Cosimo Palazzo scite author profile

Santini

et al. 2015

HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

From Detecting Cyber-Attacks to Mitigating Risk Within a Hybrid Environment

Masucci

et al. 2019

IEEE Systems Journal

Telecommunication networks based on commonplace technologies (such as Ethernet) often constitute a vulnerable attack vector against modern Critical Infrastructures (CIs), particularly for Supervisory Control and Data Acquisition (SCADA) systems, which rely on them for monitoring and controlling physical components. This article presents a unique platform that encompasses a range of capabilities, from cyber attack detection to mitigation strategies, through interdependency and risk evaluation. The platform is made of two main components: a cyber attack detection subsystem and a risk assessment framework. Both blocks are innovative from a research point of view and they have been developed and customized to fit the CIs' features, that are completely different from telecommunication networks. This platform has been tested on a hybrid environment testbed, made of virtual and real components, within the scope of the EU FP7 CockpitCI and EU H2020 ATENA projects. The case study corresponds to a medium voltage power grid controlled by a SCADA control center, where the platform has been validated with optimal results in terms of detection capabilities and time response. Index Terms-cyber attack detection risk assessment, decision support systems, cyber-physical systems, supervisory control and data acquisition (SCADA) I. INTRODUCTION T HE concept of Critical Infrastructure has been changing over the past years. This notion, which was mainly related to the public sector during the 1980s [1], was redefined as a matter of national security [2] during the 1990s, and particularly after 9/11. This comes as no surprise, as CIs are the key assets, systems or networks of our lives; their partial destruction would have a negative effect on security, economy and public health. With time, the definition of CI has been extended to include other services. The concept of "lifeline system" was developed to evaluate large and geographically distributed networks, such as electric power, gas and liquid fuels, telecommunications, transportation, waste disposal and water supply. Thinking about CIs through the subset of lifelines helps clarify common

Managing decisions for smart grid using interdependency modeling

Imbrogno

et al. 2016

Critical infrastructures are vital complex systems for our lives. Electrical grids, gas pipelines, telecommunication networks and transportation roads are examples of those critical infrastructures. Furthermore, critical infrastructures are tightly interconnected one to another, and their interdependencies are more evident during adverse events, such as faults, natural disasters or cyber attacks. Making smart decisions is a hard task for operators. This paper wants to suggest a complete procedure for helping critical infrastructure operators in managing assets during adverse events. CISIApro simulator is an agentbased simulator able to evaluate the risk associated with the consequences of adverse events. The agent ability to produce resources is summarized into the concept of operative level. The output of CISIApro, related to the power infrastructure, is used as input of the unit commitment algorithm as an example of decision making algorithm. In this paper, the unit commitment includes network topology security constraints and a risk-based objective function. This process is validated by means of a reference scenario made of four interconnected infrastructures, within a regional area. Results are presented in order to understand how unit commitment can suggest different solutions based on different risk assessment

Enhancing Decision Support with Interdependency Modeling

Masucci

et al. 2016

Smart Behavioural Filter for Industrial Internet of Things

Corbò¹,

Foglietta²,

Palazzo³

et al. 2017

Mobile Netw Appl

We are currently experiencing the fourth industrial revolution. This is what the German government initiative, first, has identified with 'Industry 4.0'. The manufacturing future will be marked and will go through the new automation technologies that are being introduced with Industrial Internet of Things (I2oT). Industrial Control Systems (ICSs) are exploiting I2oT for reducing costs and improving efficiency. However, ICSs are already jeopardized by an increasingly large set of threat vectors. Those threats are used by malicious actors to misuse physical Critical Infrastructures that usually are vital services for well-being. I2oT implementation increases the threat surface, generating new possible vulnerabilities.Information Technology (IT) classical approaches to cyber attacks cannot be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs (Programmable Logic Controllers) is proposed aiming to secure the PLC itself against logic attacks, that are stealth for other more classical security approaches. An example of the considered logic attacks is many open and close commands towards a valve in a short time. Those logic attacks are usually a sequence of well-formed packets in which the content

Evacuation Management Multi-Criteria Risk Assessment Based

Masucci¹,

Palazzo²,

Panzieri³

2018

Smart Environment Monitoring Testbed

Masucci

et al. 2018

Smart Behavioural Filter for SCADA Network

Corbò

et al. 2017

Industrial Control Systems (ICS) are jeopardized from a large set of threat vectors, which exploit their vulnerabilities in order to impact the physical Critical Infrastructures they control. The Information Technology (IT) classical approach to cyber attacks can not be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed in order to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs/RTUs is proposed aiming to secure the PLC/RTU itself against logic attacks, that are stealth for other more classical security approaches. Those logic attacks are usually anomaly behaviours, for instance a large number of open/close commands towards a valve. This smart field equipment can communicate with other equipment like itself in order to react in short time to cyber attacks and increase the resilience of the physical system. It can also generate alarms for the local Intrusion Detection System (IDS) The proposed equipment has been developed and validated in a real test-bed within the FP7 CockpitCI project. The results are promising.