The document summarizes two European projects - SCADALAB and CLOUDCERT. SCADALAB aims to create a SCADA laboratory and test bed service for assessing the security of critical infrastructure. It will develop a testing methodology, design laboratory and test bed architectures, and establish a workflow for security assessments. CLOUDCERT aims to create a collaborative platform for critical infrastructure operators, authorities, and CERTs to exchange security-related information and handle incidents. The platform will provide services, shared and private repositories, and allow content propagation across a growing European network of participating organizations.
1. With the financial support of the Prevention, Preparedness and Consequence Management of
Terrorism and other Security-related Risks Programme.
European Commission - Directorate-General Justice, Freedom and Security
8th CERT workshop - Part I
CLOUDCERT and SCADALAB
projects presentation
Speaker: Enrique Redondo – INTECO (Spain)
2. AGENDA
Agenda
1) INTECO
2) SCADALAB project
Introduction
Main purpose
Main activities
3) CLOUDCERT project
Introduction.
Main Objectives.
European Dimension and
Project Roadmap
Project Work packages and
status.
Contact information
2
4. INTECO: Brief introduction
Who is INTECO?
Provision of services, research and coordination.
Participation in several European projects (ASASEC, ACDC, CloudCERT,
SCADALAB, etc.)
INTECO-CERT. Preventive and reactive services:.
Citizens + Entities (+ CCII )
(CCII with CNPIC).
Cyber security centre at the national level.
(NCP ICT PSP)
Membership
5. INTECO: Other projects beneficiaries (I)
Participants
Leaded by INTECO.
9 members in total.
Leaded by INTECO.
6 members in total.
6. INTECO: Other projects beneficiaries (II)
Participants description
AEI Seguridad
Non-profit organization in a form of association which
main objective is to improve the international
competitiveness of the Spanish companies.
Role: Analyze current methodologies and to participate
in the design of the laboratory architecture.
Organism in charge of promoting, coordinating and
supervising all critical infrastructure protection (CIP).
Role: Advice in any activity under taken.
Role: User in the information model definition,
experimentation and pilot activities.CNPIC
7. INTECO: Other projects beneficiaries (III)
Europe for
Business
European Consulting company specialized in the
identification of relevant European Union grant
opportunities for European organisations.
Role: Lead training and awareness tasks.
Role: Lead dissemination tasks.
As part of the EVERIS group, is a multi-national
consulting company.
Role: Lead dissemination tasks.
EVERIS
Consultancy Ltd
Participants description
8. INTECO: Other projects beneficiaries (IV)
ICSA
Foundation whose tasks are to deal in innovative ways
with security, defence and intelligence issues.
Role: Lead the assessment of the test bed tool.
Global technology, innovation and talent company.
Role: Lead analysis and design package with the help
of INTECO.
INDRA Sistemas
Participants description
9. INTECO: Other projects beneficiaries (V)
TELVENT
ENERGY
IT and industrial automation company specialized in
SCADA and IT systems for energy utility. It has been
acquired by the Schneider Electric group.
Role: Co lead the building of the lab and they lead the
laboratory implementation.
Part of Schneider Electric, is an international company
dedicated to improve efficiency, safety, and security.
Role: Co lead the building of the laboratory and lead
the package of results sharing.
TELVENT GLOBAL
SERVICES
Participants description
10. INTECO: Other projects beneficiaries (VI)
Theodore Puskás
Foundation
Foundation supervised and founded by Hungary
government.
Role: Participation in methodology, sharing results,
training and awareness.
Company specialized in research, training and advising
on cyber-security and cyber-intelligence issues.
Role: Leads the design of the methodology and
participates in pilot implementation, training and
awareness.
Role: Provide requirements for the system concept,
and definition of the security framework.
ZANASI SrL
Participants description
12. IT Systems ICS
SCADALAB PROJECT: Introduction
• is at mature stage
• importance C(50%) I(30%), A(20%)
• patches are released regularly
Cyber security
• At a very early stage
• Importance C(5%) I(35%), A(60%)
• patches are released quite slow
Cyber security
• ISO standards
• International regulations
• Well known methodologies
Standards, regulations
and methodologies
• Local standards
• Local regulations
• No well known methodologies
Standards, regulations
and methodologies
• Standard architectures / protocols
• Proprietary/unknown components are
present to a certain extent
Architecture and protocols
• No standardized architectures /
protocols
• Proprietary components
Architecture and protocols
Comparing ICS and IT Systems
13. SCADALAB PROJECT: Main purpose
Purpose of the project
SCADA LAB
Test Beds Area
Test bed 1
Test bed 2
…
Laboratory
Area
Test Plan 1
Test Plan 2
Test Plan N
SCADALAB:
SCADA Laboratory and
Test bed as a service for
critical infrastructure
protection.
LAB: Framework to
manage assessment
plans and from where the
tests will be carried out.
TEST BED: Target of
Evaluation.
14. SCADALAB PROJECT: Main activities (I)
Definition of testing methodology
STARTING
POINTS
1. ICS Base architecture.
2. Test bed and laboratory
area requirements
3. Analysis of existing
methodologies
4. Type of security
assessment
5. Approach of the test
inventory
1 PLANNING
a) ORGANIZATIONAL LEVEL
ASSESSMENT a) SET THE LAB
b) EXECUTION
REPORTING
a) CALCULATION
OF THE METRICS
b) REPORT OF FINDINGS
b) OPERATIONAL LEVEL
c) TECHNICAL LEVEL
Phases Activities
2
3
15. SCADALAB PROJECT: Main activities (II)
Design of the laboratory architecture
LABORATORYAREA
16. SCADALAB PROJECT: Main activities (III)
Design of the test bed architecture
TEST BED AREA
17. SCADALAB PROJECT: Main activities (IV)
Workflow of the security assessment
SCADALAB
FRONTEND
SCADALAB TESTING
AGENT
SCADALAB
SERVER
SCADALAB
WORKSTATION
TESTBED
RESULTS
19. If you are a CERT.
CLOUDCERT PROJECT: Brief introduction
Can be CLOUDCERT interesting for you?
You can use this platform to handle with
Critical Infrastructure incidents and
share information.
If you have to interact with
National Authorities for CIP.
Depending on its national
competencies you can assign within
the platform the most proper role:
Coordination, supervision,
participation, etc.
If your constituency includes
Critical infrastructure operators.
You can get a customize platform to
provide services and tools for your
CIP constituency (forum, wiki, etc).
20. CLOUDCERT PROJECT: Main objectives (I)
Transport
Nuclear
Energy
Space
TIC
Water
Financial
Chem
Research
FoodHealth
Admin
CIP Authority
CERTCERT
CIP Actors.
CIP Information Exchange:
Security contents (such as
Vulnerabilities, News, Notes,
Advisories, etc.)
Workflows trough services
such as forums, wikis, etc.
Cloud Paradigm. Content
exchange in a collaborative model.
Web Access.
Secured API.
Extensible services
catalog.
Can be CLOUDCERT interesting for you?
21. CLOUDCERT PROJECT: Main objectives (II)
Workflow of the platform
Entity
TransportEntity
Financial
Entity
Energy
CloudCERT User Console
Services
Contents
Private repository
Supervisor
CIP Authority
CERT
CloudCERT Admin Console
Configuration
Management
Registration
Admin
Moderation
Moderator
Moderation
Shared
Repository
Content Propagation
Admin
Permissions
Users
Contents
Private repository
Contents
Private repository
Public Web site PublicationAPI
22. CLOUDCERT PROJECT: European Dimension and Project
Roadmap (I)
Long Term Roadmap
CLOUDCERT Platform.
CNPIC
INTECO
CERT
CERT
Hungary
National CloudCERT.
CLOUDCERT. CNPIC
…
CERT1
…
CERT2
…
Org1 Org2
Org1 Org2 Org1 Org2
National CloudCERT Network.
National CloudCERT.
CLOUDCERT.
European CloudCERT Network.
National CloudCERT Network.
National CloudCERT.
CLOUDCERT.
European
CloudCERT
National
CloudCERTs
Network
National
CloudCERT
CloudCERT
Platform
2 years
24. With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and
other Security-related Risks Programme.
European Commission - Directorate-General Justice, Freedom and Security
Thank you!