cyber physical systems security
play

Cyber Physical Systems Security ( SECANT Security - RO) With the - PowerPoint PPT Presentation

Unified Unified Risk Risk Assessment Assessment URANIUM URANIUM Negotiation via Negotiation via Interoperability Interoperability Using Using Multi-sensor data Multi-sensor data Cyber Physical Systems Security ( SECANT Security - RO)


  1. Unified Unified Risk Risk Assessment Assessment URANIUM URANIUM Negotiation via Negotiation via Interoperability Interoperability Using Using Multi-sensor data Multi-sensor data Cyber Physical Systems Security ( SECANT Security - RO) With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  2. Context URANIUM • CIs are complex systems with nonlinear behavior • Physical security still very important • Physical security isn't limited to guards and some small alarm systems, but it's more and more integrated with IT&C networks and applications and become recognized as generating big data for the organization. • Technological integration of physical and cyber security • Modern security models integrate physical security with information and cyber security, with personal security and even with some operational risks control With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  3. Physical Security Evolution • Physical security is the center of attention in almost every element of URANIUM protecting government facilities, business enterprises, and even public gatherings • Physical security elements could be looked at in four categories: • Physical obstructions that are used to impede access to facilities or assets • Sensors that can warn us of attempts to penetrate our defenses at the perimeter or can protect high-value assets • Guards and other human assets that detect threats, impede access, and respond • Command and control facilities that tie together these defensive methods and assist in the orderly response to particular threats and attacks • A trend toward a security society With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  4. Intelligence • Impossible to “secure” all of the critical components URANIUM • The basic elements of fully secured enterprise operations • sound, comprehensive enterprise protection architecture augmented by a schema of well-documented, well-understood, and routinely practiced business processes; • rigorous system for the detection, analysis of, and, when appropriate, alert to and protection from threats to enterprise operations and systems; • ability to sustain continuity of operations during any conceivable threat; • rapid recovery mechanisms to restore full operations once a threat is controlled: • ability to analyze and apply forensics to determine what happened when an incident occurs and to incorporate lessons learned to improve future risk mitigation processes. • Intelligence plays a key role in the resilience management With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  5. Corelating operational and physical security information in power systems substation monitoring (I) • Remote monitoring provides near-real-time security information • Remote monitoring of assets can bring benefits URANIUM • synergies between primary system monitoring and security monitoring - health and operational data from the primary system equipment and the communications system devices can provide significant security information. Vice versa, security equipment can provide maintenance information; • economies of scale in combining system monitoring - combining the remote monitoring of the three systems can increase the reliability and effectiveness of all three while also minimizing the direct costs associated with implementing the security measures; • security solutions enhanced by increased monitoring. With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  6. Corelating operational and physical security information in power systems substation monitoring (II) • The need for physical security of substations is becoming more urgent URANIUM • As the criticality of assets shift in response to changing power system conditions, remote monitoring of security can be added less expensively • Some less critical security categories may use remote monitoring as the primary means With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  7. Inclusion of remote Monitoring in Security Categories • It is virtually impossible to fine tuning security solutions so that 'just' meet security requirements for each individual substation • Different categories of security risks can be developed, and substations can be URANIUM assigned to these different categories • Remote monitoring can include: • Monitoring of specific security equipment . • Monitoring of the power system characteristics . • Monitoring of the Intelligent Electronic Devices (IEDs) • Monitoring the computer and communications equipment in the substations. With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  8. Primary / Secondary and Physical Systems Monitoring Primary system URANIUM monitoring Secondary systems monitoring Physical Security systems monitoring With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  9. Remote monitoring used in security • Monitoring power system and communications equipment for intrusion is as important as monitoring substation facilities. • Monitoring the equipment could permit system operators to take preventive actions on the power URANIUM system to mitigate the actions of attackers if the nature and extent of attacks are understood • Remote monitoring of certain types of attacks can help avoid or minimize the impact of these attacks. This could include: • monitoring for (unauthorized) physical removal of equipment • monitoring for (unauthorized) turning equipment on or off • monitoring for (unauthorized) resetting equipment • monitoring for status and health of power system equipment, the control equipment, secondary communication systems to access the control equipment • monitoring for status and health of remote monitoring equipment With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

  10. Physical Security Risk Management • Physical security - preventing physical access to assets in order to negatively impact them ; URANIUM • There are different ways to impact an asset (steal, disturb, destroy, indispose, disclose etc.) and different ways to prevent the attack to be successful : • Physical security risk management represent best practice today and could generally result in optimal system of controls that combine deter, detect, delay, intervene and reject: • Automated installations provide information on an attacker presence and actions as the attacks develops, notify key actors and initiate actions to delay and/or reject the attack; • Installations are dimensioned based on risk assessment and attack scenario estimation for each risk that is unacceptable, and could provide information about attack initiation, stage, and control and even could be a base to estimate the attack success likelihood; • Holistic evaluation of attack scenarios and risks could result in an aggregate risk indicator for each critical asset; as the aggregate risk indicator increases, gradual controls could become active and information could be feed in a more general risk table. With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme European Commission - Directorate-General Home Affairs

Recommend


More recommend