D’Appolonia S.p.A.

AN ISO 9001 AND ISO 14001 CERTIFIED COMPANY

www.dappolonia.it

Concrete applications of interdependency management

(the cases of INMOTOS and SESMAG projects)

Giorgio Gentile

Background

Interdependencies among Critical Infrastructures, both intra-domain

and inter-domain, are complex to be understood, analysed and

managed.

Critical Infrastructures risks always change due to new threats,

interdependencies and possible scenarios.

EU Critical Infrastructures have good contingency plans but they are

not always “well proven and optimised contingency plan”, i.e.

evaluated in complex scenarios and taking into account dependencies

with other Critical Infrastructures contingency plans.

… no standards currently exist at EU level concerning the approach to

define and adopt Contingency…

…interdependencies among Cis are not taken into account…

Background - continued

EU is lacking coordination in the definition of measures to be

undertaken.

It is proven that coordination can compensate investments in security,

by improving the response effectiveness and providing a more effective

means to manage the crisis events.

An improved response, as well as, a more effective response can lead

to a significant reduction in CI harms and a subsequent reduction of

costs to be undertaken to restore the overall system and functions.

Background - continued

To enhance CI security the security approach should follow two main

steps.

The first one is identified by the definition of security policies and

guidelines for their implementation.

The second step is identified by the implementation of contingency

plans to be adopted in case of need.

Security Policies and Guidelines Definition

Currently regulations only exist at national level.

The 2008/114/EC directive has been a tentative approach for a EU

wide regulation in terms of policies and guidelines.

Security Policies are used to define the security objectives which a

system should be subject to. Security Policies are custom defined by

each Owner/Operator according to the existing (if any) national

regulations.

A set of guidelines addressing how to define a security policy and how

to implement it would be effective.

Contingency Plans

Contingency Plans are used to establish a solid reference of the

actions to be undertaken in case of emergency, to mitigate the disaster

effects or to restore the system functionalities.

Contingency Plans effectiveness and efficiency are difficult to be

measured and sometimes it is really expensive. Propagation of positive

effects is difficult to be assessed.

THE INMOTOS CASE

Background

• On 2007, the Council established the specific Programme

"Prevention, Preparedness and Consequence Management of

Terrorism and other Security related Risks for the Period 2007-

2013”

• On September 2008 the Commission adopted the “2009 Annual

Work Programme”, specifying its specific objectives and thematic

priorities

• The Call for Proposals purpose was to award grants to transnational

and/or national projects that contribute to the development of the

"European Programme for Critical Infrastructure Protection"

(EPCIP)

Objectives

Definition of a common taxonomy for critical infrastructures

interdependencies and contingency plans;

Definition of a methodology for risk assessment of critical

infrastructures interdependencies and contingency plans based on

simulation;

Design and development of tools for critical infrastructures

interdependencies and contingency plans modelling, simulation and

risk evaluation

Analysis and validation of contingency plans in complex scenarios

taking into account both intra-domain and cross-domain

interdependencies

Contingency Planning…

Contingency Plan definition is A MUST for business continuity

assurance and for disaster recovery.

Defining a contingency plan requires:

To have experience

On the CI under analysis

On the measures identified and their effectiveness

Extensive analysis

Extensive knowledge of historical events

To be maintained and reviewed/improved

It’s difficult to taylor the Contingency Plan in order to make it effective,

especially with regard to the costs.

…in the Oil&Gas Field

• Precise formulas exist

• Well defined parameters to be

monitored – Correct functioning of the system

– Service Level Agreement measures

• Monitoring to be carried out by

men

• SCADA systems are used to

monitor some parts of the system

ACTIVE MONITORING

P decrease at CS

(Deviation Detection)

Verify the instruments functionality in C.R. and on

field

Repair the instruments. Activities can proceed normally

are the instruments working?

Verify the Flowrate at RT

Start further verifications and checks.

Activities can proceed normally if within the operating limits

Initialize Emergency Notification to ERT Coordinator.

___

Possible Leak in Zone "1", “2” or Zone "3"

Activities can proceed

Normally without additional actions

is

pressure

decrease due to a normal load

variation?

Yes

Yes

Yes

No

No

No

is

the flowrate decreasing?

…in the ICT Field

• Main measures are referred to availability and performance of the whole

system

• Monitoring is mostly automatic

• Actions to be performed are mostly automatic

• Effectiveness is easier to be evaluated

INMOTOS Approach

The main focuses for the INMOTOS project are represented by the

interdependencies among infrastructures and the contingency plans

adopted in case of emergency.

Both the Critical Infrastructures and the Contingency Plans are

modeled as Coloured Petri Nets (CPN).

The assessment of CI risks and validation of Contingency Plan is

performed by simulating their behaviour against a likely scenario.

Risk is evaluated at different layers and be seen as an aggregation of

lower risks level (top-down or bottom-up approach).

What’s available

What’s available

Interaction with Simulation Framework

THE SESMAG CASE

• SESMAG aims at ensuring a low cost and replicable study for the

evaluation and implementation of a minimum set of security requirements

to increase Smart Grids security and resilience.

• The study aims at providing a set of guidelines to define how to implement

secure smart grids and, on a scenario basis, a set of

requirements/measures to be implemented by the stakeholders.

• Such an approach will allow for a convergent approach across Europe

towards a secure implementation of the Smart Grids and of the energy

infrastructures, ensuring a more reliable energy production and distribution

across the network.

• The project outcome will ensure an increased resilience of the energy

networks to cyber attacks and physical outages due to mis-configuration of

the connected producing systems or unbalanced distribution and

production algorithms.

Project Objectives

• SESMAG Project should:

– Analyse the currently deployed situation and the applicable best practices

– Define a catalog of current vulnerabilities, threats/hazards and countermeasures

– Perform a risk assessment

– Define a set of guidelines for Secure and Resilient Smart Grids implementation

Proposed Objectives

An IT support tool will be developed to support the user in the analysis of the deployed grid.

Approach

D’Appolonia S.p.A.

Headquarters:

Via San Nazaro,19

16145 Genova – Italy

Tel. +39 010 3628148 Fax +39 010 3621078

E-mail: dappolonia@dappolonia.it

Web site http://www.dappolonia.it

Rome

Milan

Viareggio

Naples

Brindisi

Palermo

Brussels

Podgorica

Beijing

Seoul

Cairo

Istanbul

St. Petersburg

Abu Dhabi