INSPIRE

 in Projects / 31 January 2011 / 1 November 2008

CONCEPT AND PROJECT OBJECTIVES

INSPIRE is an EC funded Specific Targeted Research Project (STReP) that aims at improving robustness and resiliency of Critical Infrastructures (CI) and specifically Large Complex Critical Infrastructures (LCCI) through the improvement of security and resiliency of the LCCIs control systems, i.e. ICT systems controlling LCCI processes. Moreover such improvement will be obtained making LCCI communication infrastructures specifically interconnecting LCCI control systems more secure and resilient. This objective has been undertaken according with clear and specific drivers both technological and market oriented.

Systems that manage and control infrastructures over very large geographic areas are typically referred to as Supervisory Control and Data Acquisition systems or SCADA systems. SCADA systems make up the critical infrastructure associated with electric utilities, water and sewage treatment plants, and large-scale transportation systems.
A SCADA (Supervisory Control And Data Acquisition) system is composed of a central core, where system information acquisition and control are concentrated, and a number of Remote Terminal Units (RTUs) equipped with limited computational resources. RTUs communicate with the centre by sending to and receiving from it short real-time control messages. SCADA systems are receiving more and more attention, since they are a key component of virtually all Critical Infrastructures (CIs) as  power grids, gas and oil distribution, and automation plants. Increasingly, the pressures of modernization, integration, cost, and security have forced SCADA systems to migrate from closed proprietary systems and networks towards Commercial Off The Shelf (COTS) software and hardware products, standard network protocols, and shared communication infrastructure.  Additionally, emerging network technologies – and particularly Wireless Sensor Networks (WSNs) – are being increasingly used in new generation SCADA systems. Evidence is showing that Critical Infrastructures (CIs) are exposed to major security risks. Cyber-spies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system.

The INSPIRE project aims at increasing the security and protection of infrastructure control systems through the following key actions:
  • Design and development of innovative mechanisms and architectures capable to differentiate and prioritize SCADA and Process Control Systems traffic flows
  • Design and development of novel techniques which allow network security frameworks to protect traffic flows produced by SCADAs and prevent cyber
    attacks against networked Process Control Systems.
PROJECT DEVELOPMENT

INSPIRE increases the security and resilience of infrastructure control systems  by means of a self-reconfigurable architecture suitable for SCADA systems.

INSPIRE designs and implements:

  • Techniques for diagnosis of attacks and failures, and recovery.
  • A Peer-to-Peer  (P2P) overlay communication architecture to enhance the dependability of SCADA data transport.
  • An MPLS (Multi-Protocol Label Switching) -based communication architecture to meet requirements of SCADA systems.
  • Methods to identify and assess SCADA vulnerabilities.
  • An ontology to represent the knowledge base of field and a decision-aid tool using ontology notations and inference engine in order to propose/recommend solutions to the operator.

The INSPIRE self-reconfigurable architecture comprises the following main functional blocks: Monitor, Diagnoser, Reconfigurator.

  • Monitoring is performed by means of different kinds of probes, such as network traffic analyzers, log parsers, etc.
  • The Diagnostic process clearly identifies the damaged components, and assesses the extent of damage in individual components, in order to determine the effective fault/intrusion treatment and system reconfiguration actions (based on the adjudged causes of system misbehaviour).
  • Reconfiguration employs a policy-based approach to enforce remediation strategies aiming at mitigating the effects of the attack, as well as at isolating the attacker(s).

 

INSPIRE CONSORTIUM

The INSPIRE Consortium has a well balanced involvement of industry and academic organizations. Moreover, Small-Medium Enterprises are well represented among industrial partners. Five different European nations are represented: Italy, Germany, Poland, France and Spain.
All the partners have been identified as leading organizations in their own field, thus providing the Consortium with really high quality capabilities. Industrial and academic organizations complement each other, the former providing technological expertise and concrete products in the researched domains, the latter providing innovative vision about potential new technological components.

 

CINI (Consorzio Interuniversitario Nazionale per l’Informatica)

Expertise: design, control and management of complex network infrastructures and distributed information systems

 

Elsag Datamat

Experise: system integrator, provider of turnkey systems in both security and monitor & control domains

 

Kite Solutions

Expertise: safety and risk assessments in industrial contexts as well as automated systems

 

TUD (Technische Universität Darmstadt)

Expertise: dependable systems and software

 

ITTI SP. Z.O​.O. (Instytut Technik Telekomunikacyjnych i Informatycznych Sp. z o.o.)

Expertise: consulting and applied research in the field of communication infrastructures

 

THALES Communication France

Experise: communications, IP networks, satellite communication, network administration and security; architecture and modelling aiming to increase adaptability, dependability and manageability

 

S21sec

Experties: computer security services provider

 

CESS (Center for European Security Strategies)

Experties: consultancy in the field of security and risk related problem