From detecting cyber-attacks to mitigating risk within a hybrid environment

Telecommunication networks based on commonplace technologies (such as Ethernet) often constitute a vulnerable attack vector against modern critical infrastructures (CIs), particularly for supervisory control and data acquisition (SCADA) systems, which rely on them for monitoring and controlling physical components. This paper presents a unique platform that encompasses a range of capabilities, from cyber-attack detection to mitigation strategies, through interdependency and risk evaluation. The platform is made of two main components: a cyber-attack detection subsystem and a risk assessment framework. Both blocks are innovative from research point of view and they have been developed and customized to fit the CIs' features, that are completely different from telecommunication networks. This platform has been tested on a hybrid environment testbed, made of virtual and real components, within the scope of the EU FP7 CockpitCI and EU H2020 ATENA projects. The case study corresponds to a medium voltage power grid controlled by a SCADA control center, where the platform has been validated with optimal results in terms of detection capabilities and time response.