| | |  |
VIKING targets the research and development process for SCADA security illustrated in
the figure below. The work plan of the project impacts all components of this process. The key
innovations and contributions are described in this section, after a brief description of the
process.
The VIKING research and development process for SCADA security.
The SCADA security R&D process is cyclic and does not terminate, as new threats and
system functions are continuously appearing. So the first step of security requirement
analysis should be performed recurrently. The cyber-physical system, composed of the
physical power transmission and distribution system and the associated SCADA system,
gives rise to a large-scale hybrid model. Based on the requirements and the cyber-physical
model, vulnerabilities can be identified. Their security and fault impacts are analysed and
assessed. The vulnerabilities can now be ranked in order to design appropriate protection
mechanisms, considering cost and complexity on the one hand and the system performance
and robustness on the other. These mechanisms are then evaluated with respect to the
security requirements. The security risks and requirements of the improved system might
now be re-assessed and a new R&D cycle can be started.
Methodological innovation: There are three key contributions of VIKING. First, the
project will develop a modelling framework for the cyber-physical system for assessing
control system vulnerabilities and their potential consequences on the power network
operation. Second, VIKING will develop methods for determining the effect of particular
vulnerabilities and threats on the systems, and, third, strategies and countermeasures for
reducing the risk of the most critical threats will be designed.
Application and test-bed innovation: We will develop a test-bed consisting of a SCADA
system integrated with communication networks and a computer-emulated physical
infrastructure. The test-bed will be based on commercial software and hardware, and it will
allow realistic impact analyses to be carried out. A number of case studies will be developed
and executed on the test-bed. The results will be analysed in tight collaboration with
industrial decision-makers such as Chief Information Security Officers at major operators.
The technical solutions will be hands on IT security enhancement features that will increase
the resilience and decrease the vulnerabilities of control systems. Both contributions could
be used by the power industry and it is likely that many other infrastructure operators may
utilize the contributions after some tailoring to their needs.
|
| |
|
|
|
