The CockpitCI project has led to develop, improve and/or deploy some innovative product in order to detect and analyse cyber-attacks, to model CI behavior under cyber-attacks, to simulate impact and risk on CI, and to test solution in a near-real environment. The exploitation of theses innovations and development will be led by each members of the consortium.
Detection and analysis
The first task of the consortium has been to set up a reliable detection and analysis system covered the entire set of network included into Industrial Critical Infrastructure i.e. Communication, SCADA and Operational networks. In that several membres of the consortium has designed specific probes or tools to detect, collect and consolidated security information. According to the exploitation strategy of the consortium, the tools has been developed either to function together either to be reused in other type of platform i.e. as product.
- Software Checker : a Vulnerability Assessment solution for IT devices. (more information)
- AVCaesar : a meta antivirus (more information)
- Fieldbus HoneyPot: a software and hardware honeypot solution for field network (more information)
- Shadow RTU: a specific device for filed network used to control the behavior of the PLC/RTU devices and track attacks on such devices (more information).
- The OSVM engine: an expert system able to better detect cyber-attack by correlation algorithm and artificial intelligence. (more information)
Models of CI behaviour under attacks
To be abel to predict and monitor the behavior of the CIs, several member have developed methodology and tools to simulate cyber-attacks and reaction strategy over the three monitored networks
- Virus spreading model: a model of virus infection and patch management of infected nodes.
- MITM attack mode: a model of QoS of networks under MITM attacks
- RAO Model: a real-time model of QoS according to cyber attacks scenarios and fault restoration strategy.(more information)
Simulation and prediction of impact and risk
The CISIA Risk Predictor Tool is a web basis application and has been developed to provide a clear overview of risk for operator especially of the security risk induces by cyber-attacks in the functioning of the fault restoration process used by the electrical operator The system is a real-time system directly feed by detection system. (more information)
Test and validation environment
HTB: Hybrid Test Bed, a mixed virtual and real environment for Electrical Network has been set up to provide a easy and sharable platform for researcher to test tools in almost real operational environment. The electrical, communication traffic information are real traffic recorded and replayed in the mixed environment. The tested devices connected to the platform could be remotely monitored and allow a large range of testing process with a real action on industrial devices such as PLC or Optical Communication Network, or smart home devices installed in a specific laboratory. (more information)