Society is increasingly dependent on the proper functioning of the electric power system,
which in turn supports most other critical infrastructures: water and sewage systems;
telecommunications, internet and computing services; air traffic, railroads and other
transportation. Many of these other infrastructures are able to operate without power for
shorter periods of time, but larger power outages may be difficult and time consuming to
restore. Such outages might thus lead to situations of fully non-functioning societies with
devastating economical and humanitarian consequences. For this reason, this consortium has
decided to concentrate its research to the systems for transmission and distribution of
electric power. We anticipate that most of the results will be applicable to the protection of
other critical infrastructures.
The operation and management of the electric power system depend on computerized
industrial control systems and the corresponding telecommunication network. Keeping these
systems secure and resilient to external attacks as well as to internal operational errors is
thus vital for uninterrupted service. However, this is challenging since the control systems
are extremely complex: they contain highly advanced functionality; they are heterogeneous
and include several third party components; they are extensively networked, both internally
and with external systems, and they depend on the human organization that manages and
uses them. Yet, the systems are operating under stringent requirements on availability and
performance: If control and supervision are not done in real-time, the power network may
come to a collapse.
The objective of VIKING project is to develop, test and evaluate methodologies for the
analysis, design and operation of resilient and secure industrial control systems for critical
infrastructures. Methodologies for these cyber-physical systems, which link a physical
infrastructure with an IT infrastructure, will be developed with a particular focus on
increased robustness of the control system. As mentioned, the focus is on power
transmission and distribution networks. The project combines a holistic management
perspective—in order to counteract sub-optimization in the design—with in-depth analysis
and development of security solutions adapted to the specific requirements of networked
control systems.
A key difficulty with assessing the impact of failures and attacks on power transmission and
distribution is the tight coupling between the physical processes of transmission and
distribution and the IT infrastructure that supervises them. Transmission and distribution
systems are large scale, complex systems, with their own dynamics and prone to particular
modes of failure (e.g., cascading failures). The IT infrastructure is itself also a large scale,
complex system, whose dynamics and time scales are very different from those of the
physical systems and which is subject to different vulnerabilities and failure modes. The
tight coupling of the two infrastructures (physical and IT) leads to a system whose
complexity is much greater than that of the individual (already quite complex)
infrastructures. Addressing this level of complexity requires new methods and tools that go
beyond those used to date when studying the physical and IT infrastructures separately.
In VIKING we propose to address this challenge by developing cyber-physical models that
specifically address the interaction between the (cyber-) IT systems and the (physical) power
transmission and distribution systems, see Figure 1. We propose to use methods from the
area of hybrid systems for this task. Hybrid systems have been a topic of intense research for
the past decade, in the boundary between computer science and control engineering. They
provide a unified framework for jointly modelling continuous systems (like the power
transmission and distribution processes) and discrete systems (like the SCADA systems).
Our team is in a unique position to apply this methodology to the power transmission and
distribution systems, since it brings together teams that have pioneered developments in the
area of hybrid systems with teams that have extensive experience on the modelling of the
physical and the IT systems themselves. The approach of VIKING is to enhance data
integrity, reliability and robustness of SCADA systems through the development and
application of such a rigorous modelling and analysis framework.
This type of holistic approach with hybrid models has up to now not been used for
modelling these types of system with the goal of examining security aspects of the complete
and integrated system. The aim of VIKING is to advance the state of art from examining
and testing existing systems for security problems to model-based analysis and prediction of
the security state of SCADA systems.