Advanced Tools to assEss and mitigate the criticality of ... · According to the DoA, all the WPs are currently started and in progress, as shown in the following Gantt chart in Figure

H2020-DS-2015-1-Project 700581

Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their

dependencies over Critical InfrAstructures

D1.2 – First Periodic Activity Report

General information

Dissemination level PU

State Final

Work package WP1 Project Management

Tasks Task 1.1

Delivery date 31/03/2017

Version 1.0

The research leading to these results has received funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700581. This document is the property of the ATENA consortium and shall not be distributed or

reproduced without the formal approval of the ATENA governing bodies.

Type H2020-DS-2015-1-Project 700581 Project Advanced Tools to assEss and mitigate the criticality of ICT compoNents

and their dependencies over Critical InfrAstructures Title D1.2 – First Periodic Activity Report

Classification PU

Ref. D1.2 First Periodic Activity Report.docx Page 2 of 38

Editors

Name Organisation

Nazzarena Barbaro, Paolo Pucci FNM

Authors

Name Organisation

Nazzarena Barbaro, Paolo Pucci FNM

Other WP leaders CRAT, ENEA, IEC, ITRUST, UC, UNIROMA3

Reviewers

Name Organisation Date

Tiago Cruz UC 27/03/2017



Classification PU


Executive Summary

The current deliverable is prepared to give the European Commission the requested visibility over the status of the Innovation Action named “Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures” - Grant Agreement Number 700581 (shortly named with acronym ATENA).

In particular, this report provides an overview of the technical progress and achievements in ATENA, covering the first period of the project from 1st May 2016 to 31th March 2017 (eleven months).



Classification PU


Table of Contents

List of figures Figure 1: Timing of work packages ..................................................................................................................... 8 Figure 2: Timing of WP2 ................................................................................................................................... 10 Figure 3: Timing of WP3 ................................................................................................................................... 17 Figure 4: Procedure to elicit the requirements ................................................................................................. 18 Figure 5: Architecture (draft) ............................................................................................................................. 19 Figure 6: Timing of WP4 ................................................................................................................................... 20 Figure 7: Draft macro-architecture of the ATENA cyber-security platform ....................................................... 22 Figure 8: Simplified lambda architecture for the Detection Layer .................................................................... 23 Figure 9: Timing of WP5 ................................................................................................................................... 24

1 Introduction .............................................................................................................................................. 6

1.1 Motivation and Context .......................................................................................................................... 6

1.2 Objectives and Scope ............................................................................................................................ 6

1.3 Document Structure ............................................................................................................................... 6

1.4 Glossary ................................................................................................................................................. 6

1.5 Acronyms and symbols .......................................................................................................................... 6

2 Project objectives for the period.............................................................................................................. 8

2.1 Work Breakdown Structure .................................................................................................................... 8

2.2 Project objectives and planned milestones ........................................................................................... 8

3 Work progress and achievements in the period ................................................................................... 10

3.1 WP2: Resilience and efficiency models for flow prediction across CIs against adverse events on their IACS ............................................................................................................................................ 10

3.1.1 Aim of the WP2 (as in the DoA) ..................................................................................................................... 103.1.2 WP Tasks active in the reference period ........................................................................................................ 103.1.3 Work performed and achieved results ........................................................................................................... 11

3.2 WP3: IACS design for security ............................................................................................................ 163.2.1 Aim of the WP3 (as in the DoA) ..................................................................................................................... 163.2.2 WP Tasks active in the reference period ........................................................................................................ 163.2.3 Work performed and achieved results ........................................................................................................... 17

3.3 WP4: Distributed Awareness ............................................................................................................... 203.3.1 Aim of the WP4 (as in the DoA) ..................................................................................................................... 203.3.2 WP Tasks active in the reference period ........................................................................................................ 203.3.3 Work performed and achieved results ........................................................................................................... 20

3.4 WP5: Distributed Mitigation and Resiliency in Interdependent scenario ............................................. 233.4.1 Aim of the WP5 (as in the DoA) ..................................................................................................................... 233.4.2 WP Tasks active in the reference period ........................................................................................................ 243.4.3 Work performed and achieved results ........................................................................................................... 24

3.5 WP6: Development and Components Integration ............................................................................... 273.5.1 Aim of the WP6 (as in the DoA) ..................................................................................................................... 273.5.2 WP Tasks active in the reference period ........................................................................................................ 283.5.3 Work performed and achieved results ........................................................................................................... 28

3.6 WP7: Validation and evaluation ........................................................................................................... 293.6.1 Aim of the WP7 (as in the DoA) ..................................................................................................................... 293.6.2 WP Tasks active in the reference period ........................................................................................................ 303.6.3 Work performed and achieved results ........................................................................................................... 30

3.7 WP8: Project dissemination and commercial strategy ........................................................................ 313.7.1 Aim of the WP8 (as in the DoA) ..................................................................................................................... 313.7.2 WP Tasks active in the reference period ........................................................................................................ 313.7.3 Work performed and achieved results ........................................................................................................... 31

4 Reached project objectives and milestones .......................................................................................... 36

5 Conclusions ............................................................................................................................................. 37

6 References ................................................................................................................................................ 38



Classification PU


Figure 10: Timing of WP6 ................................................................................................................................. 28 Figure 11: Timing of WP7 ................................................................................................................................. 30 Figure 12: Timing of WP8 ................................................................................................................................. 31 Figure 13: ATENA impact levels ....................................................................................................................... 35

List of table Table 1: Work Packages List .............................................................................................................................. 8 Table 2: Milestones List ...................................................................................................................................... 9 Table 3: List of academic publications .............................................................................................................. 33 Table 4: Deliverables List .................................................................................................................................. 36



Classification PU


1 Introduction

1.1 Motivation and Context

The current deliverable is provided to the European Commission (in the following referred to as EC) as an overview of the H2020 Innovation Action shortly named ATENA - Grant Agreement Number 700581, covering the first period of the project from 1st May 2016 to 31th March 2017 (eleven months, from M1 to M11).

1.2 Objectives and Scope

This document collects the technical progress and achievements in the project, to assess the advances in the Work Packages in terms of activities (concluded or in progress) and of contractual milestones and delivered documents with respect to planned ones.

In coherence with the Description of the Action (DoA) [2], the present document does not cover management elements (that will be covered by companion document D1.3 [3]) or use of resources (that will be covered by companion document D1.4 [4]).

1.3 Document Structure

The document is made of several chapters, which respectively deal with:

• Chapter 1 is the present introduction.

• Chapter 2 defines the project objectives in the period.

• Chapter 3 describes the work progress and the achievements in the period.

• Chapter 4 contains conclusions.

• Chapter 5 contains bibliographic references.

1.4 Glossary

A glossary of the main terms adopted in the project is available in deliverable D2.1 [5]. For the sake of maintenance, manageability and completeness, the reader is also invited to refer to the project-level separate glossary document (i.e., D2.0 ATENA glossary) – a non-contractual document that we are hosting on ATENA web site (https://www.atena-h2020.eu/) for public use.

1.5 Acronyms and symbols

Acronym or symbols

Explanation

ANN Artificial Neural Networks

APT Advanced Persistent Threat

CAIDI Customer Average Interruption Duration Index

CI Critical Infrastructure

CISIA Critical Infrastructure Simulation by Interdependent Agents

CPIDS Cyber-physical IDS

CPS Cyber Physical System



Classification PU


DoA Description of the Action

DCS Distributed Control Systems

DG Dispersed/Distributed Generation

DHIDS Distributed Heterogeneous IDS

DSS Decision Support System

EC European Commission

ESS Energy Storage System

EU European Union

FCA Forensics and Compliance Auditing

GA Grant Agreement

HEDVa Hybrid Environment for Development and Validation

HV High Voltage

IACS Industrial and Automation Control System

ICS Industrial Control Systems

ICT Information & Communication Technology

IDS Intrusion Detection System

IoT Internet of Things

IP Internet Protocol

IPR Intellectual Property Rights

KPI Key Performance Indicator

M Month

MQ Message Queuing

MV Medium Voltage

PLC Programmable Logical Controller

Por Pressure out of range

QoS Quality of Service

RES Renewable Energy Source

RTU Remote Terminal Unit

SCADA Supervisory Control and Data Acquisition

SAIDI System Average Interruption Duration Index

SAIFI System Average Interruption Frequency Index

SIEM Security Information Event Management

SVM Support Vector Machines

TCP Transmission Control Protocol

US United States of America

WBS Work Breakdown Structure

WP Work Package



Classification PU


2 Project objectives for the period

The ATENA first interim review period covers months from M1 to M11, spanning from May 2016 to March 2017. The ATENA project has an overall length of 36 months, so the present report covers less than a third part of the project timeline.

To ease the reader, in section 2.1 the overview of the project WBS is reported, and a Gantt chart for the period of interest of the present report.

In section 2.2 the project objectives and planned milestones of the period are summarized.

2.1 Work Breakdown Structure

The WBS of the project is shortly displayed in the following Table 1:

WP no.

WP Title Lead Beneficiary

Start Month

End Month

WP1 Project Management FNM 1 36

WP2 Resilience & Efficiency models for flow prediction across CIs against adverse events on their IACS

ENEA 1 36

WP3 IACS design for security CRAT 1 30

WP4 Distributed Awareness UC 5 30

WP5 Distributed Mitigation and Resiliency in interdependent scenario

UNIROMA3 3 30

WP6 Development and components Integration FNM 9 36

WP7 Validation and evaluation IEC 3 36

WP8 Project dissemination and commercial strategy ITRUST 1 36

Table 1: Work Packages List

According to the DoA, all the WPs are currently started and in progress, as shown in the following Gantt chart in Figure 1:

Figure 1: Timing of work packages

2.2 Project objectives and planned milestones

The planned project objectives to be completed (at least in a preliminary version) in the first period (M1-M11) are:

Obj1. Prepare the plans for the activities to be done during the whole project lifetime, since the earlier phases, for what regards quality management, training, dissemination, communication, and impact assessment.

Obj2. Prepare a project website for showing the project results to the general public.



Classification PU


Obj3. Assess the state of the art of CIs in the domains of interest of ATENA, and identify the CI elements available in the real CI systems of ATENA, to build the context where ATENA research will be done, applied and evaluated.

Obj4. Identify scenarios and cases of use where ATENA research will be done, applied and evaluated.

Obj5. Identify specifications and requirements for the overall ATENA system and for the Decision Support System.

Obj6. Prepare reports for describing the advances from the technical, management, financial and impact assessment points of view, for the first interim review.

The following list highlights the other activities that have been started and are in progress in M11, and that contribute to objectives that will be completed in the next periods:

Act1. Prepare the models to analyse the interdependencies among domains of interest.

Act2. Design a preliminary ATENA general Reference Architecture.

Act3. Define the Requirements and a Reference Architecture for the on-line Cyber-Physical IDS.

Act4. Design detection agents and security components of the Cyber-Physical IDS.

Act5. Define a model-based strategy for identification of Faults or Attacks in Cyber-Physical systems.

Act6. Define optimal mitigation strategies for CI efficiency against faults or cyber attacks.

Act7. Define rank-based reaction strategies into the Decision Support System.

Act8. Plan the development strategy of the main components of the ATENA tools suite.

Act9. Define the validation strategy and the use cases customization.

Act10. Define the plan for exploitation and business model development.

Act11. Study preliminary constraints for the protection of property rights.

The list of the planned milestones in the period is described in the following table (see also section 1.3.4 WT4 List of milestones in [2]).

MS no.

Milestone title WPs involved

Due Month

Means of verification Delivery Documents

MS1

Quality, training, dissemination and communication plans ready

WP1, WP8 3

• Quality plan (D1.1) ready

• Training, dissemination and communication plans (D8.1) ready

D1.1, D8.1

MS2 SoTA interim assessment

WP2, WP3, WP5

6 • SoTA interim assessment (D2.1)

completed D2.1, D3.1,

D5.1

Table 2: Milestones List



Classification PU


3 Work progress and achievements in the period

This section report, for each work package active in the reference period (except for project management which will be addressed in D1.3 [3]), the following information:

• the status of the work package at task level;

• the achieved results;

• deviations from the DoA.

3.1 WP2: Resilience and efficiency models for flow prediction across CIs against adverse events on their IACS

3.1.1 Aim of the WP2 (as in the DoA)

The objective of this Work Package is to develop a unified modelling framework, and relevant models, to predict the efficiency of CIs physical flows and resilience against adverse events (faults, cyber-physical threats, and deviations from nominal operation) that may alter the behaviour of their Industrial Automation and Control Systems. Considering advanced interdependent scenarios of modernized CIs, this WP will model physical flows as electricity, gas, water, and information data.

The main results of this work package will be:

• State-of-the-art of modernized CIs, their IACS, security solutions and modelling approaches • Advanced scenarios of modernized interdependent CI and IACS including use cases,

provided by CI Operators. • Indicators of CI flow efficiency, resilience, security, quality of service and risk. Proper IACS

indicators to estimate the benefits of ATENA tools. • Taxonomies. • Modelling framework and hybrid & interdependency models to estimate indicators under

IACS adverse events. Models of recovery and mitigation strategies under such events. • Algorithms and possibly meta code for calculating IACS indicators, as functional input to

ATENA tools.

The WP leader is ENEA.

3.1.2 WP Tasks active in the reference period

• Task 2.1: State of the art (UC), Start: M1 – End: M6;

• Task 2.2: Advanced scenarios, use cases & indicators (ENEA), Start: M1 – End: M32;

• Task 2.3: Taxonomies (IEC), Start: M3 – End: M8;

• Task 2.4: Hybrid modelling approach & interdependency analysis (ENEA), Start: M5 – End: M35.

Figure 2: Timing of WP2



Classification PU


3.1.3 Work performed and achieved results

Activities and results:

• Task 2.1: State of the art (UC)

Partners involved: FNM, ENEA, IEC, ITRUST, SAPIENZA SL, UC, SWDE and IBS.

Status: Completed.

Activities in the period: The activity is documented in deliverable 2.1, issued at month 6, October the 31st, 2016. The task leader is Coimbra University. Several partners have contributed to it, particularly, ITRUST, ENEA, IBS, IEC, FNM, SAPIENZA SL and SWDE.

The deliverable is an introductory document covering fundamental aspects of ICS/IACS design, modelling, operation and security, crucial for defining the context on which ATENA project activities are going to be developed. The state of the art look at modernized interdependent CIs that with their IACS are going to play an increased and challenging role which require safer and more secure approaches. Within the scope of ATENA project, Critical Infrastructures (CI), Industrial Control and Automation Systems (ICS &IACS), Supervisory Control and Data Acquisition systems (SCADA), Distributed Control Systems (DCS), incorporating devices such as Programmable Logic Controllers (PLC) or Remote Terminal Units (RTUs), have been considered, investigating their roles in different domains (electric production and distribution, water processing, oil and natural gas distribution), to control dispersed assets using centralized data acquisition and supervisory control and to allow CI in providing essential services, vital and often highly interconnected and mutually dependent.

The most relevant projects related with cyber-security for ICS/IACS, the most relevant ICS cyber security standards and guidelines, with a focus on regulatory, standardisation and industrial approaches, ICS cyber security and interdependency modelling techniques and tools, ICS security policies and solutions, also encompassing existing tools and the relevant technology ecosystem have been investigated. Modeling methods, hardware & software tools and test beds to represent ATENA project context have also been considered looking at the previous expertise gained in several EU projects in the field of CI and IACS protection and resilience.

The elaboration of D2.1 followed an incremental strategy encompassing several sub-tasks (or stages), namely:

1. Definition of a document elaboration strategy (also including aspects such as timings, responsibilities and milestones), as well as the table of contents, planned to be consistent with the ATENA project goals. This stage as undertaken as soon as it was possible, in order to reach a full agreement between all the ATENA project partners (and not only the ones involved in the task);

2. The second stage proceeded as soon as the first round of contributions was received, in order to identify weaknesses and sensible points that required further attention or improvement. At this stage, it was decide to improve upon the ToC, including a discussion of the Industry 4.0 initiative and the inclusion of a section covering wireless sensor networks;

3. The third stage proceeded after the second round of contributions, with the integration and edition of the document and the creation of the first draft for revision, to be undertaken by Roma3 and UL.

The original structure of D2.1 included a glossary designed to serve as a reference for the entire range of ATENA’s deliverables, in order to avoid its inclusion on all documents. Once it was realized the need for the continuous development and update of this glossary, it was decided to make it an autonomous document. As such, D2.1 has spawned an autonomous



Classification PU


glossary document designated as “D2.0”, in order to be coherent with the other deliverables. Also, since D2.1 was crucial to provide inputs to D3.1 (as well as other deliverables), CRAT worked together with UC (despite not being part of the list of partners for D2.1) in order to provide relevant references for both the glossary and contents, also ensuring cross-consistency between both documents.

Delivered output: D2.1 “State of the art” (public report) has been delivered on time (M6). This contributes to milestone MS2.

• Task 2.2: Advanced scenarios, use cases & indicators (ENEA)

Partners involved: FNM, CRAT, CREOS LU, UNIROMA3, ENEA, IEC, MULTITEL, SAPIENZA SL, UC and SWDE.

Status: In progress.

Activities in the period: The task leader is ENEA. All the partners have contributed to it, especially CRAT, CREOS LU, FNM, IEC, ITRUST, MULTITEL, SWDE, UC and UNIROMA3.

Task 2.2 identifies and gathers the whole set of knowledge, information and data, in terms of advanced scenarios, use cases and indicators, needed to develop and demonstrate ATENA tools, meaning that ATENA tools will be able to implement its functionalities within scenarios, as identified in the task report and demonstrated on a subset of them that will be implemented by the validation environment. So, task 2.2 includes the results of the previous WP2 tasks, tasks 2.1 state of the art and task 2.3 taxonomy. The last one preliminary identifies some major issues of the validation environment. ATENA CI operators IEC, CREOS, SWDE, directly and indirectly (by ITRUST) have given their own view on their own infrastructure, looking also at the elements of interdependency with the other infrastructures.

A specific questionnaire has been addressed to ATENA CI operators (IEC, CREOS and SWDE). For knowledge elicitation and, in order to better understand the processes behind, two technical face-to-face meetings were set up: one for gas and water (in Luxembourg and Verviers, on October 2016) and another one for electricity, interdependencies and validation (in Haifa on January 2017).

Final advanced scenarios will be ideally composed by a High Voltage/Medium Voltage smart electricity grid, gas and water network and their SCADA systems, interdependent at physical and functional levels, as a System of Systems that acts as a whole. Topologies, main functionalities, main devices, main communications among devices of such System of Systems, including communication protocols, with special attention on TCP/IP based protocols, interdependencies, cyber security issues such as cyber threats, vulnerabilities, pre-existent cyber security policies and technical solutions, use cases and indicators will be described.

CI Topologies, parameters, main functionalities and interdependencies are under identification as described in deliverable D2.3 interim report. Functionalities, also referred in ATENA taxonomy (D2.2) as processes, currently include electricity a) Load Shedding, b) Power flow management, c) Outage management including fault management procedure. Moreover, on Dispersed Generation (DG), typically by renewable energy sources (RES), other functionalities could be d) Power flow inversion at HV/MV station versus HV network, e) Voltage variation over ± 10% of nominal value, f) Thermal overload of MV trunks. Normal



Classification PU


and critical states of such functionalities/processes also depend upon the gas and water network behavior, as described by functionalities/processes mutual dependencies.

Referring to the functionalities/processes, already individuated or which are going to be individuated, indicators of flow efficiency, resilience, security, quality of service and risk will be first investigated separately, each one tailored to specific models which are going to be executed in ATENA project.

Important global quality of service indicators (QoS) for electricity domain are derived by CockpitCI project, from which, the most important ones are Tn and CAIDI.

Tn - equivalent de-energised time. Tn is the main indicator for one-time reference scenario.

Tn = ∑(KVA*Duration)/Installed KVA, where the sum is taken from the beginning of reference scenario until complete power restoration on whole grid.

CAIDI- Customer Average Interruption Duration. CAIDI index is the most important indicator for power utilities for a long period of time (one years for example). Annually reducing this value indicates an improvement of the overall distribution system performance and reliability.

CAIDI = SAIDI (System Average Interruption Duration) divided by SAIFI (System Average frequency Interruption)

The QoS above are also used by water and gas distribution companies. Besides these common to the electricity indicators, another important indicator is the time the gas or water pressure was out of defined threshold for control points on the distribution network.

Por (pressure out of range), calculated in different control points of water or gas distribution network.

Then, such separated indicators, related to a single infrastructure, will be investigated in combination, according to combined scenarios of the three infrastructures, and specific reaction strategies will be analyzed and developed by ATENA, providing tangible measure criteria for assessing the performances and the outcomes of the ATENA Decision Support System.

Several modeling methods and tools can be used to represent such an huge contest of ATENA. Two main approaches are under consideration:

1. simulation models

• by domain simulators

• by agent based simulators

• by CISIA holistic reductionistic simulator

2. mathematical models

In the above perspective, the main contributes of partners are reported.

CRAT gave its contribution on the identification of use case and indicators for power network, especially looking at mathematical models on smart electricity distribution networks.

The following use cases have been investigated:

1. Transmission network control for mitigation of load altering attacks. 2. Distribution Network Reconfiguration for increased service resilience in presence of

alerts on ongoing or predicted faults/attacks.



Classification PU


3. Distribution Network Black Start in presence of energy storage systems for faster service restoration following a power outage at transmission level (possibly caused by an attack).

4. Node level control for industrial and residential customers for increasing service resilience in case of main power outages. The most general case addressed considers a presume node equipped with generation, loads, and energy storage devices.

Regarding the mathematical models, the following ones have been investigated:

1. Power flow equations for Transmission and Distribution level. 2. Models for the Energy storage devices. 3. Generator models for renewable distributed sources.

Also, key indicators have been identified from the review of the literature to capture the quality of the service both in normal operation and in emergency operation. Use cases, models and indicators investigated make reference to an advances scenario foreseeing integration of innovative elements such as distributed and renewable energy resources and storage devices.

MULTITEL aims to investigate CI interdependencies under reference scenarios and using cases using relevant KPI for risk management. (Simulation) Models of all components of such a complex system - electricity distribution system with SCADA, water distribution system with SCADA, gas distribution system with SCADA, communication CI as well as cyber attacks are needed. Obviously in such a scenario of interdependency we need rather aggregated models capturing systemic behavior of each component without unnecessary overcharging the model with fine physical aspects and transitional processes. Preliminary results in definition of such models for each component enumerated above and interdependency scenarios are reported in the deliverable 2.3 -interim report. Also, detailed description of water, gas and electricity CI, their SCADA and communication CI can be found in corresponding chapters of the deliverable.

UC has contributed with a description of a use case focused on a Medium Voltage (MV) electric grid scenario, with use of the Modbus protocol for distributed ring feeder control, mainly focused on the cyber-security domain. The purpose is to provide insights on:

• The most effective penetration and intrusion strategies, as well as the potential attack vectors to be exploited for such purpose;

• Taxonomy of deployable attacks, from network to process-level. For the latter case, the information-gathering strategies were also analysed;

• Impact of implemented attacks both at logical and physical level, from loss of process visibility (in the case of a Denial-of-Service), to process manipulation and service interruption;

Regarding the possible attacks, three different profiles were investigated:

• Scouting attacks, with the aim of executing the reconnaissance of the network topology, as well as existing devices and used protocols. This is usually undertaken to gather intelligence data about the infrastructure and related processes;

• Flooding attack, targeting and overwhelming several control points (implemented using Programmable Logic Controller) to cause service interruptions, hamper control and/or induce loss of process visibility;

• Man-in-the-Middle attacks, designed to both gather intelligence data (in a first stage) and induce on-the-fly process disruption, with loss of visibility;

This contribution highlights the security and safety impacts arising from IACS cyber-attacks, also providing information about the effectiveness of the detection strategies whose implementation is envisioned in the scope of the ATENA project.



Classification PU


UNIROMA3 has contributed in the description of the main issues of the electricity domain.

Delivered output: D2.3 “Advanced scenarios, use cases & indicators (interim report)” (classified report) has been delivered on time (M10).

• Task 2.3: Taxonomies (IEC)

Partners involved: FNM, UNIROMA3, ENEA, IEC, MULTITEL and SWDE.

Status: Completed.

Activities in the period: The activity is documented in deliverable 2.2, issued at month 8, December the 31st, 2016. The task leader is IEC. Several partners have contributed to it, particularly, ENEA, FNM and SWDE. Within the task, the following objectives have been started:

• The identification of main CIs' interdependencies and KPIs for the development of

models and for the validation of ATENA product.

• The classification and analyses of interdependences of the CIs in ATENA project in

terms of IACS, interfaces and protocols in order to customize the CIs processes,

interdependences and emulators , to analyse and identify possible vulnerabilities of the

CIs' processes and to develop of use cases.

• The identification of CIs' processes and parameters that could have influence on the

process implementation.

Particularly, Deliverable 2.2 gives a glance of the advanced scenario, so as intended to be used for validation purpose. It includes the utility domains: electricity, gas and water, with specific regards to the electricity generation, distribution, keeping inside interdependent elements /components, such as the gas turbine, and modernized process, such as IoT, microgrids (smart houses and smart neighborhood), the related physical processes, technological components and communication protocols used to automate the physical processes.

Delivered output: D2.2 “Taxonomies” (public report) has been delivered on time (M8).

• Task 2.4: Hybrid modelling approach & interdependency analysis (ENEA)

Partners involved: UNIROMA3, ENEA, IEC, MULTITEL and UC.


Activities in the period: The task leader is ENEA. All the partners have contributed to it, especially CRAT, CREOS LU, FNM, IEC, ITRUST, MULTITEL, SWDE, UC and UNIROMA3. To investigate CI interdependencies under advanced scenarios and using cases using relevant KPI for risk management, one needs models of such a complex system of systems. Models have ideally to represent CI behavior (in normal and critical operation), the underlined CI components SCADA functionalities/processes, network interdependencies (at physical and ideally at geographical, cyber and organizational layers) energy efficiency and their degradation due to (natural, technological and malicious) adverse events. The complex modeling approach will be implemented in an incremental fashion. The system of system model will be gained starting from the bare model of the electricity system a) adding to the main sources of each network, sources belonging to the other networks; b) looking at the active components of water and gas networks energized by the electrical



Classification PU


grid; c) considering the main functionality of SCADA, the nervous system of each network, in optimizing network behavior.

The methodology, the models and the results have to be then extended and instantiated on the modernization of the critical infrastructure of ATENA project as provided by IEC, CREOS LU and SWDE. Such models will ideally provide knowledge and algorithms to feed ATENA near real time decision support system.

Several modeling methods and tools can be used to represent such an huge contest. In this document two main approaches are under consideration:

1. simulation models

• by domain simulators

• by agent based simulators

• by CISIA holistic reductionistic simulator

2. mathematical models

Models are also intended to be used within ATENA validation testbed.

Delivered output: none envisaged in the period.

Deviation from DoA: None.

3.2 WP3: IACS design for security


The first objective of this WP is to provide a common ground to the project by defining the overall ATENA architecture and the requirements for developing the prototype components of the other technological WPs. The second, and most important, objective of the WP is to improve the cyber-physical security of already existing IACS by producing the “off-line” or “slow control loop” component of the ATENA architecture defined so far.

The main results of this WP will be:

• the definition of the ATENA Requirements & Specifications; • the design of the ATENA architecture, including new paradigms and functionalities for IACS; • the analysis of the CI vulnerability to faults and cyber-physical attacks; • the definition of security metrics for IACS (based on Common Criteria); • the design & development of offline control/optimization strategies to improve IACS security

and resilience.

The WP leader is CRAT.


• Task 3.1: Definition of ATENA System Requirements and Specifications (CRAT), Start: M1 – End: M18;

• Task 3.2: ATENA Reference Architecture Design (CRAT), Start: M4 – End: M27.



Classification PU





• Task 3.1: Definition of ATENA System Requirements and Specifications (CRAT)

Partners involved: FNM, CRAT, UNIROMA3, ENEA, IEC, ITRUST, UL, UC and IBS.


Activities in the period: During the period in question, the ATENA partners, and in particular the ones active in Task 3.1, have cooperated to derive and discuss a first set of requirements for the ATENA tool. To that end, the following main sub-tasks have been performed (see D3.1 [6] for details):

1. Analysis of the state of the art on requirements and specifications of critical systems in the industrial and automation sector (also starting from the state of the art analysis performed in WP2). Key standards, scientific papers, reference documents released by the reference US/EU agencies in the sector, past/ongoing research projects and available technical products in the field have been assessed, in order to distil a base of knowledge and benchmark for the derivation and discussion of the ATENA requirements. In particular, in D3.1 the analysis of a restricted set of the most significant documents reviewed has been reported:

a. A total of ten security reports and qualified documents in the field.

b. Three scientific papers providing recommendation on the elicitation of the requirements for critical systems.

c. Many recommendations from key standards and regulations investigated in D2.1 [5].

d. Fourteen research projects in the field.

e. Twelve commercial and scientific tools available on the market.

2. Definition and agreement on the procedure to be followed to elicit the requirements and the role of this process in the context of the whole project (see Figure 4).

3. Assessment of the general ATENA vision, main challenges, the stakeholders involved, infrastructures potentially included within the scope of the project. A special focus has been given to selection of possible users and the analysis of five usage stories.

4. First assessment of the needs and expectations of the end-users of the ATENA tool, through discussion and through one end-user questionnaire prepared to the purpose, consisting of sixteen selected questions.

5. Derivation of a first list of high level end-user requirements for the ATENA tool, consisting of 15 functional, 9 non-functional and 4 security requirements.

6. Derivation of a first list of high level ATENA tool system requirements consisting of 23 functional, 8 non-functional and 15 security requirements.

7. Derivation of traceability matrices to map the system requirements on to the corresponding user requirements, to check that all the user requirements are addressed.



Classification PU


Figure 4: Procedure to elicit the requirements

8. Derivation of a first draft of the ATENA high-level architecture, functional to the first assessment of the technical requirements of the main ATENA modules. In particular, the following ATENA modules and associated requirements have been identified in a preliminary analysis with respect to the final architecture to be developed in the scope of Task 2.3:

a. Vulnerability management system (7 requirements).

b. Composer (5 requirements).

c. Intrusion detection layer (15 requirements).

d. Adaptors and secure mitigation network (15 requirements).

e. Risk Predictor (13 requirements).

f. Mitigation Module (13 requirements).

g. Orchestration Module (17 requirements).

9. First considerations towards the definition of the detailed ATENA technical specifications.

Delivered output: D3.1 “ATENA System Requirements and Specifications (interim report)” (classified report) has been delivered on time (M6). This contributes to milestone MS2.

• Task 3.2: ATENA Reference Architecture Design (CRAT)

Partners involved: FNM, CRAT, UNIROMA3, ITRUST and UC.


Activities in the period: During the period in question, the ATENA partners, and, in particular, the ones active in Task 3.2, have cooperated towards the definition of the high-level ATENA architecture, with the objective of specifying the main modules of the tool and the respective interfaces. The activities in this task have moved from the early outcomes of the project, and from the preliminary discussion on architecture performed in Task 3.1 and from the review of the requirements identified in the same task. The main activities performed in the period were:

1. Definition of the methodology to be followed for the derivation of the ATENA architecture, consisting of four main steps, with a focus on:

a. The identification and documentation of the main modules, in terms of functionalities performed and input/output description (i.e. inputs needed and outputs provided).

User

Requirements

Basilar

Information

System

Requirements

Draft

Architecture

Component

Requirements

Specifications

Inputs from

WP2:

Metrics, KPIs,

Use Cases

To be refined in

the final version of

this deliverable,

M18

Focus of D3.2

“ATENA architecture

design”, M12

Final version of this

deliverable, M18, and D3.2

To be refined in the final version

of this deliverable, M18



Classification PU


b. Documentation of the interfaces among the modules.

c. Sequence diagrams to check the consistency of the architecture in supporting the services to be provided by the ATENA tool.

2. Discussion and finalization of a table of contents for the deliverable D3.2 “ATENA Reference Architecture Design (interim version)”, to be released at M12, and organization of the work among partners.

3. Study of reference techniques/frameworks for the drafting of architectures for security applications.

4. Drafting and discussion, also through project meetings and dedicated face-to-face/remote conferences, of the ATENA functional architecture, including the main modules of the tool. The objective of deriving an ATENA functional architecture has been that of identifying the main modules of the tool, defining the respective functionalities and the interactions needed in order to support that functionalities.

An early version of the architecture is reported in the following figure, and is being further elaborated in the scope of the task.

Figure 5: Architecture (draft)

5. Starting from the functional architecture, first assessment of the communication architecture, to specify the communication flows between the ATENA modules.





Classification PU


3.3 WP4: Distributed Awareness


The main purpose of this WP is to develop solutions and components for distributed anomaly detection and risk assessment. Considering that new generations of IACS (as it is the case for smart metering) are becoming distributed systems, calls for new approaches capable of tackling the challenges introduced the by capillary nature of such infrastructures. In order to achieve this goal, several advanced strategies for distributed detection, anomaly detection and/or event correlation are researched, taking advantage of the extensive and heterogeneous expertise of the project partners. The work is split into two main lines of action:

• Design and development of the detection agents, including domain-specific Honeypots and Honeynets, Shadow RTU, as well as specialized network and device probes to be added to the IACS.

• Design and development of the Distributed Awareness Layer, which will be a Distributed Intrusion Detection System (DIDS), designed to fulfil the needs of IACS.


• Distributed anomaly detection architecture for IACS (UC, UNIROMA3, CRAT, ITRUST); • New IACS-oriented components for anomaly detection and field-level security event

acquisition (Shadow RTU, SCADA Honeypot – UC, Smart Extension - UNIROMA3) • Distributed vulnerability detection system such as software, configuration vulnerability

detection systems (ITRUST, UC, UNIROMA3); • A Big Data SIEM, capable for providing a source dataframe for forensics and auditing

purposes (ITRUST, UC and CRAT).

The WP leader is UC.


• Task 4.1: Requirements and Reference Architecture for the Cyber-physical IDS (UC), Start: M5 – End: M24.

• Task 4.2: Distributed Intrusion and Anomaly Detection Strategies for IACS (UC), Start: M9 – End: M27.




• Task 4.1: Requirements and Reference Architecture for the Cyber-physical IDS (UC)

Partners involved: UNIROMA3, ENEA, IEC, ITRUST, UL and UC.




Classification PU


Activities in the period: During the reporting period, the ATENA partners active in task 4.1 have worked together in order to agree and define a set of requirements, as well as a first draft of the architecture for the Cyber-physical IDS (CPIDS). The CPIDS, as any other cyber detection layer, must be designed to provide insights and alerts about the security status of a protected infrastructure. Its operation model should be akin to a distributed heterogeneous IDS architecture, designed to acquire information from several different probes scattered around the infrastructure, which provide evidence about the security status of the protected IACS. Since task 4.1 is proceeding in partial simultaneity with task 3.1 (they overlap partially), an effort was undertaken in order to ease integration, by aligning external interfaces and data flows as soon as it was possible. The development of task 4.1-related activities, which is to be documented in D4.1, follows a strategy composed by several sub-tasks, namely:

1. Analysis of the SoA on Cyber-detection capabilities for IACS, encompassing existing literature and related components and products;

2. Definition of a table of contents for deliverable D4.1, agreed between all the involved task partners;

3. Identification, classification and prioritization of the desired CPIDS capabilities, in terms of evidence acquisition, transport, processing and forensics;

4. Identification of the most relevant functional macro-modules, as well as the information flows between them;

5. Identification of suitable data schemas for normalized information exchange and encoding;

6. Identification of the adequate reliability and performance requirements for event passing;

7. Analysis and evaluation of suitable architectures for differentiated large scale event processing;

This effort is being coordinated via regular meetings (face-to-face) and remote teleconferences with the WP4 partners, in order to better define and specify the functional modules of the CPIDS and their integration.

The first high-level draft of the ATENA cyber-security architecture, which is illustrated in Figure 7 includes several components, namely: different types of probes, from conventional network and host components, to IACS field-specific ones; a Domain Processor per scope, backed by a Message Queuing (MQ) system; a distributed Security Information and –event Manager (SIEM), for support of streaming and batch processing; a Data Lake, where all the data is stored; and, finally, a Forensics and Compliance Auditing (FCA) module, to enable a post-mortem analysis of the incidents or ongoing compliance validation of organizational security policies. Each of these modules is built on a distributed architecture, designed to accommodate and scale in/out according to the specific needs of the protected IACS (i.e. number events, sources, multiple domains).



Classification PU


Figure 7: Draft macro-architecture of the ATENA cyber-security platform


• Task 4.2: Distributed Intrusion and Anomaly Detection Strategies for IACS (UC)

Partners involved: CRAT, ITRUST, UL and UC.


Activities in the period: During the reporting period, the ATENA partners active in Task 4.2, have been working together to analyse and select the most suitable techniques for distributed intrusion and anomaly detection. From a cyber-physical security (and even safety) perspective, the ability to process security data feeds from the detection agents in a (near)real-time fashion is a critical requirement, as well as the ability to analyse and correlate the information from multiple domains over larger periods of time. The latter case is particularly relevant in the case of slow paced and multi-staged attacks, such as Advanced Persistent Threats (APT)s, which may only be detected using a deeper analysis executed over larger time frames. In this perspective, the partners active in this task have been involved into discussing different aspects of the distributed detection capabilities to be embedded within the ATENA CPIDS, with focus on the following aspects:

• Analysis of the specific characteristics of the stakeholder environments, in order to identify relevant protocols and strategic deployment points for probes;

• Analysis of the SoA about modern IACS protocols and topologies, as well as their characteristics and shortcomings, in order to understand how to develop better detection capabilities;

• Research about architectures for distributed event processing. Considering the specific and differentiated requirements for event analysis, a simplified lambda architecture pattern (see Figure 8), is being considered to provide the fundamental big data event processing capabilities.



Classification PU


Figure 8: Simplified lambda architecture for the Detection Layer

Lambda architectures accommodate both the needs for quick, as-fast-as-possible (or near real-time) event processing (for critical alerts requiring low reporting latency) and also slow-rate processing (to detect anomalous trends in big data sets).

• Study and research on control-theoretic methods for the detection of attacks to CI networks has been carried out, focusing especially on the cyber-physical vulnerabilities that arise from the integration of cyber technologies with physical processes and undermine the reliability of the considered CI. In particular, such research activity was aimed at determining a comprehensive mathematical framework that models:

� Cyber-physical systems under attack as linear time-invariant descriptor systems subject to unknown input disturbances,

� Distributed monitors for attack detection and identification as bad data detectors embedding residual generators.

Moreover, some structural conditions were identified, which not only determine the detectability and identifiability of attacks struck against the CI networks, but also suggest suitable innovative and resilient ways of reacting to cyber-physical attacks. Particular attention was devoted to the investigation of the above-mentioned topics in the context of power networks.

This effort is being coordinated via regular meetings (face-to-face) and remote teleconferences with the WP4 partners. At the present moment, the table of contents for the deliverable D4.2 is also under discussion.



3.4 WP5: Distributed Mitigation and Resiliency in Interdependent scenario


ATENA project proposes mitigation and reaction strategies in order to cope with disruptive consequences of cascading effects, both vertical (i.e., propagation to physical systems) and horizontal (i.e., propagation to other infra-structures or services that depend on it). This Work Package develops near real-time mitigation and reaction strategies at centralised and decentralized level, in order to reduce the risks of upset events.



Classification PU


New control algorithms, able to provide and to maintain an acceptable level of service towards customers in the face of faults and challenges to normal operation are developed for cyber-physical systems. Those algorithms are specifically designed to operate successfully also during cyber-attacks. This work package also investigates the adoption of emerging Information and Communication models and technologies in CIs.


• A Decision Support System to help operators in reaction phase; • Improved mitigation strategies based on interdependency analysis; • Improved efficiency of CI through dynamic optimization; • Dynamic reconfiguration of security mechanisms and relocation of security functions; • Resilient control algorithms for cyber-physical systems; • Distributed reaction strategies; • New IACS-oriented components for distributed rule-based filtering and field-level security

event acquisition; • Control algorithms and reaction strategies integration under various scenarios with

heterogeneous simulation models.

The WP leader is UNIROMA3.


• Task 5.1: Requirements and Reference Architecture for the Decision Support System (UNIROMA3), Start: M3 – End: M24.

• Task 5.2: Model Based Fault/Attack identification (UNIROMA3), Start: M9 – End: M30

• Task 5.3: Optimal mitigation strategies for CI efficiency under cyber-attacks (UNIROMA3) Start: M9 – End: M30.

• Task5.4: Reaction strategies integration and their ranking into the Decision Support System (UNIROMA3), Start: M9 – End: M30.




• Task 5.1: Requirements and Reference Architecture for the Decision Support System (UNIROMA3)

Partners involved: FNM, CRAT, UNIROMA3, IEC, ITRUST, UL and UC.


Activities in the period: This task, has the purpose of describing the requirements of the Decision Support System (DSS) and the preliminary architecture of the DSS. The DSS is made of its three components: Risk Predictor, Mitigation Module and Orchestration Module. The Decision Support System aims to improve the resilience of the physical infrastructure assessing the consequences of faults and cyber-attacks and exploiting them in the Mitigation Module and,



Classification PU


eventually, within the Orchestration Module. The Decision Support System suggests actions to operators for physical infrastructure and to IT operators for IT security configurations.

The DSS gathers data from several different sources by means of the Secure Mediation Gateway:

1. Adaptors, for perceiving the actual state of the physical infrastructure, through the SCADA control centre;

2. Detection Layer, for warning about possible present threats and cyber-attacks;

3. Risk Analysis Tool, for understanding the risk related to the cyber-attacks detected by ATENA platform.

The task has also developed a study of the state of the art on the requirements of the DSSs for critical infrastructure protection and the classification of the DSS types in this field of application. The DSS requirements/architecture have been coordinated with the activities in Task 3.1 on the high-level ATENA tool requirements.

The ATENA project includes a cyber detection layer, design to provide insights and alerts about the security status of the protected infrastructure. The Detection Layer, identified by the acronym C-P IDS, is built around a distributed heterogeneous IDS (DHIDS) architecture, designed to acquire information from several different probes scattered around the infrastructure, which provide evidence about the security status of the protected IACS.

Delivered output: D5.1 “Requirements and reference architecture of DSS (interim report)” (public report) has been delivered on time (M6). This contributes to milestone MS2.

• Task 5.2: Model Based Fault/Attack identification (UNIROMA3)

Partners involved: CRAT, UNIROMA3, ITRUST and UC.


Activities in the period: The research of novel control systems is motivated by the need to secure CPS against a malicious adversary that can arbitrarily corrupt sensor measurements. Well known common approaches are based on algorithms that reconstructs the state from a batch of sensor measurements and can incorporate new measurements when they become available. This approach is strongly connected to the necessity to estimate the state despite the attacks and characterize its performances and behaviour. The reactions of more complex monitoring systems, studying the correlation between other components of the CPS, such as the Intrusion Detection System (IDS), must be exploited. To do so, new monitoring implementations should consider the increased cyber-attack sophistication that can reproduce the normal dynamic behaviour of the system masking the cyber threats differently from the first cyber-attacks that aims to fix the dynamics of the system in a static state. The task related to a research based on these new cyber threats and aims to identify this new type of malicious attack also when the corrupted state is conforming to the normal behaviour of the system and the presence of the attack is masked by a fake safe state. In this case the well-known approach based on the comparison of the real system with the associated model is not enough. The task proposes an approach merge information from the cyber and the physical layer to identify malicious intrusion.

The state of the art on machine learning methods and applications to the problem of fault/attack identification has been studied. In particular, the data-driven approach has been introduced as an alternative to the model based approach, highlighting the difference between the two methodologies. Machine learning and statistical techniques have been introduced as prominent methods employed in the data-driven approach. The supervised and unsupervised learning approaches and their characteristics have been discussed. As



Classification PU


for the supervised learning methodology, the difference between classification techniques and regression techniques has been clarified and the main techniques employed for fault/attack identification have been discussed, including support vector machines (SVM), artificial neural networks (ANN), fuzzy logic, multivariate statistical techniques and other machine learning techniques, as well as hybrid approaches employing multiple techniques. For each technique or hybrid approach a review of the main works found in the related literature has been reported. Similarly, for the unsupervised learning approach the main techniques have been discussed together with the related literature. The review of the main related work is based on more than fifty scientific papers drawing from different areas, including industrial plants, electrical and mechanical systems, nuclear and power plants.


• Task 5.3: Optimal mitigation strategies for CI efficiency under cyber-attacks (UNIROMA3)

Partners involved: CRAT, UNIROMA3.


Activities in the period: The task has started to analyse mitigation and reaction strategies in the event of cyber-physical attacks, like improved network reconfiguration strategies for service restoration and resilience, and robust node/network control schemes.

In this context, the task has studied the preliminary design of the control algorithms for mitigation/reaction to adverse events in critical infrastructures. In particular, the following algorithms have been/are being already studied:

• Intelligent reconfiguration of the electricity distribution network to prevent or react to attacks targeting the network and/or the linked infrastructures. Utilising the control strategy of Model Predictive Control, the aim of the procedure is to dynamically change the topology of the network in order to operate in the most, long term, resilient configuration.

• Black-start algorithms for fast restoration of the electricity distribution service in presence of an electric energy storage system (ESS). Exploiting the degree of freedom given by the exploitation of the ESS the aim of the control strategy is to find an optimal reconnection strategy that archives optimal performances, defined according to a set of given metrics, to allow the operation of the network in islanded mode.

Algorithms at node level, for both industrial and domestic consumers, for increasing the resilience and operative time of the node in presence of adverse events impacting the main supply network (e.g. loss of power supply to the distribution network feeding the node), and, at the same time, manage the renewable energy sources and energy storage devices to optimize the efficiency of the system.


• Task 5.4: Reaction strategies integration and their ranking into the Decision Support System (UNIROMA3)

Partners involved: UNIROMA3, IEC and ITRUST.


Activities in the period: The task has started to consider the results of WP2 and WP5 in terms of mitigation and reaction strategies, their effects on the CIs and their indicators, to include different strategies within the decision support system. Those strategies help operators to take the better decision on how reconfigure the physical system thanks to ATENA platform.



Classification PU




3.5 WP6: Development and Components Integration


The main objective of this WP is to design and develop the ATENA tools suite in accordance with the operational requirements and architectures derived from WP2, WP3, WP4 and WP5. In this WP all the innovative capabilities regarding access, application and services within ATENA project are designed, developed and integrated, in order to build a working prototype of the ATENA tool suite ready to be validated in WP7 – by means of performance assessment and other evaluation experiments – in the reference scenarios and use cases previously defined in WP2. The main results of this work package will be a set of software artefacts, ready to be integrated in a ATENA tools suite. In particular the following tools will be developed in parallel and then integrated:

o Secure Mediation Gateway o Risk Analysis tools o Distributed Risk Predictor using CISIA-pro o C-P IDS o Adaptors o Semantic Knowledge and Data Repository.

The WP leader is FNM.



Classification PU



• Task 6.1: ATENA Secure Mediation Network design and development (FNM), Start: M9 – End: M33.

• Task 6.2: Risk analysis tools and distributed Integrated Risk Predictor using CISIApro (UNIROMA3), Start: M9 – End: M33

• Task 6.3: C-P IDS (UC), Start: M9 – End: M33.

• Task 6.4: Adaptors Development (FNM), Start: M9 – End: M33.

• Task 6.5: Semantic knowledge and data repository design and development (FNM), Start: M9 – End: M33.




In the first phase of WP6 (until M21) the five Tasks 6.1-6.5 work in parallel and fairly in independent way, each with the aim of implementing different innovative results proposed in WP3-5. The cooperation and the coherence of the results is guaranteed by continuous coordination with architectural activities in WP3, that works in parallel with WP6 and drives the design and development choices in WP6.

• Task 6.1: ATENA Secure Mediation Network design and development (FNM)

Partners involved: FNM, CRAT, UNIROMA3, ENEA and UC.


Activities in the period: Started independent comparison of the available products with requirements and specifications collected in D3.1, to identify gaps and improvements with respect to available assets. Started definition a development plan to be merged into D6.1 “Design and development plan” (M12) – whose table of content has been already distributed.

Started preliminary study on the secure information exchange in critical infrastructures with particular focus on anonymization algorithms. A preliminary analysis of the state of the art in secure information exchange and anonymization algorithms and the study of the main techniques is being carried out.

As these techniques can introduce both errors, which may affect the utility of exchanged data, and performance overheads, which could degrade overall service levels, existing trade-offs are being investigated between privacy/anonymity and utility from one hand, and between privacy/anonymity and performance from the other. Internal meetings and activities have been scheduled to advance the work on this task.


• Task 6.2: Risk analysis tools and distributed Integrated Risk Predictor using CISIApro (UNIROMA3).

Partners involved: FNM, UNIROMA3, ENEA, ITRUST and UC.



Classification PU



Activities in the period: Started independent comparison of the available products with requirements and specifications collected in in D3.1, to identify gaps and improvements with respect to available assets. Started definition a development plan to be merged into D6.1 “Design and development plan” (M12) – whose table of content has been already distributed.


• Task 6.3: C-P IDS (UC)

Partners involved: ENEA, ITRUST and UC.




• Task 6.4: Adaptors Development (FNM)

Partners involved: FNM, ENEA, ITRUST and UC.




• Task 6.5: Semantic knowledge and data repository design and development (FNM)

Partners involved: FNM, ITRUST, UC and SWDE.





3.6 WP7: Validation and evaluation


The ATENA project will use the Smart Validation concept that includes integration of modelling, hybrid environment for development and validation, integration of user requirements and remote access to the real equipment and resources. Integration of advanced emulation of CIs, historical



Classification PU


data, use cases based modelling of the ATENA prototype, and real ATENA prototype will allow to provide a first class level of the experimentally-driven research in the ATENA project.

The main results of this work package will be as follows: ATENA development and validation environment, customized use cases for ATENA prototype validation, modelling of the ATENA prototype results and recommendations for ATENA validation implementation, data integration for distributed simulation systems, emulators for ATENA development and validation environment HEDVa, field trials, ATENA prototypes validation, validation results evaluation and recommendations for the future implementation of ATENA prototype.

The WP leader is IEC.


• Task 7.1: Use cases customization and implementation (IEC), Start: M3 – End: M17.

• Task 7.2: Validation Plan (IEC), Start: M8 – End: M18.




• Task 7.1: Use cases customization and implementation (IEC)

Partners involved: FNM, CREOS LU, UNIROMA3, ENEA, ITRUST, MULTITEL, SAPIENZA SL, UC, SWDE and IBS.


Activities in the period: Information gathering for high level use cases, based on domain elements and processes described in D2.2. Analysis of existing validation laboratories and assets during the project visits in Verviers (SWDE), Luxembourg (CREOS LU) and Haifa (IEC). Preliminary discussions on the configuration of proposed use cases defined in D2.3.


• Task 7.2: Validation Plan (IEC)

Partners involved: FNM, CRAT, ENEA, IEC, ITRUST, SAPIENZA SL and UC.


Activities in the period: Identification of validation objectives and higher level time constraints. Identification of risks and difficulties we can expect. CRAT, as WP3 leader, is leading the activities of alignment with the specification activities ongoing in WP3, i.e. the activities of requirements elicitation and ATENA architecture specification, to check/ensure that the requirements and tool designs proposed can be actually validated. The same activity is ongoing with respect to some algorithms under development in the project (e.g., the fault/attack mitigation ones), to check the extent to which they can be validated given the scope of the foreseen pilot, and adapt to the possible extent to the pilot characteristics.




Classification PU


Deviation from DoA: None. In agreement with the Project Officer, the end of activities in Task 7.1 will be postponed to M17 instead of M12, because of an evident mistake in the DoA. In fact, a necessary input for Task 7.1 are use cases whose preliminary version is produced by Task 2.2 in M10 (deliverable D2.3). This shift does not produce any impact in the contractual dates of deliverables (D7.1 “Validation Plan” is planned for M18) and milestones.

3.7 WP8: Project dissemination and commercial strategy


The objectives of this work package are to:

• Effectively plan and implement the dissemination strategy of project results aligned with the target markets.

• Create and foster scientific contributions to the research community, raise public awareness about the project, its expected results and progress.

• Organise workshops and seminars targeted at industry and academia to showcase ATENA project results and to prepare the way for a successful commercial exploitation of the project outcomes.

• Explore new business paradigms and draw an effective plan for the exploitation and commercialisation of the foreground produced in ATENA.

• Foster the definition of commercial solution design by providing relevant feedback on market expectancies.

• Organise dissemination and communication channels (web site, social networks etc.) to contribute to the solution acceptance in the targeted market.

• Manage the overall dissemination strategy of the project to unify and increase the impact of dissemination.

The WP leader is ITRUST.


• Task 8.2: Training, dissemination and communication activities (ITRUST), Start: M1 – End: M36.

• Task 8.3: Exploitation management and business model development (SAPIENZA SL), Start: M9 – End: M36.

• Task 8.4: Protection of property rights – IPR (ITRUST), Start: M9 – End: M36.

• Task 8.5: Impact assessment (IBS), Start: M4 – End: M36.




• Task 8.2: Training, dissemination and communication activities (ITRUST)



Classification PU


Partners involved: FNM, CRAT, UNIROMA3, ENEA, IEC, ITRUST, MULTITEL, SAPIENZA SL, UL, UC and IBS.


Activities in the period: According to the Grand Agreement, this task involves several activities:

1. Regular assessment of the need of dissemination actions

2. Production of training and dissemination materials

3. Implementation of specific dissemination events such as workshops

4. Academic dissemination

5. Management of communication channels

For each of these 5 main activities, the project consortium has performed respectively the following specific works:

1. Assessment of the Key Performance Indicators defined in D8.1 and global presentation of results during the plenary meetings (i.e. in Verviers and Haifa meetings) by WP8 leader. This presentation allowed to decide on which type of dissemination activities the consortium should stress during the next period and which part of the project results should be disseminated. The next review will be performed during the next meeting in Coimbra in April 2017.

2. The production of dissemination and training material has mainly focused on support activities for partners’ activities such as design of logo, poster (e.g. design of a general poster for project overview used during a workshop in Roma organised by UNIROMA3 and available also on the website). The consortium has also refined the deliverable D2.1, which describes the State of the Art regarding the Essential Services security problem and the good practices (exhaustive presentation of security standards and guidelines panel), to make it publishable as a White Paper in order to enforce the dissemination of good security practices and to increase the level of security awareness among essential services stakeholders and research world. University partners, such as CRAT in the Sapienza University of Rome framework, university of Roma Tre, university of Coïmbra and university of Luxembourg SNT, have also performed training and awareness actions through lectures, supervision of BS [Bachelor Degrees], MS [Master Degrees] and PhD [Doctoral Degrees] students on thesis assignments and/or research projects related to the ATENA topics, through specific networking activities with companies/researchers to promote future initiatives in the field, preparation and submission of scientific research papers to disseminate the preliminary ATENA results.

3. In this first period, priority has been given to close workshop with identified stakeholders to retrieve technical information and increase consortium’s technical knowledge on new topics for the consortium as water and treatment distribution or gas distribution. In that aim, technical workshops have been organised in Luxembourg (technical workshop with electrical and gas distribution service providers Enovos-Creos), in Verviers (technical workshop with distribution and treatment service providers SWDE) and in Haifa (technical workshop with electrical and gas service providers IEC and SuperNG Natural Gas Distribution Company Ltd). Members of the consortium also attended or organised workshops to present the project: UNIROMA3 with Automatica.it (5-7 September 2016), and joint UNIROMA3 and UC with INISCOM 2016 (November 2016).

4. Linked to scientific research activities performed during the university training activities, university partners and also research laboratory partners have published paper and article in scientific publication and scientific journals to describe the first



Classification PU


results of the project and the fundamental constituency of ATENA project with the previous projects CockpitCI and MICIE. The table below gives the list of academic publications published or accepted for publication.

Partners Type Reference

UNIROMA3

Co

nfe

rence

pa

pe

rs

Masucci D., Foglietta C., Palazzo C. and Panzieri S. (2016), “Improved Multi-Criteria Distribution Network Reconfiguration with Information Fusion”, 19th International Conference on Information Fusion (FUSION), Heidelberg, Germany, July 2016, pp.256-263.

Santini R., Gasparri A., Pasqualetti F. and Panzieri S. (2016), “Network Composition for Optimal Disturbance Rejection”, American Control Conference (ACC), Boston, MA, USA, July 2016, pp.3764-3769.

UC Cruz T., Simões P. and Monteiro E. (2016), “Security implications of SCADA ICS virtualization: survey and future trends”, in ECCWS 2016 – 15th European Conference on Cyber Warfare and Security, Munich, Germany, 7 – 8th July 2016, ISBN: 978-1-910810-93-4.

Proença J., Cruz T., Simões P., Gaspar G., Parreira B., Laranjeira A. and Bastos F. (2017), “Building an NFV-Based vRGW: lessons learned”, in proc. of the 14th Annual IEEE Consumer Communications and Networking Conference (CCNC 2017), Las Vegas, USA, January 2017, pp. 73-78.

Rosa L., Cruz T., Simões P., Monteiro E. and Lev L. (2017), “Attacking SCADA systems: a practical perspective”, in proc. of the 15th IFIP/IEEE International Symposium on Integrated Management (IM 2017), Lisbon, Protugal, 8-12th May 2017.

ITRUST Muller S., Harpes C., Le Traon Y., Gombault S., Bonnin J.-M. and Hoffmann P. (2017), “Dynamic Risk Analyses Based on a Risk Taxonomy for Critical Infrastructures”, CRITIS Conference, Paris, France, October 2016.

UC

Scie

ntific J

ou

rna

ls Cruz T., Simões P. and Monteiro E., “Using virtualization techniques for improving

SCADA ICS Security and Reliability“, submitted to the Journal of Information Warfare – ISSN 1445 3347 (online) / ISSN 445-3312.

Cruz T., Simões P. and Monteiro E. (2016), “Virtualizing Programmable Logic Controllers: Towards a Convergent Approach”, in IEEE Embedded Systems Letters, vol. 8, no. 4, December 2016, doi: 10.1109/LES.2016.2608418.

Cruz T., Queiroz R., Simões P., Monteiro E. (2016), “Leveraging virtualization technologies to improve SCADA ICS security”, Journal of Information Warfare, 15.3: 81-100 81, ISSN 1445-3312 (print) / 1445-3347 (online)

Table 3: List of academic publications

Other scientific publications have also been submitted for review in international conferences and scientific journals especially by CRAT for the following topics:

• Network Reconfiguration and Storage Control for Improved Resiliency of Electricity Distribution Grids.

• Controlled Electricity Distribution Network Black Start with Energy Storage System Support.

• On the Optimization of Energy Storage System Placement for Protecting Power Transmission Grids Against Dynamic Load Altering Attacks.

5. According to the project plan, ITRUST implemented several communication channels first to disseminate activities results but also to enforce the dissemination surface of the project through a social media networks LinkedIn and Tweeter. The main activities are to ensure that all project results, project dissemination activities and useful information in the essential services security (including IoT and Smart Grid) for the project were announced and followed. The impact of project communication channels will increase as the project works progresses. Presentation of the project has also been done in magazine and newspaper.

Delivered output: D8.1 “Training, dissemination and communication plan & Project Web Site” (public report + website) has been delivered on time (M3). This contributes to milestone MS1.



Classification PU


• Task 8.3: Exploitation management and business model development (SAPIENZA SL)

Partners involved: FNM, CREOS LU, IEC, ITRUST, SAPIENZA SL and SWDE.


Activities in the period: The main activity, performed by ITRUST and SAPIENZA SL in this period was to define a methodology to set up exploitation plan and business model according to European guidelines. A preliminary document is presently circulating among the partners to gather reliable information on potential exploitation of their own results in order to design a global exploitation plan for the entire project and draw up a preliminary business model for the ATENA tools suite. The result of this study is planned for M12.


• Task 8.4: Protection of property rights – IPR (ITRUST)

Partners involved: FNM, ITRUST and SAPIENZA SL.


Activities in the period: The main activity during this period, performed by ITRUST, SAPIENZA SL and FNM, was to define rules and processes to ensure IPR management of project results according to a global project strategy. A first draft of this strategy will circulate among partners at the end of M11 and will allow retrieving from partners the list of potential research ideas (methodology, software and hardware) which should be included in the IPR strategy. The result of this study is planned for M12.


• Task 8.5: Impact assessment (IBS)

Partners involved: FNM, CREOS LU, ITRUST, SAPIENZA SL, SWDE and IBS.


Activities in the period: This specific task aims ensuring that the project outputs will contribute towards the expected impact listed in the Grant Agreement (Section B2). This expected impacts are not only technical impacts in terms of essential service resilience improvement but also improvement of security according to economic, societal/ethic and standardisation perspectives. To reach this objective, the first part of the work has been to define a methodology and indicators to assess the impact of the project according to the previous defined fields. The work has been done in three steps:

1. In a close committee including the main partners formally involved in the task 8.5, the different type impacts foreseen in the Grand Agreement has been linked with expected outcomes of each project work package to be able to define indicators to assess that results are in line with expected impacts. The output of this first step has been a preliminary list of impact assessment indicators (mainly technical indicators).

2. The second step has been performed by partners (mainly the work package leader) to refine the indicators and to propose thresholds.

3. The third steps, performed by the previous committee, deals with defining methodologies to aggregate impact assessment indicators results to a global assessment results in each domain (technical, economic, societal etc.) and management processes to ensure that the impact assessment will be performed in time and will be used to define potential corrective actions during the project. The output of this last step: the final deliverable D8.2.



Classification PU


According to the Grant Agreement, a first impact assessment reporting process has been performed. This process has been implemented in two steps: first a specific form has been set up and sent to partner to gather information to calculate impact indicators (this gathering information process is normally planned to be performed every two months). According to the partner’s feedbacks, the primary technical indicators have been calculated and compared to define threshold to assess the present rating of each indicators. Based on these first primary results, the global note for technical impact has been assessed. Parallel, the other types of impact indicator have been calculated. The results have been presented during a specific meeting to work package leader and corrective actions have been defined to refine the assessment (especially to assess the impact of scientific papers) and improve the impact of the project during the next reporting period. The figure below gives the overview of the results:

Figure 13: ATENA impact levels

Delivered output: o D8.2 “Impact assessment methodology and criteria” (public report) has been delivered

on time (M7). o D8.3 “Impact assessment preliminary report” (public report) has been delivered on time

(M8).




Classification PU


4 Reached project objectives and milestones

All the planned project objectives listed in section 2.2 have been reached, as described in chapter 3.

Table 4 identifies the correspondence among the planned project objectives and the delivered documents where the results are shown. The document D1.1 “Quality Plan” [7] is not mentioned in the present report, as it is a result of WP1. For this reason it is reported as achieved management result in D1.3 [3].

Obj. no. Involved WPs Delivery Documents

Obj1 WP1, WP8 D1.1, D8.1, D8.2

Obj2 WP8 D8.1

Obj3 WP2 D2.1, D2.2

Obj4 WP2 D2.3

Obj5 WP3, WP5 D3.1, D5.1

Obj6 WP1, WP8 D1.2, D1.3, D1.4, D8.3

Table 4: Deliverables List

All the planned milestones listed in section 2.2 have been reached, because all the agreed means of verification have been satisfied.



Classification PU


5 Conclusions

The planned objectives have been substantially achieved with no deviations with respect to the work plan.

During the period of interest, two milestones have been planned and achieved: MS1 and MS2.

It is worth mentioning that the only change with respect to the project plan is a shift in the end date of T7.1, a change the Project Officer was informed of in advance. This shift was due to technical reasons: in fact, a necessary input for Task 7.1 are use cases whose preliminary version is produced by Task 2.2 in M10 (deliverable D2.3). This contradiction seems an evident mistake done during the preparation of the final consolidated DoA. This shift does not produce any impact in the contractual dates of deliverables (in fact, D7.1 “Validation Plan” is planned for M18) and in the contractual milestones.



Classification PU


6 References

[1] ATENA Grant Agreement Number 700581, signed agreement, 2016

[2] ATENA Grant Agreement Number 700581 - Annex 1 (part A), document included with separate page numbering in [1] (pagg. 85-147), 2016

[3] ATENA Consortium, D1.3 “First Periodic Management Report”, Mar. 2017

[4] ATENA Consortium, D1.4 “First Report on the Distribution of the Community’s Contribution”, Mar. 2017

[5] ATENA Consortium, D2.1 “State of Art”, publicly available on www.atena-h2020.eu, Oct. 2016

[6] ATENA Consortium, D3.1 “ATENA System Requirements and Specifications (interim report)”, publicly available on www.atena-h2020.eu, Oct. 2016

[7] ATENA Consortium, D1.1 “Quality Plan”, publicly available on www.atena-h2020.eu, July 2016