Diapositiva 1

advertisement
Meeting 12-13 Giugno
2013
Roma
AGENDA 12 Giugno
11.00 – Benvenuto e presentazione di apertura (SAPIENZA)
11.30 – Incontro con Andrea Guarino (ACEA) e Andrea Cersini
13.00 – Pausa pranzo
14.30 – Presentazione WP1 - stato dei lavori (SAPIENZA)
Interventi:
–
–
–
–
–
–
–
Stato complessivo delle attività (UNIRM)
Modelli di Minacce e Attacchi cibernetici (POLIMI)
Accidental failures (UNINA)
Financial Infrastructure (UNIRM)
Power Grids (UNIPARTHENOPE)
Transportation (POLITO)
Grado di maturità delle varie infrastrutture critiche in Italia (UNIFI)
16.00 – Coffee break
16.30 – Attività di brainstorming parallelo sui tre scenari di riferimento
18.00 – Chiusura Lavori
AGENDA 13 Giugno
09.30 – Sessione di Management (SAPIENZA)
10.00 – Coffee break
10.30 – Presentazione WP2 (POLITO)
11.15 – Presentazione WP3 (UNIPARTHENOPE)
12.00 – Presentazione WP4 (UNITN)
12.45 – Pausa Pranzo
14.15 – Concluding remarks – Action points – Prossimi meeting (SAPIENZA)
15.30 – Chiusura meeting
Breve presentazione
progetto
Partners’ Presentation
Università degli Studi di ROMA "La
Sapienza"
Università degli Studi di NAPOLI
"Federico II"
Politecnico di MILANO
Politecnico di TORINO
Università degli Studi di NAPOLI
"Parthenope"
Università di PISA
Consiglio Nazionale delle Ricerche
Università degli Studi di TRENTO
Università degli Studi di FIRENZE
Three years project
Currently M4
Budget 1.3Meuros
Università degli Studi "Mediterranea"
di REGGIO CALABRIA
Abstract
 growing exposure of the Information Technology (IT) employed
within CIs to the Internet
 attacks are expected to increase in number and scale improving
their precision and accuracy
 Improve global situational awareness through IT-based
information sharing, which today is mostly done by
rudimentary means
 gathering, processing and correlating huge amounts of
streaming and static data understanding anomaly behaviors
and learning automatically constantly changing cyber threats
Abstract
 TENACE has the objective of defining collaborative (whenever
appropriate), technical and organizational methodologies to raise the
protection of such CIs with the specific target of looking at the common
steps in order to develop a unifying methodology and understanding the
underground economics fuelling an attacker.
 Development of algorithms, models, architectures and tools as the
means to enable the effective protection of critical infrastructures
enhancing their degree of security and dependability.
 TENACE will address cyber attacks, combination of cyber and physical
attacks and cyber frauds.
 TENACE solutions will be validated against real data sets to produce
innovative ideas, methodologies, algorithms, software artifacts and
infrastructures
Scenarios
 Financial infrastructures. The increasing reliance on networked systems
made financial organizations rapidly becoming the favorite victims of
distributed attacks which result in both short and long term economic
losses due to the lack of service availability and infrastructural resilience,
and the decreased level of trust on behalf of the customers.
 Power grids: The complexity of SCADA control systems, resulting in
millions of components from hundreds of different manufacturers and
software from many developers, along with the upgrade of legacy
systems to more familiar operating systems such as Microsoft Windows
or Linux, increased the number of potential cyber vulnerabilities that can
be exploited by malicious parties.
 Transportation systems: wide range of transport applications, such as
transit operations, maintenance and scheduling, administration, payroll,
automatic vehicle location, signaling systems. Although transportation
systems were mainly targeted for physical attacks (e.g., Madrid 2004 and
London 2005), these systems are also considered vulnerable to cyber or
combined cyber-physical attacks.
Mapping partners-scenarios
Project Directions
Methodologies for raising the degree of protection (i.e., security and
dependability) of CIs and to get shorter attack reaction time. Such
methologies should clearly separate common protection procedures at
different CIs and protection procedures characterizing a specific CI.
Algorithms for detecting specific (direct and indirect) attacks to a CIs that are
able to improve the level of protection by considering a continuously evolving
adversary.
Distributed architectures for CIs, their components, either off-the-shelf (OTS)
and legacy, and their resiliency requirements will be studied, in order to define
algorithms and middleware architectures for improving protection attributes
of future CIs.
Tools and techniques for modeling and evaluating the degree of protection of
CIs will be designed. Among the others, the project will investigate CI-specific
penetration testing; vulnerability injection tools will be also designed and
evaluated.
Economic Sciences. Understanding the underground economics fuelling an
attacker and understanding the reason to attack a financial infrastructure
Architecture
WP1: Tutti i Partner (CISUNIROMA Leader)
WP2: POLITO (Leader), CNR,
CIS-UNIROMA, UNINA, UNIFI
WP3: UNIPARTHENOPE
(Leader), UNINA, CNR, CISUNIROMA, UNIRC, UNIFI
WP4: UNITN (Leader) CISUNIROMA, UNINA, UNIPI,
UNIRC
WP5: Tutti i Partner (UNINA
Leader)
Upcoming Events
OPODIS (Deadline 23 June)
ICDCS (June 2014, Madrid, Spain)
• Workshop proposal
– (submission) Middle september 2013
– (notification) october 2013
Download