n.1 RESISTO Newsletter | December 2019

n.2 RESISTO Newsletter | April 2020

n.3 RESISTO Newsletter | November 2020

n.4 RESISTO Newsletter | September 2021

n.5 RESISTO Newsletter | October 2021

“Telecomunicazioni: rischio e resilienza”

Magazine: Scenari, Gruppo 24ore | Edition: February 2021
Authors: C. Foglietta, S. Panzieri, F. Pascucci, Università degli Studi RomaTre

“TARGETING, SECURITY. Integrating cyber and physical security to protect critical communication infrastructure”

Magazine: Platinum | Edition: March 2020

“RESISTO: Resilience Enhancement and Risk Control Platform for Communication Infrastructure Operators”

Magazine: POLARIS Innovation Journal | Edition: 41 – February 2020
Authors: E. Aonzo, A. Neri, Leonardo – Cyber Security Division

“RESISTO: Improving the Resilience of a Telecommunication Infrastructure | ECSI workshop”

Bruno Saccomanno,  Leonardo SpA

“RESISTO: project and architecture | BRUSSELS Community of Users”

Alberto Neri,  Leonardo SpA

“RESISTO Technical Objectives | ATENA workshop”

prof. Stefano Panzieri, Università Roma Tre

“The RESISTO project in a nutshell | ROME Kick-off meeting”

Federico Frosali,  Leonardo SpA

“Anatomy of a Cyber  Attack”

Ioan Constantin, cybersecurity expert at Orange Romania

“Needles and Haystacks”

Ioan Constantin, cybersecurity expert at Orange Romania

“Threat Hunting. Using Machine Learning & Threat Intelligence”

Cristian Paţachia,Orange Romania Development & Innovation Manager

“Blockchain application in simulated environment for Cyber-Physical Systems Security”

R. Colelli, C. Foglietta, R. Fusacchia, S. Panzieri and F. Pascucci in IEEE 19th International Conference on Industrial Informatics (INDIN), 2021

—————–

Abstract: Critical Infrastructures (CIs) such as power grid, water and gas distribution are controlled by Industrial Control Systems (ICS). Sensors and actuators of a physical plant are managed by the ICS. Data and commands transmitted over the network from the Programmable Logic Controllers (PLCs) are saved and parsed within the Historian. Generally, this architecture guarantees to check for any process anomalies that may occur due to component failures and cyber attacks. The other use of this data allows activities such as forensic analysis. To secure the network is also crucial to protect the communication between devices. A cyber attack on the log devices could jeopardize any forensic analysis be it for maintenance, or discovering an attack trail. In this paper is proposed a strategy to secure plant operational data recorded in the Historian and data exchange in the network. An integrity checking mechanism, in combination with blockchain, is used to ensure data integrity. Data redundancy is achieved by applying an efficient replication mechanism and enables data recovery after an attack.

“Risk and Resilience Assessment and Improvement in the Telecommunication Industry”

Mirjam Fehling-Kaschek, Natalie Miller, Gael Haab, Katja Faist, Alexander Stolz, Ivo Häring, Alberto Neri, Giuseppe Celozzi, Jose Sanchez, Javier Valera and Rodoula Makri | 30th European Safety and Reliability Conference and 15th Probabilistic Safety Assessment and Management Conference

—————–

Abstract: A growing number of consumer and industrial functionalities, including safety relevant and safety critical functions and services, rely on reliable and resilient telecommunication infrastructures. As telecommunication grids advance virtualization, are designed resembling the internet and are moving towards 5G, the interest to quantify their resilience with respect to major disruptions is increasing. Due to this increasing complexity of the telecom infrastructures, as attack types and often intensities are growing, their potential susceptibility and vulnerability increases. In this context, the main goal of the EU-funded H2020 project RESISTO is to provide an innovative solution for the cyber-physical resilience enhancement and holistic situation awareness for communication infrastructures. The solution consists of two main parts, the short term and the long-term components.

“Inferring Anomaly Situation from Multiple Data Sources in Cyber Physical Systems”

Riccardo Colelli, Chiara Foglietta, Roberto Fusacchia, Stefano Panzieri and Federica Pascucci | Cyber-Physical Security for Critical Infrastructures Protection – First International Workshop, CPS4CIP 2020, Guildford, UK, September 18, 2020, Revised Selected Papers

—————–

Abstract:Cyber physical systems are becoming ubiquitous devices in many fields thus creating the need for effective security measures. We propose to exploit their intrinsic dependency on the environment in which they are deployed to detect and mitigate anomalies. To do so, sensor measurements, network metrics, and contextual information are fused in a unified security architecture. In this paper, the model of the proposed framework is presented and a first proof of concept involving a telecommunication infrastructure case study is provided.

“Resilience in Critical Infrastructures: The Role of Modelling and Simulation”

Chiara Foglietta, Stefano Panzieri | Issues on Risk Analysis for Critical Infrastructure Protection

—————–

Abstract:Resilience and risk are fundamental concepts for critical infrastructure protection, but it is complex to assess them. Modelling critical infrastructure interdependency helps in evaluating the resilience and risk metrics. We propose the MHR approach as a road-map to model infrastructures and it is implemented using CISIApro 2.0. MHR suggests considering three different layers in each infrastructure: holistic, service and reductionist agents. In this chapter, this framework has been tested in a scenario made of a modern telecommunication network, a hospital ward and a smart factory. The scenario takes into account cyber attacks and their consequences on the components, services and holistic nodes. The proposed framework is under validation within the EU H2020 RESISTO project with good results and in various test-beds.

“A performance-based tabular approach for joint systematic improvement of risk control and resilience applied to telecommunication grid, gas network, and ultrasound localization system”

Ivo Häring, Mirjam Fehling-Kaschek, Natalie Miller, Katja Faist, Sebastian Ganter, Kushal Srivastava, Aishvarya Kumar Jain, Georg Fischer, Kai Fischer, Jörg Finger, Alexander Stolz, Tobias Leismann, Stefan Hiermaier, Marco Carli, Federica Battisti, Rodoula Makri, Giuseppe Celozzi, Maria Belesioti, Evangelos Sfakianakis, Evita Agrafioti, Anastasia Chalkidou, George Papadakis, Clemente Fuggini, Fabio Bolletta, Alberto Neri, Guiseppe Giunta, Hermann Scheithauer, Fabian Höflinger, Dominik J. Schott, Christian Schindelhauer, Sven Köhler, Igor Linkov | Environment Systems and Decisions

—————–

Abstract: Organizational and technical approaches have proven successful in increasing the performance and preventing risks at socio-technical systems at all scales. Nevertheless, damaging events are often unavoidable due to a wide and dynamic threat landscape and enabled by the increasing complexity of modern systems. For overall performance and risk control at the system level, resilience can be a versatile option, in particular for reducing resources needed for system development, maintenance, reuse, or disposal. This paper presents a framework for a resilience assessment and management process that builds on existing risk management practice before, during, and after potential and real events. It leverages tabular and matrix correlation methods similar as standardized in the field of risk analysis to fulfill the step-wise resilience assessment and management for critical functions of complex systems. We present data needs for the method implementation and output generation, in particular regarding the assessment of threats and the effects of counter measures. Also included is a discussion of how the results contribute to the advancement of functional risk control and resilience enhancement at system level as well as related practical implications for its efficient implementation. The approach is applied in the domains telecommunication, gas networks, and indoor localization systems. Results and implications are further discussed.

“Anomaly-Based Intrusion Detection System for Cyber-Physical System Security”

R. Colelli, F. Magri, S. Panzieri and F. Pascucci in 29th Mediterranean Conference on Control and Automation (MED), 2021, pp. 428-434 | doi: 10.1109/MED51440.2021.9480182.

—————–

Abstract: Over the past decade, industrial control systems have experienced a massive integration with information technologies. Industrial networks have undergone numerous technical transformations to protect operational and production processes, leading today to a new industrial revolution. Information Technology tools are not able to guarantee confidentiality, integrity and availability in the industrial domain, therefore it is of paramount importance to understand the interaction of the physical components with the networks. For this reason, usually, the industrial control systems are an example of Cyber-Physical Systems (CPS). This paper aims to provide a tool for the detection of cyber attacks in cyber-physical systems. This method is based on Machine Learning to increase the security of the system. Through the analysis of the values assumed by Machine Learning it is possible to evaluate the classification performance of the three models. The model obtained using the training set, allows to classify a sample of anomalous behavior and a sample that is related to normal behavior. The attack identification is implemented in water tank system, and the identification approach using Machine Learning aims to avoid dangerous states, such as the overflow of a tank. The results are promising, demonstrating its effectiveness.

“On the Use of Fibonacci Sequences for Detecting Injection Attacks in Cyber Physical Systems​”

S. Baldoni, F. Battisti, M. Carli and F. Pascucci in IEEE Access, vol. 9, pp. 41787-41798, 2021 | doi: 10.1109/ACCESS.2021.3065228.

—————–

Abstract: Cyber Physical Systems are characterized by a strong interaction among networking, sensing, and control functionalities. Moreover, the recent advent of Internet of Things extended their information sharing capability. However, the interaction between Internet and Cyber Physical Systems requires increased efforts for guaranteeing the security of connected systems. In the industrial field, the problem becomes more complex due to the need of protecting a large attack surface while guaranteeing system availability and real-time response to the detection of threats. In this contribution, we deal with the injection of tampered data into the communication channel with the aim of modifying the status of the physical system. To cope with this attack, we design a secure control system able to detect the injection of tampered data by coding the output of the measurement systems. The proposed approach is based on the use of permutation matrices, whose scheme varies upon a secret pattern obtained exploiting the Fibonacci p-sequences. The detection strategy is compliant with the time delay constraints typical of a Cyber Physical System. An analysis of the security performances of the proposed system is presented along with the experimental proof of its effectiveness.

“Security and Resilience Challenges for the Critical Infrastructures of the Communications Sector”

Federica Battisti, Marco Carli, Federica Pascucci, Mirjam Fehling-Kaschek, Rodoula Makri, Maria Belesioti, Ioannis Chochliouros, Ioan Constatin, Xiao-Si Wang; Cyber-Physical Threat Intelligence for Critical Infrastructures Security, 17 September, 2020

—————–

Abstract: This chapter introduces the main challenges for critical infrastructures in the communication sector. Specifically, the chapter will review the current threats that arise upon cyber and physical systems interconnection. At the same time, security strategies exploiting both the features (cyber and physical) of critical infrastructures will be introduced.

“RESISTO – RESIlience enhancement and risk control platform for communication infraSTructure Operators”

Alberto Neri, Alessandro Neri; Cyber-Physical Threat Intelligence for Critical Infrastructures Security, 17 September, 2020

“Manage Security on 5G communication networks: the Software Defined Security paradigm”

Luca Baldini, Marco Carli, Giuseppe Celozzi, Federico Colangelo, Alessandro Neri, Cosimo Zotti; Cyber-Physical Threat Intelligence for Critical Infrastructures Security, 17 September, 2020

———

Abstract: This chapter is devoted to the description of the interaction between the new communication system (the 5G framework) and the emerging security paradigm, known as Software Defined Security. It can be considered as a new security model to be applied for the management of communication networks, in which security aspects are implemented, controlled, and managed at software level. The main objective is providing a clear-cut, understandable and upgradable security model, in which novel algorithms and solutions can be integrated and optimized.

“Resilience analysis and quantification for Critical Infrastructures”

N. Miller, M. Fehling-Kaschek, G. Haab, K. Faist, A. Stolz, I. Håring; Cyber-Physical Threat Intelligence for Critical Infrastructures Security, 17 September, 2020

———

Abstract: The resilience analysis performed in RESISTO follows an enhanced risk and resilience management process based on the ISO-31000 standard [1]. The main inputs needed for the resilience quantification are gathered at separate steps of the management process: a precise understanding of the system context and the system itself including all subsystems and components and their interconnections; a collection of all relevant system functions to quantify the loss of performance due to a disruptive event; a comprehensive list of potential threats and hazards including information about their effect on the system; a list of critical combinations of system performance functions and threats taking account of relevant resilience dimensions [2] not explicitly covered by the risk and resilience management process; a risk and resilience quantification of combinations found to be critical taking into account risk and resilience evaluation criteria; and finally a list of potential counter actions and mitigation strategies for the listed threats.

“CISIApro Critical Infrastructures Modeling Technique for an Effective Decision Making Support”

Chiara Foglietta, Stefano Panzieri; Cyber-Physical Threat Intelligence for Critical Infrastructures Security, 17 September, 2020

———

Abstract: Modeling critical infrastructure interdependencies is mandatory to assess the consequences of adverse events such as natural disasters, failures and also cyber attacks. However, interdependencies can be exploited during the recovery phase for increasing the effect of the countermeasures. In this chapter, we present CISIApro 2.0 an agent-based simulator that assesses the consequences of negative events on interconnected infrastructures, describes as devices and services. The output of CISIApro 2.0 is the set of possible devices and services which are affected by an adverse event. The simulator has been tested using a telecommunication network.

“Modern innovative detectors of physical threats for Critical Infrastructures”

Rodoula Makri, Panos Karaivazoglou, Alexandros Kyritsis, Michael Skitsas, Nikolaos Koutras, Javier Valera, Jose Manuel Sanchez; Cyber-Physical Threat Intelligence for Critical Infrastructures Security, 17 September, 2020

———

Abstract: Nowadays, the types of threats against Critical Infrastructures are becoming more sophisticated imposing the use of equally modern detection measures. The involved aspects are too important when considering both direct physical threats and physical threats that enable malicious impact to the cyber domain as well. The Chapter begins with an overview of the current situation in Critical Infrastructures in terms of detecting physical threats, attacks or hazards and continues by introducing modern detecting techniques covering a wider range of threats. These vary from systems with sensors for airborne threats along with audio and visual analytics up to using the wireless networks themselves as sensing systems by exploiting their networking features.

“A Systematic Tabular Approach for Risk and Resilience Assessment and Improvement in the Telecommunication Industry”

M. Fehling-Kaschek, K. Faist, N. Miller, J. Finger, I. Häring, M. Carli, F. Battisti, R. Makri, G. Celozzi, G. Amato, M. Belesioti and E. Sfakianakis; 29th European Safety and Reliability Conference (ESREL), 22 – 26 September 2019.

—————–

Abstract: The economic and social well-being of citizens depends on the reliable functioning of critical infrastructures, and in particular, the provision of a reliable telecommunication system. Integrated risk and resilience analysis and improvement processes have been proposed and adopted to critical infrastructure systems. However, fast, tabular, and in operational contexts realizable implementations are still lacking. The paper proposes a set of interlinked tables for a fast, semi-quantitative implementation of such a process. The sequence and structure of the tables is chosen to capture the relevant input for the risk and resilience analysis and management process. Pulling from previous literature, four main constituents are identified and implemented as separate tables: system components, system functions, threats and mitigation options. The linkage between the tables and their contents, including minimum consistency requirements are expected to be sufficient for a successful implementation of the resilience analysis and management process. The linkage allows for direct computation of the correlations between the four constituents, e.g. system components with system functions, system functions with potential disruptions to identify critical combinations and threats with potential counter measures. Furthermore, quantification options and potential counter measures for the critical combinations can be inferred. Sample entries are given for the telecommunication infrastructure and the advantages of the approach are discussed.

“A New Security Approach in Telecom Infrastructures: The RESISTO Concept”

M. Belesioti, R. Makri, M. Fehling-Kaschek, M. Carli, A. Kostopoulos, I. P. Chochliouros, A. Neri and F. Frosali; 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), 29-31 May 2019

—————–

Abstract: Communications play a fundamental role in the economic and social well-being of the citizens and on operations of most of the critical infrastructures (CIs). Extreme weather events, natural disasters and criminal attacks represent a challenge due to their increase in frequency and intensity requiring smarter resilience of the Communication CIs, which are extremely vulnerable due to the ever-increasing complexity of the architecture also in light of the evolution towards 5G, the extensive use of programmable platforms and exponential growth of connected devices. In this paper, we present the aim of RESISTO H2020 EU-funded project, which constitutes an innovative solution for Communication CIs holistic situation awareness and enhanced resilience.

“Enhancing Critical Infrastructure Protection: The RESISTO Concept”

M. Belesioti, I. Chochliouros, F. Frosali and R. Makri; European Conference on Networks and Communications 2018 – 5G and beyond (EuCNC), 18-21 Jube, 2018