FUSE-IT: Facility Using smart Secured Energy & Information Technology Adrien BECUE Cassidian CyberSecurity.SAS
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • PROJECT AMBITION CCS (A. Bécue) 2
Project goal • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Project goal: Fuse-IT will address the need of sustainable, reliable, user-friendly, efficient and secure Building Management System (BMS) in the context of Smart Critical Sites. Context: –Through connection to enterprise network and the internet, building energy and automation systems become more flexible, powerful and upgradable. –They also get exposed to new threats, a reason why, from its original focus on information networks, cyber-security has moved towards a more comprehensive scope involving security of cyber-physical systems. 3
Project Objectives • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • The result of Fuse-IT will be a Smart Secured Building System involving key innovative capabilities: -M1-Secured shared sensors actuators & devices, -M2-Trusted federated energy & information networks -M3-Core building data processing & analysis -M4-Smart unified building management interfaces -M5-Full security Management Interfaces A service offering will also be set up to enable remote site monitoring under service contract, taking advantage from big data analytics capability. 4
A Smart Critical Building -Overview • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 5
End-Users / Stakeholders -Overview My budget is Too low! • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Site My office is Manager My PC is too cold! too slow Facility ICT Manager Manager We are under Don’t waste Attack! my energy! Security Energy Manager Manager 6
Technology bricks -Legacy systems • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Weak points in the Energy Chain Building management Site system Management Network management center BMS Facility ICT Network FMS NOC Managment Management Fuse- Weak Points in the IT Security Chain HVAC SOC EMS CCTV Security Energy Management Management 7
Technology bricks - Fuse-IT enhanced system • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Site M2_Trusted federated M3_Core Building data Management Energy & Information processing & analysis networks module BMS Facility ICT Network FMS NOC Management Management M1_Secured shared FUSE- Sensors, Effectors & IT Devices HVAC SOC EMS CCTV M5_Full Security M4_Smart unified Management Interface Security Building Management Energy Interface Management Management 8
Project Value Chain Focus Main • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Smart Building Management WP6 M4_Smart unified Building Management M1_Secured M2_Trusted Interface M3_Core Building shared Sensors, federated Energy & data processing & Actuators & Information analysis module Devices networks M5_Full Security Management Interface WP5 WP7 WP4 Smart Smart Full-Security Management Sensors Networks 9
M1_Secured shared Sensors, Actuators & Devices • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Innovations Limitations addressed Expected impact* M1_Secured shared Flexibility limitations: ST: support a major temporary Sensors, Actuators & event as Fuse-IT final -Clash between Devices: demonstration (2000 exhibitors, security, energy 300 000 visitors) - Sensor placement efficiency and flexibility optimization requirements MT: marketing of an innovative sensor placement optimization - Self* management of -Clash between identity tool helping reducing site smart sensors control and self-* device equipment (5-10M$) flexibility - Trusted smart LT: implementation of light crypto sensors implementing Security limitations: for embedded wireless sensor light crypto -Vulnerabilities “by communication in building, design” aeronautics, automotive, train and ship industries (30-50M€) 10
M2_Trusted federated Energy & Information Networks • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Innovations Limitations addressed Expected impact* M2_Trusted federated Sustainability limitations: ST: secured indoor wi-fi Energy & Information accessible to employees of -Wild-stacking of networks: critical sites abounding information - Energy & information and control systems ST: SCADA certification and network federation labelling services for Security limitations: manufacturers (10-15M€) - Trusted & efficient -Lack of SCADA- SCADA communication MT: multi-B$ savings for energy protocol aware network protocols suppliers on fraud and network infrastructure recovery -Secured wireless -Vulnerabilities “by communication MT: Supply of security audit design” network capability services in Smart Critical -Architecture Buildings (200-500M€) - Physical / Logical weaknesses of cyber- network segregation LT: drastic cost savings in physical networks capability network infrastructure & cabling (average 100-200 K€ / building) 11
M3_Core Building Data Processing & Analysis module • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Innovations Limitations addressed Expected impact* M3_Core Building data Efficiency limitations: ST: technological advantage processing & analysis in computational intelligence - Lack of appropriate module: building monitoring MT: marketing of a scalable -Common information indicators universal data processing & base & KPIs analysis module for BMS -Effective management of application (1-5B€) -Cloud based holistic physical/logical security knowledge base and events LT: application to other advanced monitoring activities demanding Flexibility limitations: layer advanced data analysis -Micro-monitoring of capability (10-15 B€) -Correlation capability energy at site level between logical & physical security events/incidents 12
M4_Smart Unified Building Management Interface • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Innovations Limitations addressed Expected impact* M4_Smart unified Efficiency limitations: ST: 30% energy savings on Building Management Smart Critical Sites -Deadlock in the flow- Interface: down of energy MT: 50% savings on -Advanced production/consumption management software and management and incentive maintenance cost related to optimization capability building and energy monitoring Ergonomic limitations: -Smart management MT: unified building management -Profusion of vendor- user-interface software sales (100-300M€) specific user-interfaces: LT: remote site management service operation contracts (500- 700M€) 13
Recommend
More recommend