Cyber Physical Systems Security ( SECANT Security - RO) With the - - PowerPoint PPT Presentation

▶

Dec 28, 2022 37 likes •199 views

Unified Unified Risk Risk Assessment Assessment URANIUM URANIUM Negotiation via Negotiation via Interoperability Interoperability Using Using Multi-sensor data Multi-sensor data Cyber Physical Systems Security ( SECANT Security - RO)

SLIDE 1

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Unified Risk Assessment Negotiation via Interoperability Using Multi-sensor data

URANIUM

Unified Risk Assessment Negotiation via Interoperability Using Multi-sensor data

Cyber Physical Systems Security

(SECANT Security - RO)

SLIDE 2

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Context

CIs are complex systems with nonlinear behavior
Physical security still very important
Physical security isn't limited to guards and some small alarm

systems, but it's more and more integrated with IT&C networks and applications and become recognized as generating big data for the organization.

Technological integration of physical and cyber security
Modern security models integrate physical security with

information and cyber security, with personal security and even with some operational risks control

SLIDE 3

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Physical Security Evolution

Physical security is the center of attention in almost every element of

protecting government facilities, business enterprises, and even public gatherings

Physical security elements could be looked at in four categories:
Physical obstructions that are used to impede access to facilities
r assets
Sensors that can warn us of attempts to penetrate our defenses

at the perimeter or can protect high-value assets

Guards and other human assets that detect threats, impede

access, and respond

Command and control facilities that tie together these defensive

methods and assist in the orderly response to particular threats and attacks

A trend toward a security society

SLIDE 4

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Intelligence

Impossible to “secure” all of the critical components
The basic elements of fully secured enterprise operations
sound, comprehensive enterprise protection architecture augmented by

a schema of well-documented, well-understood, and routinely practiced business processes;

rigorous system for the detection, analysis of, and, when appropriate,

alert to and protection from threats to enterprise operations and systems;

ability to sustain continuity of operations during any conceivable threat;
rapid recovery mechanisms to restore full operations once a threat is

controlled:

ability to analyze and apply forensics to determine what happened when

an incident occurs and to incorporate lessons learned to improve future risk mitigation processes.

Intelligence plays a key role in the resilience management

SLIDE 5

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Corelating operational and physical security information in power systems substation monitoring (I)

Remote monitoring provides near-real-time security information
Remote monitoring of assets can bring benefits
synergies between primary system monitoring and security monitoring - health and operational

data from the primary system equipment and the communications system devices can provide significant security information. Vice versa, security equipment can provide maintenance information;

economies of scale in combining system monitoring - combining the remote monitoring of the

three systems can increase the reliability and effectiveness of all three while also minimizing the direct costs associated with implementing the security measures;

security solutions enhanced by increased monitoring.

SLIDE 6

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Corelating operational and physical security information in power systems substation monitoring (II)

The need for physical security of substations is becoming more urgent
As the criticality of assets shift in response to changing power system

conditions, remote monitoring of security can be added less expensively

Some less critical security categories may use remote monitoring as the

primary means

SLIDE 7

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Inclusion of remote Monitoring in Security Categories

It is virtually impossible to fine tuning security solutions so that 'just' meet

security requirements for each individual substation

Different categories of security risks can be developed, and substations can be

assigned to these different categories

Remote monitoring can include:
Monitoring of specific security equipment.
Monitoring of the power system characteristics.
Monitoring of the Intelligent Electronic Devices (IEDs)
Monitoring the computer and communications equipment in the substations.

SLIDE 8

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Primary system monitoring Secondary systems monitoring Physical Security systems monitoring Primary / Secondary and Physical Systems Monitoring

SLIDE 9

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Remote monitoring used in security

Monitoring power system and communications equipment for intrusion is as important as

monitoring substation facilities.

Monitoring the equipment could permit system operators to take preventive actions on the power

system to mitigate the actions of attackers if the nature and extent of attacks are understood

Remote monitoring of certain types of attacks can help avoid or minimize the impact of these
attacks. This could include:
monitoring for (unauthorized) physical removal of equipment
monitoring for (unauthorized) turning equipment on or off
monitoring for (unauthorized) resetting equipment
monitoring for status and health of power system equipment, the control equipment,

secondary communication systems to access the control equipment

monitoring for status and health of remote monitoring equipment

SLIDE 10

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Physical Security Risk Management

Physical security - preventing physical access to assets in order to negatively impact

them ;

There are different ways to impact an asset (steal, disturb, destroy, indispose,

disclose etc.) and different ways to prevent the attack to be successful :

Physical security risk management represent best practice today and could

generally result in optimal system of controls that combine deter, detect, delay, intervene and reject:

Automated installations provide information on an attacker presence and actions as

the attacks develops, notify key actors and initiate actions to delay and/or reject the attack;

Installations are dimensioned based on risk assessment and attack scenario

estimation for each risk that is unacceptable, and could provide information about attack initiation, stage, and control and even could be a base to estimate the attack success likelihood;

Holistic evaluation of attack scenarios and risks could result in an aggregate risk

indicator for each critical asset; as the aggregate risk indicator increases, gradual controls could become active and information could be feed in a more general risk table.

SLIDE 11

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

SANDIA’s threats analysis framework

Six-step process is used

Create an adversary sequence diagram (ASD) for all asset locations.
Perform a scenario analysis
Conduct a path analysis, which provides PA ( likelihood of attack) and PI (probability of interruption of service)
Determine system effectiveness, PE (probability the security system is effective against attack).
Complete a neutralization analysis, if appropriate, which provides PN (probability of neutralisation).
If system effectiveness (or risk) is not acceptable, draw up recommendation and performes upgrades.

Risk Equation for the Malevolent Threat R = PA * (1 - PE) * C where: R = risk associated with the adversary attack; PA = likelihood of the attack (threat potential); PE = probability the security system is effective against the attack; protection system effectiveness in meeting its protection objectives; (1 – PE) = probability that the adversary attack is successful causing undesired events (also, the probability that the security system is not effective against the attack); vulnerability; and C = consequence of loss.

SLIDE 12

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Early warning in physical security

Assessment of the physical security effectiveness of an organization basically relays on the evaluation
f the attack probability (PA) and the capability of the physical security system to interrupt that attack

(PI)

There are two important parameters that characterize an attack: real time detection probability and

success probability

Apart from this “classical” approach a new way may be foreseen: the physical security early warning
Why?
To avoid an attack (so avoiding undesired consequences and unnecessary costs);
To gain valuable time to better prepare a response to an attack;
To sustain and contribute to the arising the security level and the physical security overall

awareness;

To prevent subsequent consequences;
To use alternative operational solutions.
How?
By evaluation and identification of the critical assets and setting warning scope and indicators;
By monitoring and periodical assessment of the existing physical security system;
By “listening” for additional data;
By data merging and providing early warnings.

SLIDE 13

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Early warning in physical security

Once identified, each critical asset is analyzed in order to establish:
the attack sequences identification
the existing physical security controls description
the attack sequence and control matching
scroll indicator of the sequence
attack success likelihood

Assets identification Assets classification Physical Security System Monitoring / Assessment YES Physical Security System Design & Implementation NO Attack success likelihood in limit? (PE = ?) Issue Early Warning

The outcomes of the Phisical Security Systems (PSS) early warning mechanism are :
physical security pre-alerts/warnings for the relevant stakeholders;
requirements for system design updates in order to cope with current or expected

threats;

requirements for re-evaluation and identification of the critical assets;
updates of the warning thresholds.

SLIDE 14

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Early warning in distributed security systems - a System-of-Systems approach

“system of systems " refers to a collection of systems , each dedicated to a task, by

combining their resources and capabilities lead to a more complex system " which gives more functionality and performance than the sum of the constituent systems

In a Physical Security Systems - SoS approach, each of the component PSS operate

independently and is a data source for the SoS as well as a data receiver

Beyond the individually reported data (alarms, incident information etc) – collected and

processed in order to build a common operational picture, additional information - which locally may not be critical - will be collected and it may become critical at the SoS level

Starting from a super - set of critical assets to be protected and an associated set of

physical security in-place measures, emerging new properties of the global SoS may produce new data valuable for early warnings

PSS 1 asset 1;1, asset 1;2… asset 1;n PSS 2 asset 2;1, asset 2;2… asset 2;n PSS 3 asset 3;1, asset 3;2… asset 3;n PSS m asset m;1, asset m;2… asset m;n PSS – SoS Bridge Physical Security System Monitoring / Assessment YES NO Attack success likelihood in limit? (PE = ?) Thresholds updates Issue Early Warning Stakeholders Design and operational updates recommendations

SLIDE 15

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Conclusions

Physical Security Systems information could improve general
peration risk image
Physical Security, Cyber Security and Operational Information

correlation improve CI’s security and reduces costs

Adversary Sequence Diagram could be used for early warning of

an attack

A System of Systems approach could be used for a CI Security

Early Warning System

CISIApro

DSS sensors

District Emergency Control room Risk Visualization

Demand/Response Control room Risk Visualization

SLIDE 16

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

URANIUM

Unified Risk Assessment Negotiation via Interoperability Using Multi-sensor data

URANIUM

Unified Risk Assessment Negotiation via Interoperability Using Multi-sensor data

THANK YOU

SECANT Security Company 15, Poiana Florilor Street, Ap.9, District 4, Bucuresti, Romania Phone.: 031 432 8215; Fax.: 031 432 8216