Chiara Foglietta

Improving Resilience of Interdependent Critical Infrastructures via an On-Line Alerting System

This paper illustrates the activities under development within the FP7 EU MICIE project. The project is devotedto design and implement an on-line alerting system, able toevaluate, in real time, the level of risk of interdependent Critical Infrastructures (CIs). Such a risk is generated by undesired events and by the high level of interconnection of the different infrastructures. Heterogeneous models are under development to perform short term predictions of the Quality of Service (QoS) of each CI according to the QoS of the others, to the level of interdependency among the Infrastructures, and according to the undesired events identified in the reference scenario.

Malicious false data injection in hierarchical electric power grid state estimation systems

The problem of malicious false data injection in power grid state estimators has recently gained considerable attention. Most of this attention, however, has been focused on the assumption of a centralised state estimator. In a next-generation smart grid environment incorporating distributed generation and highly variable demand induced by electric mobility, distributed state estimation is highly desirable to enhance overall grid robustness. We therefore consider the case of a bi-level hierarchical state estimator, which provides only partial observability to lower-tier state estimators. Using a formal observability model, we consider the case of an active adversary able to modify a set of measurements and derive bounds on the maximum number of manipulated measurements that can be tolerated, the composition of attack vectors, and give a formulation for identifying minimal sets of additional measurements to tolerate k-measurement attacks in this hierarchical state estimator. This allows us a more rigorous formulation over existing models.

A model for robust distributed hierarchical electric power grid state estimation

State estimation is a key problem wherever systems can only be observed partially, and is typically a prerequisite for effective control. The most widespread current use of state estimation is in electrical power networks, which combine distribution over wide areas with real-time requirements. A number of state estimators have been proposed, but studies of robustness against attacks has concentrated solely on the centralised case; here we discuss the hierarchical case particularly relevant for smart and micro-grid environments. Existing models are too coarse to provide the necessary insight to understand the robustness to different, also novel, types of attacks. These have so fare been studied only for centralised approaches, and are also relatively coarse in the forced states investigated. In this paper we therefore describe a multi-level hierarchical state estimator capable of describing sub-networks linked by tie-lines with minimal overlapping areas criteria, placing particular emphasis on the ability to achieve rapid algorithm convergence, also reporting on simulative validation of our results.

Assessing the Impact of Cyber Attacks on Interdependent Physical Systems

Considerable research has focused on securing SCADA systems and the physical processes they control, but an effective framework for the real-time impact assessment of cyber attacks on SCADA systems is not yet available. This paper attempts to address the problem by proposing an innovative framework based on the mixed holistic reductionist methodology. The framework supports real-time impact assessments that take into account the interdependencies existing between critical infrastructures that are supervised and controlled by SCADA systems. Holistic and reductionist approaches are complementary approaches that support situation assessment and evaluations of the risk and consequences arising from infrastructure interdependencies. The application of the framework to a sample scenario on a realistic testbed demonstrates the effectiveness of the framework for risk and impact assessments.

Delay and jitter attacks on hierarchical state estimation

State estimation is critical to ensure the stability of many non-trivial control systems where full observability cannot be maintained, and is particularly important in electrical power networks relying on wide-area measurement systems. In recent years, the problem of malicious bad data injection has been studied extensively, with a number of innovative mitigation and protection measures being proposed. Hierarchical and distributed state estimation systems require not only correct measurements and means for detecting and mitigating any faults or attacks, but also timely transmission of measurements and intermediate results. We argue that the latter has thus far not been considered adequately, and that communication channels cannot be considered to be instantaneous and reliable, nor solely be captured by stochastic models. In this paper we describe a communication channel model for hierarchical state estimators relying on the common WLS formulation and analyse the propagation of faults leading up to convergence failures in both intermediate and top-level state estimates as a consequence of interference with the communication channel. To this end we concentrate on denial of service-type attacks, limited to suppression of communication or channel manipulation resulting in delays or jitter as such attacks are feasible even where channel integrity and confidentiality are protected adequately. Analytical results showing substantial effects are supported by simulation results also reported.

Evidence Theory for Cyber-Physical Systems

Telecommunications networks are exposed to new vulnerabilities and threats due to interdependencies and links between the cyber and physical layers. Within the cyber-physical framework, data fusion methodologies such as evidence theory are useful for analyzing threats and faults. Unfortunately, the simple analysis of threats and faults can lead to contradictory situations that cannot be resolved by classical models.

Evidence theory for Smart Grid diagnostics

The Smart Grid represents a perfect application for Data Fusion techniques. In fact, those systems are physical power grids with an integrated telecommunication network able to deliver data, information and controls. Being a cyber-physical system, it is difficult to detect the faults and causes of outages of smart grid with the independent analysis of physical and cyber domains. In this paper we proposed Evidence Theory for fault diagnosis of a Smart Grid and also provided system architecture how to apply it. The results illustrate a particular situation, where both physical damage and cyber threats are possible reasons for the actual faults. A decision-making criteria is shown in order to detect this particular situation.

Detection and impact of cyber attacks in a critical infrastructures scenario: the CockpitCI approach

The critical infrastructure protection is a key point from a social and economic point of view. The FP7 MICIE project has achieved promising results in evaluating impact of failures and faults in interdependent physical systems, as critical infrastructures. In order to achieve this goal, the consortium developed an online risk prediction tool, able to acquire information by local physical systems through their control centres and obtain accurate and synchronised predictions using shared interdependency models. However, results of MICIE project are not enough in order to quickly and effectively react to all adverse events that may occur over the system of systems and, in particular, to face cyber threats and attacks. The EC FP7 CockpitCI project aims to improve resilience and dependability of CIs through the design and the implementation of an alerting system that provides to CI operators an efficient tool to support them in the prevention of cyber attacks impact on real systems and in the implementation of possible consequence containment strategies in case of attack.

Countermeasures Selection via Evidence Theory

In this paper an approach to understand the possible causes of outages in different and interconnected infrastructures, based on the evidences of detected failures is provided. Moreover, causes inferred are used to estimate possible not detected failures that, together with those detected, allow to better understand the infrastructure vulnerability and the impact of outages. Such a kind of analysis is regarded as a useful support to identify effective countermeasures, in order to mitigate risks related to malfunctioning behavior of critical infrastructures.

Enhancing Decision Support with Interdependency Modeling

Economic well-being and the social fabric are tightly linked to the critical infrastructure, which includes electric power grids, gas pipelines and telecommunications, transportation, water supply and waste disposal systems. During a disaster, these lifeline systems must, at the very least, quickly recover to provide acceptable levels of service. However, critical infrastructure assets incorporate physical and electronic networks that are interdependent within and across multiple domains, causing unpredictable consequences during adverse events and restoration processes. Therefore, it is mandatory to understand the overall risks that disasters pose to the critical infrastructure in order to recover from these situations.