Community Research and Development Information Service - CORDIS

H2020

SCISSOR Report Summary

Project ID: 644425
Funded under: H2020-EU.2.1.1.

Periodic Reporting for period 1 - SCISSOR (Security In trusted SCADA and smart-grids)

Reporting period: 2015-01-01 to 2016-06-30

Summary of the context and overall objectives of the project

In traditional industrial control systems and critical infrastructures, security was implicitly assumed by the reliance on proprietary technologies (security by obscurity), physical access protection and disconnection from the Internet. The massive move, in the last decade, towards open standards and IP connectivity, the growing integration of Internet of Things technologies, and the disruptiveness of targeted cyber-attacks, calls for novel, designed-in, cyber security means.

Taking an holistic approach, SCISSOR designs a new generation SCADA security monitoring framework, comprising four layers:
i) a monitoring layer supporting traffic probes providing programmable traffic analyses up to layer 7, new ultra low cost/energy pervasive sensing technologies, system and software integrity verification, and smart camera surveillance solutions for automatic detection and object classification;
ii) a control and coordination layer adaptively orchestrating remote probes/ sensors, providing a uniform representation of monitoring data gathered from heterogeneous sources, and enforcing cryptographic data protection, including certificate-less identity/attribute-based encryption schemes;
iii) a decision and analysis layer in the form of an innovative SIEM fed by both highly heterogeneous monitoring events as well as the native control processes’ signals, and supporting advanced correlation and detection methodologies;
iv) a human-machine layer devised to present in real time the system behavior to the human end user in a simple and usable manner.

SCISSOR’s framework will leverage easy-to-deploy cloud-based development and integration, and will be designed with resilience and reliability in mind (no single point of failure).
SCISSOR will be assessed via
i) an off-field SCADA platform, to highlight its ability to detect and thwart targeted threats, and
ii) an on-field, real world deployment within a running operational smart grid, to showcase usability, viability and deployability.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

The work performed during the first period of the project is summarized in the following deliveries.
For each of them, a short summary is given hereafter:

D2.1 “Use case scenarios and requirements analysis”: This deliverable documents the first stage of the identification of the application scenarios as well as the architectural requirements of SCISSOR project. Moreover D2.1 provides a revision of the SoA in the fields of interest for SCISSOR. Detailed information is provided in “Technical part B” of this report.

D2.2 “SCISSOR architecture specification”: This deliverable documents the first high-level architecture definition

D2.3 “Revision of use case scenarios and requirements analysis”: This deliverable provides an updated overview of critical cyber-attack scenarios. It also describes our use cases and the strategy that we chose to prove that the SCISSOR framework is a good answer to cyber-attacks.

D2.4 “Revision of the SCISSOR architecture specification”: This deliverable provides an updated of the architecture specifications

D3.1 “Monitoring layer components: design and prototype”: This deliverable documents the first stage of monitoring layer design and components prototyping. Detailed information is provided in “Technical part B” of this report.

D4.1 “Control framework: design and implementation”: This deliverable documents the first stage of the design and components prototyping of the control frame-work. Detailed information is provided in “Technical part B” of this report.

D4.2 “Control layer techniques: semantic modeling and data protection”: This deliverable documents the first stage of the design and components prototyping of the semantic modeling and data protection techniques. Detailed information is provided in “Technical part B” of this report.

D5.1 “SCISSOR SIEM design and development”: This deliverable documents the status of the early design and prototype of the SCISSOR SIEM. Detailed information is provided in “Technical part B” of this report.

D5.2 “Advanced detection algorithms”: This deliverable documents the design and implementation of the statistical and probabilistic algorithms. Detailed information is provided in “Technical part B” of this report.

D6.1 “Cloud platform initial design and security assessment”: This deliverable documents the early activities carried out in the WP6 regarding the design and deployment of the SCISSOR cloud platform. Detailed information is provided in “Technical part B” of this report.

D8.1 “Report on dissemination, standardization and exploitation”: first year: This deliverable documents the actions of dissemination, standardization and exploitation for the first year. Detailed information is provided in “Technical part B” of this report.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

• Public key infrastructure:
We have described an authentication system based on identity based cryptography. We have completed this system in order to provide the same functionalities than a standard PKI.
Also we started to implement this cryptography and its associate protocol in OpenSSL. We are convinced that this worked has never been done previously.
Potentially this certicateless scheme could a serious alternative to PKI, it may bring more security and more flexibility that the PKI. Furthermore it corresponds with the smart grid constraints for which PKI is not adapted.

• SIEM:
The Scissor SIEM is an advanced SIEM since it is build from two different engines: one is based on correlation and the second is based on dynamic Bayesian network.
It is well known that Correlation based SIEM is pertinent while the rules are correctly implemented. The advantage of the Bayesian engine is that it does not requires particular configuration.
The Bayesian engine detects the behavioral changes in the full system and gives the list of the equipments responsible of these changes.
This new SIEM can be potentially used for different systems and not only for smart grids.

• Architecture characteristics:
The idea that consists in considering logical and physical characteristics to detect an intrusion is also original. This approach could be potentially used in different domains like finance, geopolitics where we have to take in account different elements to predict a scenari

Related information

Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top