Embed Size (px)
Citation preview
IRRIIS- FP6-2005–IST-4
EC - LOGO
Introduction to IRRIIS MIT Add-On Components
Middleware Improvement Technology for Interdependent Critical Infrastructure
08 February 2007, Rome
Giordano Vicoli
IRRIIS
Summary
Introduction to MIT Identifying MIT Add-On Components Description of MIT Add-On Components
IRRIIS
MIT Introduction
MIT is a software system aiming at enhancing the availability, survivability and the resilience of LCCIs by mitigating dependency and interdependency effects.
Communication Components. Add-On Components. Other software resources (Databases,GUI,
Configuration Files, Run-Time Environment, etc.)
IRRIIS
MIT System
Add-On
Components
Communication
Components
Other resources
LCCI
MIT System
SCADA SYSTEM LOG Files DataBases
LCCI resources
IRRIIS
MIT Communication Components
A single MIT System doesn’t make sense if it can’t communicate with other MIT Systems installed on other LCCIs.
Communication Components are in charge of exchanging data and information with other MIT Systems installed on other LCCIs.They are the same for each LCCI.
IRRIIS
MIT Communication
Add-On
ComponentsCommunication
Components
Other resources
LCCI 1
Add-On
ComponentsCommunication
Components
Other resources
LCCI 2
IRRIIS
MIT Communication
Add-On
ComponentsCommunication
Components
Other resources
LCCI 1
Add-On
ComponentsCommunication
Components
Other resources
LCCI 2
Add-On
ComponentsCommunication
Components
Other resources
LCCI 3
IRRIIS
MIT Add-On Components
They can be several. Collect and process internal data and information. They will implement different algorithms according
to the LCCI where they are installed and to the data they have to process.
Perform analysis and diagnosis useful for the LCCI where they are installed.
Process data coming from other LCCI in order to allow the operator preventing potential cascading effects.
IRRIIS
Identifying Add-On Components
Possible incidents
Classes of functions
Add-On Components
Requirements
Goal
IRRIIS
Identifying Add-On Components
The goal of each LCCI:maintain proper state and deliver the expected services in all circumstances.
Probable causes of severe incidents are:– extraordinary natural conditions (floods, eartquake,..)– human errors– malicious attacks
IRRIIS
Identifying Add-On Components Incidents
Extraordinary natural conditions:– Against this type of events the keyword is cooperation.– Mutual support between LCCIs is always needed.– Add-On Components should support consultation and
coordinate actions between neighbouring systems for the establishment of effective mitigation measures, as well as early warning notification of coming threat.
IRRIIS
Identifying Add-On Components Incidents
Human errors– Simple situation: Add-On Components should provide
automatic reaction.– Complex situation: Add-On Components should support
the operator for emergency handling. Malicious attacks
– They include cyber attacks and malicious operation.– Add-On Components should improve security by
preventing or at least detecting them as early as possible.
IRRIIS
Identifying Add-On Components Requirements
DETECT AS EARLY AS POSSIBLE the anomalous status and NOTIFY it to the dependent infrastructures.
PROVIDE EARLY WARNING of deteriorating system conditions so operators can take corrective actions.
Prevent incident to AVOID cascading effects on dependent infrastructures.
IRRIIS
Identifying Add-On Components Requirements
ESTIMATE the probability of disrupt of his own LCCI and NOTIFY to the dependent infrastructures.
ASSESS THE own infrastructure RISK due to information about neighbouring status.
HANDLE THE EMERGENCY if needed by negotiating coordinate actions
IRRIIS
Identifying Add-On Components Classes of functions
Previous requirements allows to identify the following Classes of Functions:– Internal assessment.– Risk assessment.– Emergency management.
IRRIIS
Identifying Add-On Components Classes of functions
Internal assessment (situation awareness about home LCCI)– to provide early warning of deteriorating system
conditions and enable the operator to take corrective actions and to prevent an incident.
– to help the operator to be more aware about the internal status of the system.
IRRIIS
Identifying Add-On ComponentsClasses of functions
Risk assessment (situation awareness about home LCCI and neighbouring LCCIs)– to correlate the internal status of the LCCI with the status
of neighbouring LCCIs.– to estimate the probability of occurrence of undesirable
event based on both internal and neighbouring status.
IRRIIS
Identifying Add-On ComponentsClasses of functions
Emergenecy management (computer supported systems to manage the emergencies)– to support the operator during an emergency.– to support the local LCCI operator in the negotiation
process with operators of the neighbouring LCCIs during an emergency.
IRRIIS
IRRIIS
Add-On Components
Internal Assessment– Tool to extract LCCI functional status
Risk Assessment– Risk Estimator– Data Miner from Incident DataBase
Emergency Management– Assessment of cascading/escalating effects– Display of Emergency Management Procedures– Negotiator
IRRIIS
Add-On Components
Internal Assessment– Tool to extract LCCI functional status
A tool able to interface with existing tools and merge their output in order to have a clear and complete picture taking into account various functional status.
This Add-On Component is mandatory to provide information to dependent LCCIs.
This Add-On Components should interface with SCADA Systems and other LCCI components.
IRRIIS
Add-On Components
Risk Assessment– Risk Estimator
This Add-On Components will estimate immediate risk and potential cascading effects taking into account real time info on internal assessment, other LCCI status and other information.
– Data Miner from Incident DataBase This Add-On Components could be useful to exploit stored
experience and identify if current situation has some similarity with one of precondition which led to a disrupt of operation in the past.
IRRIIS
Add-On Components
Emergency Management– Assessment of cascading/escalating effects
This Add-On Component should show the direct and indirect effects of actions and evaluate cascading or escalating effects in own and dependent LCCI.
– Display of Emergency Management Procedures This Add-On Component should identify if on-going
contingency has any match in the preconditions of any procedure and then prompt the relevant procedure. If no match is found this tool should work out emergency management plans by intelligent adaption of existing procedures from all the available sources.
IRRIIS
Add-On Components
Emergency Management– Negotiator
This Add-On Components should agree or negotiate contingency plans with dependent LCCIs. It also could be used to verify some assumptions about neighbouring LCCI status.
IRRIIS
InformationPublisher
(FhG-IAIS)
InformationSubscriber &
Reader(FhG-IAIS)
InformationFiltering
(VTT)
Tool to extract LCCI functional status
(ENST)
SCADADSA SSA
MIT GUI
Operator
LCCI 1 LCCI 2 LCCI 3
Risk estimator(ENEA)
Data Mining from incident DB
(ENEA)
Display of Emergency Management Procedures(IABG-SIEMENS-AIA)
Assessment of cascading or escalating
effects(IABG-SIEMENS-AIA)
Negotiator(IABG-SIEMENS-AIA)
LCCI 4
Subs
crip
tion G
et Data
