Critical Infrastructure Protection using Adaptive MILS

Niccolò Zazzeri

01 June 2016

31 May 2019

EC funded project


Critical infrastructures (CI) rely on complex safety- and security-critical ICT systems placed into unpredictable environments and forced to cope with unexpected events and threats while exhibiting safe adaptive behaviour. CI systems must undergo extensive and costly scrutiny under diverse certification regimes. Improved, effective and affordable development and certification methods are essential.

CITADEL will provide innovative platform technology, methodology and tools for development, deployment, and certification of adaptive MILS systems for CI, which will be demonstrated in three industrial CI demonstrators. The solution enables robust and resilient CI through monitoring and adaptive self-healing mechanisms that respond to natural and malicious occurrences by intelligently reconfiguring hosts, functions, and networks, while maintaining essential functions and defences.

Who is the project designed for?

The project targets operators of critical infrastructures and providers of the underlying communication and computation technologies used for implementing for critical infrastructures.
The project is focused on demonstrators addressing three different critical infrastructure domains: airspace control, process automation and subway transportation.

In the communication services demonstrator CITADEL technologies will provide evidence that the communication services allow for dynamic reconfiguration of communication resources that meets both security and safety requirements for applications in safety-critical environments.

In the subway demonstrator the new Adaptive MILS platform will be used to functionally enhance and protect the subway supervision and control system, while maintaining SIL levels for connected devices and networks. In the manufacturing demonstrator CITADEL technologies will be used to solve the challenging security problems to apply mobile services to support both customer staff and mobile maintenance staff, enabling secure and effective data mining and integration of data from embedded systems both in the control system and other parts of the manufacturing processes.

How is your project benefitting the end-user?

The project technologies will provide for increased preparedness, reduced response time and coordinated response in case of a cyber-incident affecting communication and information networks of critical infrastructure operators. The CITADEL approach uses dynamic system responses based on information gathered via extensive monitoring and analysis of the system and its parts.

In particular the system will be able to automatically react to incidents e.g. by activating redundant communication paths or standby mirrored system components. Depending on the application areas, CITADEL systems will be configured with tailored responses, thus mitigating attack effects in a way that meets the specific requirements concerning (no) downtime, uninterrupted communication, communication delays, availability of critical functions and several more.

For each of the critical infrastructure domains where CITADEL systems will be demonstrated (airspace control, process automation and subway transportation), the project technologies will deliver uninterrupted availability of the most critical functions and core services operational under attack or failure scenarios. Savings potentials are substantial when compared to manually (re-)configured and maintained systems, among others by eliminating down-times in case of attacks or changes in the network architecture.

Please briefly describe the results your project achieved so far

The project has defined the specifications for the industrial Demonstrator requirements in providing improved security for critical infrastructures along with the detailed technical requirements that drive the technology development tasks within the project. First technology deliverables have been completed describing the CITADEL Modelling and Specification Languages, the specification of the interfaces and workflow for the Adaptive MILS Evidential Tool Bus, which supports the assurance approach that has been specified in a Certification Readiness Report for the new platform that is being developed.

An early version of the extended separation kernel, which is a key component of the Adaptive MILS platform was also completed, along with the first implementation of the dynamically reconfigurable networking. Preparatory work for the evaluations of the project technologies within the context of the three critical infrastructure industrial demonstrators has been carried with an initial assessment of the Technology Readiness Levels of each of the baseline technologies that will be used for developing the Adaptive MILS components, along with the specification of the methodology and metrics that will be used in evaluating the impact the project technologies have when deployed within the industrial demonstrators that are representative of key European critical infrastructure domains.

What are the next steps for your project?

The first deployment of the early prototypes of the CITADEL technologies will be carried out within each of the industrial domains (airspace control, process automation and subway transportation) where demonstrators have been developed. These deployments will be utilised to carry out first industrial evaluations of the project technologies and to assess their impact in protecting critical infrastructures.

The results of these first evaluations will shape the further research and development of the full prototype technologies that will be delivered in the next 12 months. A final set of evaluations within each of the three industrial domains will be carried out using the final technology prototypes in the final months of the project.


Vertical Category: