CockpitCI aims to improve the resilience and dependability of Critical Infrastructures (CIs)by the automatic detection of cyber-threats and the sharing of real-time information about attacks among CI owners.
CockpitCI aims to identify, in real time, the CI functionalities impacted by cyber-attacks and assess the degradation of CI delivered services.
CockpitCI aims to classify the associated risk level, broadcast an alert at different security levels and activate a strategy of containment of the possible consequences of cyber-attacks.
CockpitCI aims to leverage the ability of field equipment to counteract cyber-attacks by deploying preservation and shielding strategies able to guarantee the required safety.
Description of the work
CockpitCI will design and develop a system capable of detecting malicious network traffic which may disrupt the correct functioning of a SCADA system and tamper with its normal operation.
CockpitCI will rely on a unifying approach across the Critical Infrastructures modelling domain. Models and software tools will be used to predict the Quality of Services (QoS) delivered by SCADA systems early. Indicators of SCADA QoS will be computed using an adequate representation of the technological networks supporting SCADA services, accounting cyber multi-phased attacks and accidental failures.
CockpitCI will aggregate the information of potential cyber-attacks induced on SCADA systems or telecommunication systems used to support the operation of CIs, and identify the potential unsecured area of the CIs.
CockpitCI will research traffic monitoring and attack detection. New machine learning based approaches for unusual traffic event detection will be analysed and several typologies of cyber-threats will be modeled as well as the cyber inter-dependencies of the composite CIs system.
CockpitCI will provide a framework to allow the community of CI owners to exchange real-time information about attacks, extending the capabilities developed in the previous MICIE project. It will extend the prediction capabilities by considering cascading events induced by faults and cyber-attacks and also develop a strategic analysis tool able to calculate the potential threat of coordinated cyber-attacks on CIs.
The main expected result is the demonstration that the convergence among physical security, cyber security and business continuity is possible with positive fallouts for all the involved players. Benefits will arise from the security point of view thanks to the availability of a larger amount of field data, while, from the business point of view, a better real-time risk evaluation will allow a tailored definition of service level agreement and the avoidance of large domino effects.
More information on the project DETAILS