The JRC has developed innovative software to assess the cyber-security of connected critical infrastructures (CIs), such as railway systems, energy networks or power plants. The AMICI software, which stands for Assessment platform for Multiple Interdependent Critical Infrastructures, provides a novel experimental approach as it takes into account both the virtual and the physical aspects of modern interconnected CIs.
These CIs are strongly interdependent and the dependencies often work both ways. Railroads, for example, depend on electrical power supply which in turn depends on ICT networks, which again depend on electric power.
AMICI can capture the complexity of these interactions entirely and can fully analyse the vulnerabilities of such complex systems, in contrast to traditional methods, such as software simulators or ad-hoc platforms equipped with instruments for testing and experimentation (test-beds). These traditional approaches rely either on pure simulation, or on experiments with real components only and can therefore only be used to test individual infrastructures but not their interactions. In addition, recent malware, such as Stuxnet - the first computer malware able to physically damage industrial systems - has highlighted the lack of an efficient methodology to conduct experiments measuring the impact of cyber-threats against both the physical and virtual dimensions of CIs.
With AMICI, the JRC has developed a powerful experimentation tool that can be applied to assess how widespread the cyber disruptions on the normal CI functioning are and to validate novel (security) techniques (e.g. software and protocols), specifically designed for multiple interdependent CIs. It can also be employed to implement realistic preparedness exercises and operator training scenarios, in which a player can directly see the effect of his decisions and actions on the simulated physical CIs.
More details about AMICI have been released in a JRC scientific report 'The AMICI framework for the security study of cyber-physical systems' where researchers can find a description about the real-time execution of physical process models and how they can interact with real cyber systems (e.g. ad-hoc software or even real malware).