Risk Analysis is most of the time intended as a strategic process where stakeholders are carrying out tabletop exercises and evaluation of likelihood and impact of threat considering what-if scenarios. Although this process is still valid and strictly necessary, digitalization of EPES infrastructures can lead to new risk analysis approaches which evaluate current conditions and potential threats to dynamically generate and evaluate possible scenarios. Within CyberSEAS project, thus, SecurGrid tool developed by STAM aims to enable risk-based Decision Support also supported by real-time data acquisition and threat identification.
Digitalization of infrastructures has generated several opportunities of performance optimization through monitoring & control, but at the same time poses remarkable cybersecurity risks. While several tools have been developed to monitor infrastructure well being and to early identify potential threats, the risk analysis process so far has been always used as a strategic tool to increase prevention and preparedness rather than an operative means to take decision.
The main mission of STAM proprietary risk management platform is to transform risk analysis from a manual, long and complex process to a digital, fast and automated one. Within CyberSEAS project, such platform is instantiated as SecurGrid tool, which is specifically dedicated to offline and real time risk analysis of EPES infrastructures.
In fact, SecurGrid promotes a dual approach to risk management:
- On a strategical level, to enable stakeholders considering what if scenarios to identify likelihood and potential impact and, as a consequence, select proper countermeasures that mitigate such risks;
- On a tactical level, to exploit infrastructure and network monitoring to understand current scenarios and support first responders in fast and effective risk analysis for selecting suitable remediation strategy.
The latter indeed enables to integrate risk analysis into Decision Support for Response through an innovative approach. Real-time risk analysis implemented by SecurGrid, thus, encompasses the following phases:
- Acquisition of data from SIEM to recognize current threat scenario
- Automated generation of potential consequent sub-scenarios
- Quantitative evaluation of impact of sub-scenarios
- Suggestion of short term remediation actions
- Presentation of results to user (dashboard, reports, alerts, etc.)
SecurGrid, in cooperation with other CyberSEAS tools, will pave the way indeed to strengthen EPES protection again cyber threats by improving detection and response capabilities in a joint risk-based approach.