Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma
description
Transcript of Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma
![Page 1: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/1.jpg)
Safeguarding Information Intensive Critical Infrastructures against novel types of emerging
failures
Safeguarding Information Intensive Critical Infrastructures against novel types of emerging
failures
Sandro Bologna
ENEA – CAMO Modelling and Simulation Unit
CR Casaccia, 00060 Roma
Sandro Bologna
ENEA – CAMO Modelling and Simulation Unit
CR Casaccia, 00060 Roma
Workshop on Safeguarding National Infrastructures: Integrated Approaches to Failure in Complex Networks
Glasgow, 25-26 August, 2005
![Page 2: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/2.jpg)
www.enea.it
![Page 3: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/3.jpg)
Actors(environmental conditions, adversaries, insiders, terrorists, hackers…)
Weaknessesmagnifythreatpotential
Countermeasuresreducesthreatpotential
Effectsmagnify theentireproblem
Threat x VulnerabilitiesRisk= x Impact Countermeasures
Extension of the concept of Risk Assessments to Critical Infrastrucure(originally elaborated from Manuel W. Wik “Revolution in Information Affairs”)
RISK based approach
![Page 4: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/4.jpg)
Actors(environmental conditions, adversaries, insiders, terrorists, hackers…)
Weaknessesmagnifythreatpotential
Countermeasuresreducesthreatpotential
Effectsmagnify theentireproblem
Threat x VulnerabilitiesRisk= x Impact Countermeasures
Extension of the concept of Risk Assessments to Critical Infrastrucure(originally elaborated from Manuel W. Wik “Revolution in Information Affairs”)
RISK based approach
ENEA FaMoS MULTIMODELLING APPROACH FOR VULNERABILITY ANALYSIS AND
ASSESSMENT
![Page 5: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/5.jpg)
Actors(environmental conditions, adversaries, insiders, terrorists, hackers…)
Weaknessesmagnifythreatpotential
Countermeasuresreducesthreatpotential
Effectsmagnify theentireproblem
Threat x VulnerabilitiesRisk= x Impact Countermeasures
Extension of the concept of Risk Assessments to Critical Infrastrucure(originally elaborated from Manuel W. Wik “Revolution in Information Affairs”)
RISK based approach
ENEA SAFEGUARD approach to reduce threat potential against
existing SCADA
![Page 6: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/6.jpg)
Layered networks model
Physical
Infrastructure
Cyber-
Infrastructure
Organisational Infrastructure
Intra-dependency
Inter-dependenc
y
![Page 7: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/7.jpg)
Three Layers Model for the Electrical InfrastructureThree Layers Model for the Electrical Infrastructure
Electrical ComponentsElectrical Componentsgenerators, transformers, breakers,generators, transformers, breakers,
connecting cables etcconnecting cables etc
Control and supervisory hardware/software components
(Scada/EMS systems)
Electrical Power OperatorsIndependent System Operator
for electricity planning and transmission
Intra-dependency
National Electrical Power Transmission Infrastructure
Telecomunication Infrastructure
Oil/Gas Transport System Infrastructure
Foreign Electrical Transmission Infrastructure
Inter-dependency
![Page 8: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/8.jpg)
US CANADA BLACK-OUTPower System Outage Task Force Interim Report
![Page 9: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/9.jpg)
General layout of typical control and supervisory General layout of typical control and supervisory infrastructure of the electrical grid infrastructure of the electrical grid
Area 1
Area 2Area 3
Substations Loads GeneratorPhysical Network
Physical electrical layer (high-medium voltage)
Control and management layer (SCADA system)
SIA-R
SIA-RSIA-R
CNCCC CC
SIA-C SIA-CSIA-C
Remote Units Control CentresData management
network
WAN (Wide Area Network)
Data Concentrator
![Page 10: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/10.jpg)
Governments and industry organizations have recognized that all the automation systems collectively referred as SCADA are potential targets of attack from hackers, disgruntled insiders, cyberterrorists, and others that want to disrupt national infrastructures
SCADA networks has moved from proprietary, closed networks to the arena of information technology with all its cost and performance benefits and IT security challenges
A number of efforts are underway to retrofit security onto existing SCADA networks
NEW VULNERABILITIES
![Page 11: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/11.jpg)
1. Adoption of standardized technologies with known vulnerabilities
2. Connectivity of control systems to other networks
3. Constraints on the use of existing security technologies and practices due to the old technology used
4. Insecure remote connections
5. Widespread availability of technical information about control systems
NEW RISKS TO SCADA
![Page 12: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/12.jpg)
SCADA Security Incidents between 1995 and 2003 (source Eric Byres BCIT)
![Page 13: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/13.jpg)
SCADA Security Incidents by Type (source Eric Byres BCIT)
![Page 14: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/14.jpg)
SCADA External security incidents by entry point (source Eric Byres BCIT)
![Page 15: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/15.jpg)
SAFEGUARD ARCHITECTURE
Cyber Layer of Electricity NetworkHome LCCIs
Topology agent
Negotiation agent
MMI agent
Other LCCIsForeign Electricity
NetworksTelecommunication
Networks -------------------
Correlation agent
Action agent
Low
-level ag
en
tsH
igh
-level ag
en
ts
Diagnosiswrappers
Intrusion Detection wrappers
Hybrid Anomaly Detection
agents
Actuators
Safeguard agent Architecture for Large Complex Critical Infrastructures (LCCIs)
Commands and information Information only
Local nodesprotection
Network global protection
![Page 16: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/16.jpg)
SAFEGUARD ARCHITECTURE
Cyber Layer of Electricity NetworkHome LCCIs
Negotiation agent
MMI agent
Low
-level ag
en
tsH
igh
-level ag
en
ts
Diagnosiswrappers
Intrusion Detection wrappers
Hybrid Anomaly Detection
agents
Commands and information Information only
Local nodesprotection
At Level 1 – identify component failure or attack in progress
Hybrid anomaly detection agents utilise algorithms specialised in detecting deviations from normality. Signature-based algorithms are used to classify failures based on accumulated functional behaviour.
![Page 17: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/17.jpg)
SAFEGUARD ARCHITECTURE
Cyber Layer of Electricity NetworkHome LCCIs
Topology agent
Other LCCIsForeign Electricity
NetworksTelecommunication
Networks -------------------
Correlation agent
Action agent
Low
-level ag
en
tsH
igh
-level ag
en
ts
Diagnosiswrappers
Intrusion Detection wrappers
Hybrid Anomaly Detection
agents
Actuators
Commands and information Information only
Local nodesprotection
T
At level 2: Correlate different kind of information
Correlation and Topology agents correlate diagnosis
Action agent replaces functions of failed components
![Page 18: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/18.jpg)
SAFEGUARD ARCHITECTURE
Cyber Layer of Electricity NetworkHome LCCIs
Topology agent
Negotiation agent
MMI agent
Other LCCIsForeign Electricity
NetworksTelecommunication
Networks -------------------
Correlation agent
Action agent
Low
-level ag
en
tsH
igh
-level ag
en
ts
Diagnosiswrappers
Intrusion Detection wrappers
Hybrid Anomaly Detection
agents
Actuators
Safeguard agent Architecture for Large Complex Critical Infrastructures (LCCIs)
Commands and information Information only
Local nodesprotection
Network global protection
At level 3: operator decision supportMMI agent supports the operator in the reconfiguration strategy Negotiation agent supports to negotiate recovery policies with other interdependent LCCIs.
![Page 19: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/19.jpg)
An example of Safeguard Agents
Home LCCI
Wrapperagents
Actuator(s)
Hybrid detector agents
Topology agent
Correlation agent
Action agent0
Negotiation agent
MMI
Other LCCIs
Correlation agent(s)
Action agent(s)
Low
-level agents
Hig
h-l
evel agents
ECHD DMA EDHD
![Page 20: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/20.jpg)
Event Course Hybrid Detection agent
Home LCCI
Wrapperagents
Actuator(s)
Hybrid detector agents
Topology agent
Correlation agent
Action agent0
Negotiation agent
MMI
Other LCCIs
Correlation agent(s)
Action agent(s)
Low
-level agents
Hig
h-l
evel agents
ECHD DMA EDHD
![Page 21: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/21.jpg)
ECHD (Event Course Hybrid Detetector) Agent
Prologue
Event Course Hybrid Detector extracts information about a certain process from the sequences of events generated by such process
It could recognize or not sequences of events that it has learned partially with information captured by the expert of the process and partially with an on-field training phase
When it recognize a sequence it associate also an anomaly level to the sequence (timing discordance from the learned one).
![Page 22: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/22.jpg)
SCADA System Configuration for the Italian Transmission
Electrical Network (GRTN-ABB)
ECHD
ECHDECHD
ECHD
![Page 23: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/23.jpg)
Start processing of a Telemeasure (t0)
E(t1)
E(t2)E(t3)
E(t5)E(t6) E(t4)
RECOGNISING A PROCESS RECOGNISING A PROCESS FROM THE SEQUENCE OF FROM THE SEQUENCE OF
EVENTS IT PRODUCESEVENTS IT PRODUCES
SCADA system is instrumented with “Sensors”
![Page 24: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/24.jpg)
Data Mining Agent
Home LCCI
Wrapperagents
Actuator(s)
Hybrid detector agents
Topology agent
Correlation agent
Action agent0
Negotiation agent
MMI
Other LCCIs
Correlation agent(s)
Action agent(s)
Low
-level agents
Hig
h-l
evel agents
ECHD DMA EDHD
![Page 25: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/25.jpg)
DMA (Data Mining) Agent
Prologue
Data Mining is the extraction of implicit, previously unknown, and potentially useful information from data.
A Data Miner is a computer program that sniffs through data seeking regularities or patterns.
Obstructions: noise (the agent intercepts without distinction all that happen in the Net) and computational complexity (as consequence it is impossible the permanent monitoring of the traffic in order to not jeopardize SCADA functionalities)
![Page 26: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/26.jpg)
SCADA System Configuration for the Italian Transmission
Electrical Network (GRTN-ABB)
DMA
DMA
![Page 27: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/27.jpg)
DMA (Data Mining) Agent
Use of Data Mining techniques in Safeguard project.
DMA observes TCP packets flowing inside the port utilised by the message broker of the SCADA system emulator.
After a learning phase, DMA should be able discriminate between normal packet sequences and anomalous ones, raising an alarm in the latter case.
![Page 28: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/28.jpg)
The Safeguard approach( a Middleware on the top of existing SCADA
Systems or just a retrofitted add-on device to the existing SCADA)
Safeguardagents
![Page 29: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/29.jpg)
RTU Remote Terminal UnitSCADA System Safeguarding SCADA Systems
Safe Bus
Safe Bus API Interface
RTU Remote Terminal
Unit
Safe Bus API Interface
Actuators Anomaly Detectors
RETROFITTED ADD-ON SOLUTIONRETROFITTED ADD-ON SOLUTION
Safe Bus API Interface
RTURemote
Terminal Unit
Correlators
![Page 30: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/30.jpg)
RTU Remote Terminal UnitSCADA SystemSafeguarding SCADA
Systems
Safe Bus
Safe Bus API Interface
RTU Remote Terminal
Unit
Safe Bus API Interface
Actuators Anomaly Detectors
RETROFITTED ADD-ON SOLUTIONRETROFITTED ADD-ON SOLUTION
Safe Bus API Interface
RTURemote
Terminal Unit
Correlators
Utilities have significant investment in SCADA equipment. SCADA and similar control equipment
are designed to have significant lifetimes.
Protection mechanisms should not be developed that require major replacement of existing
equipment in the near term.
![Page 31: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/31.jpg)
RTU Remote Terminal UnitSCADA SystemSafeguarding SCADA
Systems
Safe Bus
Safe Bus API Interface
RTU Remote Terminal
Unit
Safe Bus API Interface
Actuators Anomaly Detectors
RETROFITTED ADD-ON SOLUTIONRETROFITTED ADD-ON SOLUTION
Safe Bus API Interface
RTURemote
Terminal Unit
Correlators
Because of the limited capabilities of the SCADA processors, protection mechanisms should be implemented as a retrofitted add-on device.
![Page 32: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/32.jpg)
RTU Remote Terminal UnitSCADA SystemSafeguarding SCADA
Systems
Safe Bus
Safe Bus API Interface
RTU Remote Terminal
Unit
Safe Bus API Interface
Actuators Anomaly Detectors
RETROFITTED ADD-ON SOLUTIONRETROFITTED ADD-ON SOLUTION
Safe Bus API Interface
RTURemote
Terminal Unit
Correlators
SCADA systems are designed for frequent (near real-time) status updates. Protection mechanisms
should not reduce the performance (reading frequency, transmission delay, computation) below
an acceptable level.
![Page 33: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/33.jpg)
HOW SAFEGUARD MIGHT SUPPORT
MANAGING MAJOR SYSTEMS OUTAGE
![Page 34: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/34.jpg)
Pre-incident network in n-1 secure state
Island operations fails due to unit tripping
NETWORK STATE OVERVIEW & ROOT CAUSES
Event tree from UTCE report
ITALY BLACK-OUT(From UCTE Interim Report)
24 minutes
1-2 minutes
![Page 35: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/35.jpg)
Pre-incident network in n-1 secure state
Island operations fails due to unit tripping
In SAFEGUARD system Correlator agent intercepts anomalies and failures inside the sequence of events and
Action agent try to re-execute the unsuccessful commands.
NETWORK STATE OVERVIEW & ROOT CAUSES
ITALY BLACK-OUT(From UCTE Interim Report)
![Page 36: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/36.jpg)
Pre-incident network in n-1 secure state
Island operations fails due to unit tripping
SAFEGUARD might help to recognize the anomaly state and call for adequate
countermeasures
NETWORK STATE OVERVIEW & ROOT CAUSES
(From UCTE Interim Report)
![Page 37: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/37.jpg)
In this specific case ETRANS needs as corrective measures which are necessary to comply with the N-1 rule, also action to be undertaken in the Italian system.
This was confirmed by the check list available to the ETRANS operators, which explicitly mentions that, in case of loss of Mettlen-Lavorgo, the operator should call GRTN, inform GRTN about the loss of the line, request for the pumping to be shut down, generation to be increased in Italy. This clause is mentioned in Italian on the ETRANS checklist for this incident.
COORDINATIONS PROBLEMS BETWEEN SYSTEM OPERATORS
(From UCTE Interim Report)
![Page 38: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/38.jpg)
In this specific case ETRANS needs as corrective measures which are necessary to comply with the N-1 rule, also action to be undertaken in the Italian system.
This was confirmed by the check list available to the ETRANS operators, which explicitly mentions that, in case of loss of Mettlen-Lavorgo, the operator should call GRTN, inform GRTN about the loss of the line, request for the pumping to be shut down, generation to be increased in Italy. This clause is mentioned in Italian on the ETRANS checklist for this incident.
SAFEGUARD makes available a Negotiation Agent in duty for
coordination among different operators
(From UCTE Interim Report)
![Page 39: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/39.jpg)
US CANADA BLACK-OUTPower System Outage Task Force Interim Report
![Page 40: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/40.jpg)
The “State Estimation” tool, doesn’t work in the regular way because a critical information (a line connection status) is not correctly acquired by the SCADA system.
The data utilized by the State Estimator could be corrupted by an attack or by a fault inside SCADA system
On August 14 at about 12:15 EDT, MISO’s stateestimator produced a solution with a high mismatch(outside the bounds of acceptable error).This was traced to an outage of Cinergy’sBloomington-Denois Creek 230-kV line—althoughit was out of service, its status was notupdated in MISO’s state estimator.
US CANADA BLACK-OUT
![Page 41: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/41.jpg)
A SAFEGUARD anomaly detection agent has the duty to verify the correctness level of the data that must be used by the State Estimator. If the State Estimation tool knows what data can be considered “good” or “bad” it has the capability to furnish a more correct state of the network.
US CANADA BLACK-OUTTask Force Interim Report
![Page 42: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/42.jpg)
2A) 14:14 EDT: FE alarm and logging softwarefailed. Neither FE’s control room operatorsnor FE’s IT EMS support personnel wereaware of the alarm failure.
The Alarm system of FirstEnergy electrical Company doesn’t work correctly and the operators are not aware of this situation
US CANADA BLACK-OUT
![Page 43: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/43.jpg)
2A) 14:14 EDT: FE alarm and logging softwarefailed. Neither FE’s control room operatorsnor FE’s IT EMS support personnel wereaware of the alarm failure.
Safeguard Correlator agent could detect failures inside Alarm system correlating the sequences of signals flowing from RTUs towards Control Centres.
US CANADA BLACK-OUTTask Force Interim Report
![Page 44: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/44.jpg)
CONCLUSIONSCONCLUSIONS
INCREASING NEED TO TRANSFORM TODAY’S CENTRALISED, DUMB NETWORKS INTO SOMETHING CLOSER TO SMART, DISTRIBUTED CONTROL NETWORKS
SAFEGUARD MULTI-AGENT SYSTEM TECHNOLOGY CAN WORK IN AN AUTONOMOUS MANNER AS AN ADD-ON SYSTEM, INTERACTING BOTH WITH THEIR
ENVIRONMENT AND WITH ONE-OTHER
MULTI-AGENT SYSTEM TECHNOLOGY, COMBINED WITH INTELLIGENT SYSTEMS, CAN BE USED TO AUTOMATE THE FAULT DIAGNOSIS ACTIVITY AND TO SUPPORT
OPERATORS IN THE RECOVERY POLICIES.
INCREASING NEED OF INTELLIGENT DATA INTERPRETATION TO CAPTURE NOVELTIES AND PROVIDE OPERATORS WITH EARLY WARNINGS.
![Page 45: Sandro Bologna ENEA – CAMO Modelling and Simulation Unit CR Casaccia, 00060 Roma](https://reader036.fdocuments.us/reader036/viewer/2022070417/56815493550346895dc2a393/html5/thumbnails/45.jpg)
International Workshop on
Complex Network and Infrastructure Protection
CNIP 2006
March 28-29, 2006 - Rome, Italy
http://ciip.casaccia.enea.it/cnip/