The daily lives of citizens depend on the reliability of Critical Infrastructure (CI) to provide essential services such as energy and water. Over recent years, systems for controlling CIs have become more complex with devices increasingly interconnected; a trend likely to continue as we move towards the ‘Internet of Things’. With CIs continually exposed to threats, especially cyber attacks, this has serious implications for security, particularly for the energy sector which is ranked one of the most impacted sectors with the highest incident costs. Any such attacks would likely have knock-on effects for a country’s overall economy and the lives of its citizens. The EU-funded ATENA (Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures) project developed interoperable tools to complement and improve pre-existing industrial control systems. These were principally: security assessments and decision making support tools, models and simulators for evaluating the behaviour of interdependent networks after a fault or cyber attack, anomaly detection strategies and reaction evaluation methodologies, along with a software suite to rapidly detect anomalies and rank possible countermeasures.
The ‘prevent, detect, react’ approach
Modern CIs are inherently complex systems of systems, connecting both physical elements (such as pumps and valves) and cyber elements (such as the software components that control pumps and valves). Moreover, as CIs nowadays are more interdependent, a failure in one system may have unexpected cascading effects on others. “As attacks are unpredictable, it isn’t sufficient to simply protect assets independently by strengthening cyber security against known attacks and methods. This would leave operators on the back foot and the wider system vulnerable to motivated attackers. We need a more comprehensive and proactive approach,” explains project coordinator Paolo Pucci. The ATENA system combined the best elements of many different standard methodologies (e.g. OSSTMM, Common Criteria and CVSS), with the resultant suite of tools composed of interoperable modules to support CI operators. The prevention tools assess/evaluate threats that affect system assets, identifying the optimal preventive countermeasures to adopt. Detection involves an Intrusion and Anomaly Detection System (IADS) using Big Data technology. Analysis comprises of a set of tools to understand risk and impact using advanced modelling of interdependent CIs. Finally, reaction strategies are suggested to operators to mitigate severe consequences, including re-configuring network security. ATENA benefited from ideas and prototypes developed from the EU-funded MICIE and CockpitCI projects, improving models of electricity generation and distribution networks and complementing them with models for water and gas, which were integrated into ATENA’s simulators. Additionally, some of the early ATENA prototypes (such as the risk prediction and anomaly detection tools) grew from these previous projects.
Ensuring robustness and resilience
The system was tested in a simulated operational environment against specific use cases involving two or more different interdependent CIs (e.g. a gas turbine generating electricity for smart homes or water pumps fed by an electric power distribution network). “The results indicated that our approach does improve the robustness and resilience of interconnected CIs, helping operators choose the best configuration and supporting the work of the European Programme for Critical Infrastructure Protection (EPCIP),” says Pucci. In cooperation with industry players, ATENA partners are currently finalising the engineering and certification steps necessary for the project’s solutions to be market-ready. Additionally, some partners are now looking to enhance and adapt their methodology and tools for 5G telecommunication networks.
ATENA, critical infrastructure, hack, cyber attack, mitigation, Internet, threat, energy, Big Data, risk