Protection of Critical Infrastructures from advanced combined cyber and physical threats

Damages caused by an attack on a Critical Infrastructure (CI) can be widespread, massive, and highly correlated, affecting multiple sectors of the economy and in summary, the impact of a coordinated physical attack, a deliberate (cyber) disruption of critical automation systems, or even a combined scenario including several kinds of attacks, could have disastrous consequences for the European Member States’ regions economies and social wellbeing in general.

PRAETORIAN has the strategic goal to increase the security and resilience of European CIs, facilitating the coordinated protection of interrelated CI against combined physical and cyber threats. To that end, the project provides an installation-specific toolset that supports the security managers of CIs in their decision-making to anticipate and withstand potential cyber, physical or combined security threats to their own infrastructures and other interrelated CIs that could have a severe impact on their performance and/or the security of the population in their vicinity. PRAETORIAN specifically tackles (i.e. prevent, detect, respond and, in case of a declared attack, mitigate) human-made cyber and physical attacks affecting a CI, so the CI operator can appreciate an improved situation awareness and can take a decision on how to activate the protection mechanisms. Moreover, PRAETORIAN also addresses how an attack or incident in a specific CI can jeopardise the normal operation of other neighbouring/interrelated CIs, and how to make all of them more resilient, by predicting cascading effects and proposing a unified response among CIs and assisting First Responder teams.

PRAETORIAN project has 6 main objectives:
• Evaluate the hazards and minimize their level of risk by assessing the vulnerabilities of targeted sectors and designing adequate security measures
• Improve the understanding of any physical or cyber threats and their consequences in the interdependent network of critical infrastructures
• Improve the resilience of the CIs, their neighbouring population and environment and enable a coordinated response to an attack
• Share with the public pertinent information on the risks associated with an event and the emergency response actions planned to overcome the incident
• Validate the project results in real contexts of interdependent CIs to improve their efficiency, cost-effectiveness and societal benefit
• Ensure compliance of the solutions with the legal, ethical, privacy, and societal principles, including recommendations to policy planners as well as disseminate results to the relevant communities of users, to promote the adoption of the proposed cost-effective solutions beyond the project participants.

During the first reporting period, PRAETORIAN fully covered its objectives and completed its milestones and deliverables. The efforts of PRAETORIAN consortium have focused on the design and implementation of a reliable modular and fully interoperable platform.

1. Technical outcomes:
- Identification of a comprehensive set of attack scenarios, refined to ensure that once implemented at the pilot sites they are both realistic and relevant. Use cases were taught and defined to be applicable in the 3 pilots: Croatia, Spain and France.
- Definition of a flexible toolset architecture, focusing on the PRAETORIAN core applications/modules design and their interconnections and Human Machine Interface (HMI) components design.
- Design and implementation of the four systems that are part of the PRAETORIAN platform:
(i) a Cyber Situation Awareness (CSA) system, able to consolidate cyber-relevant information, forecast cyber cascading effects of cyber-events, and provide innovative visualisation tools to improve the Cybersecurity Situation Awareness of security operators at critical infrastructures
(ii) a Physical Situation Awareness (PSA) system, aimed at offering to the CI Operators a complete security solution against physical threats/attacks, showing how relevant information about both existing and new sensors and systems (such as Drone Detection and Video Analytics) are integrated.
(iii) a Hybrid Situation Awareness (HSA) system, which includes digital twins of the CIs under protection; it combines the outcomes of the PSA and CSA systems for ensuring the detection and visualization of the consequences of any kind of threat (Physical or Cyber) that could affect EU CIs. Innovative modules model the behaviour of a real CI and calculate potential cascading effects both in different parts of the CI as well as in another related CI.
(iv) a Coordinated Response (CR) system that supports the security managers of the CIs in the decision-making when an incident occurs. It facilitates the coordination of the emergency plans of all the CIs affected by the same incident or suffering from cascading effects propagating from one CI to another.
- Preparation of solid integration and validation plans

2. Non-technical outcomes:
- Strengthened its legal and ethics aspects
- Conducted a comprehensive series of dissemination and exploitation activities, reaching a broad audience through the engagement of its stakeholder group.

PRAETORIAN addresses various innovations, which at this stage are perfectly matched with the four systems that are part of the PRAETORIAN solution:

• CSA system: PRAETORIAN incorporates the forecasting of attacker goals during cyber events, and provides an advanced visualization of the cyber space, which will allow the operator to better understand the situation, take proactive and efficient decisions, reduce the response time and select the best mitigation action.
• PSA system: PRAETORIAN automates the recognition, classification and tracking tasks performed by both security cameras and drone-based systems, using AI-based technics, thus allowing easy and accurate detection of suspicious activities. Integration of a broad plethora of sensors, devices and systems into a single visualization point which incorporates 3D models allows the operator to improve the situation awareness
• HSA system: PRAETORIAN combine the information from the cyber and physical domains thus providing a holistic overview on the current security situation and identifying cascading effects beyond those domains, covering both the CI internal environment as well as the interconnected CIs and attacked CI assets. The concept of Generic Digital twin (GDT) is addressed by paying attention to the pilots’ features, providing means to store all the models for given digital twins on each CI, both physical and cyber. Two complementary HMI solutions are provided: a GIS-based visualization tool and a Synoptic Live diagram tool.
• CR system: this system centralizes all the information coming from the other systems, which permanently generate alerts that are translated into incidents to be observed by the CI operator in order to make a decision. The CR is able to integrate different solutions that might be used as part of the mitigation actions in the DSS, as it can be a drone neutralization system. Moreover, the CR incorporates mechanisms enabling the seamless integration of FRs’ teams and local police with CI managers, providing just-in-time information sharing to FRs and rescue teams using the most appropriate communication channels at the right moment, minimizing information overload.