An attack on critical infrastructure can inflict major damage and ‘cascade’ into other essential services, bringing cities to a standstill. Damage control requires a sophisticated and interconnected protection, alert and response system.

Security

As critical infrastructure becomes digitised and networked with different facilities, it becomes more vulnerable to multiple threats including physical and cyberattacks by terrorists or hackers. “The PRAETORIAN project addresses physical and digital threats that we consider would be very dangerous if they are combined in an attack on critical infrastructures,” says project coordinator Frédéric Guyomard, a senior project manager with Electricité de France (EDF R&D). “The goal is to increase infrastructure security and resilience using coordinated protection and response with a view to preventing cascading,” adds Guyomard, an expert in the cybersecurity of industrial systems.

Identifying the threats

The first task for the project, which involved 23 partners in seven countries, was to identify and assess possible threats in order to develop tools that can identify the security gaps and help manage the risks. “We looked at advanced persistent threats that could be planned or carried out by terrorists, activists or even by a state. This could be via digital tools – viruses, hacking, intrusion, attempting to penetrate the systems; or physical threats, including drones for spying or carrying bombs. The two types of attacks – digital and physical – could also be combined,” Guyomard explains, adding: “It was state-of-the-art threat analysis.”

Automated alerts for abnormal behaviour

The project developed an array of automated and artificial intelligence tools based on the threat analysis, including cyber situation awareness tools to predict and detect malicious cyber action. “These detect abnormal behaviour in an industrial system and launch an automated alert from our global database to the [facility’s] operators that something is wrong,” Guyomard notes. Physical situation awareness tools use image or video detection algorithms, including biometrics, to identify intruders, such as people with the wrong authentication, entering a restricted area. “If there are three or four people at the entrance or window of a critical building where usually there is nobody, the system can launch an alert,” he explains. ‘Unfriendly’ drones can also be identified using video analysis, radio frequency detection and noise pattern recognition, which can even identify the manufacturer, and generate an alert.

Integrated platform

The digital and physical signals are linked inside the PRAETORIAN platform to detect combined threats. A ‘hybrid situation awareness’ tool visualises all the incoming data in a 3D map with colour coding for areas under alert. It can also alert first responders, such as firefighters, as well as authorities to in turn alert the population in critical areas and infrastructure. The system uses a predictive engine to gauge the risk of cascading, using data on other critical infrastructures that are linked to the facility. It can also help manage a coordinated response by providing a human-machine interface guide for first responders and operators. The guide puts forward the best solutions based on analysis of real time data, and hypothetical events and scenarios. The various tools can be mixed and matched depending on the facility, according to Guyomard. “We developed all the tools and made them work together. There has been nothing done previously on cascading effects.”

Test scenarios

More than 20 hypothetical scenarios were drawn up early in the project in consultation with infrastructure facility operators. “For each scenario, we looked at how our tools could help them minimise the level of risk and give the best coordinated response possible,” Guyomard notes. Using some of the scenarios and simulations, the system was tested at four pilot demonstrator sites: the port of Valencia in Spain; an oil terminal and harbour at the port of Bordeaux in France; Zagreb Airport in Croatia with a risk of virus stolen from an institute of virology being released there; and a combined digital and physical attack on the Peruća hydropower plant in Croatia. Feedback from first responders was very positive. “It allowed them to see and manage the multiple incidents,” Guyomard says. PRAETORIAN is also part of the European Cluster for Securing Critical Infrastructures, and EDF is a member of the European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection.

Keywords

PRAETORIAN, cyberattack, terrorism, hackers, infrastructure, security, drones, first responders