ATENA

Introduction

The ATENA consortium brings together thirteen European partners from eight countries that span the gamut of essential services expertise, including CI (Critical Infrastructure) operators (IEC from Israel, CREOS from Luxembourg and SWDE from Belgium), industrial partners, research centres and SMEs.

The partners share expertise in network security, Automation Control System (IACS) security, digital modelling and real-time software development to improve the efficiency and resilience of modern critical infrastructure against a wide range of cyber and physical threats, which in addition to malicious attacks include unexpected faults that may affect the efficiency or the correct behaviour of industrial and IACS, corporate networks or simple ICT devices.

Who is the project designed for?

ATENA is developing a Software Defined Security paradigm combining new anomaly detection algorithms and risk assessment methodologies within a distributed environment, and will provide a suite of integrated ICT networked components and advanced tools embedding innovative algorithms for both correct static CI configuration and fast dynamic CI reaction in presence of adverse events.

Design and development of ATENA platform is driven by the security needs of energy and water domains but could be extended to any type of essential services which require real time warning and reactive systems to protect their infrastructure. Professional end users will validate project results by applying ATENA tools in real-life business-oriented use cases for electricity, gas, water distribution.

How is your project benefitting the end-user?

The “prevent-detect-react” approach against adverse events is enhanced and supported by:

• a distributed and self-improving Intrusion and Anomaly Detection System (IADS) using Big Data technology to early detect anomalous behaviour and state.
• on-line advanced real-time detection and risk assessment capability
• tools to assess/evaluate the potential menaces that affect system’s assets and to identify-, one by one, all the countermeasures to be put in place to guarantee the desired security level.
• reaction strategies to be suggested and eventually executed (human-in-the-loop paradigm) to mitigate the consequences of detected treats or anomalies
• advanced models of the possibly interdependent CI networks
• Software Defined Security (SDS) to bring the results and innovation of Software Defined Networks (SDN) technology in modern CIs
• on line risk strategies provided to CI’s operators for prevention and mitigation of the possible threats and of the degradation of QoS of the interdependent CIs.

Moreover, the ATENA platform is designed to continuously suggest actions on OT and ICT networks, but executes actions under the operators’ supervision : installation of the ATENA platform leaves unchanged the OT network and integrates seamlessly to existing ICT network, preserving existing CI investments.

Please briefly describe the results your project achieved so far

The first period of the project allowed to establish the scientific and technical basis to reach the main objective of the project :

1. Develop a Unified Modelling Framework and with ad hoc models to control physical flow efficiency and improve resilience across CIs against threats of their IACSs and related ICT infrastructure.
2. Define dynamic security paradigms for resilience of Cyber-Physical systems;
3. Develop new anomaly detection algorithms and risk assessment methodologies within a distributed Cyber-Physical environment. In parallel with these theoretical research, the consortium has started to develop specific software and devices to valid this approach: probes for detection layers, asset management system, simulators, validation test bed, etc.

Today, the consortium has the main modules of the entire detection-analysis-reaction system and started the integration of the module in the overall architecture.

What are the next steps for your project?

The next step of the project can be summarised in three words: integration, validation and demonstrations:

1. Integrate the suite of ICT networked components for detection and reaction in presence of adverse events in industrial distributed systems to be able to detect, assess and propose reaction strategy to CI operators.
2. Validate the ATENA models and tool suite in significant Use Cases especially using a dedicated hybrid testbed developed by IEC for electrical distribution but also on water and gas distribution uses cased provided by CREOS and SWDE.
3. Demonstrate the solution to future stakeholders to establish a real market strategy for the overall modules.