Overview of the Project
The extraordinary growth of the Information Society is originating a high dependency on ICT. This provokes that those strongly interrelated technological infrastructures, as well as the information systems that underpin them, become highly critical, since their disruption would lead to high economical, material and, sometimes, human loss. As a consequence, the protection of these Critical Information Infrastructures is becoming a major objective for governments and companies.
Therefore, CRISIS is focused on the design of Security solutions for Critical Information Infrastructures by means of the development of protection, control and evaluation mechanisms. Theses solutions use wireless sensor networks as a main technological platform because that technology facilitates a distributed control and allow the different components of the network to remain operative, even in crisis situations.
In order to guarantee the faultless interoperability of the protection, control and evaluation mechanisms, new security services will be created. These services will be integrated into a Service-Oriented Architecture, specifically devised for Critical Infrastructures, with the aid of a trust management model designed for this purpose.
The functionality of the Architecture will be verified in different ways. On one hand, we will design and develop management and maintenance systems embedded into the Architecture, such as early warning, dynamic reconfiguration and Auditing systems. On the other hand, with the aim of providing support for the infrastructure, we will develop tools for decision support and, risk analysis and management.
Motivation
It
is hard to think of all the countless ways in which today’s Information
and Communication Technologies (ICT) affect us every day. The
phenomenal growth of the Internet and mobile communication, the WTO
(World Trade Organization) basic telecommunications agreement on trade
liberalization, and the rapid technological change, have all played a
very important role, not only in forming a foundation for the
Information Society, but also in influencing each individual’s life.
Due to the phenomenal growth of the information-oriented society,
today’s world has become more dependent on the ICT systems in
organizations and companies. Also, as more information has been opened
to public access, more people can share information on a global basis.
Moreover,
these trends are expected to intensify because ICT and applications are
more and more pervasive to Society, leading to new types of and larger
scale vulnerabilities. Economic and Societal interests go beyond
technical security, as they relate to:
-
Business opportunities and growth: new business models,
virtual enterprising, delocalised workforces, tailored services,
digital asset management, economic value of knowledge, etc.
-
Individual: privacy, confidentiality, intimacy, cyber-crime,
protection of minors, ethics, etc.
-
Society: new dependencies on volatile technologies, long
lasting preservation of knowledge and culture, digital divide, etc.
-
Governments’ recognition and power: interdependencies,
critical infrastructures, national defence, social order, international
governance, etc.
Security issues are not new;
however, as the Internet and other info-communication networks become
an ever-increasing part of our daily lives, so does our dependency upon
their underlying infrastructure. Unfortunately, as our dependency has
grown, so have hostile attacks on infrastructure. Newly discovered
forms of attacks, the availability and wide distribution of attack
tools, as well as the flaws in common desktop software have resulted in
networks becoming increasingly vulnerable. Simple viruses are argued to
have cost billions of dollars worldwide in lost productivity, and
sophisticated distributed denial of service attacks on the Internet are
on the rise. But there is still more threats to come.
On
the other hand, more and more intelligence and autonomy go in
components/systems at lower and lower scale: (i) large scale systems of
casually networked and evolving real-time embedded devices, like
wireless sensors; (ii) mobile codes in heterogeneous and mobile
environments, (iii) volatility of networks and service infrastructures,
etc. Therefore, security issues in the digital environment are becoming
global. That is, geographical and jurisdictional boundaries disappear,
the ultimate basis for “trust” and the recognition of “powers” in the
digital environments are changing, uncontrolled and unlimited access to
potentially harmful technologies increase, and the scale of potential
disruptions is worldwide.
Critical Information Infrastructures (CII)
In
the above innovative scenario, a new mega-infrastructure is emerging
from the convergence of infrastructures of different industry sectors
on the one side, and the Internet communications and the electronic
markets and electronic commerce services on the other. The concept of
Critical Infrastructure is arising.
According to
the European Commission, Critical Infrastructures consist of “those
physical and information technology facilities, networks, services and
assets which, if disrupted or destroyed, would have a serious impact on
the health, safety, security or economic well-being of citizens or the
effective functioning of governments in the Member States. Critical
Infrastructures extend across many sectors of the economy, including
banking and finance, transport and distribution, energy, utilities,
health, food supply and communications, as well as key government
services”. As pointed out by the Commission, some critical
elements in these sectors are not strictly speaking 'infrastructure',
but are in fact, networks or supply chains that support the delivery of
an essential product or service. For example, the supply of food or
water to major urban areas is dependent on some key facilities, but
also on a complex network of producers, processors, manufacturers,
distributors and retailers.
Key sectors of modern
society that are vital to the national security and the essential
functioning of industrialized economies, are dependent on a spectrum of
highly interconnected national (and international) software-based
control systems for their smooth, reliable, and continuous operation.
This information infrastructure underpins many elements of the
aforementioned Critical Infrastructures, and is hence called Critical
Information Infrastructures.
It is precisely in this
scenario where the potential ramifications of network failures and
attacks become greater than ever before. Secure and reliable operation
of these information networks is fundamental to national and
international economy, security, and our quality of life, and what is
worst, the interconnected nature of networks means that single,
isolated disturbances can cascade through and between networks with
potentially disastrous consequences. For these reasons, most
organizations attempt to protect their business systems and control
centers from cyberattacks, but plant control systems, substations,
distribution centers, etc. might not be adequately protected, allowing
the penetration of mission-critical operational systems via unsecured
access points. Potential risks span the spectrum from having data
stolen (industrial espionage) to total loss of power flow control to
substantial physical damage (sabotage).
Just as an
example, Information Technology is emerging as a notable force of
change in power delivery sector. High-speed powerline networks,
automated real-time meters, and other “gateway to the home” devices,
along with the ubiquitous Internet, have enabled new types of entities
to enter the electric power industry. Competition is likely to spur
further demand for information technologies, which will in turn
stimulate the development of advanced control, computing, and metering
technologies. But in today’s environment, traditional external entities
such as suppliers, consumers, regulators, and even competitors must now
have access to segments of the network. This access greatly increases
the security risks to other functional segments of the internal
network. As power systems rely more heavily on computerized
communications and control, system security has become increasingly
dependent on protecting the integrity of the associated information
systems. Part of the problem is that existing control systems,
which were originally designed for proprietary, stand-alone
communications networks, are being connected to the Internet (because
of its well-known productivity advantages and lower costs), but without
systematically adding the technology to make them secure.
Therefore,
it is essential to guarantee the security of information that is
considered of critical importance, from a political, economic,
financial or social standpoint. As a first step, one may think that
Information Security provisions such as authorization, authentication,
encryption, and other basic security services must be added to current
communications protocols. However, the solution is not that easy. The
complexity of the Critical Infrastructure scenarios and applications is
so high that it becomes strongly necessary to provide advanced security
technologies. In order to safeguard countries’ critical information
resources and to guarantee information networks security, the technical
aspects of security in CII need to be the subject of in-deep and
serious study. This is one of the main goals of CRISIS.
Wireless Sensor Networks (WSN)
In CII, all
organizations must attempt to protect their business systems and
control centers from cyberattacks, but plant control systems,
substations, distribution centers, etc. might not be adequately
protected, allowing the penetration of mission-critical operational
systems via unsecured access points. An essential step in the research
of Critical Information Infrastructures is a comprehensive assessment
to determine which underlying communications technologies and security
options are appropriate for utility operations.
It
is very important to point out that CII are characterized by unique
requirements for communications performance, including timing,
redundancy, centers control and protection, and equipment control and
diagnostics. Because they are complex and dynamic infrastructures, they
have many layers, and are vulnerable to many different types of
disturbances. Although strong centralized control is essential to
reliable operations, CII require multiple high-data-rate communication
links, a powerful central computing facility, and an elaborate
operations control center. All of them are especially vulnerable when
they are needed most —during serious system stresses or disruptions.
However,
for deeper protection, intelligent distributed control is strongly
required to keep parts of the network operational. It is commonly
agreed by network experts that Wireles Sensor Networks (WSN) is the
technology that better fulfills features like the ones required by CII.
In fact, WSN can be applied to a large number of areas, and its
applications are continuously growing.
WSN are
composed of hundreds or thousands of inexpensive sensing devices that
have computational and communication resources, and provide a useful
interface to the real world with their data acquisition and processing
capabilities. Sensor nodes are densely deployed either very close or
inside the object to be observed. Inside a WSN, every node is totally
independent, sending data and receiving control packets from a central
system called base station, usually managed by a human user, what fits
with the aforementioned requirement of operation control center for
CII. The purpose of a sensor is very specific: measure the physical
information (such as temperature, sound, movement, etc.) of its
surroundings. A typical sensor node such as MICAZ has a 8Mhz
microprocessor with 128Kb of program flash memory and 512Kb of serial
flash memory. As a result, both hardware modules and
communication/configuration protocols are highly specialized.
In
spite of this, due to the extreme constraints of the devices, a sensor
network is highly vulnerable against any external or internal attack,
thus the infrastructure and protocols of the network must be prepared
to manage these kinds of situations. Protecting the information flow
not only requires a set of power-efficient encryption schemes, but also
an effective key infrastructure in terms of key storage policies, key
distribution procedures and key maintenance protocols. Collecting the
information from a static or dynamic set of nodes and routing it
through the error-prone, unreliable network is a difficult task as
well. Moreover, the network should be able to monitor over any failures
or security breaches in any of its members while self-configuring and
self-healing itself.
Because of these problems, one
may argue that it would be a better solution for CII scenarios to use
another technology rather than WSN. However, there is no better
technology available at this moment. Moreover, experts agree on the
high benefits that this new technology can provide to the many
different facets of Information and Telecommunications Technology.
Therefore, many believe (among them, the members of this research
group) that it is only a matter of starting developing security
solutions for sensor networks, in the same way as years ago the
scientific community started developing security solutions for typical
networks currently under use. That is another one of the main goals of
CRISIS. Besides that, we also have the goal of achieving a successful
deployment of secure sensor nodes solutions for the protection of CII.