Integrated On-Line Risk Prediction:

Think Globally and Act Locally

Dr. Chiara Foglietta, chiara.foglietta@uniroma3.it

Final Workshop

Rome, December 16th, 2014

Motivation and Background

Power Grid Operating States

Normal State

Restorative

State

Emergency

State

Secure or

Insecure

Violated

Operational

Limits

Blackouts

• Natural calamities

• Component failures

• Protection and control failures

• Faults

• Human errors

• Inadequate security margin

• Gaming in the market

• Missing or uncertain information

• Sabotage or cyber-intrusion

Vulnerability Sources for Power Grids

• Natural calamities

• Component failures

• Protection and control failures

• Faults

• Human errors

• Inadequate security margin

• Gaming in the market

• Missing or uncertain information

• Sabotage or cyber-intrusion

Vulnerability Sources for Power Grids

Blackouts will occur again in the future

• Our power grid is too complex to make it

fail-safe!

The challenge is:

• To prevent the cascading, uncontrolled

spread of an initiating blackout!

• To restore power to affected customers

ASAP!

The Reality

IRP inside CockpitCI system

IRP & Detection Layer & Secure Mediation GW

SCADA

Detection Layer

IRP

Honeypot

& IDS

REMOTE IRP

SMGW

FUSION OF ALL

RISK ALERTS

SMGW

FROM HOLISTIC ASSESSMENT TO COMBINED IMPACT EVALUATION

COMBINED

IMPACT

EVALUATION

(CISIA)

EXTENDED

Situation

Assessment

RISK

LEVEL

SCADA

Operator

SECURITY

Operator

NATIONAL

CONTROL

ROOM

(CERT)

OTHER CIs

OPERATIVE LEVEL

TRANSLATION

CYBER

DETECTION

CYBER

DETECTION

CYBER

DETECTION

SCADA HMI

REMOTE IRP

NATIONAL

CERT

Cyber-

Physical

inferences

Reductionistic decomposition for

cascading effects evaluation Holistic

estimation

QoS Assessment Security Factors

Thanks to Matthieu Aubigny from iTrust Consulting

QoS Assessment Security Factors

Thanks to Matthieu Aubigny from iTrust Consulting

THE MIXED HOLISTIC-REDUCTIONISTIC MODELLING PERSPECTIVE

Intra-Inter-

Infrastructure

homogeneous layer

capturing

interdependencies

Expressions of both

holistic and

reductionistic

models

Behaviours

(physical or logical

or political) not

emerging from

Reductionistic layer

CISIApro: an agent based simulator

Reductionistic decomposition

for cascading effects

evaluation

CISIApro: an output of CockpitCI project

Output

Entity

Maker

Resources

Faults &

Variables

Medium Voltage Electric Grid

Thanks to IEC (Israel Electric Corporation)

Interconnected telecommunication and SCADA network

Thanks to IEC (Israel Electric Corporation)

PortScan attack– Step 1

PortScan attack – Step 2

PortScan attack – Step 3

Syn Flood attack – Step 1

Syn Flood attack – Step 2

Syn Flood attack – Step 3

Increase the situational awareness

of the operator including

information and data that usually

are missing

Integrated Risk Prediction Aim

Smart RTU and Reaction Strategies

SMART Industrial Control Systems

Standard ICS

SMART ICS

Process optimization

Monitor and manage information on all levels

Identify the optimal response strategies in

case of attack or contingency

Perform (or suggest to the operator)

automatic reactions at global level

Coordinate automatic reactions at local level

Smart Extension and Smart RTU

Smart RTU

From/to other SE or IDS

The Smart Extension is an application level commands’ filter device, inserted

in the SCADA communication channel. If the risk level of a cyber attack is

increased, the Smart Extension may block inputs to the RTU (or reduce the

accepted input messages to a minimum), in order to maintain a safe state.

From/to

SCADA

control

PLANT RTU Smart

Extension

Smart Ecosystem and Cluster Awareness

SCADA

Smart Control

Smart

Extension

Smart

Extension

Smart

Extension

Smart Cluster

Detection Layer

IRP

Local IDS &

Honeypot

Put intelligence and logic

reasoning at the RTU level

increasing the reaction strategies

in event of cyber attacks

Smart RTU Extension Aim

• Refine the model of the power grid beyond the topology

analysis and the load shedding procedures.

• Refine the model of the telecommunication network beyond

the “connectivity” model.

• Integrate other CIs in CISIA software such as water

distribution network and gas pipelines.

• Integrate other sources of data into the Integrated Risk

Prediction

• Connect the Smart RTU to the Integrated Risk Prediction

• Standardize rules and countermeasures for the Smart RTU.

Conclusions and Ongoing Works

Any question ?

Dr. Chiara Foglietta, chiara.foglietta@uniroma3.it

Thank you for your attention

Thanks to Roma3 Team:

Prof. Stefano Panzieri, Riccardo Santini, Giovanni Corbò,

Cosimo Palazzo, Simone Palmieri, Antonio Di Pietro,

bachelor students, master students and everyone I forget.