WP400 – Early warning models in physical security

Most of the work that has been conducted in this task tried to characterize the two important parameters of an attack: an initiating event and a sequence of steps. Usually, physical security uses detection, delay, and intervention in order to prevent the attack to be successful. The Physical Security Controls have been explained in this WP providing valuable information about concepts like “sequence completion status” and “success likelihood”. Physical security risks have been pointed out as well as the attack sequences that could generate relevant risks, the existing physical security controls parameters, the attack sequence and controls matching; scroll indicator of the sequence (SIS), probability that the attack to be successful (PAS). The aim is to define early warning levels.

TASK 401: Models for Crisis Management

Interdependency models are able to evaluate the risk that interdependent infrastuctures run when an adverse event occurs. The evaluation of cascading faults throughout several infrstructures can help to depict a scenario that can greatly help operators in their prevention operations. This task is devoted to analyse such models and study their application in real time contexts. The same models can be used to analyse best strategies to handle emergency situations: optimal resource allocation using interdependency models, and feasibility of the reactions using holistic (single infrastructures models) approches.

In this task have been highlighted some issues relevant to the aim and goals of our research project URANIUM. An attempt has been done to understand much better the connection between crisis management requirements and the critical infrastructures protection responsibilities. The principles and recommendations highlighted by the European Program of Critical Infrastructures Protection (EPCIP) and the series of European Commission documents, as the legal framework to implement in each EU Member States the CIP (CIIP) responsibilities, have been analysed and followed.

TASK 402: Integration of Physical Security and Information Security

The role of cyber security in Critical Infrastructure Protection is rapidly increasing. Interdependency models able to cope with both physical and information security are strongly requested by the operators that relies, for the safety functions, on ICT more and more. This task will define integration models to cope with both physical and information security defining interdependencies among them with the aim of design an early warning Console.

Physical security it is about preventing physical accesses that can negatively impact assets. There are different ways to affect an asset (steal, disturb, destroy, indispose, disclose etc.) and different ways to prevent the attack to be successful. Physical security risk management represent best practice today and could generally result in optimal system of controls that combine deter, detect, delay, intervene and reject. Emergency, continuity and recovery response could also limit the consequences of attacks and recover without affecting other dependent CIs. In this Task, some studied have been conducted to include in the interdependency model developed for the scenario also cyber dependencies. Such dependencies have allowed propagating cyber-attacks to the physical level. The availability of SCADA system (RTUs controlling electrical switches) has been put in relation to malicious cyber activities.