concrete applications of interdependency management
DESCRIPTION
(the cases of Inmotos and Sesmag projects) by Giorgio Gentile Area Manager at D'AppoloniaTRANSCRIPT
D’Appolonia S.p.A.
AN ISO 9001 AND ISO 14001 CERTIFIED COMPANY
www.dappolonia.it
Concrete applications of interdependency management
(the cases of INMOTOS and SESMAG projects)
Giorgio Gentile
Background
Interdependencies among Critical Infrastructures, both intra-domain
and inter-domain, are complex to be understood, analysed and
managed.
Critical Infrastructures risks always change due to new threats,
interdependencies and possible scenarios.
EU Critical Infrastructures have good contingency plans but they are
not always “well proven and optimised contingency plan”, i.e.
evaluated in complex scenarios and taking into account dependencies
with other Critical Infrastructures contingency plans.
… no standards currently exist at EU level concerning the approach to
define and adopt Contingency…
…interdependencies among Cis are not taken into account…
Background - continued
EU is lacking coordination in the definition of measures to be
undertaken.
It is proven that coordination can compensate investments in security,
by improving the response effectiveness and providing a more effective
means to manage the crisis events.
An improved response, as well as, a more effective response can lead
to a significant reduction in CI harms and a subsequent reduction of
costs to be undertaken to restore the overall system and functions.
Background - continued
To enhance CI security the security approach should follow two main
steps.
The first one is identified by the definition of security policies and
guidelines for their implementation.
The second step is identified by the implementation of contingency
plans to be adopted in case of need.
Security Policies and Guidelines Definition
Currently regulations only exist at national level.
The 2008/114/EC directive has been a tentative approach for a EU
wide regulation in terms of policies and guidelines.
Security Policies are used to define the security objectives which a
system should be subject to. Security Policies are custom defined by
each Owner/Operator according to the existing (if any) national
regulations.
A set of guidelines addressing how to define a security policy and how
to implement it would be effective.
Contingency Plans
Contingency Plans are used to establish a solid reference of the
actions to be undertaken in case of emergency, to mitigate the disaster
effects or to restore the system functionalities.
Contingency Plans effectiveness and efficiency are difficult to be
measured and sometimes it is really expensive. Propagation of positive
effects is difficult to be assessed.
THE INMOTOS CASE
Background
• On 2007, the Council established the specific Programme
"Prevention, Preparedness and Consequence Management of
Terrorism and other Security related Risks for the Period 2007-
2013”
• On September 2008 the Commission adopted the “2009 Annual
Work Programme”, specifying its specific objectives and thematic
priorities
• The Call for Proposals purpose was to award grants to transnational
and/or national projects that contribute to the development of the
"European Programme for Critical Infrastructure Protection"
(EPCIP)
Objectives
Definition of a common taxonomy for critical infrastructures
interdependencies and contingency plans;
Definition of a methodology for risk assessment of critical
infrastructures interdependencies and contingency plans based on
simulation;
Design and development of tools for critical infrastructures
interdependencies and contingency plans modelling, simulation and
risk evaluation
Analysis and validation of contingency plans in complex scenarios
taking into account both intra-domain and cross-domain
interdependencies
Contingency Planning…
Contingency Plan definition is A MUST for business continuity
assurance and for disaster recovery.
Defining a contingency plan requires:
To have experience
On the CI under analysis
On the measures identified and their effectiveness
Extensive analysis
Extensive knowledge of historical events
To be maintained and reviewed/improved
It’s difficult to taylor the Contingency Plan in order to make it effective,
especially with regard to the costs.
…in the Oil&Gas Field
• Precise formulas exist
• Well defined parameters to be
monitored – Correct functioning of the system
– Service Level Agreement measures
• Monitoring to be carried out by
men
• SCADA systems are used to
monitor some parts of the system
ACTIVE MONITORING
P decrease at CS
(Deviation Detection)
Verify the instruments functionality in C.R. and on
field
Repair the instruments. Activities can proceed normally
are the instruments working?
Verify the Flowrate at RT
Start further verifications and checks.
Activities can proceed normally if within the operating limits
Initialize Emergency Notification to ERT Coordinator.
___
Possible Leak in Zone "1", “2” or Zone "3"
Activities can proceed
Normally without additional actions
is
pressure
decrease due to a normal load
variation?
Yes
Yes
Yes
No
No
No
is
the flowrate decreasing?
…in the ICT Field
• Main measures are referred to availability and performance of the whole
system
• Monitoring is mostly automatic
• Actions to be performed are mostly automatic
• Effectiveness is easier to be evaluated
INMOTOS Approach
The main focuses for the INMOTOS project are represented by the
interdependencies among infrastructures and the contingency plans
adopted in case of emergency.
Both the Critical Infrastructures and the Contingency Plans are
modeled as Coloured Petri Nets (CPN).
The assessment of CI risks and validation of Contingency Plan is
performed by simulating their behaviour against a likely scenario.
Risk is evaluated at different layers and be seen as an aggregation of
lower risks level (top-down or bottom-up approach).
What’s available
What’s available
Interaction with Simulation Framework
THE SESMAG CASE
• SESMAG aims at ensuring a low cost and replicable study for the
evaluation and implementation of a minimum set of security requirements
to increase Smart Grids security and resilience.
• The study aims at providing a set of guidelines to define how to implement
secure smart grids and, on a scenario basis, a set of
requirements/measures to be implemented by the stakeholders.
• Such an approach will allow for a convergent approach across Europe
towards a secure implementation of the Smart Grids and of the energy
infrastructures, ensuring a more reliable energy production and distribution
across the network.
• The project outcome will ensure an increased resilience of the energy
networks to cyber attacks and physical outages due to mis-configuration of
the connected producing systems or unbalanced distribution and
production algorithms.
Project Objectives
• SESMAG Project should:
– Analyse the currently deployed situation and the applicable best practices
– Define a catalog of current vulnerabilities, threats/hazards and countermeasures
– Perform a risk assessment
– Define a set of guidelines for Secure and Resilient Smart Grids implementation
Proposed Objectives
An IT support tool will be developed to support the user in the analysis of the deployed grid.
Approach
D’Appolonia S.p.A.
Headquarters:
Via San Nazaro,19
16145 Genova – Italy
Tel. +39 010 3628148 Fax +39 010 3621078
E-mail: [email protected]
Web site http://www.dappolonia.it
Rome
Milan
Viareggio
Naples
Brindisi
Palermo
Brussels
Podgorica
Beijing
Seoul
Cairo
Istanbul
St. Petersburg
Abu Dhabi