Critical Utility Infrastructural Resilience

The paper refers to CRUTIAL, CRitical UTility InfrastructurAL Resilience, a European project within the research area of Critical Information Infrastructure Protection, with a specific focus on the infrastructures operated by power utilities, widely recognized as fundamental to national and international economy, security and quality of life. Such infrastructures faced with the recent market deregulations and the multiple interdependencies with other infrastructures are becoming more and more vulnerable to various threats, including accidental failures and deliberate sabotage and malicious attacks. The subject of CRUTIAL research are small scale networked ICT systems used to control and manage the electric power grid, in which artifacts controlling the physical process of electricity transportation need to be connected with corporate and societal applications performing management and maintenance functionality. The peculiarity of such ICT-supported systems is that they are related to the power system dynamics and its emergency conditions. Specific effort need to be devoted by the Electric Power community and by the Information Technology community to influence the technological progress in order to allow commercial intelligent electronic devices to be effectively deployed for the protection of citizens against cyber threats to electric power management and control systems. A well-founded know-how needs to be built inside the industrial power sector to allow all the involved stakeholders to achieve their service objectives without compromising the resilience properties of the logical and physical assets that support the electric power provision.

[1]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[2]  Karama Kanoun,et al.  Fault-tolerant system dependability-explicit modeling of hardware and software component-interactions , 2000, IEEE Trans. Reliab..

[3]  Benjamin A Carreras,et al.  Complex systems analysis of series of blackouts: cascading failure, critical points, and self-organization. , 2007, Chaos.

[4]  Andrea Bondavalli,et al.  Dependability modeling and evaluation of multiple-phased systems using DEEM , 2004, IEEE Transactions on Reliability.

[5]  Andrea Bondavalli,et al.  A Modular Approach for Model-Based Dependability Evaluation of a Class of Systems , 2004, ISAS.

[6]  Miguel Correia,et al.  Low complexity Byzantine-resilient consensus , 2005, Distributed Computing.

[7]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[8]  John E. Mitchell,et al.  Assessing vulnerability of proposed designs for interdependent infrastructure systems , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[9]  Masera Marcelo,et al.  Evaluation of the Effects of Intentional Threats to Power Substation Control Systems , 2006 .

[10]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[11]  Bernhard M. Hämmerli,et al.  Critical (Information) Infrastructure Protection , 2005, GI Jahrestagung.

[12]  Michael K. Reiter,et al.  Dynamic byzantine quorum systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[13]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[14]  Eugene Nickolov,et al.  Critical Information Infrastructure Protection , 2005 .

[15]  Steven M. Rinaldi,et al.  Modeling and simulating critical infrastructures and their interdependencies , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[16]  Alan A. Desrochers,et al.  Modeling infrastructure interdependencies using Petri nets , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[17]  Susanna Donatelli,et al.  Building Petri net scenarios for dependable automation systems , 2003, 10th International Workshop on Petri Nets and Performance Models, 2003. Proceedings..

[18]  Susanna Donatelli,et al.  Stochastic Petri nets and inheritance for dependability modelling , 2004, 10th IEEE Pacific Rim International Symposium on Dependable Computing, 2004. Proceedings..

[19]  J. Van den Keybus,et al.  Using a fully digital rapid prototype platform in grid-coupled power electronics applications , 2004, 2004 IEEE Workshop on Computers in Power Electronics, 2004. Proceedings..

[20]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[21]  Keith A. Stouffer,et al.  System Protection Profile--Industrial Control Systems Version 1.0 , 2004 .

[22]  Matti A. Hiltunen,et al.  Enhancing survivability of security services using redundancy , 2001, 2001 International Conference on Dependable Systems and Networks.

[23]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[24]  Sadie Creese,et al.  Conceptual Model and Architecture of MAFTIA , 2003 .

[25]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Joseph A. Falco,et al.  IT Security for Industrial Control Systems , 2002 .