Periodic Reporting for period 1 - PRECINCT (Preparedness and Resilience Enforcement for Critical INfrastructure Cascading Cyberphysical Threats and effects with focus on district or regional protection)
Reporting period: 2021-10-01 to 2022-09-30
Recent research and emerging solutions focus on the protection of individual CIs (ports, energy distribution, hospitals), however, the interrelationships between CIs has become more complex and managing the impacts of cascading effects and enabling rapid recovery is becoming more pertinent and highly challenging.
To address this challenge, PRECINCT will deliver a framework specification for systematic CI security and resilience management, a cross-facility collaborative management infrastructure enabling stakeholder communities to create AI-based PRECINCT ecosystems and increased resilience support services, a vulnerability assessment tool using serious games, and PRECINCT Digital Twins (DTs). These concepts and capabilities will be validated in four large-scale Living Labs (LLs)and transferability validation demonstrators, where cascading effects will be considered for CI in Multi-Modal Transport, Energy, ICT/Telecoms, threat scenarios.
In full alignment with EU policy, particularly the pillars of the new EU Security Union Strategy for the period 2020 to 2025, PRECINCT is addressing cascading effects in CI system of systems (Multi-Modal Transport, Energy, ICT/Telecoms, Water) and focuses on enhanced resilience including ‘rapid recovery’.
PRECINCT recognises both the increase of combined physical and cyber-attacks due to their interdependencies and the budgetary constraints on public and private sectors requiring
security solutions to be more accurate, efficient, cost-effective, and automated than the ones currently available.
The EU-funded PRECINCT project will connect private and public CI stakeholders in a geographical area to a cyber-physical security management method that will produce a protected territory for citizens and CIs.
The involvement of 11 CIs representing the transport, water, energy and ICT sectors and 2 law enforcement agencies as active project partners, covering different type of CIs (private/public), size and geographical distribution. In 4 Living Labs and 3 Demonstrators more than 20 CIs and first responders, national authorities will participate creating a critical mass for adoption and providing evidence of what is working well, and which components provide clear advantages.
The overall project’s technical objective is to establish an Ecosystem Platform for connecting stakeholders of interdependent CIs and Emergency Services to collaboratively and efficiently manage security and resilience by sharing data, CI Protection models and related new resilience services encapsulated in DTs. In connection with the DTs, the Serious Game approach in PRECINCT will provide a means of identifying vulnerabilities as well as testing and validating new detection and mitigation models and associated services in a real-time real-life context.
In the first year we have achieved our first Milestones. These included development of our Initial technical and business requirements for the PRECINCT solutions, development of a PRECINCT Ecosystem Operational Infrastructure and creation of a Directory of Smart CIP Blueprints. The project also initiated the Digital Twin and first Serious Game prototype in the first LL and kicked off the baseline operational measurements.
• Modelling cascading effects from interdependent CIs for enhanced resilience. PRECINCT will develop an interdependency graph approach, which will serve as a basis for a cascading effects simulation framework. An automaton model will describe the operational states of CIs and a Markov-processes to model their interdependencies. In this way, the model is light-weight and can be instantiated in a straight-forward way and also incorporates the intrinsic uncertainty and randomness of such cascading effects into the simulation. The simulation results will serve as an input for the quantification of resilience measure via the resilience methodological framework and the Serious Game approach.
• Digital Twins (DTs) in support of achieving Cognitive decision support CPSoS capabilities. In PRECINCT discrete-event modelling of the CIs interdependency behavioural aspects are enriched to consider reconfiguration of components or systems. Supervisors will be synthesized based on discrete event models of CI Network subsystems, and models of the requirements that the complete system should satisfy. Relevant models for describing the behaviour of the actors in the LL CPSoS will be used for building DTs in support of achieving cognitive decision-support CPSoS capabilities. New components that arrive will need to identify their behavioural capabilities and requirements such that the DT may do the synthesis online to guarantee a resilient and safely operation. PRECINCT will utilise hardware accelerated Fast-Bayes or Bayesian Neural Nets or Reinforcement Learning algorithms for global optimisation and to update models and ground truths.
• AI & BDA Infrastructure Interactive Visualizations integrated with NLP threat intelligence and Geo-distributed analytics for risk assessment and mitigation. The Visualization Engine aims to comprise a crossplatform visual and analytics tools, supporting the provision of interactive visualizations, including generic and custom components, initially derived from the PRECINCT KGs for people involved in LLs combining visual analytics and augmented reality. A graph module structure will be used to define the connections between different application modules and orchestrate both new resilience workflows and response actions. NLP toolboxes for threat prediction from ASGARD and INSPECTr will integrate Service Agents representing CI services creating new capabilities for predicting risk levels.
• AI-based services component for Early and Zero-day Attack Detection. The application of semi- and unsupervised machine learning techniques to detect anomalies and attack patterns to CIs in a holistic way, not only considering their normal behaviour but also possible impacts on other stakeholders of their value chain or their influenced geographical area. Among the most widely used algorithms, we find Autoencoders, and density estimation methods such as Gaussian Mixture Models and Kernel Density Estimation models. Furthermore, a novel computational intelligence technique, inspired by immunology, called Artificial Immune System(AIS), has emerged as a candidate to identify anomalous behaviour in a network and has achieved excellent results in anomaly detection and intrusion detection systems. AIS algorithms will be full exploited in PRECINCT DTs.