INSPIRE INCO was supported via a complex funding scheme across funding bodies (NSF, EU) but made possible e.g. to have access to critical power data from the US and compare with EU. It led to a follow-up project MASSIF, where representatives attended the Canada-EU Future Internet Workshop and Bell Canada has now officially joined MASSIF Advisory Board, and is actively contributing to the project.
1. North American collaborations via
INSPIRE/MASSIF
Luigi Romano
CINI (Consorzio Interuniversitario Nazionale per
l’Informatica)
luigi.romano@uniparthenope.it
Internet of Services 2011: Collaboration meeting for FP7 projects
International Collaboration session
Brussels September 29, 2011
2. Roadmap
Evidence that Critical Infrastructures (CIs) are vulnerable
to cyber-attacks
Focus on Power Grids, but true in general
How we combined detection, diagnosis, and remediation
for protecting CIs from cyber-attacks
The INSPIRE project
Our experience with International cooperation initiatives
The INSPIRE INCO project
Collaboration objectives
The MASSIF project
Contact Info
4. Basic Concepts
Power Grid (tentative definition): an interconnected
network for delivering electricity from suppliers to
consumers, which is synchronous with a given phase
Phasor: complex number that represents both the
magnitude and the phase angle of the sine waves found
in electricity
Synchro-Phasors: phasor measurements that occur at
the same time
Phasor Measurement Unit (PMU): device which
collects Synchro-Phasors to determine the health of the
power grid (using a GPS radio clock)
5. Results in a nutshell
1
Administrator
2 4
LAN
Power Synchro Phasor Phasor
Grid device 3 Data Concentrator
1) Password Eavesdropping
2) Weak Policies on Password selection/maintenance, device
fingerprinting possible (and relatively easy)
3) Unreliable channels (wrt both integrity and availability)
4) Poor input validation
6. Security Analysis of a commercial Synchro-
Phasor - Passwords
Password Management
Multilevel Security:
0, 1, B, P, A, O, 2, C
After a pre-defined time, security level is downgraded to 0
(def. 5 min)
Security evaluation results
Default passwords are simple and can be found in most
common dictionaries
No constraints for password selection
All levels can share the same password
No aging mechanism
All passwords can be manually reset
8. SQL Injection attack
to an Open Source PDC
protected override void ProcessMeasurements(IMeasurement[] measurement {
foreach (IMeasurement measurement in measurements)
{
// Create the command string to insert the measurement as a
record in the table.
StringBuilder commandString = new
StringBuilder ("INSERT INTO Measurement VALUES ('");
commandString.Append (measurement.SignalID);
commandString.Append ("','");
commandString.Append ((long)measurement.Timestamp);
commandString.Append ("',");
commandString.Append (measurement.AdjustedValue);
commandString.Append (')');
MySqlCommand command = new MySqlCommand
(commandString.ToString(),
m_connection);
command.ExecuteNonQuery();
}
m_measurementCount += measurements.Length;
}
12. A bird’s eye view of INSPIRE
Peer-to-peer
overlays
P2P
MPLS
Wireless Sensor
Networks
Offline Security
Framework
13. INSPIRE main results
Analyzed vulnerabilities which affect SCADA systems
Analyzed dependencies between CIs and the underlying
communication networks
Designed a self-reconfigurable architecture, suited for
SCADA systems
Developed diagnosis and recovery techniques, suited for
SCADA systems
Provided SCADA traffic with Quality of Service (QoS)
guarantees
15. INSPIRE-INCO in a nutshell
Proposal: 248737
Acronym: INSPIRE-International (Cooperation)
Program: FP7
Call: FP7-ICT-2009-4
Funding scheme: Small or medium-scale focused
research project -STREP - CP-FP-INFSO
Duration: 12 months (October 1, 2009 - September 30,
2010)
Activity: ICT-4-9.2 - Supplements to support International
Cooperation between ongoing projects
16. The Consortium
Europe (INSPIRE):
CINI, Consorzio Interuniversitario Nazionale per l’Informatica -
Coordinator (Italy)
TUD, Technical University of Darmstadt (Germany)
ITTI, ITTI Sp.zo.o. (Poland)
http://www.inspire-strep.eu/
US (GridStat):
WSU, Washington State University (USA)
http://www.gridstat.net/
17. The Funding Scheme
Funding for International Funding for Research:
Funding for Research:
Cooperation: EC Grant 225553
NSF Grant 0326006
Extension to NSF Grant
0326006
Funding for
Mobility:
EC Grant 248737
21. The MASSIF project
Multi-domain
parallel-running Alert and reaction
processes Highly-scalable, dependable and Predictive security analysis generation
multi-level event collection
Actions and
Counter-
measures
Olympic Games Trustworthy event collection
Multi-level security event modeling
Languages
Security
analysis and
EVENTS POLICIES notification
Mobile money
transfer service RELATIONS REACTIONS
Multi-level event
Process and attack
correlation
simulation
Resilient framework
CI Process architecture
Control (Dam) Security-aware
processes
Managed
Enterprise Service Event and Event, Process Models and
Infrastructures Information Collection Attack Models
Resilient event processing and integration
Scenarios
Prototypes Advanced SIEM Framework
22. Collaboration Status
Luigi Romano and Salvatore D'Antonio, participated
in the "Trustworthy Networks and Services" session
on March 24th with two talks, titled "Detection,
Diagnosis, and Remediation: Three Pillars for
Protecting Critical Infrastructures from Cyber-
Attacks" and "Effective Countermeasures Against
Emerging Threats in the Future Internet" .
Bell Canada has shown great interest in the MASSIF
Project and Craig Gibson (Senior Security Advisor)
joined the MASSIF Technical Advisory Board
23. Collaboration Status
Craig Gibson Proposed potential use cases for
the MASSIF project:
Craig Gibson participated MASSIF EB Meeting
in Naples 14-15 September providing early
feedbacks about the project and proposing to
extend the scope of MASSIF to wireless,
wireline, video and mobile applications.
24. Collaborations Plan
Among the scenarios proposed by Bell Canada we plan
to investigate the consequences of GPS spoofing
against Synchrophasor devices.
GPS satellite
GPS spoofer
GPS receiver
Internet
SyncroPhasor
DB
26. More Info
Luigi Romano
luigi.romano@uniparthenope.it
The Fault and Intrusion Tolerant Networked SystemS
(FITNESS)
research group Web site:
http://www.dit.uniparthenope.it/FITNESS/
The INSPIRE and INSPIRE INCO project Web sites:
http://www.inspire-strep.eu
http://www.inspire-inco.eu/
The MASSIF project Web site:
http://www.massif-project.eu