Training: Lectures

CIPRNet is active to prepare the European Infrastructures Simulation and Analysis Centre
[Click for more information]EISAC (European Infrastructure See computer simulation.
[Click for more information]Simulation and Analysis Center) improving the competence and knowledge of the European See critical infrastructure protection
[Click for more information]CIP Expert community. To this end it arranges and supports information exchange via lectures and conferences hosted or performed by CIPRNet partners. These lectures will be announced on this web page. The lectures are generally arranged as open access scheme, even if in some cases there might exist restrictions. Some lectures will be provided also as web streams.

Announcements of CIPRNet lectures will be published on this web page. Stay tuned!

By Prof. Roberto Setola (University Campus Bio-Medico of Rome), 8^th February 2017

Venue: Lithuanian Institute of Energy, Kaunas (LT) 

In the presence of complex scenarios characterised by the presence of several and inter-dependent actors and elements, the usual approaches for process to comprehend the nature of risk and to determine the level of risk
[Click for more information]Risk Analysis based on the evaluation of chance of something happening
[Click for more information]likelihood and impact cannot be able to capture all the aspects, especially those related to "extreme events". The lecture will illustrate such a phenomena suggesting to approach process to comprehend the nature of risk and to determine the level of risk
[Click for more information]Risk Analysis in a holistic perspective adopting an All-source of potential harm
[Click for more information]Hazard framework. 

By Prof. Michal Choras and Dr. Rafal Kozik (University of Science and Technology in Bydgoszcz, Poland), 17^th January 2017, 18:00-19:00

Venue: room B111, building ΧΟΔ02, new campus, University of Cyprus, Nicosia (CY)

In this presentation, current situation and challenges related to cyber security of Critical Infrastructures (CI) are discussed. Presented study shows that cyber-related threats should be concerned as important factor incorporated into strategic analysis of infrastructure disruptions, consequences evaluation, and assessment of systems dependencies. During the talk, selected innovative cyber security solutions and approaches were presented. 

Flyer download 

By Prof. Roberto Setola (University Campus Bio-Medico of Rome), 9^th December 2016

Venue: University of Kent, Canterbury (UK)

In the presence of complex scenarios characterised by the presence of several and inter-dependent actors and elements, the usual approaches for process to comprehend the nature of risk and to determine the level of risk
[Click for more information]Risk Analysis based on the evaluation of chance of something happening
[Click for more information]likelihood and impact cannot be able to capture all the aspects, especially those related to “extreme events”. The lecture illustrated such a phenomena suggesting to approach process to comprehend the nature of risk and to determine the level of risk
[Click for more information]Risk Analysis in a holistic perspective adopting an All-source of potential harm
[Click for more information]Hazard framework.

To top

By Prof. Mattia Frasca (University of Catania), 5^th December 2016, 11.00

Venue: T15, Trapezio building, University Campus Bio-Medico of Rome

In this talk Prof Frasca discussed dynamical robustness of a complex network to noise injected through one of its nodes. The focus is on synchronization of coupled nonlinear systems and, as a special instance of this phenomenon, the consensus protocol for linear integrators were also addressed. An exact closed-form expression of the synchronization error for the consensus protocol and an approximate result for chaotic units is established. From this result, we derive that, while structural robustness is known to be significantly affected by attacks targeted to network hubs, in our case dynamical robustness is controlled by both the A topology is given by connections between components of a CI model.
[Click for more information]topology of the network and the dynamics of the units. We provide examples of networks of units where hubs perform better or worse than isolated nodes. The final part of the presentation was the application analyse of this method to power grids, by including a real example (the UCTE European High Voltage grid) and deriving some conclusions on the most and least critical nodes of this network.

To top

by Prof. K. Świrski (Politechnika Warszawska), 21^st October 2016, 12:30 h

Venue: room C8, RCI, UTP Bydgoszcz

This lecture concerns the cybersecurity of DCS (Distributed measure that is modifying risk
[Click for more information]Control Systems), in particular those controlling processes in critical infrastructures such as energy generation and distribu-tion. Selected threats and examples of military malware are discussed. Practical solutions for protections as well as the relevant norms (e.g. NERC, NISA etc.) are overviewed. The conse-quences for hybrid conflicts and homeland security are presented.

by Salvatore D'Antonio (University of Naples Parthenope), 21^st October 2016, 10:20 h

Venue: room C8, RCI, UTP Bydgoszcz

Security Information and An event describes what happens to a component in the CI model if a condition is fulfilled, e.g. the tripping of a transmission line at a certain time.
[Click for more information]Event Management (SIEM) is a consolidated technology that relies on the correlation of massive amounts of security-relevant information in order to detect ongoing attacks and intrusions. This correlation process is usually fed with logs generated by network devices and equipment, thus proving to be ineffective against attacks that affect multiple domains (e.g. physical, logical) or different architectural levels (e.g. network, operating system, application) of a service infrastructure. To bridge this gap, a combination of physical and logical security is required that allows for a more effective protection of the infrastructure. Recently some achievements have been made. For example, SEM (Security An event describes what happens to a component in the CI model if a condition is fulfilled, e.g. the tripping of a transmission line at a certain time.
[Click for more information]Event Monitoring) and SIM (Security Information Management) have merged into SIEM, and LACS (Logical Access measure that is modifying risk
[Click for more information]Control System) and PACS (Physical Access measure that is modifying risk
[Click for more information]Control System) have merged into IM (Identity Management), Security Operation Center (SOC) technology has improved significantly, but much is yet to be done. In this talk an An event describes what happens to a component in the CI model if a condition is fulfilled, e.g. the tripping of a transmission line at a certain time.
[Click for more information]event collection and correlation approach is presented that brings a significant advancement in the convergence of physical and logical security technologies. In this context, "convergence" means effective cooperation (i.e. a coordinated and results-oriented effort to work together) among previously disjointed functions. The proposed approach relies on data fusion techniques to process heterogeneous data and spot evidence of security issues by using complex An event describes what happens to a component in the CI model if a condition is fulfilled, e.g. the tripping of a transmission line at a certain time.
[Click for more information]event pattern detectors that correlate information from multiple architectural layers and domains of the monitored infrastructure. This allows for dependable (i.e. accurate, timely, and trustworthy) detection and diagnosis of attacks, which will ultimately result in the achievement of two goals of paramount importance, and precisely: 1) Guaranteeing the protection of citizens and assets, and 2) Improving the perception of security by citizens. This approach has been validated in three real use cases, with two objectives: 1) Capturing the diversity of the requirements to be satisfied by a platform truly supporting the convergence of physical and logical security technologies; 2) Overcoming fragmentation of security approaches.

To top

by Associated Prof. Mohamed Eid, 18^th October 2016, 10:30-12:00

Venue: National Institute of Applied Sciences (INSA) - Rouen, 685 Avenue de l'Université, F-76801 Saint-Etienne du Rouvray (salles DA-R1-02 et DU-B-RJ-08)

Critical Infrastructures Protection (CIP) requires the development of robust mathematical models and powerful See computer simulation.
[Click for more information]simulation algorithms and software tools. See critical infrastructure protection
[Click for more information]CIP activities aims principally to enhance the CIs resilience facing different kinds of Any indication, circumstance, or event with the potential to disrupt or destroy critical infrastructure, or any element thereof (EU, 2006)
[Click for more information]threat. Then, one of the issues in See critical infrastructure protection
[Click for more information]CIP is the Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]Modelling, See computer simulation.
[Click for more information]Simulation and Analysis (MS&A) of the See critical infrastructure
[Click for more information]CI resilience.

MS&A of the See critical infrastructure
[Click for more information]CI resilience should consider the specific nature of each See critical infrastructure
[Click for more information]CI. CIs are generally distributed, connected, dependent and interdependent. They are also belonging to different types of technology and operating using several types of physical phenomena. A robust mathematical See conceptual model
[Click for more information]model would allow predicting the functional See User-specified behaviour, System-specified behaviour
[Click for more information]behaviour of a See critical infrastructure
[Click for more information]CI facing a well-define Any indication, circumstance, or event with the potential to disrupt or destroy critical infrastructure, or any element thereof (EU, 2006)
[Click for more information]threat under given operational conditions. This would allow the crisis managers to take the best decision at the best moment in order to absorb, mitigate, share, lessen or accept the consequences of the loss of service supply by a set of CIs under a threat's action.

A general review of the concept of resilience and the existing lacks in the common understanding and the use of the concept. How cascade effects impact on the dynamics of the resilience mathematical mode and how dependency/interdependency increase the complexity of the models. A specific interest was given to: the mathematical issues in describing cascade effects.

The targeted audiences are the final courses engineers, PhD followers and professionals concerned by systems' reliability, safety and protection.

Dr. Yohan Barbarin, 18^th October 2016, 08:00-10:00

Venue: National Institute of Applied Sciences (INSA) - Rouen, 685 Avenue de l'Université, F-76801 Saint-Etienne du Rouvray (salles DA-R1-02 et DU-B-RJ-08)

The world is getting more and more interconnected over the years. SCADA systems and large infrastructures follow the same path. Critical / Vital Infrastructures (CI) have been defined by sectors and theirs interconnections can create severe cascading effects. Many examples of such cascading effects occurred over the last two decades. The goal of this lecture is to introduce the context of Critical infrastructure protection (CIP) is the study, design and implemen-tation of measures (pro-action, prevention, preparation, incident response, recovery) aimed to reduce the risk that critical infrastructure fails with serious consequences and..
[Click for more information]critical infrastructure protection (CIP), discuss the role of Dependency is the relationship between two (critical infrastructure) products or services in which one product or service is required for the generation of the other product or service.
[Click for more information]dependency and present ongoing research to prevent and mitigate See cascading failure
[Click for more information]cascading effect.

With the support of Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]Modelling, See computer simulation.
[Click for more information]Simulation and Analysis (MS&A) coupled to Geographic Information System (GIS), the EU project CIPRNet proposes an innovative solution for See critical infrastructure protection
[Click for more information]CIP. The CIPRNet project covers the 4 following area: See critical infrastructure
[Click for more information]CI identification, See critical infrastructure
[Click for more information]CI dependencies, effect of uncertainty on objectives
[Click for more information]risk management and crisis management. A system is being developed on the concept of "federated simulations".

The targeted audiences are the final courses engineers, PhD followers and professionals concerned by systems' reliability, safety and protection.

To top

by Dr. Artūras PETKUS (NATO Energy Security Centre of Excellence, NATO ENSEC COE, Lithuania), 10^th October 2016, 14.30

Venue: CRITIS 2016, UIC Headquarters, Paris (France)

Cyber attacks on key energy infrastructure - and on the electricity system in particular - are increasing, both in number of events or outcomes per defined unit of time
[Click for more information]frequency and sophistication (U.S. Department of Homeland Security). Some countries adopt military doctrines, that could be called "Hybrid War". Unlike its conventional counterpart, hybrid war blends elements of diplomacy, clandestine action, disinformation, sabotage, irregular troops and standard kinetic force to achieve strategic objectives. While hybrid war takes place over several dimensions, it appears that critical energy infrastructure and energy industry of any country could be targeted as part of a wider campaign to reduce the county's ability and willingness to resist. Therefore NATO strives to "continue to develop NATO's capacity to support national authorities in protecting The European Council Directive 2008/114/EC defines: ‘Critical infrastructure’ (CI) means an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic..
[Click for more information]critical infrastructure, as well as enhancing their resilience against energy supply disruptions that could affect national and collective defence, including hybrid and cyber threats" (NATO Warsaw Summit Declaration). NATO Energy Security Center's of Excellence contribution to this priority was presented.

by Prof. Massimo Ficco (Seconda Universita Degli Studi di Napoli), 8^th September 2016, 09:10-10:00

Venue: University of Science and Technology, Bydgoszcz, Poland (Room C8 RCI)

Critical infrastructures represent the pivotal assets and resources upon which the current society greatly relies to support welfare, economy and quality of life.

Nowadays, the trend is to restructure these infrastructures by applying a System of Systems (SoS) concept, where the sparse islands are progressively interconnected by means of proper middleware solution through wide-area networks. The huge complexity of such systems makes more complicated for designers and developers the task of facing integration and configuration issues of both pre-existing and under development systems. Indeed, integration among components may introduce unexpected system behaviours on dependability and performance that usually manifest during systems installation and execution time. Additionally, as they cannot be detected earlier, they require on-site maintenance operations resulting in increased maintenance costs and overspending in terms of personnel resources. A promising way to cope with these new systems, and to lower maintenance costs, is to reproduce such complex and distributed systems locally, and let them run prior to the actual execution on-site in order to get knowledge about their real See User-specified behaviour, System-specified behaviour
[Click for more information]behaviour and define mitigation means and improvement actions. Hybrid and distributed See computer simulation.
[Click for more information]simulation strategies, supported by novel technologies for resources virtualization and working environment reproduction, represent the most promising way to define the needed strategies to actually support such paradigm shift.

To top

by Erich Rome (Fraunhofer), 21^st April 2016

At the SATW Fachveranstaltung "Cyber Security" (Technical An event describes what happens to a component in the CI model if a condition is fulfilled, e.g. the tripping of a transmission line at a certain time.
[Click for more information]event of the Swiss Academy of Technical Sciences) 

Venue: Main building of ETH Zurich, Zurich, Switzerland

A general introduction to the project CIPRNet, with a focus on one of its new capabilities: 'what if' analysis based on federated Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]modelling, See computer simulation.
[Click for more information]simulation and analysis of the See User-specified behaviour, System-specified behaviour
[Click for more information]behaviour of Critical Infrastructures in crisis situations. The capability shall enable crisis managers of civil protection agencies to explore different courses of action in training situations. A new method for outcome of an event affecting objectives
[Click for more information]consequence analysis enables the comparison of the overall outcomes of different courses of action. An extensive conclusion provides experiences and analyses of barriers and success factors of transferring research results on Critical Infrastructures into practical application.

by Bernhard Becker (Deltares) and Andreas Burzel (Deltares), 21^st April 2016

Open Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]Modelling Interface (OpenMI) is an OGC standard that allows time-dependent models to exchange data at run-time. When the standard is implemented, models can run simultaneously and share information at each time step, making See conceptual model
[Click for more information]model integration feasible at the operational level. The possibilities of See conceptual model
[Click for more information]model coupling with Open Modelling Interface (OpenMI) is a modelling standard emerged from the domain of water system simulation.
[Click for more information]OpenMI to modellers and project managers in water related integrated Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]modelling and other interested attendees showed. Different research projects and case studies were presented, where Open Modelling Interface (OpenMI) is a modelling standard emerged from the domain of water system simulation.
[Click for more information]OpenMI has been applied in the past and illustrate the added value of See conceptual model
[Click for more information]model coupling. The webinar includes the fundamentals about computer See conceptual model
[Click for more information]model simulations and computational grids, boundary conditions and See conceptual model
[Click for more information]model forcing.

The Open Modelling Interface (OpenMI) is a modelling standard emerged from the domain of water system simulation.
[Click for more information]OpenMI Webinar was recorded and it is available here!

This webinar covered the following topics:

• What is OpenMI?
• Examples of water flow See computer simulation.
  [Click for more information]simulation models
• Coupling mechanisms
• The Open Modelling Interface (OpenMI) is a modelling standard emerged from the domain of water system simulation.
  [Click for more information]OpenMI configuration editor
• Setting up an Open Modelling Interface (OpenMI) is a modelling standard emerged from the domain of water system simulation.
  [Click for more information]OpenMI composition
• Migrate existing models to Open Modelling Interface (OpenMI) is a modelling standard emerged from the domain of water system simulation.
  [Click for more information]OpenMI compliance
• Demonstration of water related models using Open Modelling Interface (OpenMI) is a modelling standard emerged from the domain of water system simulation.
  [Click for more information]OpenMI 1.4 and SOBEK 3

To top

by Eric Luiijf (TNO), 11^th March 2016

Venue: Cyber Security Academy, The Hague, The Netherlands

A general introduction on Critical Infrastructures, addressing the following topics:

• What are critical infrastructures?
• Importance of The European Council Directive 2008/114/EC defines: ‘Critical infrastructure’ (CI) means an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic..
  [Click for more information]critical infrastructure to society • Background of activities by EU and nations
• Most important phenomena
• Awareness of R&D in this field

by Erich Rome (Fraunhofer), 1^st March 2016

At periodic meeting of the VRGeo consortium 

Venue: Sankt Augustin, Germany

A general introduction to the project CIPRNet, with a focus on one of its new capabilities: 'what if' analysis based on federated Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]modelling, See computer simulation.
[Click for more information]simulation and analysis of the See User-specified behaviour, System-specified behaviour
[Click for more information]behaviour of Critical Infrastructures in crisis situations. The capability shall enable crisis managers of civil protection agencies to explore different courses of action in training situations. A new method for outcome of an event affecting objectives
[Click for more information]consequence analysis enables the comparison of the overall outcomes of different courses of action. 

To top

by Eric Luiijf (TNO), 20^th February 2016

At the Annual Symposium of Engineers Without Borders of the Netherlands (EWB-NL) 

Venue: TU Eindhoven, the Netherlands 

The theme of the Symposium is “Technical Challenges in Disaster Response”. Logistics, averting bottlenecks, coordinating governmental efforts and those of aid organizations – they quickly become the preoccupations of those overseeing disaster relief operations. We all feel compelled to help and we would like to contribute. However this does not always have to be by donating money. Clever ideas and practical solutions are just as valuable. Whether it is to create an app to locate people or an easy to put up construction for shelter, all ideas are useful after a disaster where people are left without anything. Link 

by Prof. Michal Choras and Dr. Rafal Kozik (UTP), 16^th February 2016, 09:30h

Venue: Department of Electrical and Electronic Engineering, University of Cagliari, Building A, Room Mocci, Piazza d\'Armi, 09123, Cagliari, Italy

Abstract: During the lecture the overview of practical cyber-physical security solutions for See critical infrastructure protection
[Click for more information]CIP were presented. Moreover, the results and approach of the CIPRNet project were discussed.

Flyer download

To top

(engl: Practical experiences in technology transfer and criteria for usability in the areas of Critical infrastructure protection (CIP) is the study, design and implemen-tation of measures (pro-action, prevention, preparation, incident response, recovery) aimed to reduce the risk that critical infrastructure fails with serious consequences and..
[Click for more information]Critical Infrastructure Protection and Civil Protection)

by Dr. Erich Rome (Fraunhofer IAIS), Leipzig, 4^th December 2015

An event describes what happens to a component in the CI model if a condition is fulfilled, e.g. the tripping of a transmission line at a certain time.
[Click for more information]Event: SIFO-Fachdialog „Konturen eines technik- und sozialwissenschaftlichen Sicherheitsverständnisses“

Venue: Tagungslounge Leipzig, Leipzig, Germany 

Abstract: The presentation looked into experiences of conditions of successful cooperation between science and users. The See critical infrastructure
[Click for more information]CI area is characterised by specific security challenges (complex, interdependent, sometimes cross-border, constantly changing systems; cascading effects; limited access to sensitive information) and the interplay of a wide range of stakeholders (politicians, authorities, operators, civil / Civil Protection, Research Funding / Community). Research in this area requires the establishment of a relationship of trust with operators and a multidisciplinary, mind-set. A key factor of successful technology transfer is the usability of the developed solutions, for example, decision support systems (that can be used in normal operation and emergency situations). Besides that, a pecuniary value added in industrial operation raises the incentive for investment by operators. The research must closely follow the requirements of end-users from the earliest possible stage on (including support for established standards; links to existing systems; interoperability with existing processes; focus on sense-making, a simple representation and interpretability of results and concrete recommendations for action; fast, time-stamped provision of situational relevant information) and develop easy-to-use solutions that bring real support from the perspective of practitioners.

by Gabriella Fiore, Ph.D. (University of L’Aquila), Rome, 10^th November 2015, 9.30 h

Venue: University Campus Bio-Medico of Rome, Italy

Cyber-Physical Systems (CPSs) are systems found in a wide range of application fields such as power grids, smart buildings, transportation systems and unmanned vehicle systems. CPSs integrate physical processes, computational resources and communication capabilities. The feedback loop between the physical and the computational world through a (wireless) communication network increases the intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with a consequence
[Click for more information]vulnerability of the entire system to failures or to malicious and intentional attacks by an external attacker.

In this talk a novel methodology is presented to estimate the state of the CPS when measurements and measure that is modifying risk
[Click for more information]control inputs are corrupted by sparse attacks based on compressed sensing and error correction techniques.

Specifically, conditions are given for the system to be resilient against packet losses and adversarial attacks (e.g., DoS), characterizing the maximum number of corrupted signals that can be tolerated in order to perfectly recover the true system state.

The methodology was demonstrated with respect to a A scenario consists of a CI model, the initial states of all components and the scenario behaviour that describes the events that happen within the scenario.
[Click for more information]scenario where UAVs cooperatively transport a flexible payload.

Flyer download 

For further information please send an email to Gabriele Oliva at g.oliva(at)unicampus.it

To top

by Eric Luiijf (TNO), TNO Soesterberg for the Dutch National Network for effect of uncertainty on objectives
[Click for more information]Risk Management (NNR), 26^th October 2015.

Since about 2007 the NNR, the National Network effect of uncertainty on objectives
[Click for more information]Risk Management, operates. In September 2012 the informal network has been turned into an association. Various organizations already operate in the field of effect of uncertainty on objectives
[Click for more information]risk management and related areas such as security. NNR functions as an umbrella organisation. Although professorial chairs have been set up, journals, and several trade unions exist, effect of uncertainty on objectives
[Click for more information]risk management as a discipline is still not sharp profiled and the attention to effect of uncertainty on objectives
[Click for more information]risk management is not yet sufficiently anchored in the top of many companies. It therefore seems appropriate to promote contacts between science, government and industry. The NNR organizes 5 to 6 times a year a meeting with speakers from outside and / or from their own circle.

by Rafal Kozik, PhD Eng (University of Science and Technology, UTP, Bydgoszcz, Poland), 26^th October 2015, 13:00

Venue: Sir Alwyn Williams Building (Level 5), School of Computing, University of Glasgow

Abstract: As our world becomes more and more connected via open networks with the cyberspace, many new challenges arise. Therefore, there is a significant effort focused on national critical infrastructures evaluation, simulations and threats analysis. In this presentation current situation and challenges related to cyber security of Critical Infrastructures (CI) are discussed. Presented study shows that cyber-related threats should be concerned as important factor incorporated into strategic analysis of infrastructure disruptions, consequences evaluation, and assessment of systems dependencies.

The lecture covered the following topics:

• General overview of FP7 CIPRNet project
• Current challenges of Critical Infrastructures Protection (CIP) in the area of cyber security
• The problem of increasing number of dependencies and interdependencies between industrial measure that is modifying risk
  [Click for more information]control systems (ICS) and Information and Communication Technologies
  [Click for more information]ICT systems
• General overview of recent cyber attacks impacting Critical Infrastructures
• Overview of different approaches and practical examples of cyber attacks detection

Flyer download

To top

by Bernhard Hämmerli at CRITIS 2015, Berlin, Germany, 7^th October 2015

Abstract

Cloud Computing creates in any infrastructure operator bad feelings. Operators don’t want the infrastructure and think this is a significant loss of measure that is modifying risk
[Click for more information]control. However, when looking in more detail we realize that the facts contradict our feelings: The workforce of Cloud Services is better educated, has often 24by7 security and reaction, has more and quicker option to reconfigure and has often fewer outages. An in-depth analysis discloses a fine grade change of bought and completely self-operated infrastructure towards growing cloud inclusion. An easy to understand example is malware protection: Even when we own the software, unless daily updates from the cloud with newest script files and signature we will not be secure anymore. And it shows perfectly, how the inclusion of the cloud takes place stepwise. The big picture of Cloud Migration: Usually it starts with hybrid solution, where on-premises and cloud are both operating and delivering its part to the overall solution. The seven steps towards cloud migration are.

1.     Know you asset (inventory)
This includes knowing your architecture, the Connections describe links between different components in a CI model.
[Click for more information]connection between systems, the mutual impacts etc.

2.     Know your data, including measure that is modifying risk
[Click for more information]control data

3.     process to comprehend the nature of risk and to determine the level of risk
[Click for more information]Risk Analysis starts by classifying the data and deciding which data are suitable for the cloud. effect of uncertainty on objectives
[Click for more information]Risk is assessed by evaluation how much it would cost, if the data are completely lost or leaked through the cloud. Thereby different data categories such as direct personal and other very sensitive data and general data must be distinguished.

4.     Vendor Contracting Within this stage prior findings on specification and requirements should be presented to the vendors. In following discussions the vendors should have the chance to formulate “how he can support the customer” and to explain “how customers benefit from experience and support for presented top management”.
Security requirements must be clearly communicated up front.

5.     Commissioning and performance acceptance test should be defined up front. A good approach is running each service up front as internal IT process, fully managed and successfully practiced. Afterwards specific services are outsourced successfully. Note: In the discussion the following statement was made: “There is a significant difference between outsourcing and cloud services, with the former being less anonymous than the latter.”

6.     Communication with top management Conclusion: Consolidate all prior findings and present them to top management. Be concise and well prepared when presenting security and compliance dimension and free of preferences: good attitude is defining the challenges and offering solutions including price tag and personnel effort.

7.     Compliance Analysis is usually performed by IT in cooperation with legal, audit and other internal or external parties. The compliance team’s tasks include compliance of all issue-relevant state regulations, business branch authority compliance rules and other stakeholder’s demands such as business partners etc.

If following this path, we recommend to consider the following three issues:
Data classification, IT Architecture Integration and a sound level of organizational maturity.

Rome, 4^th June 2015, at 15.00 h

Venue: University Campus Bio-Medico of Rome (Italy) and web at https://connect.portici.enea.it/unicampus/

The security of railway mass transportation systems represents today a challenge, given their complexity and peculiarities, both from technological and logistic points of view. However, it is mandatory to increase the protection of those systems due to the current sociopolitical A scenario consists of a CI model, the initial states of all components and the scenario behaviour that describes the events that happen within the scenario.
[Click for more information]scenario and the centrality of Italy in the year of EXPO 2015.

In collaboration with national and international experts, this lecture aims to highlight the main risks and the most modern solutions used for the protection of railway systems.

Flyer download

For further information please send an email to m.demaggio(at)unicampus.it

To top

by Rafal Kozik, PhD Eng and prof UTP Michal Choras, DSc, Phd Eng. (University of Science and Technology, UTP, Bydgoszcz, Poland), 21^st May 2015, at 10.15 h

Venue: Technical University Poznan (PP), Poznan, Poland, Piotrowo 3a, room 16.

Topics covered at the lecture include:

• Current cyber threats for critical infrastructures
• Current trends in See critical infrastructure
  [Click for more information]CI cybersecurity
• Machine learning methods for See critical infrastructure
  [Click for more information]CI cybersecurity

Flyer download

by Wojciech Mazurczyk, DSc, PhD Eng (Warsaw University of Technology, Poland), 7^th May 2015, at 10.15 h

Venue: University of Science and Technology (UTP), Bydgoszcz, Poland, building 2.1 at Kaliskiego 7 street, room 39.

Topics covered at the lecture include:

• Current threats and trends in cybersecurity,
• New malware trend: utilization of information hiding techniques for improved stealthiness,
• Bio-inspiration as an innovative approach for cybersecurity.

Flyer download

To top

by Dr Maria Paola Scaparra, Rome, 26^th March 2015, 15.00 h

Venue: University Campus Bio-Medico of Rome (Italy) and web at https://connect.portici.enea.it/unicampus/

A crucial issue in today's distribution, supply and emergency response systems is to guarantee continuity and efficiency in service provision in the face of a variety of potential disruptions. Planning against possible disruptive acts of nature or sabotage is an enormous financial and logistical challenge, especially if one considers the scale and complexity of today's infrastructure systems. Since it is generally impractical to secure all assets, it is important to optimize the protection of key system components.  Protection investment problems against worst-case losses are typically formulated as bi-level or tri-level optimization problems. This lecture presents some recent optimization models for identifying efficient investments in protection and security measures for distribution and transportation systems. These models incorporate a variety of different issues such as:  capacity restrictions; correlation of disruptive events and disaster propagation effects; dynamic investments; different objectives (demand coverage, cost, travel time, passenger flow); stochastic aspects (e.g., extent of the disruptions); and resiliency aspects (e.g., recovery times of the disrupted components and disruption frequency). Efficient solution methodologies for solving these complex models was briefly discussed. 

The remote participation via web is possible at https://connect.portici.enea.it/unicampus/

Flyer download (room update 19.3.2015)

For further information please send an email to m.demaggio(at)unicampus.it

Bydgoszcz, 12^th March 2015 (Thursday), at 11:00 h MET

Venue: University of Technology Poland, Bydgoszcz, building 2.4 at Kaliskiego 7 street, room 110, RCI Labs

The CIPRNet training lecture (Hands-On) about "Modelling IT networks with Riverbed Modeller" was held in form of a workshop. During practical hands-on labs participants had an opportunity to learn how Riverbed Modeller solution could be used for planning, Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]modelling and analysing of critical IT network infrastructure.

Topics covered by the workshop include:

• Predicting traffic volume growth and IT network load,
• Identifying network bottlenecks and preventing overload,
• Network failure survivability analysis,
• Preventing network outages with effective change measure that is modifying risk
  [Click for more information]control.

Flyer download

To top

by Dr Claudio Sterle, Rome, 13^th February 2015, (Lecture part I, 11.00 h)

Venue: University Campus Bio-Medico of Rome (Italy) and web at https://connect.portici.enea.it/unicampus/

The problem of covering, monitoring and/or controlling a region of interest by wireless sensor networks (WSN) has been widely treated in literature. The presentation resumes the main ILP optimization models, providing also a discussion on some straight extensions and variants which allow to take into account the specific features of the sensors, related monitoring tasks and strategic decisions in WSN design.

Remote participation via web was possible,

Flyer download

by Prof Dr Antonio Sforza, Rome, 13^th February 2015, (Lecture part II, after 11.00 h)

Venue: University Campus Bio-Medico of Rome (Italy) and web at https://connect.portici.enea.it/unicampus/

The presentation proposes a unified and stepwise solving approach for two and three dimensional coverage problems to be used in omni-directional and directional sensor networks, schematizing the region of interest and the sensor potential locations by a 2D or 3D grid of points, and representing the sensor coverage area by a circle or by a circle sector. The built See conceptual model
[Click for more information]model constitutes the optimization module of a smart tool for the protection of a railway infrastructure protection, developed for the European project METRIP. The presentation concludes with an application of the proposed approach to a real test case and a discussion of the obtained results.

The remote participation via web is possible at https://connect.portici.enea.it/unicampus/

Flyer download

For further information please send an email to m.demaggio(at)unicampus.it 

To top

Polish title: Działania w zakresie ochrony i zwiększenia niezawodności infrastruktury krytycznej

by Prof Michal Choras, DSc, Phd Eng. (UTP),  22^nd January 2015, 10:00 am

Venue: s. 39, UTP Bydgoszcz (Lecture part I)

This CIPRNet training lecture contains information about threats to critical infrastructures and methods for See critical infrastructure
[Click for more information]CI protection and resilience. Among the presented methods, the CIPRNet solutions such as Modelling denotes the action of designing and creating a conceptual model or a computational model or a CI model or a computer simulation. Other synonyms may apply as well.
[Click for more information]modelling and See computer simulation.
[Click for more information]simulation, decision support services, what-if analysis etc. were described.

Flyer download

Polish title: Aspekty bezpieczeństwa cybernetycznego infrastruktur krytycznych

by Dr Rafal Kozik (UTP), 22^nd January, 2015, 10:30 am

Venue: s. 39, UTP Bydgoszcz (Lecture part II)

Nowadays, cyber threats are considered as a serious danger to critical infrastructures. Therefore, this CIPRNet training lecture contains information about solutions and methods to detect cyber attacks and increase the resilience of Information and Communication Technologies
[Click for more information]ICT part of critical infrastructures.

Flyer download

To top

by Dr. Rafal Renk (UTP) 15^th January 2014. 

To top

by Dr Antonio Scala, Rome, 3^rd December 2014, h15.00

Venue: University Campus Bio-Medico of Rome (Italy) and web at https://connect.portici.enea.it/unicampus/

The objective of the lecture is to present some possible Complex Networks approaches to study and understand Power Grids and to improve them into Smart Grids. We first sketch the general properties of the Electric System with an attention to the effects of Distributed Generation.

We then analyse the effects of renewable power sources on Voltage Controllability. Afterwards, we study the impact of electric line overloads on the nature of Blackouts. Finally, we discuss the possibility of implementing Self Healing capabilities into Power Grids through the use of Routing Protocols.

The remote participation via web is possible at https://connect.portici.enea.it/unicampus/

For further information please send an email to m.demaggio(at)unicampus.it

To top

To top

To top

To top

For enquiries on training events, CYCA, and CIPRNet lectures, please contact Roberto Setola.