SlideShare ist ein Scribd-Unternehmen logo

ZONeSEC: critical infrastructure protection in real practice

Als PPTX, PDF herunterladen
José Ramón Martínez Salio
José Ramón Martínez Salio

ZONeSEC disemination conference in CRITIS2018

Ingenieurwesen
1 von 27
ZONeSEC (2014-2018): Critical infrastructure protection in real practice Jose-Ramon Martinez-Salio Atos
1. What is ZONeSEC and what are its objectives 2/10/2018 2ZONeSEC overview
ZONeSEC at a glance • ZONeSEC: “Towards an EU framework for the security of Wide zones” – Start date: 1 December 2014 – End date: 30 November 2018 (48 months) http://www.zonesec.eu/ Contact points: Dimitris Petrantonakis (Project Coordinator) dpetr@exodussa.com Jose Ramon Martinez (Technical coordinator) jose.martinezs@atos.net 3ZONeSEC overview2/10/2018
Introducing ZONeSEC 19 PARTNERS 9 COUNTRIES 4 PILOTS 3 FINAL DEMOS 48 MONTHS 4ZONeSEC overview2/10/2018
6ZONeSEC overview2/10/2018 Cyber threats Physical threats
2. Obstacles found on the road and how to overpass them 2/10/2018 10ZONeSEC overview
11ZONeSEC overview2/10/2018 ZONeSEC key challenges (1/2) • Near real time: Time has to be reasonable short between incident and notification • No lost of any alert: Alert data should be “reliable”. It is mandatory that alerts don’t get lost in transit • No false alerts: Operator need real alerts, not false alerts • All kind of networks: All kind of networks are in use in wide-zones simultaneously • Flexibility: Plug and play: All the security capillaries can enter or leave the system at any moment without affecting the stability of the entire system • Scalability: The resulting system or framework should be scalable to any number of security capillaries and any arbitrary extended area
12ZONeSEC overview2/10/2018 ZONeSEC key challenges (2/2) • Security: Security has to be taken into account in all possible layers (including tampering the physical devices) • Portability: The resulting framework should be portable to any localization • Legacy sensors: Already existing sensors (aka “legacy sensors”) should be included in the framework as seamlessly as possible • Lack of standards in sensor: Every sensor (new or old) has its own ways • Open platform: The system has to be open allowing the possible addition of new Security capillaries and old legacy systems • Arbitrary extensive area: Area covered can reach hundreds of km • Arbitrary number of sensors: The number of sensor involved can be literally any, including new and old sensors
132/10/2018 13 Solutions adopted in ZONeSEC The success of ZONeSEC is based in five main pillars: 1. Modular architecture with the use of micro services 2. Common data model and common protocol for all sensors/adaptors 3. Use of a decoupled communications framework tailored for any kind of networks and widezones 4. Scalable automatic processing of data (including fusion of data) 5. Security in devices and in net (including tampering and cyber) ZONeSEC overview
3. Technologies in ZONeSEC 2/10/2018 16ZONeSEC overview
17ZONeSEC overview2/10/2018 ZONeSEC sensing solutions The technological solutions used in ZONeSEC are all in the front line of what technology can offer for CIP ZONeSEChas: • Evolved these technologies to become products in many cases • Used these technologies in the field in real premises and scenarios • Integrated all these heterogenous technologies and also “legacy systems Thesetechnologies include: • Sensing solutions • Technological solutions like UAV, video analytics, data fusion, data representation and cyber attacks detection
18ZONeSEC overview2/10/2018 Sensors on the technological edge (1/3) • Distributed Acoustic Sensor (IDAS). IDAS is an optoelectronic system monitoring the acoustic field along an optical fibre cable. Used in detecting movement near a perimeter set. • ULTIMA: Ultima is a heat sensor that can be user also for detection of leakages (gas and liquid).
19ZONeSEC overview2/10/2018 Sensors on the technological edge (2/3) • Spectral Imaging System: This is a novel multi-sensor system with thermal, hyperspectral and SWIR cameras. The processing of the huge amount of spectral video data is locally performed.
20ZONeSEC overview2/10/2018 Sensors on the technological edge (3/3) • Mimo Radar: (Multiple Input Multiple Output RAdio Detection And Ranging), detects intrusions of persons into a secure perimeter marked by a virtual fence. Additionally, the Radar can provide information about the distance, velocity and azimuth angle of a target.
21ZONeSEC overview2/10/2018 Technological solutions (1/7) • AUV: The multirotor and Helly type Mini-UAV systems are equipped with electro-optic sensors including daylight and thermal cameras (CM100V3, UAV Vision) as well as communication devices. • receive Orders from the ZONeSEC System and through the Task-Based Guidance component to prepare the flight plan using analytics functionalities for decision making and to upload it in order to execute the mission. • real-time video stream including metadata (e.g. position, target)
22ZONeSEC overview2/10/2018 Technological solutions (2/7) • Visual analytics: Video footage coming life from IP cameras or the UAV is analyzed to detect cars and people in real time. • Position in KLV format is read and analyzed in real time. Position is sent to central COP • Tracking of each object is created • Modified footage is re-streamed
23ZONeSEC overview2/10/2018 Technological solutions (3/7) • Abnormal behavior detection: Video footage coming life from IP cameras is analyzed to detect behavior of people in real time. We detect movements considered “suspicious” in certain areas.
24ZONeSEC overview2/10/2018 Technological solutions (4/7) • Cyber agent: Cyber agents are software agents able to detect any cyber intrusion and to be trained to detect new threats. The multi-agent system provides continuous analysis of security events in the cyber- domain, aggregating data from many sources and providing the ability to consolidate and correlate monitored data to generate reports and alerts
25ZONeSEC overview2/10/2018 Technological solutions (5/7) • Data fusion (SDAIM): SDAIM performs data and information fusion to aid and improve the decision making process of the Widezone operatives. This core function is fulfilled by data and information fusion algorithms configured and executed as event stream processing workflows. The output of the fusion process are alerts for possible illicit situations and behaviours and also supporting information, aimed at the Widezone operatives, and provided over a standard messaging interface Configurable Big Data Technologies & Scalable Cloud Computing Infrastructure Fusion Resources Catalogue Management UI Brokered MOM Brokered MOM AMQP Data and Information Fusion Algorithms configured in event stream processing workflows Fusion Session Data Fusion Resources Agent Fusion Process Configuration & Session Instatiation Knowledge Base  Domain Semantics  Knowledge Models  Fusion Actionable Inf. Specialised communicaiton AlertsAMQP Knowledge Federation API Fusion Session Agent High Data Volumes Remote Data Fusion Algorithms Sensor Networks Security Clusters Widezone Geo-data Access/Import API DBs
26ZONeSEC overview2/10/2018 Technological solutions (6/7) • COP and simulation of sensors: Common Operational Picture. The COP displayed a 3D cartographic view of deployed sensors and raised alerts from subsystems. The simulation tools provided means to add geo-localized virtual systems and simulate their inputs to ZONeSEC
27ZONeSEC overview2/10/2018 Technological solutions (7/7) • Security Clusters: The processing of sensors that are related by geographical criteria or any other common criteria are aggregated locally and processed locally (using same SDAIM logic). This provides scalability to the full framework.
282/10/2018 One architecture to integrate all together  Use of a common data model to all ZONeSEC : Data Agreement initiative has been followed  Modular architecture has been used for the core components:  Core: is the data hub and communication module  Micro services: Independent and modular entities  Geographical  Time synchronization  Metadata  Historical alerts  Bidirectional orders ZONeSEC overview
4. Playing in the fields of CIP (Critical infrastructures protection) 2/10/2018 Title Presentation 29
302/10/2018 ZONeSEC is an end-user driven project End users involved from the conception of the project • 4 End-user partners • Advisory Board members from end-user Community • Extended base of end users during project Drive thorough and exhaustive pilot demonstrations and final demonstrations • Water Pipelines • Gas Pipelines • Railway networks • Oil Pipelines • Highways 3030ZONeSEC overview
332/10/2018 Overview pilot activities 23/02/2018 33 Y1 Y2 Y3 Y4 PROJECT TIMELINE FUNCTIONALITY LOWMEDIUMHIGH OIP ACC (M12) OIP ATTD (M25) OIP AQS (M31) OIP DESFA (M37) PILOTS ACC (M40) AQS (M43) ATTD (M47) ZONeSEC overview
392/10/2018 Lessons learnt from Pilots • Need to test integration in remote and “in the field” for a long time in advance • If the architecture works, the communications can beat you • Good Communication is key •Language barrier •Cultural barrier: companies and countries • Team is everything You can always have fun when the job is well done and the team is so great! 3939ZONeSEC overview
402/10/2018 40 Thank you for your time! Q&A ZONeSEC overview Jose Ramon Martinez (Technical coordinator) jose.martinezs@atos.net

Empfohlen

01. Critical Information Infrastructure Protection
01. Critical Information Infrastructure Protection01. Critical Information Infrastructure Protection
01. Critical Information Infrastructure Protection
Directorate of Information Security | Ditjen Aptika
 
Thesis of-rajesh-gps
Thesis of-rajesh-gpsThesis of-rajesh-gps
Thesis of-rajesh-gps
lakshmi610
 
Best sync practices and architecture strategies for secure, resilient PNT in ...
Best sync practices and architecture strategies for secure, resilient PNT in ...Best sync practices and architecture strategies for secure, resilient PNT in ...
Best sync practices and architecture strategies for secure, resilient PNT in ...
ADVA
 
DeepALM: Holistic optical network monitoring based on machine learning
DeepALM: Holistic optical network monitoring based on machine learningDeepALM: Holistic optical network monitoring based on machine learning
DeepALM: Holistic optical network monitoring based on machine learning
ADVA
 
Introducing the most compact sync solution for energy and broadcast networks
Introducing the most compact sync solution for energy and broadcast networksIntroducing the most compact sync solution for energy and broadcast networks
Introducing the most compact sync solution for energy and broadcast networks
ADVA
 
Introducing the CrossLink Programmable ASSP
Introducing the CrossLink Programmable ASSPIntroducing the CrossLink Programmable ASSP
Introducing the CrossLink Programmable ASSP
LatticeSemiconductor
 
Best practices for secure synchronization in smart grids
Best practices for secure synchronization in smart gridsBest practices for secure synchronization in smart grids
Best practices for secure synchronization in smart grids
ADVA
 
ADVA’s telecommunications solutions for smart grids
ADVA’s telecommunications solutions for smart grids ADVA’s telecommunications solutions for smart grids
ADVA’s telecommunications solutions for smart grids
ADVA
 

Empfohlen

01. Critical Information Infrastructure Protection
01. Critical Information Infrastructure Protection01. Critical Information Infrastructure Protection
01. Critical Information Infrastructure Protection
Directorate of Information Security | Ditjen Aptika
 
Thesis of-rajesh-gps
Thesis of-rajesh-gpsThesis of-rajesh-gps
Thesis of-rajesh-gps
lakshmi610
 
Best sync practices and architecture strategies for secure, resilient PNT in ...
Best sync practices and architecture strategies for secure, resilient PNT in ...Best sync practices and architecture strategies for secure, resilient PNT in ...
Best sync practices and architecture strategies for secure, resilient PNT in ...
ADVA
 
DeepALM: Holistic optical network monitoring based on machine learning
DeepALM: Holistic optical network monitoring based on machine learningDeepALM: Holistic optical network monitoring based on machine learning
DeepALM: Holistic optical network monitoring based on machine learning
ADVA
 
Introducing the most compact sync solution for energy and broadcast networks
Introducing the most compact sync solution for energy and broadcast networksIntroducing the most compact sync solution for energy and broadcast networks
Introducing the most compact sync solution for energy and broadcast networks
ADVA
 
Introducing the CrossLink Programmable ASSP
Introducing the CrossLink Programmable ASSPIntroducing the CrossLink Programmable ASSP
Introducing the CrossLink Programmable ASSP
LatticeSemiconductor
 
Best practices for secure synchronization in smart grids
Best practices for secure synchronization in smart gridsBest practices for secure synchronization in smart grids
Best practices for secure synchronization in smart grids
ADVA
 
ADVA’s telecommunications solutions for smart grids
ADVA’s telecommunications solutions for smart grids ADVA’s telecommunications solutions for smart grids
ADVA’s telecommunications solutions for smart grids
ADVA
 
ADVA aPNT+™ security enhancements
ADVA aPNT+™ security enhancementsADVA aPNT+™ security enhancements
ADVA aPNT+™ security enhancements
ADVA
 
ADVA launches new aPNT+™ platform to protect critical network infrastructure
ADVA launches new aPNT+™ platform to protect critical network infrastructureADVA launches new aPNT+™ platform to protect critical network infrastructure
ADVA launches new aPNT+™ platform to protect critical network infrastructure
ADVA
 
Submarine line termination equipment (SLTE) for open cables
Submarine line termination equipment (SLTE) for open cablesSubmarine line termination equipment (SLTE) for open cables
Submarine line termination equipment (SLTE) for open cables
ADVA
 
Improving time accuracy at the network edge
Improving time accuracy at the network edgeImproving time accuracy at the network edge
Improving time accuracy at the network edge
ADVA
 
Drive down latency and costs in the access network with the MicroMux™ Edge BiDi
Drive down latency and costs in the access network with the MicroMux™ Edge BiDiDrive down latency and costs in the access network with the MicroMux™ Edge BiDi
Drive down latency and costs in the access network with the MicroMux™ Edge BiDi
ADVA
 
Synchronisation and Time Distribution in Modern Telecommunications Networks
Synchronisation and Time Distribution in Modern Telecommunications NetworksSynchronisation and Time Distribution in Modern Telecommunications Networks
Synchronisation and Time Distribution in Modern Telecommunications Networks
3G4G
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
ADVA
 
Recent growth in timing
Recent growth in timingRecent growth in timing
Recent growth in timing
ADVA
 
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
3G4G
 
Radisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue GenerationRadisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue Generation
Radisys Corporation
 
5G for Reliable Industrial Wireless Networks
5G for Reliable Industrial Wireless Networks5G for Reliable Industrial Wireless Networks
5G for Reliable Industrial Wireless Networks
AUTOWARE
 
5G Network Architecture, Design and Optimisation
5G Network Architecture, Design and Optimisation5G Network Architecture, Design and Optimisation
5G Network Architecture, Design and Optimisation
3G4G
 
Orchestrated virtualized multivendor SD-WAN services
Orchestrated virtualized multivendor SD-WAN servicesOrchestrated virtualized multivendor SD-WAN services
Orchestrated virtualized multivendor SD-WAN services
ADVA
 
Opinion: What is “Real 5G”? (and “Real 4G”?)
Opinion: What is “Real 5G”? (and “Real 4G”?)Opinion: What is “Real 5G”? (and “Real 4G”?)
Opinion: What is “Real 5G”? (and “Real 4G”?)
3G4G
 
Inject precise synchronization into open compute servers
Inject precise synchronization into open compute serversInject precise synchronization into open compute servers
Inject precise synchronization into open compute servers
ADVA
 
Vsat day-2008-gilat
Vsat day-2008-gilatVsat day-2008-gilat
Vsat day-2008-gilat
SSPI Brasil
 
Photonic integrated circuits for data center interconnects
Photonic integrated circuits for data center interconnectsPhotonic integrated circuits for data center interconnects
Photonic integrated circuits for data center interconnects
ADVA
 
Nokia 3GPP Industry e-Workshop on XR Sept 2020
Nokia 3GPP Industry e-Workshop on XR Sept 2020Nokia 3GPP Industry e-Workshop on XR Sept 2020
Nokia 3GPP Industry e-Workshop on XR Sept 2020
Eiko Seidel
 
Advanced: 5G NR RRC Inactive State
Advanced: 5G NR RRC Inactive StateAdvanced: 5G NR RRC Inactive State
Advanced: 5G NR RRC Inactive State
3G4G
 
Stepping up to the Challenge on Tighter Time Accuracy.
Stepping up to the Challenge on Tighter Time Accuracy.Stepping up to the Challenge on Tighter Time Accuracy.
Stepping up to the Challenge on Tighter Time Accuracy.
3G4G
 
ZONeSEC in ERNCIP
ZONeSEC in ERNCIPZONeSEC in ERNCIP
ZONeSEC in ERNCIP
José Ramón Martínez Salio
 
Zonesec_overview_v3
Zonesec_overview_v3Zonesec_overview_v3
Zonesec_overview_v3
José Ramón Martínez Salio
 

Weitere ähnliche Inhalte

Was ist angesagt?

Radisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue GenerationRadisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue Generation
Radisys Corporation
 

Was ist angesagt? (20)

ADVA aPNT+™ security enhancements
ADVA aPNT+™ security enhancementsADVA aPNT+™ security enhancements
ADVA aPNT+™ security enhancements
 
ADVA launches new aPNT+™ platform to protect critical network infrastructure
ADVA launches new aPNT+™ platform to protect critical network infrastructureADVA launches new aPNT+™ platform to protect critical network infrastructure
ADVA launches new aPNT+™ platform to protect critical network infrastructure
 
Submarine line termination equipment (SLTE) for open cables
Submarine line termination equipment (SLTE) for open cablesSubmarine line termination equipment (SLTE) for open cables
Submarine line termination equipment (SLTE) for open cables
 
Improving time accuracy at the network edge
Improving time accuracy at the network edgeImproving time accuracy at the network edge
Improving time accuracy at the network edge
 
Drive down latency and costs in the access network with the MicroMux™ Edge BiDi
Drive down latency and costs in the access network with the MicroMux™ Edge BiDiDrive down latency and costs in the access network with the MicroMux™ Edge BiDi
Drive down latency and costs in the access network with the MicroMux™ Edge BiDi
 
Synchronisation and Time Distribution in Modern Telecommunications Networks
Synchronisation and Time Distribution in Modern Telecommunications NetworksSynchronisation and Time Distribution in Modern Telecommunications Networks
Synchronisation and Time Distribution in Modern Telecommunications Networks
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Recent growth in timing
Recent growth in timingRecent growth in timing
Recent growth in timing
 
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
 
Radisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue GenerationRadisys Optimizing VAS for Greater Revenue Generation
Radisys Optimizing VAS for Greater Revenue Generation
 
5G for Reliable Industrial Wireless Networks
5G for Reliable Industrial Wireless Networks5G for Reliable Industrial Wireless Networks
5G for Reliable Industrial Wireless Networks
 
5G Network Architecture, Design and Optimisation
5G Network Architecture, Design and Optimisation5G Network Architecture, Design and Optimisation
5G Network Architecture, Design and Optimisation
 
Orchestrated virtualized multivendor SD-WAN services
Orchestrated virtualized multivendor SD-WAN servicesOrchestrated virtualized multivendor SD-WAN services
Orchestrated virtualized multivendor SD-WAN services
 
Opinion: What is “Real 5G”? (and “Real 4G”?)
Opinion: What is “Real 5G”? (and “Real 4G”?)Opinion: What is “Real 5G”? (and “Real 4G”?)
Opinion: What is “Real 5G”? (and “Real 4G”?)
 
Inject precise synchronization into open compute servers
Inject precise synchronization into open compute serversInject precise synchronization into open compute servers
Inject precise synchronization into open compute servers
 
Vsat day-2008-gilat
Vsat day-2008-gilatVsat day-2008-gilat
Vsat day-2008-gilat
 
Photonic integrated circuits for data center interconnects
Photonic integrated circuits for data center interconnectsPhotonic integrated circuits for data center interconnects
Photonic integrated circuits for data center interconnects
 
Nokia 3GPP Industry e-Workshop on XR Sept 2020
Nokia 3GPP Industry e-Workshop on XR Sept 2020Nokia 3GPP Industry e-Workshop on XR Sept 2020
Nokia 3GPP Industry e-Workshop on XR Sept 2020
 
Advanced: 5G NR RRC Inactive State
Advanced: 5G NR RRC Inactive StateAdvanced: 5G NR RRC Inactive State
Advanced: 5G NR RRC Inactive State
 
Stepping up to the Challenge on Tighter Time Accuracy.
Stepping up to the Challenge on Tighter Time Accuracy.Stepping up to the Challenge on Tighter Time Accuracy.
Stepping up to the Challenge on Tighter Time Accuracy.
 

Ähnlich wie ZONeSEC: critical infrastructure protection in real practice

RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
csandit
 
Critical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideCritical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems Worldwide
Angela Hays
 
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
cscpconf
 
Ieeepro techno solutions ieee 2013 embedded project smartdust network for...
Ieeepro techno solutions ieee 2013 embedded project smartdust network for...Ieeepro techno solutions ieee 2013 embedded project smartdust network for...
Ieeepro techno solutions ieee 2013 embedded project smartdust network for...
srinivasanece7
 

Ähnlich wie ZONeSEC: critical infrastructure protection in real practice (20)

ZONeSEC in ERNCIP
ZONeSEC in ERNCIPZONeSEC in ERNCIP
ZONeSEC in ERNCIP
 
Zonesec_overview_v3
Zonesec_overview_v3Zonesec_overview_v3
Zonesec_overview_v3
 
Zonesec_ares
Zonesec_aresZonesec_ares
Zonesec_ares
 
ZONeSEC_newsletter_issue_6
ZONeSEC_newsletter_issue_6ZONeSEC_newsletter_issue_6
ZONeSEC_newsletter_issue_6
 
ZONeSEC_newsletter_issue_5
ZONeSEC_newsletter_issue_5ZONeSEC_newsletter_issue_5
ZONeSEC_newsletter_issue_5
 
oneM2M – Open standard enables interoperability for IoT
oneM2M – Open standard enables interoperability for IoToneM2M – Open standard enables interoperability for IoT
oneM2M – Open standard enables interoperability for IoT
 
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
 
Katastrophen-Einsatz-Überwachung mit survival sensor networks on IPv6
Katastrophen-Einsatz-Überwachung mit survival sensor networks on IPv6Katastrophen-Einsatz-Überwachung mit survival sensor networks on IPv6
Katastrophen-Einsatz-Überwachung mit survival sensor networks on IPv6
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
 
SDI @ISCWest 2017: A Systems Integrator Perspective
SDI @ISCWest 2017: A Systems Integrator PerspectiveSDI @ISCWest 2017: A Systems Integrator Perspective
SDI @ISCWest 2017: A Systems Integrator Perspective
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scada
 
Press release 3rd pilot
Press release 3rd pilotPress release 3rd pilot
Press release 3rd pilot
 
"Iot on the field: making smart environments in everyday experience"
"Iot on the field: making smart environments in everyday experience""Iot on the field: making smart environments in everyday experience"
"Iot on the field: making smart environments in everyday experience"
 
Press release 2nd pilot
Press release 2nd pilotPress release 2nd pilot
Press release 2nd pilot
 
Critical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideCritical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems Worldwide
 
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
 
D0.1 V2.0 Project Presentation
D0.1 V2.0 Project PresentationD0.1 V2.0 Project Presentation
D0.1 V2.0 Project Presentation
 
A0550110
A0550110A0550110
A0550110
 
Ieeepro techno solutions ieee 2013 embedded project smartdust network for...
Ieeepro techno solutions ieee 2013 embedded project smartdust network for...Ieeepro techno solutions ieee 2013 embedded project smartdust network for...
Ieeepro techno solutions ieee 2013 embedded project smartdust network for...
 

Mehr von José Ramón Martínez Salio

Simware RTI Empowering hla with dds
Simware RTI Empowering hla with ddsSimware RTI Empowering hla with dds
Simware RTI Empowering hla with dds
José Ramón Martínez Salio
 
Simware Simdeveloper
Simware SimdeveloperSimware Simdeveloper
Simware Simdeveloper
José Ramón Martínez Salio
 

Mehr von José Ramón Martínez Salio (20)

ZONeSEC_newsletter_issue_7
ZONeSEC_newsletter_issue_7ZONeSEC_newsletter_issue_7
ZONeSEC_newsletter_issue_7
 
ZONeSEC final pilot demonstration - invitation and agenda
ZONeSEC final pilot demonstration - invitation and agendaZONeSEC final pilot demonstration - invitation and agenda
ZONeSEC final pilot demonstration - invitation and agenda
 
Zonesec final event agenda
Zonesec final event agendaZonesec final event agenda
Zonesec final event agenda
 
ZONeSEC 2nd pilot demonstration - invitation and agenda
ZONeSEC 2nd pilot demonstration - invitation and agendaZONeSEC 2nd pilot demonstration - invitation and agenda
ZONeSEC 2nd pilot demonstration - invitation and agenda
 
Simware RTI Empowering hla with dds
Simware RTI Empowering hla with ddsSimware RTI Empowering hla with dds
Simware RTI Empowering hla with dds
 
Nogesi case study as LSA proof of concept
Nogesi case study as LSA proof of conceptNogesi case study as LSA proof of concept
Nogesi case study as LSA proof of concept
 
Simware in full
Simware in fullSimware in full
Simware in full
 
Omg dds berlin 2013
Omg dds berlin 2013Omg dds berlin 2013
Omg dds berlin 2013
 
Time managment service over DDS
Time managment service over DDSTime managment service over DDS
Time managment service over DDS
 
Structural organization of LSA architecture
Structural organization of LSA architectureStructural organization of LSA architecture
Structural organization of LSA architecture
 
A new approach for converging LVC simulation architectures
A new approach for converging LVC simulation architecturesA new approach for converging LVC simulation architectures
A new approach for converging LVC simulation architectures
 
Simware Simdeveloper
Simware SimdeveloperSimware Simdeveloper
Simware Simdeveloper
 
Simware framework hello world: A webinar
Simware framework hello world: A webinarSimware framework hello world: A webinar
Simware framework hello world: A webinar
 
SimWare rti hello world: Webinar
SimWare rti hello world: WebinarSimWare rti hello world: Webinar
SimWare rti hello world: Webinar
 
SimWare Rti: HLA raised to the power of DDS
SimWare Rti: HLA raised to the power of DDSSimWare Rti: HLA raised to the power of DDS
SimWare Rti: HLA raised to the power of DDS
 
Nads 2012 itec2012 innovationshowcase 22 may 2012
Nads 2012 itec2012 innovationshowcase 22 may 2012 Nads 2012 itec2012 innovationshowcase 22 may 2012
Nads 2012 itec2012 innovationshowcase 22 may 2012
 
DDS en los nuevos retos de Smart Cities
DDS en los nuevos retos de Smart CitiesDDS en los nuevos retos de Smart Cities
DDS en los nuevos retos de Smart Cities
 
SimWare and the new LSA study group on SISO
SimWare and the new LSA study group on SISOSimWare and the new LSA study group on SISO
SimWare and the new LSA study group on SISO
 
HLA over DDS
HLA over DDSHLA over DDS
HLA over DDS
 
Nads 2012
Nads 2012Nads 2012
Nads 2012
 

Kürzlich hochgeladen

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
dharasingh5698
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 

Kürzlich hochgeladen (20)

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdf
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 

ZONeSEC: critical infrastructure protection in real practice

  • 1. ZONeSEC (2014-2018): Critical infrastructure protection in real practice Jose-Ramon Martinez-Salio Atos
  • 2. 1. What is ZONeSEC and what are its objectives 2/10/2018 2ZONeSEC overview
  • 3. ZONeSEC at a glance • ZONeSEC: “Towards an EU framework for the security of Wide zones” – Start date: 1 December 2014 – End date: 30 November 2018 (48 months) http://www.zonesec.eu/ Contact points: Dimitris Petrantonakis (Project Coordinator) dpetr@exodussa.com Jose Ramon Martinez (Technical coordinator) jose.martinezs@atos.net 3ZONeSEC overview2/10/2018
  • 4. Introducing ZONeSEC 19 PARTNERS 9 COUNTRIES 4 PILOTS 3 FINAL DEMOS 48 MONTHS 4ZONeSEC overview2/10/2018
  • 6. 2. Obstacles found on the road and how to overpass them 2/10/2018 10ZONeSEC overview
  • 7. 11ZONeSEC overview2/10/2018 ZONeSEC key challenges (1/2) • Near real time: Time has to be reasonable short between incident and notification • No lost of any alert: Alert data should be “reliable”. It is mandatory that alerts don’t get lost in transit • No false alerts: Operator need real alerts, not false alerts • All kind of networks: All kind of networks are in use in wide-zones simultaneously • Flexibility: Plug and play: All the security capillaries can enter or leave the system at any moment without affecting the stability of the entire system • Scalability: The resulting system or framework should be scalable to any number of security capillaries and any arbitrary extended area
  • 8. 12ZONeSEC overview2/10/2018 ZONeSEC key challenges (2/2) • Security: Security has to be taken into account in all possible layers (including tampering the physical devices) • Portability: The resulting framework should be portable to any localization • Legacy sensors: Already existing sensors (aka “legacy sensors”) should be included in the framework as seamlessly as possible • Lack of standards in sensor: Every sensor (new or old) has its own ways • Open platform: The system has to be open allowing the possible addition of new Security capillaries and old legacy systems • Arbitrary extensive area: Area covered can reach hundreds of km • Arbitrary number of sensors: The number of sensor involved can be literally any, including new and old sensors
  • 9. 132/10/2018 13 Solutions adopted in ZONeSEC The success of ZONeSEC is based in five main pillars: 1. Modular architecture with the use of micro services 2. Common data model and common protocol for all sensors/adaptors 3. Use of a decoupled communications framework tailored for any kind of networks and widezones 4. Scalable automatic processing of data (including fusion of data) 5. Security in devices and in net (including tampering and cyber) ZONeSEC overview
  • 11. 17ZONeSEC overview2/10/2018 ZONeSEC sensing solutions The technological solutions used in ZONeSEC are all in the front line of what technology can offer for CIP ZONeSEChas: • Evolved these technologies to become products in many cases • Used these technologies in the field in real premises and scenarios • Integrated all these heterogenous technologies and also “legacy systems Thesetechnologies include: • Sensing solutions • Technological solutions like UAV, video analytics, data fusion, data representation and cyber attacks detection
  • 12. 18ZONeSEC overview2/10/2018 Sensors on the technological edge (1/3) • Distributed Acoustic Sensor (IDAS). IDAS is an optoelectronic system monitoring the acoustic field along an optical fibre cable. Used in detecting movement near a perimeter set. • ULTIMA: Ultima is a heat sensor that can be user also for detection of leakages (gas and liquid).
  • 13. 19ZONeSEC overview2/10/2018 Sensors on the technological edge (2/3) • Spectral Imaging System: This is a novel multi-sensor system with thermal, hyperspectral and SWIR cameras. The processing of the huge amount of spectral video data is locally performed.
  • 14. 20ZONeSEC overview2/10/2018 Sensors on the technological edge (3/3) • Mimo Radar: (Multiple Input Multiple Output RAdio Detection And Ranging), detects intrusions of persons into a secure perimeter marked by a virtual fence. Additionally, the Radar can provide information about the distance, velocity and azimuth angle of a target.
  • 15. 21ZONeSEC overview2/10/2018 Technological solutions (1/7) • AUV: The multirotor and Helly type Mini-UAV systems are equipped with electro-optic sensors including daylight and thermal cameras (CM100V3, UAV Vision) as well as communication devices. • receive Orders from the ZONeSEC System and through the Task-Based Guidance component to prepare the flight plan using analytics functionalities for decision making and to upload it in order to execute the mission. • real-time video stream including metadata (e.g. position, target)
  • 16. 22ZONeSEC overview2/10/2018 Technological solutions (2/7) • Visual analytics: Video footage coming life from IP cameras or the UAV is analyzed to detect cars and people in real time. • Position in KLV format is read and analyzed in real time. Position is sent to central COP • Tracking of each object is created • Modified footage is re-streamed
  • 17. 23ZONeSEC overview2/10/2018 Technological solutions (3/7) • Abnormal behavior detection: Video footage coming life from IP cameras is analyzed to detect behavior of people in real time. We detect movements considered “suspicious” in certain areas.
  • 18. 24ZONeSEC overview2/10/2018 Technological solutions (4/7) • Cyber agent: Cyber agents are software agents able to detect any cyber intrusion and to be trained to detect new threats. The multi-agent system provides continuous analysis of security events in the cyber- domain, aggregating data from many sources and providing the ability to consolidate and correlate monitored data to generate reports and alerts
  • 19. 25ZONeSEC overview2/10/2018 Technological solutions (5/7) • Data fusion (SDAIM): SDAIM performs data and information fusion to aid and improve the decision making process of the Widezone operatives. This core function is fulfilled by data and information fusion algorithms configured and executed as event stream processing workflows. The output of the fusion process are alerts for possible illicit situations and behaviours and also supporting information, aimed at the Widezone operatives, and provided over a standard messaging interface Configurable Big Data Technologies & Scalable Cloud Computing Infrastructure Fusion Resources Catalogue Management UI Brokered MOM Brokered MOM AMQP Data and Information Fusion Algorithms configured in event stream processing workflows Fusion Session Data Fusion Resources Agent Fusion Process Configuration & Session Instatiation Knowledge Base  Domain Semantics  Knowledge Models  Fusion Actionable Inf. Specialised communicaiton AlertsAMQP Knowledge Federation API Fusion Session Agent High Data Volumes Remote Data Fusion Algorithms Sensor Networks Security Clusters Widezone Geo-data Access/Import API DBs
  • 20. 26ZONeSEC overview2/10/2018 Technological solutions (6/7) • COP and simulation of sensors: Common Operational Picture. The COP displayed a 3D cartographic view of deployed sensors and raised alerts from subsystems. The simulation tools provided means to add geo-localized virtual systems and simulate their inputs to ZONeSEC
  • 21. 27ZONeSEC overview2/10/2018 Technological solutions (7/7) • Security Clusters: The processing of sensors that are related by geographical criteria or any other common criteria are aggregated locally and processed locally (using same SDAIM logic). This provides scalability to the full framework.
  • 22. 282/10/2018 One architecture to integrate all together  Use of a common data model to all ZONeSEC : Data Agreement initiative has been followed  Modular architecture has been used for the core components:  Core: is the data hub and communication module  Micro services: Independent and modular entities  Geographical  Time synchronization  Metadata  Historical alerts  Bidirectional orders ZONeSEC overview
  • 23. 4. Playing in the fields of CIP (Critical infrastructures protection) 2/10/2018 Title Presentation 29
  • 24. 302/10/2018 ZONeSEC is an end-user driven project End users involved from the conception of the project • 4 End-user partners • Advisory Board members from end-user Community • Extended base of end users during project Drive thorough and exhaustive pilot demonstrations and final demonstrations • Water Pipelines • Gas Pipelines • Railway networks • Oil Pipelines • Highways 3030ZONeSEC overview
  • 25. 332/10/2018 Overview pilot activities 23/02/2018 33 Y1 Y2 Y3 Y4 PROJECT TIMELINE FUNCTIONALITY LOWMEDIUMHIGH OIP ACC (M12) OIP ATTD (M25) OIP AQS (M31) OIP DESFA (M37) PILOTS ACC (M40) AQS (M43) ATTD (M47) ZONeSEC overview
  • 26. 392/10/2018 Lessons learnt from Pilots • Need to test integration in remote and “in the field” for a long time in advance • If the architecture works, the communications can beat you • Good Communication is key •Language barrier •Cultural barrier: companies and countries • Team is everything You can always have fun when the job is well done and the team is so great! 3939ZONeSEC overview
  • 27. 402/10/2018 40 Thank you for your time! Q&A ZONeSEC overview Jose Ramon Martinez (Technical coordinator) jose.martinezs@atos.net

Hinweis der Redaktion

  1. 3
  2. 4
  3. 5
  4. 7
  5. 31
  6. 32