CRISIS
CRitical Information Infrastructures Security based on Internetworking Sensors
Research project funded by the Spanish Ministry of Education. Duration: November 2006 - November 2009

Overview of the Project

The extraordinary growth of the Information Society is originating a high dependency on ICT. This provokes that those strongly interrelated technological infrastructures, as well as the information systems that underpin them, become highly critical, since their disruption would lead to high economical, material and, sometimes, human loss. As a consequence, the protection of these Critical Information Infrastructures is becoming a major objective for governments and companies. Therefore, CRISIS is focused on the design of Security solutions for Critical Information Infrastructures by means of the development of protection, control and evaluation mechanisms. Theses solutions use wireless sensor networks as a main technological platform because that technology facilitates a distributed control and allow the different components of the network to remain operative, even in crisis situations. In order to guarantee the faultless interoperability of the protection, control and evaluation mechanisms, new security services will be created. These services will be integrated into a Service-Oriented Architecture, specifically devised for Critical Infrastructures, with the aid of a trust management model designed for this purpose. The functionality of the Architecture will be verified in different ways. On one hand, we will design and develop management and maintenance systems embedded into the Architecture, such as early warning, dynamic reconfiguration and Auditing systems. On the other hand, with the aim of providing support for the infrastructure, we will develop tools for decision support and, risk analysis and management.

Motivation

It is hard to think of all the countless ways in which today’s Information and Communication Technologies (ICT) affect us every day. The phenomenal growth of the Internet and mobile communication, the WTO (World Trade Organization) basic telecommunications agreement on trade liberalization, and the rapid technological change, have all played a very important role, not only in forming a foundation for the Information Society, but also in influencing each individual’s life. Due to the phenomenal growth of the information-oriented society, today’s world has become more dependent on the ICT systems in organizations and companies. Also, as more information has been opened to public access, more people can share information on a global basis.

Moreover, these trends are expected to intensify because ICT and applications are more and more pervasive to Society, leading to new types of and larger scale vulnerabilities. Economic and Societal interests go beyond technical security, as they relate to:

  • Business opportunities and growth: new business models, virtual enterprising, delocalised workforces, tailored services, digital asset management, economic value of knowledge, etc.
  • Individual: privacy, confidentiality, intimacy, cyber-crime, protection of minors, ethics, etc.
  • Society: new dependencies on volatile technologies, long lasting preservation of knowledge and culture, digital divide, etc.
  • Governments’ recognition and power: interdependencies, critical infrastructures, national defence, social order, international governance, etc.
Security issues are not new; however, as the Internet and other info-communication networks become an ever-increasing part of our daily lives, so does our dependency upon their underlying infrastructure. Unfortunately, as our dependency has grown, so have hostile attacks on infrastructure. Newly discovered forms of attacks, the availability and wide distribution of attack tools, as well as the flaws in common desktop software have resulted in networks becoming increasingly vulnerable. Simple viruses are argued to have cost billions of dollars worldwide in lost productivity, and sophisticated distributed denial of service attacks on the Internet are on the rise. But there is still more threats to come.

On the other hand, more and more intelligence and autonomy go in components/systems at lower and lower scale: (i) large scale systems of casually networked and evolving real-time embedded devices, like wireless sensors; (ii) mobile codes in heterogeneous and mobile environments, (iii) volatility of networks and service infrastructures, etc. Therefore, security issues in the digital environment are becoming global. That is, geographical and jurisdictional boundaries disappear, the ultimate basis for “trust” and the recognition of “powers” in the digital environments are changing, uncontrolled and unlimited access to potentially harmful technologies increase, and the scale of potential disruptions is worldwide.

 Critical Information Infrastructures (CII)

In the above innovative scenario, a new mega-infrastructure is emerging from the convergence of infrastructures of different industry sectors on the one side, and the Internet communications and the electronic markets and electronic commerce services on the other. The concept of Critical Infrastructure is arising.

According to the European Commission, Critical Infrastructures consist of “those physical and information technology facilities, networks, services and assets which, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens or the effective functioning of governments in the Member States. Critical Infrastructures extend across many sectors of the economy, including banking and finance, transport and distribution, energy, utilities, health, food supply and communications, as well as key government services”. As pointed out by the Commission, some critical elements in these sectors are not strictly speaking 'infrastructure', but are in fact, networks or supply chains that support the delivery of an essential product or service. For example, the supply of food or water to major urban areas is dependent on some key facilities, but also on a complex network of producers, processors, manufacturers, distributors and retailers.

Key sectors of modern society that are vital to the national security and the essential functioning of industrialized economies, are dependent on a spectrum of highly interconnected national (and international) software-based control systems for their smooth, reliable, and continuous operation. This information infrastructure underpins many elements of the aforementioned Critical Infrastructures, and is hence called Critical Information Infrastructures.

It is precisely in this scenario where the potential ramifications of network failures and attacks become greater than ever before. Secure and reliable operation of these information networks is fundamental to national and international economy, security, and our quality of life, and what is worst, the interconnected nature of networks means that single, isolated disturbances can cascade through and between networks with potentially disastrous consequences. For these reasons, most organizations attempt to protect their business systems and control centers from cyberattacks, but plant control systems, substations, distribution centers, etc. might not be adequately protected, allowing the penetration of mission-critical operational systems via unsecured access points. Potential risks span the spectrum from having data stolen (industrial espionage) to total loss of power flow control to substantial physical damage (sabotage).

Just as an example, Information Technology is emerging as a notable force of change in power delivery sector. High-speed powerline networks, automated real-time meters, and other “gateway to the home” devices, along with the ubiquitous Internet, have enabled new types of entities to enter the electric power industry. Competition is likely to spur further demand for information technologies, which will in turn stimulate the development of advanced control, computing, and metering technologies. But in today’s environment, traditional external entities such as suppliers, consumers, regulators, and even competitors must now have access to segments of the network. This access greatly increases the security risks to other functional segments of the internal network. As power systems rely more heavily on computerized communications and control, system security has become increasingly dependent on protecting the integrity of the associated information systems. Part of the problem is that existing control systems, which were originally designed for proprietary, stand-alone communications networks, are being connected to the Internet (because of its well-known productivity advantages and lower costs), but without systematically adding the technology to make them secure.
 
Therefore, it is essential to guarantee the security of information that is considered of critical importance, from a political, economic, financial or social standpoint. As a first step, one may think that Information Security provisions such as authorization, authentication, encryption, and other basic security services must be added to current communications protocols. However, the solution is not that easy. The complexity of the Critical Infrastructure scenarios and applications is so high that it becomes strongly necessary to provide advanced security technologies. In order to safeguard countries’ critical information resources and to guarantee information networks security, the technical aspects of security in CII need to be the subject of in-deep and serious study. This is one of the main goals of CRISIS.

Wireless Sensor Networks (WSN)

In CII, all organizations must attempt to protect their business systems and control centers from cyberattacks, but plant control systems, substations, distribution centers, etc. might not be adequately protected, allowing the penetration of mission-critical operational systems via unsecured access points. An essential step in the research of Critical Information Infrastructures is a comprehensive assessment to determine which underlying communications technologies and security options are appropriate for utility operations.

It is very important to point out that CII are characterized by unique requirements for communications performance, including timing, redundancy, centers control and protection, and equipment control and diagnostics. Because they are complex and dynamic infrastructures, they have many layers, and are vulnerable to many different types of disturbances. Although strong centralized control is essential to reliable operations, CII require multiple high-data-rate communication links, a powerful central computing facility, and an elaborate operations control center. All of them are especially vulnerable when they are needed most —during serious system stresses or disruptions.

However, for deeper protection, intelligent distributed control is strongly required to keep parts of the network operational. It is commonly agreed by network experts that Wireles Sensor Networks (WSN) is the technology that better fulfills features like the ones required by CII. In fact, WSN can be applied to a large number of areas, and its applications are continuously growing.

WSN are composed of hundreds or thousands of inexpensive sensing devices that have computational and communication resources, and provide a useful interface to the real world with their data acquisition and processing capabilities. Sensor nodes are densely deployed either very close or inside the object to be observed. Inside a WSN, every node is totally independent, sending data and receiving control packets from a central system called base station, usually managed by a human user, what fits with the aforementioned requirement of operation control center for CII. The purpose of a sensor is very specific: measure the physical information (such as temperature, sound, movement, etc.) of its surroundings. A typical sensor node such as MICAZ has a 8Mhz microprocessor with 128Kb of program flash memory and 512Kb of serial flash memory. As a result, both hardware modules and communication/configuration protocols are highly specialized.

In spite of this, due to the extreme constraints of the devices, a sensor network is highly vulnerable against any external or internal attack, thus the infrastructure and protocols of the network must be prepared to manage these kinds of situations. Protecting the information flow not only requires a set of power-efficient encryption schemes, but also an effective key infrastructure in terms of key storage policies, key distribution procedures and key maintenance protocols. Collecting the information from a static or dynamic set of nodes and routing it through the error-prone, unreliable network is a difficult task as well. Moreover, the network should be able to monitor over any failures or security breaches in any of its members while self-configuring and self-healing itself.

Because of these problems, one may argue that it would be a better solution for CII scenarios to use another technology rather than WSN. However, there is no better technology available at this moment. Moreover, experts agree on the high benefits that this new technology can provide to the many different facets of Information and Telecommunications Technology. Therefore, many believe (among them, the members of this research group) that it is only a matter of starting developing security solutions for sensor networks, in the same way as years ago the scientific community started developing security solutions for typical networks currently under use. That is another one of the main goals of CRISIS. Besides that, we also have the goal of achieving a successful deployment of secure sensor nodes solutions for the protection of CII.