: European Commission : JRC : IPSC :  Serac Home arrow Project description
Main Menu
Serac Home
Unit Profile
Test Facilities
Contact Us
Search
News
SCNI
SCNI Homepage
Project description
Programmes
Amtrala
Border Security
Cybersecurity
Midiv
SCNI


Security of Critical Networked Infrastructures PDF Print E-mail
This action includes policy support, research (e.g. modelling and simulation, situation awareness, security risk assessment, management and governance), hands-on laboratory work as well as applications development. It will cover four main axes of RTD activities and also contributions to wider policy support and complementary activities:

  1. Modelling and simulation of critical networked infrastructures(DG Infso, DG Entr, DG JLS, DG Tren): Research will focus on security relevant elements (e.g. vulnerabilities, threats and attacks) of infrastructures, with focus on energy.
  2. Security risk assessment (DG Infso, DG Tren, DG Entr). This line will develop methodological approaches, linked to the on-going discussions of European standards and future benchmarks.
  3. Security risk management (DG Tren, DG Entr, DG Infso). The focus will be on technologies for the early warning of abnormal states, and the communication of relevant information among the different private and public stakeholders.
  4. Security risk governance (DG JLS, DG Entr, DG Tren, DG Relex). The goal is to support the definition of the governance framework for European-wide problems, in light of the future European Programme on CIP.
Rationale

This action will cover five main axes of activities:
  1. Policy support: Support actions directly developed as a service to a customer DG (e.g. organisation of workshops, information systems, etc.). The work will also comprise the support to standardisation activities.
  2. Modelling and simulation: Research will focus on the further development and application of methodologies for the modelling of the infrastructures and of their vulnerabilities and threats, and of potential attacks, disruptions and their effects. The focus will be on those threats and the vulnerabilities that are assessed to have the most damaging effects with respect to the integrity and availability of extensive, cross-border networked infrastructures. The sectors selected for research will primarily include electric power, gas and oil systems.
  3. Security risk assessment: Research will focus on the development and applications of methodologies for the assessment of the likelihood and potential severity of security risks of networked architectures.
  4. Security risk management: Research will focus on methods and tools for the observation of security- relevant events in information networks, and the synthesis of assurance case techniques (mainly in light of risk communication). This will include the application of honeypots, telescopes, and other technologies, and in particular their application to industrial network systems. Security risk governance: Research will further progress in the definition of a Governance process for decision-making with respect to the security risks of international networked infrastructures.
Objectives for 2006

  1. Policy support: – Support to EPCIP by the development of a web site and a knowledge base (JLS, INFSO, TREN, ENTR) – Support to CEN WG 161 (ENTR, TREN, INFSO) – Participation to ESRAB (WG on Critical Infrastructures and Utilities - ENTR) – Participation in the project GRID (INFSO) – Participation in the project COUNTERACT (TREN) – Workshop EU/USA on Security Risk Communication, Jan 06 – Support to RELEX initiatives on Energy security 
  2. Modelling and simulation: – Models of the Gas and Oil infrastructures – Models of electric power networks topology and analysis of incidents – Participation in the project VITA (development and running of a scenario gaming exercise, April 06) – Development of Vulnerability, Threat and Attack (VTA) models for remote industrial control and implementation of demonstrators 
  3. Security risk assessment: – Implementation of InSAW (JRC Innovation award) – Analysis of the potentiality of a comprehensive risk assessment (based on the existing methods and tools InSAW and ASTRA) – Application of InSAW to the assessment of the cybersecurity of remote control systems in an industrial installation. 
  4. Security risk management: – Development of information infrastructure anomaly observation mechanisms (studies on honeynets and telescopes) – Studies on the applicability of the Assurance Case for Risk Communications 
  5. Security risk governance: – Publishing of the book “Critical Infrastructures at Risk” – Creation of a network of European S&T; for Risk Governance (linked to the International Risk Governance Council)
Deliverables:

  • Assurance Case workshop (30/03/2006)
  • COUNTERACT deliverables (31/12/2006) 
  • EPCIP web site and knowledge base (30/06/2006) 
  • European S&T; for Risk Governance network (31/08/2006) 
  • Gas/oil infrastructure security simulator (31/12/2006) 
  • GRID project deliverables and workshops (31/12/2006) 
  • Implementation of software tool InSAW (30/09/2006) 
  • Industrial control and infrastructure vulnerability laboratory, including o Honeypot implementation o Anomaly detector (telescope) o Scada attack simulator (30/12/2006) 
  • Report on InSAW application of industrial case (30/09/2006) 
  • Threat, attack, and vulnerability models for remote control systems (31/12/2006) 
  • VITA project deliverables (30/06/2006) 
  • “Critical Infrastructures at Risk” book (31/03/2006) 
  • Electric power topological analysis (31/12/2006)
[ Back ]
Events
May 2006
M T W T F S S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31 1 2 3 4
June 2006
M T W T F S S
2930311 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 1 2
Latest News