Periodic Reporting for period 2 - ATENA (Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures)
Période du rapport: 2017-11-01 au 2019-05-31
ATENA aims to increase operator and customer awareness, thus facilitating a multi-services approach introducing new paradigms and architectures for their Industrial and Automation Control Systems (IACS). The main objective of the ATENA project is to improve efficiency and resilience capabilities of modernized CI, against cyber-physical threats (such as malicious attacks, errors or unexpected faults) which may affect IACS, corporate networks or simple ICT devices.
As tangible results, the ATENA project produced a set of tools that, implementing innovative models, methodologies, and algorithms for security assurance, and interacting with the available smart components of a CI, will increase the level of cyber-physical security of CI. The tools range from modelling software tools that simulate the behaviour of CIs, to “slow-loop” solutions aimed to continuous prevention, to “fast-loop” solutions for rapid detection and reaction strategies.
This result has been proved as a quantifiable benefit for the End Users that operate a CI in terms of unavailability time and recovery costs. In particular, partners in the consortium are end users directly managing CI in the domains of water distribution, gas transmission and distribution, and energy generation, transmission and distribution. The ATENA tools have been assessed and validated by means of field trials in industrially relevant domains and application scenarios.
• Design a consolidated ATENA general Reference Architecture.
• Define methodologies and tools for risk analysis applied to CIs.
• Define new metrics to quantify the security of the CI domain, for a sound definition of the vulnerability handling process, the risk analysis process and the security assurance process.
• Define algorithms to compute optimal configurations to improve the security and resiliency of the CI’s underlying IACS.
• Define a model-based strategy for identification of faults or attacks in Cyber-Physical systems.
• Define optimal mitigation strategies and rank-based reaction strategies in the Decision Support System for CI efficiency against faults or attacks.
• Design a Distributed Intrusion Detection System to fulfil the needs of IACS.
• Design detection agents and security components of the Cyber-Physical IDS.
• Design a Big Data-based Security Information Event Management (SIEM), to provide a dataframe for forensics and auditing purposes.
• Design distributed extensions of IACS devices, for rule-based filtering of device commands.
• Define a Software Defined Security subsystem that integrates ATENA functionalities to dynamically and proactively react to faults or attacks
• Define the validation strategy and the use cases customization.
The ATENA’s approach is focused on the definition of methodologies for controlling physical flow efficiency while improving robustness and resilience of interconnected CIs against a wide variety of cyber-physical threats, such as malicious attacks or unexpected faults, which may affect industrial control systems, corporate networks or single devices.
These objectives are achieved by developing:
1. new anomaly detection strategies, new security levels and reaction evaluation methodologies, specifically designed for distributed cyber-physical environments
2. new metrics and automatic tools to support the choice of the best configuration of CIs in order to balance security with CI operators’ constraints and priorities
3. ad-hoc models to control physical flow efficiency and to improve resilience across CIs
4. a suite of new integrated ICT networked components for detection and reaction in the presence of adverse events.
Design and development of the ATENA platform were driven by the security needs of the energy and water sectors. Professional end users validated project results by applying ATENA tools in real-life business-oriented use cases for electricity, gas and water distribution. However, due to its modular design and the use of standard interaction technologies, most of ATENA’s methodologies and tools may be easily adapted to other domains.
The ATENA platform is designed to continuously suggest actions on operational (OT) and information (IT) networks, but executes actions under the operators’ supervision - this means that the default operation mode is based on a human-in-the loop paradigm by default, unless configured otherwise.
Installation of the ATENA platform leaves the OT network unchanged and integrates seamlessly into existing IT networks, preserving existing CI investments.
In addition, ATENA has been defined in a modular way to adapt to user environments and needs.
The ATENA project presents an effective solution to ensure an adequate level of robustness and resiliency while accommodating the diffusion of new technologies into modern CIs.
The innovation strategy of ATENA is to enhance and support the “prevent-detect-react” approach against adverse events by developing methodologies, active agents and interoperable tools that may complement and improve pre-existing industrial control systems with advanced features.
The ATENA platform is composed of interoperable (possibly distributed) modules that actively support the CI operators with:
• Prevention: tools to assess/evaluate the potential threats that affect system assets and to identify, one by one, the optimal preventive countermeasures to put in place to guarantee a desired security level
• Detection: a distributed and resilient Intrusion and Anomaly Detection System (IADS) using Big Data technology to detect anomalous behaviour early and monitor the current state of the cyber-physical system
• Analysis: a set of tools to understand risk and ongoing situation using advanced models of interdependent CIs, to assess the cascading effect of adverse events and the expected degradation of quality of service
• Decision: online strategies provided to CI operators for preparedness and mitigation of the possible threats
• Reaction: reaction strategies to be suggested and eventually executed (human-in-the-loop paradigm) to mitigate the consequences of detected dangerous anomalies, also taking into account the potential of Software Defined Security technology.