Protection and Security of Networked Critical Infrastructures
Institute for the Protection and the Security of the Citizen
The Action SCNI aims at providing policy support and performing research on the security of networked infrastructures, including information systems, communication networks, and industrial control systems. Its main objective is the development of knowledge, methods and tools for supporting the relevant European policies, as for instance in the determination of criteria for the identification and designation of European Critical Infrastructures.
The main interest is on cross-border and European-wide problems. This will be done in the context of the European Programme for Critical Infrastructure Protection.
The action concentrates on the cyber and topological aspects of infrastructures and their interdependencies, and studies their vulnerabilities (at the technological and system levels), the potential malicious threats that might affect them, the related detrimental attacks, and the countermeasures that can be put in place for securing those systems.
It will also study the gathering, exchange and generation of security-relevant data, with emphasis on design of security experiments and security metrics, and the handling and analysis of security experimental data. All these subjects require the development of European-wide standards still to be established. In order to be able to do so, a European Reference Network for Experimental CIP (ERN-CIP) has already been proposed in the context of EPCIP -initiative where the JRC will act as facilitator.
The focus is on providing policy makers and the stakeholders of critical infrastructures with information and instruments for a better understanding of the risks, for the qualitative and quantitative evaluation of the security issues, for the determination of the security condition of systems.
From the technological perspective, the action studies the security of industrial control systems (e.g. SCADA, protection and defence systems, monitoring systems), of communication infrastructures (e.g. Internet protocols and WAN), and their application in concrete industrial environments (e.g. electric power).
The action will develop the following activities:
1.) models and methodologies for the assessment of networked systems, their weaknesses, potential malicious actions that can be deployed for attacking them, and the effectiveness of countermeasures;
2.) design and development of experimental security facilities;
3.) tools for data sharing and information exchange, for the construction of assurance cases for infrastructure systems,
4.) criteria for the identification and designation of critical information infrastructures and ICT systems and
5.) support to standardisation initiatives in the protection and verification of vulnerability of networked infrastructures.