CONCEPT AND PROJECT OBJECTIVES
INSPIRE is an EC funded Specific Targeted Research Project (STReP) that aims at improving robustness and resiliency of Critical Infrastructures (CI) and specifically Large Complex Critical Infrastructures (LCCI) through the improvement of security and resiliency of the LCCIs control systems, i.e. ICT systems controlling LCCI processes. Moreover such improvement will be obtained making LCCI communication infrastructures specifically interconnecting LCCI control systems more secure and resilient. This objective has been undertaken according with clear and specific drivers both technological and market oriented.
-
Design and development of innovative mechanisms and architectures capable to differentiate and prioritize SCADA and Process Control Systems traffic flows
-
Design and development of novel techniques which allow network security frameworks to protect traffic flows produced by SCADAs and prevent cyberattacks against networked Process Control Systems.
INSPIRE increases the security and resilience of infrastructure control systems by means of a self-reconfigurable architecture suitable for SCADA systems.
INSPIRE designs and implements:
- Techniques for diagnosis of attacks and failures, and recovery.
- A Peer-to-Peer (P2P) overlay communication architecture to enhance the dependability of SCADA data transport.
- An MPLS (Multi-Protocol Label Switching) -based communication architecture to meet requirements of SCADA systems.
- Methods to identify and assess SCADA vulnerabilities.
- An ontology to represent the knowledge base of field and a decision-aid tool using ontology notations and inference engine in order to propose/recommend solutions to the operator.
The INSPIRE self-reconfigurable architecture comprises the following main functional blocks: Monitor, Diagnoser, Reconfigurator.
- Monitoring is performed by means of different kinds of probes, such as network traffic analyzers, log parsers, etc.
- The Diagnostic process clearly identifies the damaged components, and assesses the extent of damage in individual components, in order to determine the effective fault/intrusion treatment and system reconfiguration actions (based on the adjudged causes of system misbehaviour).
- Reconfiguration employs a policy-based approach to enforce remediation strategies aiming at mitigating the effects of the attack, as well as at isolating the attacker(s).
INSPIRE CONSORTIUM
CINI (Consorzio Interuniversitario Nazionale per l’Informatica)
Expertise: design, control and management of complex network infrastructures and distributed information systems
Elsag Datamat
Experise: system integrator, provider of turnkey systems in both security and monitor & control domains
Kite Solutions
Expertise: safety and risk assessments in industrial contexts as well as automated systems
TUD (Technische Universität Darmstadt)
Expertise: dependable systems and software
ITTI SP. Z.O.O. (Instytut Technik Telekomunikacyjnych i Informatycznych Sp. z o.o.)
Expertise: consulting and applied research in the field of communication infrastructures
THALES Communication France
Experise: communications, IP networks, satellite communication, network administration and security; architecture and modelling aiming to increase adaptability, dependability and manageability
S21sec
Experties: computer security services provider
CESS (Center for European Security Strategies)
Experties: consultancy in the field of security and risk related problem