with low radar cross-section against the ground.
RFID – Sensor (D/E)
During the trials, a number of passages of a cooperative tag brought by a volunteer have been carried out. We have verified that the RFID system was detecting the volunteer passages and consequently the DDS made available this information by activating a special tag “Rfidexternaldata”.
FastGBSAR – Sensor (F)
During the SCOUT trials, the FastGBSAR was used in RAR mode and therefore the radar unit was mounted on a tripod. The FastGBSAR was equipped with one transmitting and one receiving antenna (vertically polarized). During the tests, the FastGBSAR successfully detected intruders, such as cars, persons and even a small drone. The produced data was automatically sent to the ISAR processing stage in order to produce radar images of the targets for classification purposes.
S-MCU
The S-MCU subsystem was implemented by a workstation running two virtual machines, configured with Ubuntu Linux 64 bit OS (version 16.04) implementing the Data Fusion and the Target Classification routines. The S-MCU implementation was designed to work in online mode. The available sensors continuously monitor the area of interest and simultaneously the S-MCU code processes the new available sensor data. The effectiveness of the SENSNET subsystem has been extensively proven during the trials. Two reference results are reported in the following relatively to the data fusion and classification of a moving vehicle and a walking person.
4.1.3.8.2 CYBERSENS subsystem
As previously highlighted, CYBERSENS main functionalities are:
o Intrusion prevention/detection: it represents the core purpose of the subsystem and can be done by means of two different techniques: anomaly detection and misuse cases
o Privacy preserving data aggregation and export
o Traffic masking by encryption and traffic generation
o Attack deviation and redirection – Honeynet
o Self-protection
To satisfy these requirements, the following resources have been made available to the demonstrator: CYBERSENS server, host probes, network probes, VPN network communication, check-if-alive service, honeynet, packet normalization tool and communications component.
A specific testbed was built to simulate the most critical functionalities of the real ASI network. For clarity, only the four relevant sub-networks and relative hosts have been considered and described below:
o The MAPS network, which shows the acquisition facility of the system called MAPS Station part of the COSMO-SkyMed Mission.
o The USER network responsible of ASI User client connection for ordinary operations. The multisensor network devoted to the protection of the space ground based station against physical attacks, is also interconnected here to reach the SENSET server.
o The MAIN network also containing the GSE server (Ground Segment Emulator), used for application scheduling, processing and images distribution of the MAPS Station.
o BACKUP Network is a replication of MAIN network and contains a replicated copy of GSE server and a DMZE (Demilitarized Zone Emulator) providing outbound services. In this network an HONEYNET was installed to attract and collect novel and “0-day” attach for later study.
The results of each use case tested during the trials are reported in Table 1, where the Pass/Fail criteria have been applied to the test procedure table.
ID Description Output Result
1 Denial of service test: Launch SYN FLOOD attack Alert indicating a Denial of Service is shown in OSSIM graphical interface Pass
2 Check-if-alive test: shutdown GSE, DMZe or Honeypot machine (protected assets) Alert indicating Check-if-alive is shown in OSSIM graphical interface Pass
3 Malware behavior study: Launch massive amount of traffic from attacker machine Alert is generated in anomaly detection engine log file Pass
4 Malware attack mitigation: inject into network simulated Zeus malware attack on DMZe, GSE, or MAPS Alert indicating a malware attack is shown in OSSIM graphical interface Pass
5 Review OSSIM documentation, determine number of processed events per second Documentation establishes number of processed events per second is more than 1000, or configuration to accomplish that rate. Pass
Table 1 – CYBERSENS demo results
4.1.3.8.3 RECOVER subsystem
The main function of the RECOVER subsystem implemented into demonstrator was to apply different countermeasure in case of physical or cvber attacks so as to forward traffic along different paths through the various nodes of the ASI network.
More specifically, by controlling data paths different actions can be taken:
• Allow traffic flow;
• Drop traffic flow;
• Forwarding traffic flow.
The SCOUT demonstrator network infrastructure has been designed to be flexible enough to test the defined use cases scenarios. Non SDN layer 3 devices have been attached to the SDN cloud in order to simulate sparse geographical sites and remote attackers. As a central transit fabric for the communication among the remote sites and attackers the SDN cloud fulfil the critical role of handling all the packets related to this communication.
Tests have been performed for four different use cases and in all of them RECOVER fully achieved its own goals. The use cases designed and used to validate the Demonstrator are briefly described here:
1. DOS attack mitigation: in this case, the RECOVER subsystem must apply a countermeasure which has the aim to drop all the DoS traffic only and so restore the victim system functionalities.
2. Malware infection mitigation: in this scenario the RECOVER subsystem being informed about an infected machine communicating with a C&C (Command and Control) internet host must apply countermeasures in order to ensure the isolation of the C&C. Traffic will be filtered on the SDN device closer to the C&C and on the SDN device closer to the infected host.
3. Business continuity: in this scenario a fault detected by the CYBERSENS subsystem redirect the client-server traffic toward a backup server placed in another subnet. The SDN network intercept the original traffic and perform packet rerouting operations in order to maintain the transparency for the non-SDN devices (routers and client).
4. Malware behaviour study: this scenario is similar to the previous but malicious traffic directed to a server is rerouted toward an honey net in order to allow and facilitate the threat analysis.
4.1.3.8.4 MCU-DCU subsystem
The subsystem implemented on the Demo facility in Matera consisted in a Ubuntu Linux virtual machine running under the VMware server where the component of the Decision and Control Unit (DCU) are deployed. The deployed subsystem consists of the following components:
o shared folders for input data exchange using DDS infrastructure;
o shared folders for output data exchange via GUI;
o application for monitoring and managing alert coming using DDS infrastructure;
o web service for the managing of alert from CYBERSENS subsystem.
The following use cases have been successfully tested by the MCU:
1. Classification of vehicles approaching the facilities fence.
2. Classification of vehicles moving inside the facilities.
3. Classification of walking person moving inside the facilities.
4. A denial of service attack must be detected by Cybersens.
5. A well-known malware attack is detected.
6. Cybersens is able to detect a possible anomaly in the network (indicator of a malware attack going on).
7. Automatic Alert indicating an anomaly is generated and suited countermeasure is applied requesting confirmation to the Security Manager.
8. An unauthorized person walking inside and a DoS attack occurs.
9. An unauthorized person walking inside the facility while a malware behaviour is occurring.
The MCU subsystem includes also the system GUI which allows operators or surveillance employees to display and monitor several SCOUT features such as physical machines status, software agents behaviour, overall system health, and so on.
It is based on navigable web pages with hypertext content and provides a left menu made up of the following macro-sections:
• SECURITY which groups functionalities to monitor the SCOUT’s security in term of physical and cyber surveillance;
• SYSTEM which groups functionalities to manage and check hardware and software subsystems;
• SCOUT which groups functionalities to monitor SCOUT components in term of performances and operation.
An overview of the overall SCOUT status is provided in the home page and it is called dashboard. Since the GUI is a global monitoring system, we can even call it “SCOUT console”.
The most relevant part of the GUI is the cyber and physical notifications representation. Each intrusion event, be it physical or cyber, detected by sensors systems, is computed by the MCU, transformed into notification and then sent to the GUI.
Potential Impact:
The SCOUT system has shown the potential for highly improving early warning security within the considered critical infrastructure. The main improvements are summarised as follows:
o The SCOUT system provides a remote security system (SENSNET) that offers 3D volumetric surveillance, also including low flying aerial targets detection.
o The SENSNET uses low or null electromagnetic power emission sensors and can be considered a Low Probability of Intercept (LPI) system. It relies on the following technologies:
• Passive Bistatic Radars (PBRs), which make use of broadcast telecommunication signals already present in the environment without generating any other kind of waveform.
• Noise Radars, which emit signals under the noise level. They can be used to optimize the human beings detection capability, by using the innovative noise radar sensor to detect human beings breathing, heartbeats, and objects hidden under clothes.
• The SCOUT system also exploits typical sensors present in critical buildings, mainly RFID systems and infrared cameras, to maximize early warning.
• Radiometric SAR were also considered in the proposal, but a detailed study of the potential application of the Ka-band SAR developed in LNDES IRE NASU for the generation of radiometric images, revealed the necessity of long acquisition times that won’t allow achieving high enough frames update rates for monitoring the area under protection in real time scale.
o When possible and especially for PBRs, digital architectures based on Software Defined Radio (SDR) technologies have been used due to its high level of reconfigurability, flexibility, reliability and robustness. SDR boards already equipped with FPGA and down/up frequency converters have been used, that can be programmed to handle different bands for noise radar.
o SCOUT provides cyber security through the CYBERSENS subsystem, which is mainly based on the honeynet technology that is reliable and effective. Use of hardware and software probes with a certain level of redundancy increases the robustness of the cyber-attack protection subsystem.
o The RECOVER subsystem also makes use of distributed Smart Sensor Network paradigm, where the reconfiguration and control is governed by distributed logic. Specifically, the use of virtualization to simplify the underlying network/security architecture and introduce a higher level of abstraction by defining logical networks, logical edges and logical zones, is really an innovative technological solution.
The following table indicates briefly the accomplishment of the dissemination activities that were foreseen in the Dissemination Plan. It can be verified that all the dissemination activities have been carried out during the project development.
After analyzing the market, the possibilities for exploiting the SCOUT outcomes have been analysed. The different exploitation ways have different characteristics related to expected returns, required investment, and risk:
• Licensing. A license is an official permission to do, use or own something. The licensor is the part who grants a license under intellectual property laws to authorize a use to a license (using an invention, for example). Licensing has some advantages and disadvantages:
o Advantages: the owner of the patent or registered software (licensor) does not have to face the cost (investment) and risk associated to opining a new market.
o Disadvantages: a) The licensor lost the control over manufacturing, marketing, and strategy; b) the licensor lost the control over the know-how that is provided with the license;
Licensing is mainly used by research institutes and Universities, which cannot invest to put an invention into the market, or cannot control the intellectual property rights to avoid plagiarism.
The expected returns with licensing are low, but the required investment is low as well. The risk, as mentioned above, is also low.
• Research and development cooperation. In fact, this is the way in which the consortium has cooperated in SCOUT project. Some of the outcomes have been obtained with the cooperation of two or more partners, that must find the way to cooperate in the exploitation. The percentage in the profits can be related to the person months devoted to research and development, and the investment in marketing to open the market to the product.
The research and development cooperation allows partners to share the risk and the necessary investment. The profit is shared as well.
• Creating a Start-up. A start-up is a company, founded to develop a product or service for which there is a demand. This is the first stage in the operation of a company to exploit an emergent idea or product, and the main problem is that it is difficult to maintain the activity in the long-term, due to the limited revenue or high costs. The start-up is created to exploit a new product or idea. The expected incomes or revenues are not high, as it is at the beginning of exploitation. The risk is high, and the investment can also be high, because there is not cooperation with other partners to share the cost.
• Joint Venture. It is an agreement or joint company, created to carry out an activity that requires a big initial investment, and that will provide high revenues in the long term. It is an option to continue the activity of Start-ups. A joint venture allows to share the cost or necessary investment to grow the market and increase revenues.
• Selling products and services. This is the best option for big companies, which have the capability of making big investments to open new markets, and to exploit directly a product or development. The revenues can be very high, but the investment and risk is high too.
List of Websites:
http://www.scout-project.eu/
SCOUT (Multitech SeCurity system for intercOnnected space control groUnd staTions) is a project funded by the European Commission in the 7th Framework Programme with Grant Agreement #607019. This framework programme, which is the previous of the current Horizon 2020 programme (H2020), supported research and development activities resulting in new knowledge, new products and services, and also in non-technological and social innovation. The SCOUT project is a proposal submitted to the Call FP7-SEC-2013-1, in the topic “SEC-2013.2.2-5 Security of ground based infrastructure and assets operating space systems”.
The SCOUT system uses multiple innovative and low impact technologies for the protection of space control ground stations against physical and cyber attacks.
The SCOUT system consists of three different subsystems: SENSNET for physical attack detection; CYBERSENS for cyber attack detection; RECOVER for automatic restoration and reconfiguration of the space control ground station network in case of physical or cyber attacks. Finally, the SCOUT Main Control Unit manages and coordinates the functionalities of the three SCOUT subsystems. It is composed of a data processing unit that collects and processes data coming from SENSNET and CYBERSENS to create situational awareness picture and decide countermeasures to be applied by the RECOVER subsystem. It is completed a risk assessment tool, to identify the vulnerabilities of the ground station against physical and cyber attacks.
Project Context and Objectives:
The main goal of SCOUT is the study, design and assessment of a security system based on multiple technologies to protect space control ground stations and the satellite links against physical and cyber attacks, and to activate automatic restoration and intelligent reconfiguration mechanisms in case of failure concerning the ground stations networks and the satellite links.
The SCOUT Project is an answer to the Call SEC-2013.2.2-5 “Security of ground based infrastructure and assets operating space systems – Capability Project”. The task is to assess the vulnerabilities of the space control ground stations, in particular those used by earth observation and satellite navigation systems, and secure communication links to satellites which are seen as critical infrastructure and when possible to propose new methods of protection without making strong assumption about the satellite itself. Regarding the definition of critical infrastructure, we can refer to the document “Critical Infrastructure Protection in the fight against terrorism – COM (2004) 702”: Critical infrastructures consist of those physical and information technology facilities, networks, services and assets which, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens or prevent the effective functioning of governments in the Member States. Critical infrastructures extend across many sectors of the economy, including banking and finance, transport and distribution, energy, utilities, health, food supply and communications, as well as key government services. In this scenario, the project provides a security system for protecting these critical infrastructures against physical and cyber attacks by ensuring an efficient and continuous functioning of the services of the governmental assets and of the citizens, which are based on satellite communications. The SCOUT project is based on the use of multiple innovative and low impact technologies for the protection of space control ground stations and the satellite links against physical and cyber attacks. It also considers the ground station network intelligent reconfiguration in case of failure due to physical or cyber attacks.
The SCOUT system consists of three different subsystems: SENSNET for physical attack detection; CYBERSENS for cyber attack detection; RECOVER for automatic restoration and reconfiguration of the space control ground station network in case of physical or cyber attacks. Finally, the SCOUT Main Control Unit manages and coordinates the functionalities of the three SCOUT subsystems. It is composed of a data processing unit that collects and processes data coming from SENSNET and CYBERSENS to create situational awareness picture and decide countermeasures to be applied by the RECOVER subsystem. It is completed a risk assessment tool, to identify the vulnerabilities of the ground station against physical and cyber attacks.
To achieve SCOUT project, the following specific objectives have to be reached:
− Objective 1. Define the operative and system requirements.
− Objective 2. Define and develop two risk analysis tools, one devoted to physical intrusions and the other to cyber attacks.
− Objective 3. Define an architectural solution for the SCOUT systems.
− Objective 4. Study, design and analyse a scalable distributed multi-sensor network for protection against physical attacks.
− Objective 5. Study, design and analyse a distributed telecommunication network sensing system, for the detection and protection of telecommunication links against cyber attacks.
− Objective 6. Study, design and analyse a management network system for automatic restoration and intelligence reconfiguration of a space control ground station network.
− Objective 7. Study, design and analyse a centralized Main Control Unit to manage and coordinate the functionalities of the three SCOUT subsystems.
− Objective 8. Develop a proof of concept demonstrator
− Objective 9. Define a roadmap for the exploitation of the SCOUT project results.
SCOUT consortium comprises nine partners: Italian National Consortium for Telecommunications (CNIT) from Italy, Vitrociset spa from Italy, Fraunhofer from Germany, MetaSensing from Netherlands, Warsaw University of Technology from Poland, LNDES at the Usikov Institute of Radiophysics & Electronic, National Academy Sciences of Ukraine (LNDES - IRE NASU) from Ukraine, Universidad de Alcalà (UAH) from Spain, OESIA from Spain, Agenzia Spaziale Italiana (ASI) from Italy.
Project Results:
4.1.3 A description of the main S&T results/foregrounds
The SCOUT consortium has devised a structured 36 months' work plan, in order to enable the accomplishment of all the project objectives. Nevertheless, ASI unavailability of CGS (Centro di Geodesia Spaziale - CSK satellite control site) facilities to deploy the SCOUT trial in June 2017 led the SCOUT consortium to request an amendment to extend the duration of the originally submitted proposal by an additional six months (overall 42 months of project lifetime). New dates for the experiments have been scheduled on the last week of September and the first week of October 2017. A pre-testing phase was also planned for the end of July 2017, via remote connections of all the SCOUT subsystems.
The workplan is structured on the basis of seven major work areas, which form work packages. In terms of their timing these work areas can be clustered into the following three categories:
1. Horizontal work packages spanning the whole duration of the project. These work packages deal with umbrella areas that are pertinent to all the activities of the SCOUT projects. Such umbrella areas are: (a) The project management work package, which will ensure the proper administrative, scientific and quality management of the project. These management activities are applicable to all activities of the project, (b) Activities associated with ethical management, legal and societal aspects, which are also relevant to all the technical activities of the project. In this way the SCOUT workplan take provisions to make all results to be in-line with ethical and societal management principles and privacy mandates and (c) Dissemination and exploitation activities, spanning almost the whole duration of the workplan (except from an initial lag of a few months). Dissemination and exploitation activities are also relevant to all the rest technical results of the project, since they will be trying to promote the project’s results, while also ensuring their sustainability.
2. Technological development work packages, dealing with the core RTD areas of the project, such as the design and analysis of the whole SCOUT system including the architecture definition, the risk analysis tools, the three main subsystems (SENSNET, CYBERSENS, RECOVER) and the Main Control Unit (MCU). The objective is to enable the project to produce its main deliverables well in advance before the end of the project, with a view to facilitate the timely and systematic integration, validation and evaluation of the approach.
3. Integration, validation, testing and evaluation activities. The integration phase is represented by the design and realization of the SCOUT demonstrator. Instead the validation and test assessment is accomplished by suitable experiments on test sites aimed to show the capability of the proposed systems. These activities start prior to the conclusion of the technical developments of the project and run for the rest of the project duration. The rationale is to enable early commencement of the integration tasks, in order to be able to remedy potential problems, while also producing multiple iterations of the SCOUT integrated framework.
Overall, SCOUT is organized in 7 work packages (WPs) each with a set of deliverables. The WPs follow the logical phases of the implementation of the project and include project management and assessment of progress and results. The WPs have been identified with appropriate leaders and contributors reflecting the skill sets of the consortium. Each WP requires scientific and technological collaborations between the participating partners and integration of their methods. The WP leader that will monitor progress and ensure continuous communication and updating among all the partners will lead each WP. The management (WP1) will ensure the connections between the different WPs as illustrated in the pert chart and will be responsible of controlling the overall project.
In terms of the timing of the work, the first step of the work plan was to analyse, with both the internal (i.e. as partner) end-user and Advisory Board, the best and common practice to short-term anticipate, prevent and respond to potential intrusion and cyber attack of space control ground stations, and to prioritize some key scenarios of typical intrusion or cyber attacks starting from the analysis of some recent and common situations in which the analysis of the used unauthorized invasion strategy and informatics hackering will be done. The scope was to extract the required capabilities through an in-depth gap analysis (WP 2-3).
The second step concerned the study, design and analysis the SCOUT system. The use of innovative sensors and their combination to other existing (RFID and infrared camera) match the operative requirements and to have an effective monitoring of the surveillance area by exploiting the complementary characteristics and performance of the sensor suite. Moreover, use of the most recent and efficient cyber attack detection based on honey net methodology match the expecting level of informatics protection. A risk assessment approach is used for the design of the system by a quantitative analysis of risk situation with proper defined tools. High performance in prediction, detection and tracking of threats is also achieved by combining data from different heterogeneous sensors according to a multi source data fusion grid. Moreover, decision aid system based on Q-AI and GUI presentation were also developed to improve the global situational awareness through the COP (Common Operational Picture) and the local situational awareness through the CROP (Common Reduced Operational Picture) in terms of spatial and temporal coverage of the area of interest, as well as the confidence in which the presence of a threats is declared.
The third and final step (partially in parallel to 2nd step) was the assessment of the operational concept through the development of a technological demonstrator (WP5) mainly designed for the specific use case of the protection of the space control ground station against physical and cyber intrusions, permitting an overall performance assessment, including integration and interoperability of all the subsystems and components, starting from the definition and prioritization of some realistic scenarios in accordance with a rigorous methodology of scenario sketching and field trial planning, testing and assessment (WP5.6).
In order to ensure that all project activities were fully compliant with ethical, privacy and data protection issues, as well as issues regarding the access to security restricted information, two dedicated tasks (WP2.1 WP7) were introduced and defined. Ethical management had therefore a prominent position within the SCOUT workplan.
Finally, two specific WPs for respectively project management and dissemination/exploitation have been defined:
• WP1 aimed at reaching technical, organisational and financial achievement, setting up the decision-making structure and bodies. It also takes care of the management of the communication flow within the Consortium and towards the commission services, monitoring appropriateness of work, as well as prompt achievement of project deliverables. WP1 handles the overall legal, contractual, financial and administrative issues.
• WP6 dealing with all the required activities towards effectively managing and facilitating the dissemination and exploitation of project results.
The list presented below reports the main outcomes achieved during the SCOUT project related to the objectives presented in the project proposal:
− Outcome 1. A detailed definition of operative and system requirements has been carried out, that are the requirements of the critical infrastructure protection system.
− Outcome 2. A risk assessment tool, which combines physical risk and cyber risk analysis has been developed. This tool is an implementation of a methodology, specifically defined for the project, which is based on the well known “Magerit” methodology.
− Outcome 3. The architecture of SCOUT system has been defined. The skeleton of the system architecture was included in the proposal, but during the project development, the architecture has been refined to take the acquired knowledge into consideration. The architecture of SCOUT is an important outcome of the project, and its intellectual property could be protected.
− Outcome 4. A distributed multi-sensor network for the protection against physical attacks has been designed, constructed and tested. This subsystem has been called SENSNET, and it is a distributed sensor network built with sensors that have the power to process the acquired signal to create their own situational awareness. The general situational awareness is constructed by combining the knowledge generated by each sensor. The sensors used in this network have been developed during the project or are part of the knowledge background of the project partners. The developed sensor, and the multi-sensor network could be exploited by the project partners.
− Outcome 5. A distributed telecommunication network sensing system has been designed, analysed (CYBERSENS), and used for the detection and protection of telecommunication links against cyber attacks.
− Outcome 6. A management network system for automatic restoration and intelligent reconfiguration of a space control ground station network has been designed, developed, and tested. This subsystem is called RECOVER.
− Outcome 7. One of the main results of SCOUT is the “Main Control Unit”, designed to manage and coordinate the functionalities of the three SCOUT subsystems. The Main Control Unit is based on artificial intelligence paradigms and can be considered as the brain of SCOUT.
− Outcome 8. All the subsystems of SCOUT have been individually built, and assembled, to obtain a proof-of-concept demonstrator, which has been tested in a relevant scenario.
− Outcome 9. The overall TRL of SCOUT is between 5 and 6, depending on the considered subsystems. A brief roadmap for exploitation has been proposed.
More detailed results for each of the proposed outcomes are presented in the following paragraphs.
4.1.3.1 Outcome 1 - Operative and system requirements definition
✓ Reference scenario definition: the reference scenario has been introduced for SCOUT system performance assessment via simulation. The selected reference scenario is the Fraunhofer TIRA radar station (Wachtberg, Germany).
✓ Demonstration scenario: the demonstration scenario has been introduced for SCOUT experimental validation. The selected site is the ASI Space Geodesy Centre (Matera, Italy).
✓ The operative requirements have been formulated taking into consideration the different nature of threats (physical or cyber). The operative requirements have been structured into three groups, specifically related to:
• Physical threats detection and prevention (PHY)
• Cyber threats detection and prevention (CYB)
• Ground station communication system recovery mechanisms (REC)
✓ Performance requirements have been defined in order to achieve the operational objectives and to identify the performance parameters of each system functionality;
Performance requirements have been structured into three groups related to:
• The SENSNET subsystem
• The CYBERSENS subsystem
• The RECOVER subsystem
4.1.3.2 Outcome 2 – Risk analysis tools
✓ The design and development of the Risk Analysis Tools have been done in parallel to the design and development of the SCOUT architecture, therefore Risk Analysis has been performed considering two use cases (TIRA and ASINET) that are examples of critical infrastructures.
✓ The tool is organized in two separate modules, one for physical security risk analysis and the other one for cyber security risk analysis.
✓ A common methodology has been identified for the design and development of the tools: facility characterization and assets analysis, threats analysis and security vulnerability assessment, and, finally, ad-hoc software creation.
✓ The risk analysis tool is based on the combined use of Spreatsheets and Databases, with a module to interchange information. The tool uses data initially inserted by the user with a friendly interface.
✓ This tool has been validated with the definition of a theoretical scenario. Although this scenario is completely theoretical, it is closely related to the demonstration scenario of SCOUT.
4.1.3.3 Outcome 3 – SCOUT architecture
✓ The SCOUT architecture has been defined in details taking into account the system requirements resulting from WP2 activities;
✓ The functionalities and the interactions of the main SCOUT subsystems (SENSNET, CYBERSENS, RECOVER, MCU and RISK ASSESSMENT) have been detailed.
The main units composing the system are:
• MCU (Main Control Unit): this subsystem is devoted to the management, display, and identification of the actions to be performed when an attack is performed; in some cases the MCU can autonomously implement the identified reactions.
• Risk Assessment Unit: this subsystem is in charge of identifying the level of risk associated with the potential threats (cyber and physical ones);
• SENSNET: is a scalable multisensor network devoted to the protection of the space ground base station against physical attacks;
• CYBERSENS: is a distributed sensor network devoted to the detection of cyber attacks to the space control ground station network;
• RECOVER: is a network management system devoted to the automatic reconfiguration of the space control ground station network in case of physical or cyber attacks
4.1.3.4 Outcome 4 – SENSNET subsystem
✓ The SENSNET general architecture and the involved sensors have been defined;
✓ SENSNET requirements have been reviewed in terms of range coverage; the associated sensor technologies have been specified;
✓ The defined case study has been detailed in terms of sensors positioning, infrastructures, digital elevation maps, available illuminators, targets of interest, risk levels definitions.
✓ A study about positioning techniques has been presented to define the basic guidelines for the design of the different sensor networks to fulfil the defined requirements in the defined case study.
✓ Studies about different data link architectures have been summarized to guide the design of the data link network: data format, transfer protocol, transmission medium.
✓
4.1.3.5 Outcome 5 – CYBERSENS subsystem
✓ Definition and design of the CYBERSENS architecture. Cyber attacks detection involves the following phases:
• Collection phase: this phase includes the deployment of network and host probes and the collection of data that will be fed later to the detection engine.
• Aggregation phase: as it is not feasible to process raw data collected from probes, dimensionality reduction and aggregation techniques are applied before performing actual detection on the data.
• Detection phase: misuse and anomaly detection methods are applied to detect malicious behaviours in the system. This process includes privacy preservation techniques that allow to detect anomalies while protecting sensitive data collected from each probe.
• Alert phase: every time an anomaly is detected, appropriate measures have to be taken. To do so, CYBERSENS must communicate with the MCU sending alerts and information about the detected incident.
✓ Definition and design of the Anomaly Detection and Misuse Detection architectures
✓ Development of a novel privacy-aware distributed architecture for network monitoring
✓ Development of novel anomaly detection techniques based on distributed approaches
✓ Study and design of the Misuse based IDS.
4.1.3.6 Outcome 6 – RECOVER subsystem
✓ Threats, cyberattacks and intrusions have been analyzed for the characterization of the RECOVER functionalities. The aim is the definition of “IF” “THEN” relationships, i.e. actions that are accomplished when conditions are satisfied;
✓ The techniques used to change the topology of the network in order to recover the communication in case of an attack affecting the network have been taken into account. Physical and cyber- attacks have been considered and proper countermeasures defined at high level. Accordingly, RECOVER capabilities have been defined and high level functionalities of the RECOVER subsystem have been specified;
✓ The design of the RECOVER subsystem has taken into account different alternatives in order to fulfil system requirements and functionalities;
✓ The general architecture for the RECOVER subsystem based on the SDN (Software Defined Network) paradigm have been proposed;
✓ The SDN controller has been designed following a flexible, modular approach;
✓ Interfaces for the interaction between the RECOVER subsystem and the other SCOUT subsystems have been specified.
4.1.3.7 Outcome 7 – MCU subsystem
✓ The role of the MCU is to manage and coordinate the operations of the three main SCOUT subsystems. Specifically, the MCU functionalities are:
o Input aggregation and analysis;
o Simulation of effects of attacks and countermeasures;
o Management of historical data;
o Decision making on the basis of processed inputs;
o Decision support for most critical decisions;
o Visualization of alarms and their risk level;
o Alert on automatic controls performed to preserve data transmission integrity and security.
✓ The MCU has three main submodules:
o Shared Data Unit (SDU): is the unit that gathers all the incoming data into a memory space that is shared among the MCU elements;
o Decision and Control Unit (DCU): executes data analysis on the data provided by the other SCOUT modules. The DCU provides decisions in two formats: automatic decision if they are not critical and safe, or suggest operations to be done by the human operator if the decision is critical or unsafe for the integrity and efficiency of the communication channel;
o Graphical User Interface (GUI): is the front end that connect users with the SCOUT system. Its main purpose is to show the status of the security of the Satellite Ground Station, or “Common Operating Picture”, in order to provide a situation awareness of both physical and cyber attacks. In the meantime, the GUI will allow user interaction and will provide user the possibility to provide commands to the system.
4.1.3.8 Outcome 8 – SCOUT demonstrator
✓ The SCOUT demonstration has been deployed from September 25th, 2017 to October 6th, 2017 at the Spatial Geodesy Centre of the Italian Space Agency (ASI CGS) which is located along the provincial road that connects Ginosa to Matera, close to the administrative border between the Italian southern regions of Basilicata and Puglia.
✓ The SCOUT demonstrator has been designed as a reduced version of the complete SCOUT system with the aim to verify major SCOUT functionalities. The main SCOUT subsystems are highlighted:
o SENSNET: A distributed multisensor network for the detection of physical attacks.
o CYBERSENS: a distributed sensor network for the detection of cyberattacks. To satisfy the demonstration requirements, the following resources have been made available: CYBERSENS server, host probes, network probes, VPN network communication, check-if-alive service, honeynet, and a packet normalization tool and communications component. Each subcomponent will be described technically in this document.
o RECOVER: A management network system for automatic restoration and intelligence reconfiguration of the space control ground segment network.
o
4.1.3.8.1 SENSNET subsystem
The SENSNET demonstrator activity was focused on surface monitoring for detecting authorized vehicles or people trying to access non-authorized areas. The surveillance inside the base was achieved by implementing the following functionalities:
✓ Detection of moving objects;
✓ Classification of detected targets as terrestrial vehicles or humans;
✓ Check the behaviour of vehicles inside the facilities area.
The SENSNET demonstrator exploited a subset of all the sensors considered in the SCOUT theoretical study.
During the trial, the main goal was to test and verify the effectiveness of the cooperation of the selected sensors in order to improve the protection of the satellite ground base station against physical attacks. The sensors involved during the trial were:
✓ A passive bistatic radar exploiting UHF DVB-T signals of opportunity used for medium range early warning;
✓ A noise radar operating in C-band for short range detection;
✓ A noise ground-based SAR radar operating in Ka-band used for short range detection of moving targets;
✓ A high resolution radar operating in Ku-band able to produce radar images of the target used for classification purposes;
✓ RFID network able to identify the presence of cooperative targets (i.e.: employers).
✓ The data acquired by the sensors were transferred to the S-MCU in charge of signal and data processing. Specifically, the Data Fusion (DF) routine was fed with the data produced by the sensors devoted to surveillance (PBR, C-band noise radar, GB noise SAR). The fused output was then passed to the MCU in order to identify potential threats. The detection of information related to the potential dangerous target was transferred to the Target Classification Management routine (TCM). The TCM applies ISAR (Inverse Synthetic Aperture Radar) techniques and micro-Doppler analysis (STFT – Short Time Fourier Transform) to the Ku-band high resolution radar data in order to produce suitable data for the target classification. ISAR and STFT images were exploited by the classifier in order to distinguish between car and human being. The classifier input and output data were transferred to the SCOUT MCU in order to activate a warning in the operator’s GUI. The overall SENSNET implementation taking into account the hardware implementing each functionality and the interaction among the different subsystems is represented.
✓ It must be outlined that the sensor GB noise SAR developed by LNDES, has not taken part to the demo in Matera, therefore the related experimental results were not integrated in the online behaviour of the SCOUT demo. However, the GB noise SAR have been described in the reports in order to show the capabilities of this sensor.
PBR – Sensor (A)
During the trials different types of targets were observed: small passenger cars, trucks, pedestrians and drones. presents an example of truck echo collected during the trials. The results of truck echo is visible on the range-velocity plane. In the tested scenario the truck was moving on a road several hundred meters away from the ASI area. The truck echo visible at around 20m/s bistatic velocity and 500m bistatic range.
During the SCOUT trials passive radar was capable of detecting and tracking the small drone up to several hundreds of meters. The data from the passive radar has been sent to the data fusion server and merged with data from different sensors and correlated with onboard GPS trackers. It has been confirmed that the vicinity of the critical infrastructure can be successfully monitored using passive radar.
Results showed that passive radar sensor can be successfully used in the future as one of the novel sensor technology to protect the critical infrastructures against physical threats. The passive radar is able to detect and track a wide spectrum of targets including ground moving object, such as vehicles or human being, as well airborne targets including planes, rockets and targets with relatively small radar cross section (RCS) like small drones
C-band Noise Radar – Sensor (B)
The NR – Sensor B has been used during the SCOUT trials for testing the possibility of detecting different targets, as people and cars inside ASI perimeter. During the SCOUT trials, detection of vehicles and people inside the protected facility have been proven with this sensor.
Results showed that noise radar sensor can be successfully used in the future as one of the novel sensor technology to protect the critical infrastructures against physical threats. The noise radar is able to detect and track a wide spectrum of targets including ground moving object, such as vehicles or human being. The potential of this technology is vast and in the near future real operational noise radars will be used as a sensor to protect various types of critical infrastructure
Ka-band GB Noise SAR – Sensor (C)
Sensor C, Ka-band GB Noise SAR trials have been carried out in the premises of the IRE NASU (Kharkiv). Two types of validations have been carried out, indoor and outdoor. Indoor validation and Outdoor validation. The main objective of the indoor measurements was: to verify that both the hardware of the Ka-band GB SAR and the radar signal processing software perform adequately with moving targets. The outdoor trials of the LNDES 8mm GB SAR radar were carried out in the grounds of LNDES mother organization, IRE. The goal was to detect still/moving objects with low radar cross-section against the ground.
RFID – Sensor (D/E)
During the trials, a number of passages of a cooperative tag brought by a volunteer have been carried out. We have verified that the RFID system was detecting the volunteer passages and consequently the DDS made available this information by activating a special tag “Rfidexternaldata”.
FastGBSAR – Sensor (F)
During the SCOUT trials, the FastGBSAR was used in RAR mode and therefore the radar unit was mounted on a tripod. The FastGBSAR was equipped with one transmitting and one receiving antenna (vertically polarized). During the tests, the FastGBSAR successfully detected intruders, such as cars, persons and even a small drone. The produced data was automatically sent to the ISAR processing stage in order to produce radar images of the targets for classification purposes.
S-MCU
The S-MCU subsystem was implemented by a workstation running two virtual machines, configured with Ubuntu Linux 64 bit OS (version 16.04) implementing the Data Fusion and the Target Classification routines. The S-MCU implementation was designed to work in online mode. The available sensors continuously monitor the area of interest and simultaneously the S-MCU code processes the new available sensor data. The effectiveness of the SENSNET subsystem has been extensively proven during the trials. Two reference results are reported in the following relatively to the data fusion and classification of a moving vehicle and a walking person.
4.1.3.8.2 CYBERSENS subsystem
As previously highlighted, CYBERSENS main functionalities are:
o Intrusion prevention/detection: it represents the core purpose of the subsystem and can be done by means of two different techniques: anomaly detection and misuse cases
o Privacy preserving data aggregation and export
o Traffic masking by encryption and traffic generation
o Attack deviation and redirection – Honeynet
o Self-protection
To satisfy these requirements, the following resources have been made available to the demonstrator: CYBERSENS server, host probes, network probes, VPN network communication, check-if-alive service, honeynet, packet normalization tool and communications component.
A specific testbed was built to simulate the most critical functionalities of the real ASI network. For clarity, only the four relevant sub-networks and relative hosts have been considered and described below:
o The MAPS network, which shows the acquisition facility of the system called MAPS Station part of the COSMO-SkyMed Mission.
o The USER network responsible of ASI User client connection for ordinary operations. The multisensor network devoted to the protection of the space ground based station against physical attacks, is also interconnected here to reach the SENSET server.
o The MAIN network also containing the GSE server (Ground Segment Emulator), used for application scheduling, processing and images distribution of the MAPS Station.
o BACKUP Network is a replication of MAIN network and contains a replicated copy of GSE server and a DMZE (Demilitarized Zone Emulator) providing outbound services. In this network an HONEYNET was installed to attract and collect novel and “0-day” attach for later study.
The results of each use case tested during the trials are reported in Table 1, where the Pass/Fail criteria have been applied to the test procedure table.
ID Description Output Result
1 Denial of service test: Launch SYN FLOOD attack Alert indicating a Denial of Service is shown in OSSIM graphical interface Pass
2 Check-if-alive test: shutdown GSE, DMZe or Honeypot machine (protected assets) Alert indicating Check-if-alive is shown in OSSIM graphical interface Pass
3 Malware behavior study: Launch massive amount of traffic from attacker machine Alert is generated in anomaly detection engine log file Pass
4 Malware attack mitigation: inject into network simulated Zeus malware attack on DMZe, GSE, or MAPS Alert indicating a malware attack is shown in OSSIM graphical interface Pass
5 Review OSSIM documentation, determine number of processed events per second Documentation establishes number of processed events per second is more than 1000, or configuration to accomplish that rate. Pass
Table 1 – CYBERSENS demo results
4.1.3.8.3 RECOVER subsystem
The main function of the RECOVER subsystem implemented into demonstrator was to apply different countermeasure in case of physical or cvber attacks so as to forward traffic along different paths through the various nodes of the ASI network.
More specifically, by controlling data paths different actions can be taken:
• Allow traffic flow;
• Drop traffic flow;
• Forwarding traffic flow.
The SCOUT demonstrator network infrastructure has been designed to be flexible enough to test the defined use cases scenarios. Non SDN layer 3 devices have been attached to the SDN cloud in order to simulate sparse geographical sites and remote attackers. As a central transit fabric for the communication among the remote sites and attackers the SDN cloud fulfil the critical role of handling all the packets related to this communication.
Tests have been performed for four different use cases and in all of them RECOVER fully achieved its own goals. The use cases designed and used to validate the Demonstrator are briefly described here:
1. DOS attack mitigation: in this case, the RECOVER subsystem must apply a countermeasure which has the aim to drop all the DoS traffic only and so restore the victim system functionalities.
2. Malware infection mitigation: in this scenario the RECOVER subsystem being informed about an infected machine communicating with a C&C (Command and Control) internet host must apply countermeasures in order to ensure the isolation of the C&C. Traffic will be filtered on the SDN device closer to the C&C and on the SDN device closer to the infected host.
3. Business continuity: in this scenario a fault detected by the CYBERSENS subsystem redirect the client-server traffic toward a backup server placed in another subnet. The SDN network intercept the original traffic and perform packet rerouting operations in order to maintain the transparency for the non-SDN devices (routers and client).
4. Malware behaviour study: this scenario is similar to the previous but malicious traffic directed to a server is rerouted toward an honey net in order to allow and facilitate the threat analysis.
4.1.3.8.4 MCU-DCU subsystem
The subsystem implemented on the Demo facility in Matera consisted in a Ubuntu Linux virtual machine running under the VMware server where the component of the Decision and Control Unit (DCU) are deployed. The deployed subsystem consists of the following components:
o shared folders for input data exchange using DDS infrastructure;
o shared folders for output data exchange via GUI;
o application for monitoring and managing alert coming using DDS infrastructure;
o web service for the managing of alert from CYBERSENS subsystem.
The following use cases have been successfully tested by the MCU:
1. Classification of vehicles approaching the facilities fence.
2. Classification of vehicles moving inside the facilities.
3. Classification of walking person moving inside the facilities.
4. A denial of service attack must be detected by Cybersens.
5. A well-known malware attack is detected.
6. Cybersens is able to detect a possible anomaly in the network (indicator of a malware attack going on).
7. Automatic Alert indicating an anomaly is generated and suited countermeasure is applied requesting confirmation to the Security Manager.
8. An unauthorized person walking inside and a DoS attack occurs.
9. An unauthorized person walking inside the facility while a malware behaviour is occurring.
The MCU subsystem includes also the system GUI which allows operators or surveillance employees to display and monitor several SCOUT features such as physical machines status, software agents behaviour, overall system health, and so on.
It is based on navigable web pages with hypertext content and provides a left menu made up of the following macro-sections:
• SECURITY which groups functionalities to monitor the SCOUT’s security in term of physical and cyber surveillance;
• SYSTEM which groups functionalities to manage and check hardware and software subsystems;
• SCOUT which groups functionalities to monitor SCOUT components in term of performances and operation.
An overview of the overall SCOUT status is provided in the home page and it is called dashboard. Since the GUI is a global monitoring system, we can even call it “SCOUT console”.
The most relevant part of the GUI is the cyber and physical notifications representation. Each intrusion event, be it physical or cyber, detected by sensors systems, is computed by the MCU, transformed into notification and then sent to the GUI.
Potential Impact:
The SCOUT system has shown the potential for highly improving early warning security within the considered critical infrastructure. The main improvements are summarised as follows:
o The SCOUT system provides a remote security system (SENSNET) that offers 3D volumetric surveillance, also including low flying aerial targets detection.
o The SENSNET uses low or null electromagnetic power emission sensors and can be considered a Low Probability of Intercept (LPI) system. It relies on the following technologies:
• Passive Bistatic Radars (PBRs), which make use of broadcast telecommunication signals already present in the environment without generating any other kind of waveform.
• Noise Radars, which emit signals under the noise level. They can be used to optimize the human beings detection capability, by using the innovative noise radar sensor to detect human beings breathing, heartbeats, and objects hidden under clothes.
• The SCOUT system also exploits typical sensors present in critical buildings, mainly RFID systems and infrared cameras, to maximize early warning.
• Radiometric SAR were also considered in the proposal, but a detailed study of the potential application of the Ka-band SAR developed in LNDES IRE NASU for the generation of radiometric images, revealed the necessity of long acquisition times that won’t allow achieving high enough frames update rates for monitoring the area under protection in real time scale.
o When possible and especially for PBRs, digital architectures based on Software Defined Radio (SDR) technologies have been used due to its high level of reconfigurability, flexibility, reliability and robustness. SDR boards already equipped with FPGA and down/up frequency converters have been used, that can be programmed to handle different bands for noise radar.
o SCOUT provides cyber security through the CYBERSENS subsystem, which is mainly based on the honeynet technology that is reliable and effective. Use of hardware and software probes with a certain level of redundancy increases the robustness of the cyber-attack protection subsystem.
o The RECOVER subsystem also makes use of distributed Smart Sensor Network paradigm, where the reconfiguration and control is governed by distributed logic. Specifically, the use of virtualization to simplify the underlying network/security architecture and introduce a higher level of abstraction by defining logical networks, logical edges and logical zones, is really an innovative technological solution.
The following table indicates briefly the accomplishment of the dissemination activities that were foreseen in the Dissemination Plan. It can be verified that all the dissemination activities have been carried out during the project development.
After analyzing the market, the possibilities for exploiting the SCOUT outcomes have been analysed. The different exploitation ways have different characteristics related to expected returns, required investment, and risk:
• Licensing. A license is an official permission to do, use or own something. The licensor is the part who grants a license under intellectual property laws to authorize a use to a license (using an invention, for example). Licensing has some advantages and disadvantages:
o Advantages: the owner of the patent or registered software (licensor) does not have to face the cost (investment) and risk associated to opining a new market.
o Disadvantages: a) The licensor lost the control over manufacturing, marketing, and strategy; b) the licensor lost the control over the know-how that is provided with the license;
Licensing is mainly used by research institutes and Universities, which cannot invest to put an invention into the market, or cannot control the intellectual property rights to avoid plagiarism.
The expected returns with licensing are low, but the required investment is low as well. The risk, as mentioned above, is also low.
• Research and development cooperation. In fact, this is the way in which the consortium has cooperated in SCOUT project. Some of the outcomes have been obtained with the cooperation of two or more partners, that must find the way to cooperate in the exploitation. The percentage in the profits can be related to the person months devoted to research and development, and the investment in marketing to open the market to the product.
The research and development cooperation allows partners to share the risk and the necessary investment. The profit is shared as well.
• Creating a Start-up. A start-up is a company, founded to develop a product or service for which there is a demand. This is the first stage in the operation of a company to exploit an emergent idea or product, and the main problem is that it is difficult to maintain the activity in the long-term, due to the limited revenue or high costs. The start-up is created to exploit a new product or idea. The expected incomes or revenues are not high, as it is at the beginning of exploitation. The risk is high, and the investment can also be high, because there is not cooperation with other partners to share the cost.
• Joint Venture. It is an agreement or joint company, created to carry out an activity that requires a big initial investment, and that will provide high revenues in the long term. It is an option to continue the activity of Start-ups. A joint venture allows to share the cost or necessary investment to grow the market and increase revenues.
• Selling products and services. This is the best option for big companies, which have the capability of making big investments to open new markets, and to exploit directly a product or development. The revenues can be very high, but the investment and risk is high too.
List of Websites:
http://www.scout-project.eu/