Periodic Reporting for period 2 - InfraStress (Improving resilience of sensitive industrial plants & infrastructures exposed to cyber-physical threats, by means of an open testbed stress-testing system)
Reporting period: 2020-08-01 to 2021-09-30
InfraStress addressed resilience and cyber-physical (C/P) security of Sensitive Industrial Plants and Sites (SIPS) Critical Infrastructure (CI) to improve resilience and protection capabilities of SIPS exposed to large scale, combined, C/P threats and hazards, and guarantee continuity of operations, while minimising cascading effects in the infrastructure itself, the environment, other CIs, and citizens in vicinity, at reasonable cost. InfraStress involved 27 partners of excellence from 11 countries with very cross-cutting and complementary competences and excellent track records, including 5 SIPS operators who successfully conducted real-world piloting and validation activities.
Today, the term “Critical Infrastructure” is well known not only to security experts and researchers, but also to European citizens and professionals from many different fields. Threats and reported attacks to Critical Infrastructure have recently made it into several headlines in mainstream news.
Currently, most Industrial Critical Infrastructure (the SIPS mainly addressed in InfraStress), have high levels of safety. At the same time, the rise of the 'digital everywhere' paradigm (think of how we use our smartphones for almost anything, how our cars have an on-board computer or our houses are protected by an electronic alarm system), poses new challenges. The COVID pandemic, with a dramatic increase of remote work (and 'remote everything) has pushed such 'digital everywhere' even more. Therefore, the borderline between physical and cyber security is thinner and thinner and with so many digital systems and technology driving industrial plants and related infrastructure there is an increased risk of complex, mixed security threats.
In terms of social impacts, industrial CIs like SIPS (and potential attacks or disruptions) have a strong routing in social communities under various socio-economic aspects including in terms of health and environment, jobs, interconnection with other CIs. Protecting SIPS, as InfraStress aims to, means protecting the communities living around those SIPS, in some cases even very large and populated communities. From a social point of view InfraStress is also addressing citizen and civil society involvement, with the aim of promoting a culture of shared collaboration, participation, and trust in the protection of CI.
The InfraStress value proposition is to improve the security and resilience of Sensitive Industrial Plants and Sites (SIPS) and overcoming a ‘silo approach’ related to physical and cyber security. In order to overcome this ‘monochromatic vision’ approach and provide adequate tools to SIPS we decided to give a leading role to our user partners: in fact, the InfraStress solutions are being tested in 5 different Pilot scenarios embracing a representative sample of European SIPS Critical Infrastructure.
Therefore the InfraStress strategic objectives have been to:
- Improve the resilience and the protection capabilities of Sensitive Industrial Plants and Sites (SIPS) exposed to large-scale, combined, cyber-physical threats and hazards
- Guarantee continuity of operations, while minimising cascading effects in the infrastructure itself, the environment, other Critical Infrastructures (CIs), and the citizens in vicinity, at reasonable cost
- Improve the resilience of single SIPS, through an adaptive, flexible, and customisation set of innovative and configurable security measures and tools.
- Enable effective collaboration among SIPS operators, in order to impede the propagation of cascading effects.
- Deliver an open Framework that allows future evolution to easily integrate additional detection technologies, data feeds, analysis and decision support services, and most importantly to effectively integrate existing solutions already deployed at the SIPS CI side.
- Enable full exploitation of the technological innovation potential by supporting a culture of EU SIPS Critical Infrastructure Protection and implementing a human-centric approach, that effectively combines decision support and human expertise.
Today, the term “Critical Infrastructure” is well known not only to security experts and researchers, but also to European citizens and professionals from many different fields. Threats and reported attacks to Critical Infrastructure have recently made it into several headlines in mainstream news.
Currently, most Industrial Critical Infrastructure (the SIPS mainly addressed in InfraStress), have high levels of safety. At the same time, the rise of the 'digital everywhere' paradigm (think of how we use our smartphones for almost anything, how our cars have an on-board computer or our houses are protected by an electronic alarm system), poses new challenges. The COVID pandemic, with a dramatic increase of remote work (and 'remote everything) has pushed such 'digital everywhere' even more. Therefore, the borderline between physical and cyber security is thinner and thinner and with so many digital systems and technology driving industrial plants and related infrastructure there is an increased risk of complex, mixed security threats.
In terms of social impacts, industrial CIs like SIPS (and potential attacks or disruptions) have a strong routing in social communities under various socio-economic aspects including in terms of health and environment, jobs, interconnection with other CIs. Protecting SIPS, as InfraStress aims to, means protecting the communities living around those SIPS, in some cases even very large and populated communities. From a social point of view InfraStress is also addressing citizen and civil society involvement, with the aim of promoting a culture of shared collaboration, participation, and trust in the protection of CI.
The InfraStress value proposition is to improve the security and resilience of Sensitive Industrial Plants and Sites (SIPS) and overcoming a ‘silo approach’ related to physical and cyber security. In order to overcome this ‘monochromatic vision’ approach and provide adequate tools to SIPS we decided to give a leading role to our user partners: in fact, the InfraStress solutions are being tested in 5 different Pilot scenarios embracing a representative sample of European SIPS Critical Infrastructure.
Therefore the InfraStress strategic objectives have been to:
- Improve the resilience and the protection capabilities of Sensitive Industrial Plants and Sites (SIPS) exposed to large-scale, combined, cyber-physical threats and hazards
- Guarantee continuity of operations, while minimising cascading effects in the infrastructure itself, the environment, other Critical Infrastructures (CIs), and the citizens in vicinity, at reasonable cost
- Improve the resilience of single SIPS, through an adaptive, flexible, and customisation set of innovative and configurable security measures and tools.
- Enable effective collaboration among SIPS operators, in order to impede the propagation of cascading effects.
- Deliver an open Framework that allows future evolution to easily integrate additional detection technologies, data feeds, analysis and decision support services, and most importantly to effectively integrate existing solutions already deployed at the SIPS CI side.
- Enable full exploitation of the technological innovation potential by supporting a culture of EU SIPS Critical Infrastructure Protection and implementing a human-centric approach, that effectively combines decision support and human expertise.
InfraStress, started in June 2019 and completed in September 2021, has carried out key activities and achieved all the foundational milestones expected. In particular, 56 technical/scientific deliverables were submitted and included:
- Detailed state of the art and requirements analyses
- InfraStress methodology based on a set of composite indicators of SIPS security and resilience, which will be embedded into the new risk and resilience ISO and CEN standards, and into education and training programs
- InfraStress innovative tools and services aligned with the InfraStress methodology and user requirements
- Integrated Framework based on a modular, scalable architecture and integrating all of the InfraStress technology and tools adapted to the requirements of European SIPS
- Pilot activities which included 5 representative, real-world Pilots from 5 countries
- Launch of the Collective intelligence platform (CoIP) and Advisory Board creating a European community with more than 250 members
- A set of planned and coordinated dissemination activities carried out including website and online presence, articles and scientific publications, participation to conferences and workshops, e.newsletter and a very successful YouTube channel
- Implementation of an Exploitation plan (first version) including detailed market landscape and competition analyses, IP management strategies and business planning activities
- Active contribution to Standardization with the publication of DIN SPEC 91461 as well as best practices in a public deliverable
- Detailed state of the art and requirements analyses
- InfraStress methodology based on a set of composite indicators of SIPS security and resilience, which will be embedded into the new risk and resilience ISO and CEN standards, and into education and training programs
- InfraStress innovative tools and services aligned with the InfraStress methodology and user requirements
- Integrated Framework based on a modular, scalable architecture and integrating all of the InfraStress technology and tools adapted to the requirements of European SIPS
- Pilot activities which included 5 representative, real-world Pilots from 5 countries
- Launch of the Collective intelligence platform (CoIP) and Advisory Board creating a European community with more than 250 members
- A set of planned and coordinated dissemination activities carried out including website and online presence, articles and scientific publications, participation to conferences and workshops, e.newsletter and a very successful YouTube channel
- Implementation of an Exploitation plan (first version) including detailed market landscape and competition analyses, IP management strategies and business planning activities
- Active contribution to Standardization with the publication of DIN SPEC 91461 as well as best practices in a public deliverable
InfraStress advanced beyond the state of the art by firstly concentrating on SIPS which are generally not the specific focus of current research, or at least not at the level of detail and specificity InfraStress addressed. Differently from several current approaches, InfraStress addresses multiple threats and cascading impacts, in particular by proposing an open, integrated, yet adaptable Framework providing integrated Cyber/Physical situational awareness (based on resilience indicators), supporting effective decision-making across the full infrastructure lifecycle and support/tools for stress-testing. To this end InfraStress has utilised and adapted for SIPS innovative capabilities and tools for cyber threats detection. To further enhance progress beyond the state of the art, InfraStress not only provides integrated technological solutions but also fosters a culture of shared collaboration, participation, and trust in the protection of CI.
InfraStress contributed to the impacts of the call topic, Work Programme and EU policy in terms of protection of citizens, society and economy as well as of prosperity, stability and well-being. InfraStress fully adopts the guiding principles of protecting the freedom and security of citizens, engaging society on security issues, ensure actions are underpinned by public engagement and the Sustainable Development Goals. Moreover, InfraStress is contributing to additional impacts at strategic, socio-economic and market levels including a more efficient risk assessment and increased resilience of Industrial Critical Infrastructure providing more cost-effective solutions. This results, from a socio-economic point of view, in better protection of citizens and communities, increased involvement and overall improvement of social security and stability.
InfraStress contributed to the impacts of the call topic, Work Programme and EU policy in terms of protection of citizens, society and economy as well as of prosperity, stability and well-being. InfraStress fully adopts the guiding principles of protecting the freedom and security of citizens, engaging society on security issues, ensure actions are underpinned by public engagement and the Sustainable Development Goals. Moreover, InfraStress is contributing to additional impacts at strategic, socio-economic and market levels including a more efficient risk assessment and increased resilience of Industrial Critical Infrastructure providing more cost-effective solutions. This results, from a socio-economic point of view, in better protection of citizens and communities, increased involvement and overall improvement of social security and stability.