According to the consortium experience and in order to address the security/resiliency required for CI, the design approach of ATENA tools suite will be based on two different control loops:
- a static, off-line, long term control loop that is in charge of configuring the system according to the security assessment, and updating it on a periodic basis or when particular events require (new threats or discovery of previously undetected vulnerabilities)
- a dynamic, on-line, short term control loop that is in charge to promptly react to attacks and threats that may impact the operational life of the system.
Role of the off-line loop
- collection of a set of Context Information (i.e. high-level information about the CI architecture, available technologies, countermeasures and potential threats)
- enforcement of the CI Secure Configuration (trough Configuration Command) on the basis of such information and of the Desired S/R (Security and Resilience) level and Desired Context (parameters to be optimised other than S/R level)
- Endorsement of subsidiary ancillary objectives (e.g., Desired Context optimization)
- Storage of the selected configurations with the associated context information in a dedicated Knowledge Base in order to easily deploy them according to cyber-security context.
Role of on-line loop
- Continuously monitoring of CI system, basing on the relevant Measurements, as well as on the information stored in the Knowledge Base (DB)
- Detection of attacks by using prediction and machine learning algorithms, rules and policies.
- Computation of the mitigation actions to contain the attack
- Enforcement of countermeasure to the system, or information to the operator about the actions to be enforced.
Technology of on-line control
Essentially based on two components:
- a detection/actuation mechanism mainly based on Network Function Virtualization (NFV) and Software Defined Networking (SDN) techniques, which provide support for multi-tenancy, allowing the distribution of responsibilities in a shared management model.
- a reaction/resilience mechanism based on the new concept of Software Defined Security (SDS) that integrates IACS security design, distributed awareness, mitigation and resiliency functionalities into a unique framework able to dynamically and proactively react to the evolving threats by enforcing the most appropriate security policies in each CI node