NTNU CCIS –En resurs forenergisektoren

(1)

NTNU CCIS – En resurs for energisektoren

Vasileios Gkioulos ([email protected]) PostDoc, NTNU

Nils Kalstad Svendsen ([email protected]) Head of Department and Center Host

Department of Information Securitry and Communication Technology & Center for Cyber and Information Security

www.ntnu.no/ iik www.ntnu.no/ ccis

(2)

Information Security and

Privacy Management

Cyber Defence Critical

Infrastructure Security and

Resilience e-Health and

Welfare Security

2

NTNU Digital Forensics

Group

Norwegian Biometrics Laboratory

CCIS Centre for Cyber and Information Security

https:/ / www.ntnu.edu/ ccis

(3)

http://reports.weforum.org/digital-transformation/

(4)

I htt ps:// w ww.vegvesen.no/ t rafi kkinformasjo n/ Reiseinformasjon/ Trafi kkmeld inger/ We bkamera

+

t l rd e n

+

1st 1nd

-y Bardu

JD

e

^I ^I ^.,

.,9 . 3 ,1,.i

1'

tt e ndalstJnd en • I ^{l stl nd} -^•

)t._ - ..

Tj e ld- W _Tl''\

/' m ;k ,

, ^\

. ....i,ilL .Li',/jj[ ^{Fro st l} St o r st e ln s -

e '] " SkJo m da len __

G r, t o va

O'{a

o va

!' .nd o r:Ja de

R,:,lla H a rs ta d

Dy roy a

oh e

I

Rl n;JVasso va s o l t lnd a n. I el nc,ya - - , w

V.

v e ng so ya

+

^J

6 T r o m so t lnd a n e

S ki tt e n-

[ t _ : nsl a Is- fj e lla n 4# ,

A " T A

• ' Jle h kJ e-

i

Be n tsjo rd - ' var r l Ma n nd al en

ti nd en .,.,, KSfjord d a l e

\ <.' .: .

f/4 .. ^\;. ¹

/ "T-

, a6n@.»

·'i «2

HJe r t tl nd en

St at e ns ve gve se n

509 moh

Se stort b ildeISe største bilde Værvarsel fra yr.no for Ga Igo

-

Im

telenor

start iot " ,

lilNTNU

(5)

•

Foto: Nord-Salten Kraftlag

(6)

24.000.000.000 NOK/yr vs

19.000.000.000 NOK/yr

Operational ability

1) World Economic Forum: The Global Information Technology Report 2013 (http:/ / www3.weforum.org/ docs/ WEF_GITR_Report_2013.pdf) 2) https:/ / csis-prod.s3.amazonaws.com/ s3fs-public/ legacy_files/ files/ attachments/ 140609_rp_economic_impact_cybercrime_report.pdf

• 10 % increase in digitalization 0.75% increas of GDP¹⁾

• Estimated cost of cyber crime in Norway: 0.64% fo GDP²⁾

(7)

ITU Global Cyber Security Index 2017: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf

(8)

https://www.csec2017.org/

(9)

NTN U M alw are Lab

\

Referansedat a

CCIS Slet t meg

Infr ast rukt ur

Finans-CERT

} or svARET

- Cyber forsva r et

Jørstad mo en FIH

Offent lige v ir kso m het er

I

SIVILFORSVARET

Supply

'\ telenor _• _{NorsI S}Norsk senter for inform asj onssikring

NTNU Digit al sikkerhet

Siv ilfo rsvaret POD

Jørst ad m o en CYFOR Teleno r

NSM

Kraft -CERT INN

EVRY Net t vet t

CSIRT

.l

Innov asj o n Norge

REPUBLIC OF ESTONIA MINISTRY OF DEFENCE

1111111TALLINN UNIVERSITY OF

"TI! '

^{r«econoo o}

^NTNU

Kunnskap for en bedre verden

(10)

e Sikke r https:/ /www.ntn u .no/ncsc

l!INT N U

^Studier St udent livv Forskningv Om NTNUv Kalender d v Søk Q

> Norw egian Cyber Security Challenge

NM I CYBERSIKKERHET

Norwegian Cyber Securit y Challenge 20 18

Digitaliseringen av samf unnet driver frem et stort behov for IKT kompet anse generelt og kompetanse t ilabeskytte infrast ukt uren, informasjonen og syst emene som avhenger av informasjonen spesielt. Norwegian Cyber Security Challenge 2018 (NCSC18) har som malsetning a finne unge talenter (ialdersgruppen 16 - 25 ar) innen cybersikk erhet og motivere disse tila^utvikl e seg videre.

Deltagerne i NCSC får sikkerhet sutfordringer knyttet t il områder som web, mobil,HW ,RF og loT i t illegg til krypt onott er, reverse engineer ing og forensics, og vil bli vurdert ut fra hvor lang t id de bruker paalose de ulike oppgavene.

It illegg tilavere et NM i cybersikkerhet danner ogsa NCSC18 grunnl ag for utt ak av deltageire t il laget som skal representere Norge under European Cyber Security Challenge 2018 i London. Innledende kvalifiseringsrunder blir fra7-15.april 20 18og finalen 16.j uni20 18 .

Innledende runde er åpen 7.t il 15. April 2018.

(_ Registrer tag )

Nasj ona l fi nale er 16. Juni 2018paNTN U Ca mpus Gj øvik.

Europea n Cyb er Security Cha llenge 2018 (ECSC18)gar

i London 14. t il 18. Okt ober 2018.

Sist e påmeldingsfr ist t il innledende runde er13.april 2018 k l. 12:00.

Partnere

e NTNU CCIS

Cent er for Cy ber and

lnfor ation Security I v»r - o Mø,JL.or a r +

(11)

á

(12)

ENHANCING CYBER SECURITY SITUATIONAL AWARENESS IN THE ENERGY SECTOR

Gkioulos Vasileios, PhD - [email protected] Norwegian University of Science & Technology

Department of Information Security and Communication Technology Center for Cyber and Information Security (CCIS)

Critical Infrastructure Security and Resilience group

Tel: +47 61135162, Skype: vgkioulos, Office: A106 (NTNU i Gjøvik)

(13)

Norwegian University of Science and Technology

SITUATIONAL AWARENESS

Progressively increasing situational awareness levels, towards decision making within a current environmental state.

3-Projection: Of the future status 2-Comprehension: Of the current situation

1-Perception: Of elements within a current situation

Attaining situational awareness involves both technical and cognitive challenges, primarily in reference to data processing and analysis, while resolving these challenges allows the progression across situational awareness levels.

(14)

CYBER SECURITY SITUATIONAL AWARENESS

Suitable mechanism for assessing, evaluating and inferring knowledge about security incidents, across both the time and space dimensions.

A holistic approach for enhancing cyber security situational awareness across the energy sector, seeking to facilitate the integration of:

I. information sources, II. analysis tools,

III. decision makers, IV. and effectors.

(15)

A GENERIC ARCHITECTURAL APPROACH FOR CSSA

(16)

TOWARDS CSSA

SP-1: Definition and

refinement of the overall CSSA architecture,

requirements, constraints,

interfaces etc

(17)

TOWARDS CSSA

Situation recognition / comprehension

SP-2: Identification of domain specific information instances and sources that require

monitoring from distributed sensors, along with the

corresponding semantics, such as their relationships and

evolving attributes.

Accordingly, SP2 will classify these elements across a

stratified

compartmentalization of CSSA within the energy

sector (e.g. network/ system

awareness, threat awareness,

operational awareness).

(18)

TOWARDS CSSA Situation recognition / comprehension

SP-3: Development of suitable data pre-processing methods for the information sources identified within SP2. SP3 will investigate pre-processing methods (e.g. sanitization,

fusion, normalization, collation), seeking to facilitate the efficient conversion and combination of unstructured data for further processing (e.g. storage, context inference, visualization).

(19)

TOWARDS CSSA Situation recognition / comprehension

SP-4: Development of

automated event processing and correlation mechanisms for dynamic inference. Within SP4 automated methods (e.g.

machine learning, pattern mining, pattern analysis, inference engines) will be

utilized for the transformation of raw data to meaningful

information, and subsequently to trustworthy/ actionable

intelligence.

(20)

TOWARDS CSSA Situation comprehension / mitigation

SP-5: Consolidating the orthogonal viewpoints of

automated CSSA mechanisms (bottom-up) and human

cognition (top-down). SP5 will seek methods for automating human expert cognitive SA

processes, and integrating them at a layer higher to the results of SP3. SP4 will allow for a layered human-in-the-loop approach in CSSA, aiming to enable automated situational assessment and incident

management, while maintaining human expertise (e.g. intuition, insights, experience).

(21)

TOWARDS CSSA Situation comprehension / mitigation

SP6: Development of suitable visualization tools, for the

projection of the systems’

runtime state, but also incidents and incident patterns. Such tools must allow the analysis and

projection of past states and correlated data (e.g for

forensics analysis), but also current and potential future incident-evolution projections.

(22)

(23)

A D D I T I O N A L C H A L L E N G E S

Uncer tainty Impact assessment

Adversarial behavior and situation tracking Quality of Infor mation

Abstraction Target System Evolution

Adversarial noise

(24)

R E S E A RC H C O L L A B O R AT I O N S ( I N D I C AT I V E L I S T )

• NTNU IDI: Cybersecurity, Safety, and Resilience of Smart cities

• NTNU ITK: Navigation System Security in Unmanned Autonomous Marine Vessels

• Institutt for energiteknikk — IFE

• Statnett

• Statkraft

• Eidsiva

• Telenor

• KraftCERT

• NC-spectrum

• Mnemonic

• KALOS

• IIIT Kanpur, India

• IIIT Allahabad, India

• CERTH, Greece

• University of Geneva

• Imperial College London

• Istituto di Informatica e Telematica – IIT

• Singapore University of Tec hnology and design

• University of Cape Town, South Africa

• University of Pretoria, South Africa

(25)

CURRENT PROJECTS: CYBER-PHYSICAL SECURITY IN ENERGY INFRASTRUCTURE OF SMART CITIES (CPSEC)

● Start date: 1 June 2018; End date: 31 May 2021

● Budget: NOK 13,982,000; Funding: NFR, NOK 6,977,000

● Partners: NTNU CCIS, IFE, IIIT Allahabad, IIIT Kanpur

• The “Cyber-Physical Security in Energy Infrastructure of Smart Cities” (CPSEC) project proposes a comprehensive and systemic approach combining cyber and physical security solutions to protect energy installations in smart cities.

• The main technical output of the project will be the Integrated Security, Safety and Site Management (IS3M) platform which will cover a wide variety of concepts, including,

systemic risk management, prevention by design, monitoring and detection, response and mitigation, and information sharing.

(26)

CURRENT PROJECTS: FUTURE TAMPER-PROOF DEMAND RESPONSE FRAMEWORK THROUGH SELF-CONFIGURED, SELF-OPTIMIZED AND COLLABORATIVE VIRTUAL DISTRIBUTED ENERGY NODES (DELTA)

● Start date: 1 May 2018; End Date: 30 April 2021

● Budget: 3,873,625 EUROs; Funding: H2020

● Partners: CERTH (GR), HIT (CY), AIK (CY), UoC (CY), KIWI (UK), JRC (BE), CCICC (IE), E7 (AT), UPM (ES), NTNU (NO)

• DELTA proposes a Demand-Response management platform that distributes parts of the Aggregator’s intelligence into lower layers of a novel architecture, based on Virtual Power Plant principles.

• DELTA will set the milestone for data security in future DR applications by not only

implementing novel block-chain methods & authentication mechanisms, but also by making use of Smart Contracts which would further secure & facilitate Aggregators-to- Prosumers transactions.

(27)

CURRENT PROJECTS: CYBER POWER PRAXIS: A STUDY OF WAYS TO IMPROVE UNDERSTANDING AND GOVERNANCE IN THE CYBER DOMAIN

● Start date: Spring 2018; End Date: Spring 2021

● Budget: 1 PhD candidate (Ben Knox); Funding: Self-funded

• This project aims to implement and validate methods and approaches designed to enhance understanding and develop modes of leadership agile enough to improve praxis when faced with multiple dilemmas from the emerging effects of cyber power in multiple domains.

(28)

THE DEPARTMENT OF INFORMATION SECURITY AND COMMUNICATION TECHNOLOGY

80 employees in Gjøvik and Trondheim

Research in areas of biometrics, cyber defence, critical infrastructure protection, cryptography, digital forensics, e-health and well being, intelligent transportation systems, internet of things, information security management, malware,

NTNU CCIS –En resurs forenergisektoren