Personal tools
You are here: Home Project Overview
Log in


Forgot your password?
« May 2012 »
May
MoTuWeThFrSaSu
123456
78910111213
14151617181920
21222324252627
28293031
 

Project Overview

LogoInspire

Concept and project objective(s)

Systems that manage and control infrastructures over very large geographic areas are typically referred to as Supervisory Control and Data Acquisition systems or SCADA systems. SCADA systems make up the critical infrastructure associated with electric utilities, water and sewage treatment plants, and large-scale transportation systems. SCADA can be further controlled in a centralized way by higher level Monitor and Control systems, and then by Central Supervision systems.

SCADA systems are typically composed of: 

  • Sensors, measuring the status of specific system parameters and actuators, used to control the industrial process.
  • RTUs, converting sensor signals to digital data and sending digital data to the Supervisory Station
  • Supervisory Station (also called Control Room or Operation Control Center OCC), where system intelligence is concentrated, gathers data from the facility process and sends commands to the process actuators
  • Communication infrastructure.

The main data flows in SCADA systems are of two types:

  • Status information (upstream, from sensors to the Supervisor through RTUs) and alerts
  • Commands (downstream, from the Supervisor to the RTUs and from the RTUs to the actuators)

 

The move from proprietary technologies to more standardised and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to cyber attacks. Because of the mission-critical nature of many SCADA systems, successful attacks could cause massive financial losses through loss of data or actual physical destruction, misuse or theft. 

The first issue that has to be taken into account is that currently systems controlling security and resiliency of communication infrastructures are generic. Their capability to detect and react to an attack or to a fault are nowadays powerful but generic.

What happens when generic ICT security systems are put in a complex system such as LCCI one? The capability of the security systems to consider potential vulnerabilities, to identify and prevent potential attacks and faults and finally to react to them are for sure not optimized for the specific domain. Moreover in some circumstances a standard reaction to a fault or to an attack could generate more problems over the interconnected ICT systems than the fault or attack itself.

This is the technological context where INSPIRE wants to produce innovation, aiming at studying, designing and developing innovative building blocks to be put under, between and together ICT security systems and process control systems in the specific domain of the LCCIs, in this way improving the overall robustness of the whole ICT infrastructure.

 

INSPIRE will design and implement and as far as necessary integrate several components which will be verified, tested and validated, and finally demonstrated:

  • A method to identify and assess vulnerabilities. This method should be extended in a sense that not only the number and level of vulnerabilities be identified but also the impact on the service provided by the CI (e.g. expected duration of power outage and size of area/ population affected)
  • An ontology to represent the knowledge base of field experts to address the complexity of the systems it copes with.
  • Decision-aid tool using ontology notations and inference engine in order to propose/recommend solutions to the operator.
  • An MPLS-based communication architecture to meet requirements of SCADA systems.
  • Definition of a routing algorithm using traffic engineering techniques to meet requirements of SCADA traffic.
  • Implementation of multi-path techniques to enhance the robustness to attacks to the confidentiality of SCADA traffic
  • A self-configurable (SCADA-communications) architecture for SCADA system resilience:

     ·    design and developing an architectural framework for handling multiple classes of faults and attacks in a SCADA system

     ·    evidence-accruing fault/intrusion tolerance manager to choose and carry out one of multiple recovery strategies,
          depending upon the perceived severity and/or on the adjudged nature of the fault/attack.

  • A P2P like overlay communication architecture for SCADA systems to enhance dependability of data transport by fulfilling the timeliness and reliability requirements for both sensor data and actuator commands in presence of failures/attacks:

     ·    path redundancy and re-routing strategies,

     ·    efficient techniques for secure distributed storage of SCADA data

  • Techniques for diagnosis of attacks and/ or failures and recovery with the capability to

     ·    understand the nature of errors occurring in the SCADA system,

     ·    judge whether and when some actions are necessary, and

     ·    trigger the recovery/reconfiguration/repair mechanisms to perform the adequate actions.

 

 

Project Overview (PDF)

 

 

Document Actions