Fraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSB


Preventive Methodology and Tools to Protect Utilities

In recent years, we have witnessed an increase in the number and impact of cyber-attacks against industrial control networks. A successful attack might affect, or even endanger, daily human activities. Multiple and diverse countermeasures have been put in place to prevent Advanced Persistent Threat (APT) attacks, but they failed, allowing the latest generation of APT.
The main goal of PREEMPTIVE is to provide an innovative solution for enhancing existing procedures and methods and conceiving tools to prevent against cyber-attacks, that target utility companies relying heavily on industrial networks and automated control systems.
PREEMPTIVE addresses, in particular, the prevention of cyber-attacks against hardware and software systems such as DCS, SCADA, PLC, networked electronic sensing, and monitoring and diagnostic systems used by the utilities networks. Moreover, the research aims to implement detection tools based on a dual approach comprising low direct detection (e.g. network traffic and system calls) and process misbehavior detection (e.g. automatic industrial processes to control water distribution).
PREEMPTIVE proposes to:

  • Enhance existing methodological security and prevention frameworks with the aim of harmonizing Risk and Vulnerability Assessment methods, standard policies, procedures and applicable regulations or recommendations to prevent cyber-attacks.
  • Design and develop prevention and detection tools complaint to the dual approach that takes into account both the industrial process misbehavior analysis (physical domain) and the communication & software anomalies (cyber domain):
    • Industrial process misbehavior detection tools.
    • communication & software related threats prevention and detection tools.
  • Define a taxonomy for classifying the utilities networks taking into account:
    • The utility network type and communication technology used
    • The utility network exposure to Cyber threats
    • The impact to the citizens of services disruption caused by a cyber-attack through the utility network.
  • Define guidelines for improving Critical Infrastructure (CI) surveillance.
  • Validate the PREEMPTIVE framework and innovative technologies in real scenarios with the support of the utility companies involved.

Utility companies will take advantage of PREEMPTIVE results to demonstrate compliance with high-level security requirements that originate from mandates, standards, and guidelines.