In our Tool Kit Library (page run by project partner ICCS) you will find all of your public tools for the analysis and evaluation of cyber-physical risks to the water systems.
And here some of our results dealing with the strategic and tactical risk assessment and treatment framework.
| What is the solution? | The Risk Assessment and Treatment Framework consists of two systems: The first sub-system is a representation of concepts, data and entities describing water Infrastructures and related cyber-physical threats. The collected knowledge can be accessed through a web application, the Risk Exploration Tool (RET). While the RET is publicly available, the second sub-system is designed to support water utilities in their strategic and tactical planning and therefore should be installed in their local infrastructure. Common elements of both sub-systems are: a) the Risk Identification Database (RIDB), b) the Risk Reduction Measures Database (RRMD) and c) an algorithm, which proposes potential risk mitigation measures for a given risk. |
| What challenges are addressed? | Semantic interoperability is the goal of making information machine-readable by giving them unambiguous, shared meaning. Numerous semantic models exist representing digital and physical systems and linking them with operations accessing the data. However, cyber-physical threats in water infrastructures have not been studied yet in an integrated approach extensively. Therefore, there is a lack of interoperability and data sharing in systems responsible for risk management at the operational, tactical and planning level. Another challenge lies in the need to find a methodology that relates identified risks and risk reduction measures in a way that is expandable and viable at the same time. As the list of both, risks and measures, may grow into large numbers over time, a possible matching methodology should be automatized and not solely rely on expert judgment. |
| What is the innovation? | Based on a systematic approach, a representation of concepts, data and entities describing water Infrastructures and related cyber-physical threats has been defined, partly by combining and reusing existing ontologies in related fields. The resulting new ontology allows data of CP threats in water infrastructures to be shared and reused across application, enterprise, and community boundaries without prior knowledge of the data structure, taking advantage of the semantic relation between the defined terms, as demonstrated with RET and the entire Risk Assessment and Treatment Framework. Furthermore, an innovative solution has been elaborated, allowing the identification of possible risk reduction measures for a given risk, based on common characteristics. |
| Contact | Aitor Corchero (Eurecat): aitor.corchero@eurecat.org
Christos Makropoulos (KWR): Christos.Makropoulos@kwrwater.nl |
| What is the solution? | The integrative approach of the Risk Analysis and Evaluation toolkit (RAET), provides state of art solutions throughout the risk assessment steps, to help utilities strengthen existing capabilities and improve cyber-physical preparedness. RAET supports water experts to a) identify, b) analyse and c) evaluate cyber and physical risks on water CIs and their combinations, as well as to d) support the choice of appropriate risk treatment options and evaluate their effectiveness, in an integrative manner. It is comprised of tools for preliminary hazard analysis, fault tree analysis, threat scenario formulation, embedded cyber-physical simulation engines (including hydraulics and quality simulators), results exploration and dashboard applications, along with sector related cyber-physical risks and assorted mitigation measures database. By adopting the RAET solution, water utilities will be able to a) gain a clearer understanding of their strengths and vulnerabilities in a cyber-physical oriented way b) analyse promising interventions and countermeasures and stress test them against the same or other attacks c) investigate low probability – high impact scenarios and d) quantify costs and benefits which will eventually support them develop strategies to better prepare for risks that may occur in the future. |
| What challenges are addressed? | Converging cyber and physical security , assessing cyber-physical threats, and subsequently preparing against them can be a daunting task that requires multidisciplinary approaches and information from multiple sources that span from expert judgment to state-of-art models. There is a need for a system with integrative and modular architecture, that unifies cyber and physical security approaches for contemporary CIs under a common, flexible and scalable platform. Such approach, should also help preserve data integrity and ensure continuous, relevant information flow between multiple users (risk managers, modelers etc.) and multidisciplinary processes. |
| What is the innovation? | RAET forms an innovative all-in-one solution that aids risk managers and strategic planners in cyber-wise water utilities. Innovations of the platform lay in each of the components. To allow for cyber-physical Preliminary Hazard Analysis, the enhanced Infrarisk-CP can be utilised to explore generic incidents and follow a semi-quantitative assessment for water infrastructures and their interdependencies. Generic incidents are based on generic cyber-physical scenarios from the risk identification data base (RIDB) developed under task T3.2, or adapted to site-specific conditions. The structure of assessment is the linkage between generic incidents and physical assets or societal critical functions of the infrastructure relevant to the scenario. Risk pictures finally derive based on assessment of frequencies and consequences, and criticality scores of the societal critical functions. To facilitate the first steps of risk assessment, the platform builds on the rigorous Fault Tree architecture to capture and analyse the intricate, oftenly cascading paths of failure throughout the urban water cycle for both cyber and physical incidents. Next, the Toolkit Library (TL) utilizes an innovative methodology to support users identify those tools and models which can analyze and evaluate a given risk, based on their declared capabilities. The intuitive Scenario Planner (SP) guides the users to render relevant threat details and form scenarios, while also hides all underlying model specific input data and takes care of the file modifications for the nested simulation engines. Thus, the toolkit acts as a wrapper for the nested cyber-physical simulation tools, simplifying and unifying the way the users interact with them. Results can be further explored through embedded components that help utilities to better understand and evaluate the scenario outcomes, based on the organization’s risk criteria. Additionally, RAET implements the matching algorithm developed in T4.5, which sorts out potential mitigation measures for a given risk, to be explored and evaluated. Besides the seamless workflow between state-of-art risk assement components, the advantages of RAET also lay in the support of installation alternatives (Local, Intranet or Cloud) as well as of multiple user profiles, with associated access and editing rights for data and components. |
| Contact | Christos Makropoulos (KWR): Christos.Makropoulos@kwrwater.nl
George Karavokiros (ICCS): george@itia.ntua.gr
Eivind Okstad (SINTEF): Eivind.H.Okstad@sintef.no |
| What is the solution? | The Asset Vulnerability Assessment to Risk Events (AVAT) tool is acting as a procedural “step-by-step” guide for the assessment of vulnerability of water distribution system assets taking into consideration the specific characteristics of the assets and the importance of the components for water supply and their “attractiveness” to be attacked. |
| What challenges are addressed? | AVAT shows the criticality of each element in the water network, using vulnerability metrics. The tool can score different configurations of the network. |
| What is the innovation? | AVAT allows for quick and simple evaluation of the network vulnerability, which helps the user to focus on the most critical elements. |
| Contact | Elad Salomons (Technion): eladsa@technion.ac.il
Avi Ostfeld (Technion): ostfeld@cv.technion.ac.il |
| What is the solution? | Stress tests are essential risk and safety assessment approaches designed to associate the severity of a potential threat scenario with its impact on the system or the society. STOP-IT cyber–physical threats stress testing platform (STP), can be divided into two distinct but interconnected parts. The first component comprises the assembly of software solutions, able to model water networks as combined cyber-physical systems, simulating the information flow of the cyber layer (sensors, actuators, PLCs etc) and the feedback interactions with the physical processes under control (e.g. remote valve or pump operations etc). Thought the utilised hydraulic solver for the physical processes and customizable network model for the SCADA system, the platform solutions are capable of implementing complex control logic schemes within a simulation. The second component of the platform is oriented towards enhancing human skills and organizational capabilities promoting a more holistic understanding on the subject of strategic and tactical planning against the emerging cyber-physical threat landscape. To this end, the platform assists utilities with the provision of an innovative training-by-gaming approach to facilitate managers and teams that seek to reveal, understand, articulate, demonstrate and/or develop their inherent repertoire of resilient performance in face of unexpected deviations, disturbances and shocks. Through the training-by-gaming approach, the trainees are offered an opportunity to select and apply preexisting mitigation strategies formalized through the STOP-IT project, adapt them to their local contexts, propose revisions with potential applicability for other organizations, or develop entirely new strategies and add them to a common repository. |
| What challenges are addressed? | As our water systems evolve and experience the merits of digitalization, they also get exposed to cyber threats like denial of service (DoS) attacks, hacking, data manipulation and sabotage. As a result, the typical models and tools used so far to simulate and represent the system behaviour based solely on the physical layer operations, are no longer valid. Integrative approaches taking into account both, the cyber and the physical layer, are not yet mature and do not cover all needs of a water utility in the strategic planning. A combination of CP events may result to rare but with high impact scenarios. Even when crucial CP threads have been identified, their severity and impact is usually difficult to estimate. Boundary conditions and other details of a scenario may influence significantly its outcome. In addition, awareness and better understanding on the utility’s cyber-physical security needs and strategy must be promoted and efficiently communicated to the personnel, through innovative and comprehensive approaches. Such training approaches should also incite trainees to identify additional organizational measures that, in harmony with the formalized strategies, will facilitate the resilient response to events and circumstances beyond what is expected and hence what they are prepared for. |
| What is the innovation? | The cyber-physical threats stress testing platform solutions enable the examination of composite cyber-physical attacks on various elements of the SCADA, including sensors, actuators, and PLCs, assessing the impact that such attacks have on the response of the network and the provided level of services. Advanced stress-testing procedures allow for multi-scenario assessment and identification of critical parameters and black-swan scenarios, which can be further explored through the evaluation and dashboard components. It also allows for the testing and evaluation of different cyber and/or physical layer configurations (different sensors/ different positions), towards selecting an optimal solution and redesign for the network. In respect to the training-by-gaming approach, it facilitates the dynamic combination of classical contingency and preparedness strategies, with development of resilience capabilities that enable the utilities to adapt generic strategies to their own organizational contexts, but also enables them to deal with unprecedented disruption and surprise from complex environments, in a manner that facilitates learning across organizational boundaries. The game is from the outset a board game, but digital support in terms of virtualizing the gaming artefacts and supporting the interventions of the game facilitator is on the way. |
| Contact | Rita Ugarelli (SINTEF): Rita.Ugarelli@sintef.no
Christos Makropoulos (KWR): Christos.Makropoulos@kwrwater.nl
Tor Olav Grøtan (SINTEF): Tor.O.Grotan@sintef.no |
| What is the solution? | The Risk Identification Data Base is a simple map in an Excel format, which identifies the risk events related to physical and cyber threats on water distribution systems. |
| What challenges are addressed? | The tool highlights threat possibilities that should be investigated and their interrelated connections, which indicate that an event might occur. |
| What is the innovation? | This is a new comprehensive database for physical and cyber threats on water distribution systems. |
| Contact | Elad Salomons (Technion): eladsa@technion.ac.il
Avi Ostfeld (Technion): ostfeld@cv.technion.ac.il |
| What is the solution? | The Risk Reduction Measures Database (RRMD) is a collection of mitigation measures that can serve to establish a strategy for the minimization of the effect of materialization of risks inside the water critical infrastructure. It it related to the identified risks of the Risk Identificiation Data Base (RIDB). |
| What challenges are addressed? | All kinds of identified risks (cyber and physical). |
| What is the innovation? | Suitable risk reduction measures are automatically identified for a selected risk. |
| Contact | Hans-Joachim Mälzer (IWW): a.maelzer@iww-online.de
Aitor Corchero (EURECAT): aitor.corchero@eurecat.org |
| What is the solution? | This is only the supporting document for the Risk Reduction Measures Database (look above). |
| What challenges are addressed? | This is only the supporting document for the Risk Reduction Measures Database (look above). |
| What is the innovation? | This is only the supporting document for the Risk Reduction Measures Database (look above). |
| Contact | Hans-Joachim Mälzer (IWW): a.maelzer@iww-online.de
Aitor Corchero (EURECAT): aitor.corchero@eurecat.org |
| What is the solution? | The validation plans including the Key Performance Indicators (KPI) per demonstration site are a methodology for STOP-IT tool and platform validation, based on end user experience. |
| What challenges are addressed? | The challenge is to provide an integrated validation schema that takes into account diverse user requirements (specified in D3.3) as well as tool use cases (specified in D7.1) and project KPIs. |
| What is the innovation? | A validation methodology, consistent with user requirements and tool demo design (use cases), that places the end user first and that is easy to apply. |
| Contact | Dimitrios Bouziotas (KWR): Dimitrios.Bouziotas@kwrwater.nl |
