Preventive methodology and tools to protect utilities.

In recent years, we have witnessed an increase in the number and impact of cyber attacks. A successful attack might affect, or even endanger, daily human activities. Multiple countermeasures have been put in place to prevent Advanced Persistent Threat (APT) attacks, but they failed, allowing the latest generation of APT. The goal of PREEMPTIVE is to provide an innovative solution for enhancing existing methods and conceiving tools to prevent against cyber attacks, that target utility networks. PREEMPTIVE addresses the prevention of cyber attacks against hardware and software systems such as DCS, SCADA, PLC, networked electronic sensing, and monitoring and diagnostic systems used by the utilities networks. Moreover, the research aims to implement detection tools based on a dual approach comprising low direct detection and process misbehavior detection
PREEMPTIVE proposes to:

- Enhance existing methodological security and prevention frameworks with the aim of harmonizing Risk and Vulnerability Assessment methods, standard policies, procedures and applicable regulations or recommendations to prevent cyber attacks.
- Design and develop prevention and detection tools complaint to the dual approach that takes into account both the industrial process misbehavior analysis (physical domain) and the communication & software anomalies (cyber domain):

• Industrial process misbehavior detection tools.
• communication & software related threats prevention and detection tools.

- Define a taxonomy for classifying the utilities networks taking into account:

• The utility network type and communication technology used
• The utility network exposure to Cyber threats
• The impact to the citizens of services disruption caused by a cyber attack through the utility network.

- Define guidelines for improving Critical Infrastructure (CI) surveillance.
- Validate the PREEMPTIVE framework and innovative technologies in real scenarios with the support of the utility companies