Upload
mimi
View
29
Download
0
Embed Size (px)
DESCRIPTION
RIUNIONE ESPLORATIVA PER UNA CANDIDATURA ITALIANA ALL’INIZIATIVA EUROPEA ERN-CIP CYBERSECURITY. ENEA – Lungotevere Thaon di Revel, 76 – ROMA. Esperienza maturata in ERSE. G. Dondossola ERSE – Dpt. Sviluppo Sistema Elettrico. 9 Luglio, 2009. Background. Periodo: 20 anni Settore: elettrico - PowerPoint PPT Presentation
Citation preview
RIUNIONE ESPLORATIVA PER UNA CANDIDATURA ITALIANA
ALL’INIZIATIVA EUROPEA ERN-CIP CYBERSECURITY
ENEA – Lungotevere Thaon di Revel, 76 – ROMA
Esperienza maturata in ERSE
G. Dondossola
ERSE – Dpt. Sviluppo Sistema Elettrico
9 Luglio, 2009
2
Background
• Periodo: 20 anni• Settore: elettrico• Aree di attività
1. Specifiche formali, Validazione e Verifica Sistemi Real Time
2. Sistemi Distribuiti, Reti di comunicazione, Architetture ICT Automazione Stazione e Sistemi SCADA
3. Performance, Dependability, Cyber Security CIIP
4. CIIP - Risk Assessment
5. CIIP - Testbeds
Sistemi RT
AutomazioneSCADA
CyberSecurity
RiskAssessment
Testbeds
Critical Information Infrastructure Protection – Critical Information Infrastructure Protection – CIIPCIIP
Infrastructures owned/operated/used by Power UtilitiesInfrastructures owned/operated/used by Power UtilitiesFundamental Fundamental to nationalto national and and internationalinternational
Security Security EconomyEconomy
Quality of lifeQuality of life
PCS – ResTestLab
PCS – ResTestLab
PCS – ResTestLab
PCS - ResTest
8
CRUTIAL is a RTD Project in the area of Critical Information Infrastructure Protection launched by the European Union under the Information Society Technologies priority of the Sixth Framework Programme.
The project addresses new networked ICT systems for the management of the electric power grid, in which artefacts controlling the physical process of electricity transportation need to be connected with information infrastructures, through corporate networks (intranets), which are in turn connected to the Internet.
CESI RICERCA
electricity grid
communicationnetwork
Critical Utility InfrastructurAL ResilienceCritical Utility InfrastructurAL ResilienceFP6-2004-IST-4-027513 http://crutial.cesiricerca.it
modelling interdependent infrastructures
resilient to both accidental failures and malicious attacks
CRUTIAL’s innovative approach resides in
attempting at casting them into new architectural patterns
ObjectivesObjectives Investigation of models and architectures that cope with openness, heterogeneity and evolvability endured by electrical utilities infrastructures
Analysis of critical scenarios which ICT faults provoke serious impact on the controlled electric power infrastructures
Evaluation of distributed architectures enabling dependable control and management of the power grid
Work PackagesWork Packages
WP1 Identification and description of Control System Scenarios
WP2 Interdependencies modelling
WP3 Testbed development
WP4 Architectural solutions
WP5 Analysis and evaluation of Control System Scenarios
WP6 Dissemination
WP7 Management
Standards• NERC, IEC, IEEE, NIST, ISA• IEC 62351 - TC 57 WG 15 – Network Security, Protocol Security• ISA WG4 TG5 – Security Metrics • Cigrè – WG D2.22 – Information Security
1. Å. Torkilseng, S. Duckworth: "Security Frameworks for Electric Power Utilities - Some Practical Guidelines when developing frameworks including SCADA/Control System Security Domains", Electra, No. 241, December 2008.
2. G. Dondossola: “Risk Assessment of Information and Communication Systems - Analysis of some practices and methods in the Electric Power Industry”, CIGRÉ Electra, No. 239, August 2008.
3. M. Tritschler, G. Dondossola: “Information Security Risk Assessment of Operational IT Systems at Electric Power Utilities”, Paper D2-01 D03, Cigré D2 Colloquium, October 21-22, 2009, Fukuoka, Japan.
4. A. Bartels, L. Piètre-Cambacédès, S, Duckworth: “Security Technologies Guideline – Practical Guidance for Deploying Security Technology within Electric Utility Data Networks”, Electra, No. 244, June 2009.
5. L. Piètre-Cambacédès, T. Kropp, J. Weiss, R Pellizzonni: “Cybersecu rity standards for the electric power industry – a survival kit” – Paper D2-217, CIGRÉ Paris Session 2008, France
6. G. Ericsson, A. Bartels, D. Dondossola, Å. Torkilseng: “Treatment of information security for electric power utilities – progress report from Cigré WG D2.22” Paper D2-213, Cigré Paris 2008 Session, France
11
Cyber Risk Assessment Tools
Exploitation• at industrial level
– To support the sector industry – decision processes and technological development - with security know-how
– To set-up and experiment realistic attack scenarios– To mitigate the vulnerabilities of the standard application protocols (e.g. IEC
60870-6, IEC 60870-5-104, IEC 61850)– To facilitate the development of cyber security standards, guidelines and
practices for industrial usage (e.g. NERC,, IEEE, NIST, ISA, IEC 62351 under development by the WG15-TC57)
– To assess the capability of secure and redundant architectures to tolerate the threat hypotheses
– To develop advanced technological solutions and tools– To offer a cyber security testing infrastructure for advanced SCADA,
automation and control systems– To support risk assessment with statistics from experiments– To support on-line security analysis with monitoring, detection and recovery
modules• at research level
– To feed in model based evaluations with experimental measures
13
Sicurezza Elettrica Piani di difesa
flessibili/integrati/multioperatore
Esercizio Sistema Elettrico
Risk Management
Linee di difesa stratificate controlli stratificati
Protezione ICT
Sicurezza Infrastruttura Elettrica