by Joaquín Rodríguez and Antonio Álvarez (ATOS)
The goal of the H2020 project CIPSEC is to create a unified security framework that orchestrates state-of-the-art heterogeneous security products to offer high levels of protection in IT (information technology) and OT (operational technology) departments of CI.
Critical infrastructures (CI) are systems and assets whether physical or virtual, so extremely vital to the country that their incapacity or destruction would debilitate the security, economic stability, public health or safety in any nation, even entailing casualties.
CI security features may differ significantly among diverse CIs across different verticals. Each vertical may contain different critical assets, implement different technologies and tools, face specific threats and use different protection methods. With that said, there are shared aspects of security characteristics regarding critical infrastructure protection: High-Availability, Physical Protection, and Cyber Security.
Critical infrastructures rely on technology and communication. The interconnectivity of information technology and industrial control systems has boosted systems performance. However, it has also changed and expanded the likely vulnerabilities, increasing the potential risk to operations.
Field networks have needed to be integrated with IP networks. Thus, sensitive elements like sensors, actuators or delicate processes control systems now are within reach of black-hat hackers. Also, the formerly isolated field networks are still a weak point in terms of security, whose cyber resilience still needs improvement.
Legacy and modern architectures are nowadays interoperating, resulting in more powerful systems that, nevertheless, are prone to present security breaches introduced from the data/communication exchange protocols used to provide such interoperability. Besides, the legacy architectures lack layered defense architecture. This enables hackers to attack these systems.
The CIPSEC Approach
The project CIPSEC (“Enhancing Critical Infrastructure Protection with innovative SECurity framework”) is a three-year multi-disciplinary, Innovation Action co-funded by the European Commission belonging to Horizon 2020, the EU Framework Programme for Research and Innovation, starting on May 1st 2016 and ending on April 30st 2019.
Figure 1: The CIPSEC project in a nutshell.
CIPSEC proposes a security framework for Critical Infrastructures (CI). This framework makes work together security products provided by different partners, resulting in an integrated powerful approach to protect CIs. The combined features of these solutions will be demonstrated on three different Critical Infrastructures provided by the pilot partners belonging to the Health, Transportation, and Environment CI domains, dealing with major cyber security related issues. CIPSEC major challenges are:
- Research on the dependencies on communication networks and ICT components (including SCADA and IACS systems) of critical infrastructures
- Anomaly detection and avoiding cascading effects.
- Reducing the attack surface of communication networks supporting critical infrastructures.
- Reduced criticality of ICT components installed in critical infrastructures.
- Increased preparedness, reduced response time and coordinated response in case of a cyber-incident affecting communication and information networks.
- Reduced possibilities to misuse ICT as a vehicle to commit cybercrime or cyber-terrorism.
ICT operators (e.g. telecom operators) have experience in securing information networks. This can be applied to new types of networks like smart grids linking communication, energy and transport networks.
Regarding the protection of legacy Industrial and Automation Control Systems (IACS), SMEs are particularly encouraged to provide specific and much focused security solutions adapting current ICT security technology to IACS environments on topics such as:
- Early anomaly detection.
- Patching and updating equipment without disruption of service and tools.
- Improved forensic techniques for supporting criminal law enforcement.
- Anti-malware solutions.
- Proactive Security Systems able to counteract Denial of Service attacks (distributed or not) and other type of attacks aimed to the IACS network disruption.
Keeping these challenges in mind, CIPSEC will create a unified security framework that orchestrates state-of-the-art heterogeneous security products and services to offer high levels of protection in IT and OT departments of CI.
The final framework should be as general as possible but respecting the CIPSEC pilot providers´ security requirements. The project has produced a reference architecture aiming at protecting most of the CI domains.
The design of the reference architecture is domain-agnostic, and is not dependent on any concrete solution. It is inspired in the data life cycle of CI. This process includes the collection, distribution, processing and discovering of data insights. Another principle followed is that the architecture should cover most of the desired key competences in the cyber security disciplines required to succeed on the protection of a wide range of CIs
The core of the architecture is composed by the following subsystems: Anomaly Detection, Integrity Management, Identity Management, Vulnerability Assessment, Forensics Support and Privacy by Design through Data Anonymization, Cryptography Operations, Updating and patching, Dashboards and Users Education based on training courses and cybersecurity awareness.
The CIPSEC consortium is composed of 13 partners including Atos Spain, the University of Patras (Greece), Consorzio per il Sistema Informativo (CSI PIEMONTE) (Italy), the Universitat Politècnica de Catalunya (Spain), the Foundation for Research and Technology Hellas (Greece), the Technische Universitat Darmstadt (Germany), DB Netz AG (Germany), the Hospital Clinic de Barcelona (Spain), COMSEC Ltd (Israel), Bitdefender SRL (Romania), Empelor GmbH (Switzerland), Worldsensing (Spain),and AEGIS IT RESEARCH Ltd (UK).
[L1] www.cipsec.eu @CIPSECproject
Antonio Álvarez, ATOS, Spain