(the cases of Inmotos and Sesmag projects) by Giorgio Gentile Area Manager at D'Appolonia

1. Concrete applications of interdependency management
(the cases of INMOTOS and SESMAG projects)
Giorgio Gentile
D’Appolonia S.p.A.
AN ISO 9001 AND ISO 14001 CERTIFIED COMPANY
www.dappolonia.it

2. Background
Interdependencies among Critical Infrastructures, both intra-domain
and inter-domain, are complex to be understood, analysed and
managed.
Critical Infrastructures risks always change due to new threats,
interdependencies and possible scenarios.
EU Critical Infrastructures have good contingency plans but they are
not always “well proven and optimised contingency plan”, i.e.
evaluated in complex scenarios and taking into account dependencies
with other Critical Infrastructures contingency plans.

3. … no standards currently exist at EU level concerning the approach to
define and adopt Contingency…
…interdependencies among Cis are not taken into account…

4. Background - continued
EU is lacking coordination in the definition of measures to be
undertaken.
It is proven that coordination can compensate investments in security,
by improving the response effectiveness and providing a more effective
means to manage the crisis events.
An improved response, as well as, a more effective response can lead
to a significant reduction in CI harms and a subsequent reduction of
costs to be undertaken to restore the overall system and functions.

5. Background - continued
To enhance CI security the security approach should follow two main
steps.
 The first one is identified by the definition of security policies and
guidelines for their implementation.
 The second step is identified by the implementation of contingency
plans to be adopted in case of need.

6. Security Policies and Guidelines Definition
Currently regulations only exist at national level.
The 2008/114/EC directive has been a tentative approach for a EU
wide regulation in terms of policies and guidelines.
Security Policies are used to define the security objectives which a
system should be subject to. Security Policies are custom defined by
each Owner/Operator according to the existing (if any) national
regulations.
A set of guidelines addressing how to define a security policy and how
to implement it would be effective.

7. Contingency Plans
Contingency Plans are used to establish a solid reference of the
actions to be undertaken in case of emergency, to mitigate the disaster
effects or to restore the system functionalities.
Contingency Plans effectiveness and efficiency are difficult to be
measured and sometimes it is really expensive. Propagation of positive
effects is difficult to be assessed.

8. THE INMOTOS CASE

9. Background
• On 2007, the Council established the specific Programme
"Prevention, Preparedness and Consequence Management of
Terrorism and other Security related Risks for the Period 20072013”
• On September 2008 the Commission adopted the “2009 Annual
Work Programme”, specifying its specific objectives and thematic
priorities
• The Call for Proposals purpose was to award grants to transnational
and/or national projects that contribute to the development of the
"European Programme for Critical Infrastructure Protection"
(EPCIP)

10. Objectives
 Definition of a common taxonomy for
interdependencies and contingency plans;
critical
infrastructures
 Definition of a methodology for risk assessment of critical
infrastructures interdependencies and contingency plans based on
simulation;
 Design and development of tools for critical infrastructures
interdependencies and contingency plans modelling, simulation and
risk evaluation
 Analysis and validation of contingency plans in complex scenarios
taking into account both intra-domain and cross-domain
interdependencies

11. Contingency Planning…
Contingency Plan definition is A MUST for business continuity
assurance and for disaster recovery.
Defining a contingency plan requires:
 To have experience
 On the CI under analysis
 On the measures identified and their effectiveness
 Extensive analysis
 Extensive knowledge of historical events
 To be maintained and reviewed/improved
It’s difficult to taylor the Contingency Plan in order to make it effective,
especially with regard to the costs.

12. …in the Oil&Gas Field
ACTIVE MONITORING
•
•
Precise formulas exist
Well defined parameters to be
monitored
–
–
•
•
Correct functioning of the system
Service Level Agreement measures
Monitoring to be carried out by
men
SCADA systems are used to
monitor some parts of the system
P decrease at CS
(Deviation Detection)
is
pressure
decrease due to
a normal load
variation?
Yes
Activities can proceed
Normally without additional
actions
No
Verify the instruments
functionality in C.R. and on
field
are the
instruments
working?
No
Repair the instruments.
Activities can proceed normally
Yes
Verify the Flowrate at RT
is
the flowrate
decreasing?
No
Yes
Initialize Emergency Notification
to ERT Coordinator.
___
Possible Leak in Zone "1", “2” or
Zone "3"
Start further verifications and
checks.
Activities can proceed normally
if within the operating limits

13. …in the ICT Field
•
•
•
•
Main measures are referred to availability and performance of the whole
system
Monitoring is mostly automatic
Actions to be performed are mostly automatic
Effectiveness is easier to be evaluated

14. INMOTOS Approach
The main focuses for the INMOTOS project are represented by the
interdependencies among infrastructures and the contingency plans
adopted in case of emergency.
Both the Critical Infrastructures and the Contingency Plans are
modeled as Coloured Petri Nets (CPN).
The assessment of CI risks and validation of Contingency Plan is
performed by simulating their behaviour against a likely scenario.
Risk is evaluated at different layers and be seen as an aggregation of
lower risks level (top-down or bottom-up approach).

15. What’s available

16. What’s available

17. Interaction with Simulation Framework

18. THE SESMAG CASE

19. Project Objectives
•
SESMAG aims at ensuring a low cost and replicable study for the
evaluation and implementation of a minimum set of security requirements
to increase Smart Grids security and resilience.
•
The study aims at providing a set of guidelines to define how to implement
secure smart grids and, on a scenario basis, a set of
requirements/measures to be implemented by the stakeholders.
•
Such an approach will allow for a convergent approach across Europe
towards a secure implementation of the Smart Grids and of the energy
infrastructures, ensuring a more reliable energy production and distribution
across the network.
•
The project outcome will ensure an increased resilience of the energy
networks to cyber attacks and physical outages due to mis-configuration of
the connected producing systems or unbalanced distribution and
production algorithms.

20. Proposed Objectives
• SESMAG Project should:
–
–
–
–
Analyse the currently deployed situation and the applicable best practices
Define a catalog of current vulnerabilities, threats/hazards and countermeasures
Perform a risk assessment
Define a set of guidelines for Secure and Resilient Smart Grids implementation
An IT support tool will be developed to support
the user in the analysis of the deployed grid.

21. Approach

22. Brussels
Podgorica
Beijing
Seoul
Cairo
Istanbul
St. Petersburg
Abu Dhabi
Rome
Milan
Viareggio
Naples
Brindisi
Palermo
D’Appolonia S.p.A.
Headquarters:
Via San Nazaro,19
16145 Genova – Italy
Tel. +39 010 3628148 Fax +39 010 3621078
E-mail: dappolonia@dappolonia.it
Web site http://www.dappolonia.it