Concrete applications of interdependency management
(the cases of INMOTOS and SESMAG projects)
Giorgio Gentile
D’Appolonia...
Background
Interdependencies among Critical Infrastructures, both intra-domain
and inter-domain, are complex to be underst...
… no standards currently exist at EU level concerning the approach to
define and adopt Contingency…
…interdependencies amo...
Background - continued
EU is lacking coordination in the definition of measures to be
undertaken.
It is proven that coordi...
Background - continued
To enhance CI security the security approach should follow two main
steps.
 The first one is ident...
Security Policies and Guidelines Definition
Currently regulations only exist at national level.
The 2008/114/EC directive ...
Contingency Plans
Contingency Plans are used to establish a solid reference of the
actions to be undertaken in case of eme...
THE INMOTOS CASE
Background
• On 2007, the Council established the specific Programme
"Prevention, Preparedness and Consequence Management ...
Objectives
 Definition of a common taxonomy for
interdependencies and contingency plans;

critical

infrastructures

 De...
Contingency Planning…
Contingency Plan definition is A MUST for business continuity
assurance and for disaster recovery.
D...
…in the Oil&Gas Field
ACTIVE MONITORING

•
•

Precise formulas exist
Well defined parameters to be
monitored
–
–

•
•

Cor...
…in the ICT Field
•
•
•
•

Main measures are referred to availability and performance of the whole
system
Monitoring is mo...
INMOTOS Approach
The main focuses for the INMOTOS project are represented by the
interdependencies among infrastructures a...
What’s available
What’s available
Interaction with Simulation Framework
THE SESMAG CASE
Project Objectives
•

SESMAG aims at ensuring a low cost and replicable study for the
evaluation and implementation of a m...
Proposed Objectives
• SESMAG Project should:
–
–
–
–

Analyse the currently deployed situation and the applicable best pra...
Approach
Brussels
Podgorica
Beijing
Seoul
Cairo
Istanbul
St. Petersburg
Abu Dhabi

Rome
Milan
Viareggio
Naples
Brindisi
Palermo

D’...
Upcoming SlideShare
Loading in …5
×

Concrete Applications of Interdependency Management

534 views

Published on

(the cases of Inmotos and Sesmag projects)

by Giorgio Gentile

Area Manager at D'Appolonia

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
534
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Concrete Applications of Interdependency Management

  1. 1. Concrete applications of interdependency management (the cases of INMOTOS and SESMAG projects) Giorgio Gentile D’Appolonia S.p.A. AN ISO 9001 AND ISO 14001 CERTIFIED COMPANY www.dappolonia.it
  2. 2. Background Interdependencies among Critical Infrastructures, both intra-domain and inter-domain, are complex to be understood, analysed and managed. Critical Infrastructures risks always change due to new threats, interdependencies and possible scenarios. EU Critical Infrastructures have good contingency plans but they are not always “well proven and optimised contingency plan”, i.e. evaluated in complex scenarios and taking into account dependencies with other Critical Infrastructures contingency plans.
  3. 3. … no standards currently exist at EU level concerning the approach to define and adopt Contingency… …interdependencies among Cis are not taken into account…
  4. 4. Background - continued EU is lacking coordination in the definition of measures to be undertaken. It is proven that coordination can compensate investments in security, by improving the response effectiveness and providing a more effective means to manage the crisis events. An improved response, as well as, a more effective response can lead to a significant reduction in CI harms and a subsequent reduction of costs to be undertaken to restore the overall system and functions.
  5. 5. Background - continued To enhance CI security the security approach should follow two main steps.  The first one is identified by the definition of security policies and guidelines for their implementation.  The second step is identified by the implementation of contingency plans to be adopted in case of need.
  6. 6. Security Policies and Guidelines Definition Currently regulations only exist at national level. The 2008/114/EC directive has been a tentative approach for a EU wide regulation in terms of policies and guidelines. Security Policies are used to define the security objectives which a system should be subject to. Security Policies are custom defined by each Owner/Operator according to the existing (if any) national regulations. A set of guidelines addressing how to define a security policy and how to implement it would be effective.
  7. 7. Contingency Plans Contingency Plans are used to establish a solid reference of the actions to be undertaken in case of emergency, to mitigate the disaster effects or to restore the system functionalities. Contingency Plans effectiveness and efficiency are difficult to be measured and sometimes it is really expensive. Propagation of positive effects is difficult to be assessed.
  8. 8. THE INMOTOS CASE
  9. 9. Background • On 2007, the Council established the specific Programme "Prevention, Preparedness and Consequence Management of Terrorism and other Security related Risks for the Period 20072013” • On September 2008 the Commission adopted the “2009 Annual Work Programme”, specifying its specific objectives and thematic priorities • The Call for Proposals purpose was to award grants to transnational and/or national projects that contribute to the development of the "European Programme for Critical Infrastructure Protection" (EPCIP)
  10. 10. Objectives  Definition of a common taxonomy for interdependencies and contingency plans; critical infrastructures  Definition of a methodology for risk assessment of critical infrastructures interdependencies and contingency plans based on simulation;  Design and development of tools for critical infrastructures interdependencies and contingency plans modelling, simulation and risk evaluation  Analysis and validation of contingency plans in complex scenarios taking into account both intra-domain and cross-domain interdependencies
  11. 11. Contingency Planning… Contingency Plan definition is A MUST for business continuity assurance and for disaster recovery. Defining a contingency plan requires:  To have experience  On the CI under analysis  On the measures identified and their effectiveness  Extensive analysis  Extensive knowledge of historical events  To be maintained and reviewed/improved It’s difficult to taylor the Contingency Plan in order to make it effective, especially with regard to the costs.
  12. 12. …in the Oil&Gas Field ACTIVE MONITORING • • Precise formulas exist Well defined parameters to be monitored – – • • Correct functioning of the system Service Level Agreement measures Monitoring to be carried out by men SCADA systems are used to monitor some parts of the system P decrease at CS (Deviation Detection) is pressure decrease due to a normal load variation? Yes Activities can proceed Normally without additional actions No Verify the instruments functionality in C.R. and on field are the instruments working? No Repair the instruments. Activities can proceed normally Yes Verify the Flowrate at RT is the flowrate decreasing? No Yes Initialize Emergency Notification to ERT Coordinator. ___ Possible Leak in Zone "1", “2” or Zone "3" Start further verifications and checks. Activities can proceed normally if within the operating limits
  13. 13. …in the ICT Field • • • • Main measures are referred to availability and performance of the whole system Monitoring is mostly automatic Actions to be performed are mostly automatic Effectiveness is easier to be evaluated
  14. 14. INMOTOS Approach The main focuses for the INMOTOS project are represented by the interdependencies among infrastructures and the contingency plans adopted in case of emergency. Both the Critical Infrastructures and the Contingency Plans are modeled as Coloured Petri Nets (CPN). The assessment of CI risks and validation of Contingency Plan is performed by simulating their behaviour against a likely scenario. Risk is evaluated at different layers and be seen as an aggregation of lower risks level (top-down or bottom-up approach).
  15. 15. What’s available
  16. 16. What’s available
  17. 17. Interaction with Simulation Framework
  18. 18. THE SESMAG CASE
  19. 19. Project Objectives • SESMAG aims at ensuring a low cost and replicable study for the evaluation and implementation of a minimum set of security requirements to increase Smart Grids security and resilience. • The study aims at providing a set of guidelines to define how to implement secure smart grids and, on a scenario basis, a set of requirements/measures to be implemented by the stakeholders. • Such an approach will allow for a convergent approach across Europe towards a secure implementation of the Smart Grids and of the energy infrastructures, ensuring a more reliable energy production and distribution across the network. • The project outcome will ensure an increased resilience of the energy networks to cyber attacks and physical outages due to mis-configuration of the connected producing systems or unbalanced distribution and production algorithms.
  20. 20. Proposed Objectives • SESMAG Project should: – – – – Analyse the currently deployed situation and the applicable best practices Define a catalog of current vulnerabilities, threats/hazards and countermeasures Perform a risk assessment Define a set of guidelines for Secure and Resilient Smart Grids implementation An IT support tool will be developed to support the user in the analysis of the deployed grid.
  21. 21. Approach
  22. 22. Brussels Podgorica Beijing Seoul Cairo Istanbul St. Petersburg Abu Dhabi Rome Milan Viareggio Naples Brindisi Palermo D’Appolonia S.p.A. Headquarters: Via San Nazaro,19 16145 Genova – Italy Tel. +39 010 3628148 Fax +39 010 3621078 E-mail: dappolonia@dappolonia.it Web site http://www.dappolonia.it

×