OpenMI – CIPRNet cooperation meeting

Deltares – Delft (The Netherlands) – 31 October 2014

Federated Modelling and Simulation of Critical Infrastructures (CI)

(DIESIS Project) Erich Rome – Fraunhofer IAIS (Sankt Augustin, Germany)

erich.rome@iais.fraunhofer.de

10/11/2014 erich.rome@iais.fraunhofer.de 2

Agenda

Simulation for Critical Infrastructure Protection

Federated simulation

DIESIS interoperability middleware

DIESIS demonstrator

Conclusion

10/11/2014 erich.rome@iais.fraunhofer.de 3

Tools for research and investigation: modelling, simulation and analysis (MS&A)

Scenarios include multiple CI domains and threats

Typical in CIP: “All hazards” approach

Possible applications include …

Modelling, Simulation and Analysis of CI

10/11/2014 erich.rome@iais.fraunhofer.de 4

MS&A of CI Some applications areas

General (offline) CI analysis

Improving preparedness

Operational support

Investigating (inter)dependencies between critical infrastructures

Detect implicit, indirect and hidden relations

Investigate dynamic effects, feedback loops and cascading effects

Stability analysis and risk estimation

Soft exercises and real-time training

Widen the spectrum of emergency situation exercises

Decision support

Extended representation of current situation

What-if analysis

10/11/2014 erich.rome@iais.fraunhofer.de 5

DIESIS MS&A approach DIESIS demonstrator

10/11/2014 erich.rome@iais.fraunhofer.de 6

DIESIS demonstrator Federation of four simulators

Telecommunication Network Simulator NS2

Electricity network Simulator SINCAL

Flood simulator Aqua

Railway Simulator Opentrack

Federated CI Simulation – DIESIS middleware

Data exchange and synchronisation

Control module

10/11/2014 erich.rome@iais.fraunhofer.de 7

MS&A of CI Cross-sector simulation: modelling challenges

Heterogeneous CIs

Data acquisition

Different simulation models and functionality

Different fidelity required for different goals

Different time scales and models

Multi-disciplinary expertise needed

Analysis goal has to be defined

Concrete CI dependencies have to be identified

Data may be sensitive, classified or incomplete

Close cooperation with CI operators often required

10/11/2014 erich.rome@iais.fraunhofer.de 8

Basic MS&A workflow

During or after the simulation

“Animate” the model by introducing a “time” component

Acquire data and Generate static models

Determine the nature of the Investigation ①

Choose a Scenario ②

Modelling ③

Computer Simulation ④

Analysis ⑤

10/11/2014 erich.rome@iais.fraunhofer.de 9

Federated simulation Motivation

Save resources by reusing existing models and interconnect ready-made simulators

For many domains and CI sectors, dedicated simulators already exist

Ready-made technically correct CI simulation models or detailed inventories of CI elements exist

Requirement: create interaction models that describe interactions between domains and contain only relevant CI elements

Some approaches exist

like High Level Architecture (HLA), an IEEE standard that emerged from the military area

Integrated Simulation

CI Sector 1

CI Sector 3

CI Sector 2

Threat 1 Threat 2

Federated Simulation

Simulator 3

Simulator 1

Simulator 2

10/11/2014 erich.rome@iais.fraunhofer.de 10

Federated simulation Some challenges

Semantics

Technology

Data integration and conversion

Different time models: synchronisation (preservation of causality)

Necessity to create concepts or elements outside particular domains at federation level

Heterogeneous software: interfacing simulators

Orchestration of different execution concepts of federate simulators

Communication and event routing among federates

10/11/2014 erich.rome@iais.fraunhofer.de 11

DIESIS architectural approach Interoperability middleware for federated MS&A

Designed for heterogeneous interdependent federated simulations

Addresses the lack of coupling standards for CI simulators

Federates may have different time models and different time scales

Flexible modelling and extensibility of federations

Scenario-oriented federation design

Service-oriented scenario design

DIESIS interoperability middleware is based on two concepts

Lateral (instead of central) coupling of federates

Separation of technical and semantic interoperability

10/11/2014 erich.rome@iais.fraunhofer.de 12

DIESIS architectural approach Interoperability layers

Semantic interoperability

Technical interoperability

DIESIS Knowledge Base System: a general modelling framework

CI elements/properties that are involved in cross-domain interactions

Federation level concepts: static dependency representation (relations), dynamic dependency concepts (behaviour)

Reusable simulator coupling links, dedicated types:

Time links: ensure correct event ordering

Data links: exchange state changes (events)

Function links: mutual function calls

Control links: manage runtime behaviour

10/11/2014 erich.rome@iais.fraunhofer.de 13

DIESIS architectural approach Scenario-oriented design: conceptual phase

Enunciate general requirements and the goal

Which domains are involved and how do they interact?

What do we want to investigate?

Provide an informal, human-readable, computation-independent model

Capture all elements related to cross-CI interactions, no insight into CI-specific structure and behaviour required!

Identify agent types and services, construct a service network

Describe both abstract and technical elements

Flooding (river / rain)

Electricity network

TelCo networkSet operable

Set water level

Control Panel

Visualisation module

Start / stop

Send logs

10/11/2014 erich.rome@iais.fraunhofer.de 14

Flooding

ElectricityTelecommunication

Railway

Power Node

Power Line

Protection Device

TelCo Office

TelCo Node

Switch on / off

Water Source Set water level Measuring Point

TelCo Link

Disconnect

Node Pair Simulation Results

Station

Train Signals

Track Block

Start / stop

Lock / release

Set speedSignal on / off

Departure / arrivalSet on / off

Disconnect

Disconnect

Set amperage

Set water level

Set water levelSet water level

Set water level Set water level

Fuel delivered

Set power supply level

Set power supply level

Flooding

ElectricityTelecommunication

Railway

Power Node

Power Line

Protection Device

TelCo Office

TelCo Node

Switch on / off

Water Source Set water level Measuring Point

TelCo Link

Disconnect

Node Pair Simulation Results

Station

Train Signals

Track Block

Start / stop

Lock / release

Set speedSignal on / off

Departure / arrivalSet on / off

Federation Control Module

Water Simulation Controller

Power Simulation Controller

Railway Simulation Controller

Knowledge Base System

Time Management Module

TelCo Simulation Controller

Visualisation Module

Disconnect

Disconnect

Set amperage

Set water level

Set water levelSet water level

Set water level Set water level

Send logs

Send logs

Send logs

Register

Register

Register

Register

Get dependencies

Get dependencies

Get dependencies Get dependencies

Get dependencies

Register

Set next step

Set next step

Set next step

Wish time step

Wish time step

Set next step

Set next step

Set next step

Wish time step

Wish time step

Fuel delivered

Register

Register

Register

Start / stop / log

Start / stop / log

Start / stop / log

Start / stop / log

Register

Send logs

Set power supply level

Set power supply level

Static Modelling Part 1 and 2

10/11/2014 erich.rome@iais.fraunhofer.de 15

DIESIS architectural approach Scenario-oriented design: modelling phase

Provide a formal, machine-readable representation of the informal model A power station provides energy for a

TelCo building.

TelCo building TB12 receives power from the power stations P20m and P18m.

Any kind of equipment inside a TelCo building is off if none of the power stations linked to it has a property VoltageLevel over 80% and the own backup power supply unit is discharged.

Conceptual level: add all concepts for domain element types and their relations

Instance level: instantiate domain element types, add concrete elements and relations

Dynamic level: provide description of service behaviour

10/11/2014 erich.rome@iais.fraunhofer.de 16

DIESIS architectural approach Scenario-oriented design: implementation phase

Implement all technological components (see service network)

Implement communication layer or add interfaces to existing runtime interfaces (RTI)

Implement federation adapters for all simulators

Remove bottlenecks, optimise performance

Validate simulation results

10/11/2014 erich.rome@iais.fraunhofer.de 17

DIESIS architectural approach Features and advantages

Structuring of modelling and development in order to facilitate the process and to minimise efforts

Modelling at federation level concerns only those elements that are relevant for (static) dependency definition

No deep insight into structure and behaviour of all (scenario-relevant) domains is required for modelling

Flexibility: depending on desired results, particular simulators and models can be added, removed or replaced

Reusability: technical components, models and concepts and can be utilised for various scenarios

10/11/2014 erich.rome@iais.fraunhofer.de 18

DIESIS demonstrator Federation of four simulators

Simulators

Telecommunication: NS2

Electricity: SINCAL™

Railway: OpenTrack™

Flooding threat: Floodsim/Aqua

ICT components

Visualisation module

KBS database

KBS server

Control module FCM

Middleware

10/11/2014 erich.rome@iais.fraunhofer.de 19

Federated M&S of CI Conclusion

Modelling and simulation has useful applications related to CIP

MS&A of multi-CI systems is challenging

Integrated M&S approach

Uniform modelling: only a single simulator is required

More domain-specific know-how required

Challenge: creation of really large models with hundreds of CI elements

Federated M&S approach:

Reuse existing simulators and models: reduce realisation costs

Best flexibility for changing scenarios and different analysis tasks

Interoperability: currently no established standards for CIP but several approaches exist

10/11/2014 erich.rome@iais.fraunhofer.de 20

Federated M&S of CI Outlook – Further development in CIPRNet

Improved interoperability using event-processing methods

Dedicated application for training crisis managers

‘what if’ analysis allows exploring different courses of action starting from the same situation (not possible in reality)

The combination with consequence analysis allows comparing the consequences when taking different courses of action

Consequences refer to the outcome of an emergency or crisis (number of affected people, environmental damage, economical damage, duration of loss of CI service, …)

Simulation allows exploring the effects of mitigation actions on the outcome of an emergency or crisis

Thank you for your attention!

project websites: diesis-project.eu & ciprnet.eu

online glossary: cipedia.eu

Acknowledgements: Andrij Usov, former team member; DIESIS team