Protection of Critical Infrastructures from advanced combined cyber and physical threats

Damages caused by an attack on a Critical Infrastructure (CI) can be widespread, massive, and highly correlated, affecting multiple sectors of the economy and in summary, the impact of a coordinated physical attack, a deliberate (cyber) disruption of critical automation systems, or even a combined scenario including several kinds of attacks, could have disastrous consequences for the European Member States’ regions economies and social wellbeing in general.
PRAETORIAN has the strategic goal to increase the security and resilience of European CIs, facilitating the coordinated protection of interrelated CI against combined physical and cyber threats. The project provides an installation-specific toolset that supports the security managers of CIs in their decision-making to anticipate and withstand potential cyber, physical or combined security threats to their own infrastructures and other interrelated CIs that could have a severe impact on their performance and/or the security of the population in their vicinity. PRAETORIAN specifically tackles (i.e. prevent, detect, respond and, in case of a declared attack, mitigate) human-made cyber and physical attacks affecting a CI, so the CI operator can appreciate an improved situation awareness and can make a decision on how to activate the protection mechanisms. Moreover, PRAETORIAN also addresses how an attack or incident in a specific CI can jeopardise the normal operation of other neighbouring/interrelated CIs, and how to make all of them more resilient, by predicting cascading effects and proposing a unified response among CIs and assisting First Responder teams.
Specific objectives:
•Evaluate the hazards and minimize their level of risk by assessing the vulnerabilities of targeted sectors and designing adequate security measures
•Improve the understanding of any physical or cyber threats and their consequences in the interdependent network of critical infrastructures
•Improve the resilience of the CIs, their neighbouring population and environment and enable a coordinated response to an attack
•Share with the public pertinent information on the risks associated with an event and the emergency response actions planned to overcome the incident
•Validate the project results in real contexts of interdependent CIs to improve their efficiency, cost-effectiveness and societal benefit
•Ensure compliance of the solutions with the legal, ethical, privacy, and societal principles, including recommendations to policy planners as well as disseminate results to the relevant communities of users, to promote the adoption of the proposed cost-effective solutions beyond the project participants.

Technical outcomes:
- Identification of a comprehensive set of attack scenarios, refined to ensure that, once implemented at the pilot sites, they are both realistic and relevant.
- A flexible toolset architecture, focusing on the PRAETORIAN core modules and their interconnections and Human Machine Interface (HMI) components.
- Design and implementation of the four systems of the PRAETORIAN platform:
1) Cyber Situation Awareness (CSA) system, able to consolidate cyber-relevant information, forecast cyber cascading effects of cyber-events, and provide innovative visualisation tools to improve the Cybersecurity Situation Awareness of security operators at critical infrastructures
2) Physical Situation Awareness (PSA) system, aimed at offering the CI Operators a complete security solution against physical threats/attacks, showing how relevant information about both existing and new sensors and systems (such as Drone Detection and Video Analytics) are integrated.
3) Hybrid Situation Awareness (HSA) system, including digital twins of the CIs under protection; it combines the outcomes of the PSA and CSA systems for ensuring the detection and visualization of the consequences of any kind of threat (Physical or Cyber) that could affect EU CIs. Innovative modules model the behaviour of a real CI and calculate potential cascading effects both in different parts of the CI as well as in another related CI.
4) Coordinated Response (CR) system that supports the security managers of the CIs in the decision-making when an incident occurs. It facilitates the coordination of the emergency plans of the CIs affected by the same incident or suffering from cascading effects propagating from one CI to another.
- Deployment, demonstration and assessment under real conditions of the PRAETORIAN framework based on the use of the proposed tools by the end-users (CI operators and FRs) in 4 pilot scenarios: France, Spain and two in cross-border Croatia/Austria.
Non-technical outcomes:
- Definition of mechanisms for the up-scaling and replication of the PRAETORIAN Framework, providing valuable insights into the benefits and limitations of both processes through lessons learned.
- Policy recommendations dealing with regulatory aspects of the fight against physical and cyberattacks in CIs. Of special relevance, the recent adoption of NIS2 and CER directives, as well as CRA and AI Act.
- Standardization-related activities, concerning information sharing between critical infrastructures using digital tools.
- Dissemination and exploitation activities: two workshops with sister project PRECINCT, two events with EU-CIP project and ECSCI cluster, participation in dedicated events such as PCSCI workshop and RISE-SD. 10 works in conferences and 3 articles in journals have been published.

PRAETORIAN addresses various innovations perfectly matched with the four systems of the PRAETORIAN solution:
•CSA system: forecasting of attacker goals during cyber events, and provides an advanced visualization of the cyberspace, which will allow the operator to understand the situation better, take proactive and efficient decisions, reduce the response time and select the best mitigation action.
•PSA system: automates the recognition, classification and tracking tasks performed by both security cameras and drone-based systems, using AI-based techniques, thus allowing easy and accurate detection of suspicious activities. Integration of a broad plethora of sensors, devices and systems into a single visualization point which incorporates 3D models allows the operator to improve the situation awareness.
•HSA system: combines the information from the cyber and physical domains thus providing a holistic overview of the current security situation and identifying cascading effects beyond those domains, covering both the CI internal environment as well as the interconnected CIs and attacked CI assets. The concept of Generic Digital twin (GDT) is addressed by paying attention to the pilots’ features, providing means to store all the models for given digital twins on each CI, both physical and cyber. Two complementary HMI solutions are provided: a GIS-based visualization tool and a Synoptic Live Diagram tool.
•CR system: centralizes the information coming from the other systems and integrates mitigation actions in the DSS. It incorporates mechanisms enabling the seamless integration of FRs’ teams and local police with CI managers, providing just-in-time information sharing using the most appropriate communication channels at the right moment, minimizing information overload.
10 impacts have been identified based on the fulfilment of project objectives and feedback from end-users, ranked in terms of User experience, Applicability, Information Gain, Social, Economic and SDG.