Critical Infrastructure Protection (CIP) and Situation Awareness (SA) are relevant topics in critical systems domain. The main concern in SA for Critical Infrastructures (CIs) comes from the peculiar structure of these systems: CIs are often distributed, always interconnected and interdependent, and sometimes include humans in the decision loop.
Most of present approaches for SA in the field of CIP are based on multi-sensor data fusion, and awareness is achieved building a scenario using data provided by CI sensors. Humans interact with the data fusion system and SA can be mainly regarded as the operator’s internal model of the state of the environment. Based on this representation, and additional high level information, operators can assess the situation (risk severity, possible consequences on other CIs, alternative scenarios, etc.) and decide any necessary actions.
On the other side, automatic SA approaches often fail in handling both hi-level information and low level sensor fusion including the ability of providing possible alternative scenarios and evolution of an event.
Moreover, common approaches are not able, due also to the lack of standard interchanging protocols and data representation, to use models that encompass both holistic representations and fine decompositions, and include human behaviour.
SA is nevertheless a fundamental component for the protection of CIs, it contributes to transform data from the field into risk levels, and it is essential in monitoring and assessing the evolution of normal and critical operations of the CI and can contribute to a better management of crisis.
An SA conceptual model, with the capability of modular integration of the various levels of data and information fusion and functionalities could be a possible solution for improving the overall protection of the CIs. To really enhance the situation assessment, this model should include the evaluation of possible scenarios and interdependencies, by using a robust semantic base. Moreover, game-theoretical (GT) models (which have been shown to be equivalent to Attack-Defence trees), can help to provide evidence of non-optimal strategies from human side.
In the URANIUM CIPS project we propose to study a new SA approach in which interdependency model of the CIs, whose output is the computation of the risk level for, is fed by several different sources of data, such as alarms directly collected by SCADA systems (e.g., faults), alarms generated by low-level sensor fusion on continous systems able to estimate the state of a system, alarms generated by single sensors (e.g. video cameras), and software agents able to generate alarms using Complex Event Processing (CEP) on multisensor data able to recognize complex sequences of events.
The objectives of URANIUM project are:
- Stimulating, promoting and supporting the development of methodologies for the protection of CI, in particular risk assessment methodologies;
- Stimulating, promoting and supporting risk assessment on Critical Infrastructure (CI), in order to upgrade security.