Keywords

Background

Reliable operation of Critical Infrastructures (CIs) is a pre-requisite for the integrity and resilience of vital elements in our society that help to ensure the security, well-being and economic prosperity of Europe, its citizens and businesses. Nowadays, CIs have become very complex, operating in a rapidly evolving societal, technological and business environment. Moreover, since CIs are becoming more interconnected and reliant upon one another, disruptions in one CI can have severe and long-lasting cascading effects in other CIs that are essential for the continuity of critical societal and economic activities, even in multiple sectors and countries. This increases the attack surface as well as the scale and significance of the impacts of attacks. Growing digitalisation and interconnectedness of CIs, based on novel technologies and technologically complicated applications, may result in the emergence of new risks, generating new vulnerabilities, including those carried through people and employees, either intentionally through insider threats or through human errors and social engineering.

In this emerging safety-security landscape, the protection and resilience of CIs are of paramount significance. Critical Infrastructures in Europe are increasingly becoming the targets of new categories of hybrid threats and attacks powered by technological innovations. However, limited research has been conducted on large-scale, transnational and cross-domain coordinated attacks. More importantly, large-scale vulnerability assessment and systemic risks analysis of CIs, considering the risks derived by major man-made or natural hazards and complex Cyber-Physical-Human (CPH) threats as well as consequences of the entire system collapse, have never been addressed before. A fundamental challenge to governing systemic risks is to understand the system as a complex network of individual and institutional actors with different and often conflicting interests, values and worldviews.

The ATLANTIS project evaluates and addresses systemic risks against major natural hazards and complex attacks that could potentially disrupt vital functions of the European society. The mission of ATLANTIS is to improve the resilience of the interconnected CIs in Europe exposed to ever-evolving, existing and emerging, large-scale, combined, CPH threats and hazards. By providing future-proof, sustainable security solutions, ATLANTIS supports public and private actors in guaranteeing the continuity of vital operations while minimising cascading effects in the infrastructure itself, the environment, other CIs and the involved population.

The mission of ATLANTIS will be achieved by pursuing the following four (4) Strategic Goals (SG): (1) improving knowledge on large-scale vulnerability assessment and long-term systemic risk management in CIs; (2) improving the systemic resilience of CIs in Europe through novel, adaptive, flexible and customisable security solutions based on AI; (3) facilitating effective cooperation among CI operators and authorities while preserving CI autonomy and sovereignty; and (4) delivering AI-based solutions (TRL7) for increased awareness, capability and cooperation in managing systemic threats.

Objectives and Expected Outcomes

The fundamental objective of ATLANTIS is to ensure the continuation of operations while limiting cascading impacts on the infrastructure, the environment and other CIs, as well as on the population concerned. The project intends to allow public and commercial players to adopt sustainable security solutions to solve current and future issues. ATLANTIS will deploy a composite resilience/security indicator-based approach that enables CI operators to make educated choices on CPH risks, systemic threats, natural hazards, catastrophes (including those caused by extreme weather) and their cascading effects. By defining the CI assets/systems and by identifying/classifying their susceptibilities to systemic, critical and hybrid risks, the approach and indicators will produce a paradigm shift in systemic risk management.

ATLANTIS aspires to transition from the operator level to a fully integrated European protection strategy, broadening the vision beyond the boundaries of individual CI (or even individual assets) and placing a greater emphasis on societal and cross-operator concerns at the EU level. ATLANTIS will necessitate the openness and accountability of the risk management procedure, as well as its efficacy and long-term viability. Understanding the system as a complex network of human and institutional players with varied and sometimes opposing interests, beliefs and worldviews is essential to regulating systemic risk in a networked situation.

The goal of ATLANTIS is to address the growing complexity of cross-CI, cross-sector and cross-border CI interdependence. It intends to facilitate the modelling of high-impact strikes with potentially devastating repercussions and the investigation of their cascading ramifications, which is impossible in real-world contexts. In addition, ATLANTIS enables operators and stakeholders to assess the consequences of potential and ongoing attacks either within the CI under consideration or on other, interconnected CIs in Europe by identifying criteria to assess the CPH risk, forecasting emerging and future systemic threats, and analysing cascading/interconnection effects. It also increases the risk management capability by fostering a better risk and resilience assessment culture and effective risk-related knowledge exchange among all stakeholders, seeing risk assessment from an intra-sector, cross-sector and cross-country perspective.

ATLANTIS will be validated and demonstrated in three large-scale cross-border and cross-sector pilots (LSPs), with a focus on improving the security of the information exchange at different levels of operation: inside individual CIs, across CIs in a national security environment and across borders between CI operators. The three (3) large-scale cross-border and cross-sector pilots are the following:

  • LSP#1: Cross-Border/Cross-Domain LSP in Transport, Energy, and Telecoms (Fig. 14.1). Validation in (i) multimodal cross-country transport encompassing sea transport with two international seaports, rail transport with two national railway operators, and road transport with a national highway operator, (ii) energy (oil) and (iii) telecoms in four neighbouring countries: Slovenia, Croatia, Italy and France.

  • LSP#2: Cross-Domain LSP in Health, Logistics/Supply Chain and Border Control (Fig. 14.2). Validation in (i) the health sector covering physical protection of hospitals and cybersecurity of Electronic Health Records with a group of three hospitals in Greece, (ii) logistics/supply chain covering logistics and Enterprise Resource Planning (ERP) platforms with one of the largest ERP tool providers in Greece and Cyprus and (iii) border control with a focus on the Schengen II Information System for border control of Cyprus, Greece and Croatia.

  • LSP#3: Cross-Country LSP in FinTech/Financial (Fig. 14.3). Validation in the financial sector covering cybersecurity incidents and systemic threats with an independent investment house, a bank and technology providers specialised in developing technology, infrastructure and business solutions for the financial sector.

Fig. 14.1
A set of 5 maps and 3 photographs. The maps represent road transport, Slovenian and Italian railway networks, sea transport with the port of Koper, and telecommunication. The photographs are of the tunnel entrance in Italy, the port of Rijeka, and the tunnel control room.

Cross-Border/Cross Domain Large-Scale Pilot in Transport, Energy, and Telecoms

Full size image
Fig. 14.2
A map of Europe with the locations of the hospitals, logistics, and public bodies in Greece, Cyprus, and Croatia. 6 photographs of the buildings of hospitals, the electronic prescription system E H R, E R P border control, and public bodies.

Cross Domain Large-Scale Pilot in Health, Logistics/Supply Chain and Border Control

Full size image
Fig. 14.3
A map of Europe with a network of financial institutions and fintech software providers like Caixa Bank, j r c capital management, net U, and public bodies.

Cross Domain Large-Scale Pilot in FinTech/Financial

Full size image

The results of ATLANTIS will provide a strong basis for achieving impacts, which will be realised through the various exploitation, dissemination and communication measures. The key expected outcomes of ATLANTIS are as follows:

  • EO1: Improved large-scale vulnerability assessment of key infrastructures covering six (6) critical sectors in seven (7) EU Member States.

  • EO2: Improved cooperation to counter Hybrid Threats and subsequent large-scale disruptions of infrastructures in Europe, allowing for operational testing in real scenarios or their realistic simulations with specific regard to the cross-border dimension (intra-EU as well as non-EU).

  • EO3: Improved concepts and tools for comprehensive long-term systemic risk assessments to European Critical Infrastructure with regard to climate change, technological trends and foreign direct investment (FDI).

  • EO4: Improved risk, vulnerability and complexity related assessments for cyber-physical CIs aiming to increase security, resilience preventiveness and mitigating against and cascading effects.

  • EO5: Terrestrial back-up/alternative PNT solutions to ensure continuous operation of CIs in case of the disruption of GNSS services.

  • EO6: Enabling the decentralisation of large infrastructure to mitigate vulnerability in case of large-scale disruptions.

  • EO7: Enhanced preparedness and response by the definition of operational procedures of both private and public infrastructure operators as well as public authorities considering citizens’ involvement (needs and vulnerabilities) in case of large-scale infrastructure disruptions also with a view of assessing the combined physical and cyber resilience.

Concept and Approach

The key challenges of security, resilience and privacy need to be encapsulated in a user-driven three-dimensional approach in order to achieve the strategic objectives that lead to holistic and systemic security. The three traditional security elements of technology, processes and humans implement a Technology-Humans-Process symbiotic relationship, supplemented by a fourth “node” of collaborative security strategy to create a 3D ATLANTIS security model. In this “pyramid,” the technology is specifically assigned to develop and implement tools focused on the protection of CI, which requires advancing the technology itself, but also improving the collaboration between vendors and users to achieve optimal security. Processes represent explicit, formal means by which CI operation is performed. It requires support from technology but also formal governance and policies that should involve all levels within an organisation. Humans need to actively participate in the security process, not only as technology operators but also as human sensors enabling the technology in a coexistent Intelligence Amplification approach. At the pyramid’s top is the collaborative security, which focuses on the need to architect technological solutions that create competitive advantages, enable knowledge sharing and collaborated risk mitigation, imposed governance structures and policies that go beyond a single CI, domain or country to collaborative security and a culture that elevates security to the first priority, pervasive throughout the CI organisation. ATLANTIS utilises and extends technology, processes and humans though it primarily focuses on the collaborative security to offer cross-CI systemic security.

ATLANTIS forms a three-layered architecture:

  • Layer 1 is the CI-Specific Incident Detection System (IDS) or civilian Command, Control, Communications, Computers and Intelligence (C4I) systems. It is responsible for CI-specific information gathering and CI observation, including physical (i.e. sensors, video surveillance, drones), cyber (i.e. complex data from PLC, SCADA, IDC and network connectivity systems such as routers and firewalls) and Humans in Vicinity (HiVIC) as human sensors.

  • Layer 2 is responsible for local incidents processing, systemic risk patterns extraction, situation awareness, threat prediction/early-detection and automatic countermeasures’ enforcement. Situation Awareness & Comprehension Framework (ACF) enables ATLANTIS to analyse the environment, detect abnormal events or patterns and predict or foresee long term and systemic risks and understand their size, magnitude and severity. The core of the framework is a hybrid CI Digital Twin (DT) component that co-models the physical and cyber CI and enables Systemic and Continuous Risk Analysis based on machine learning (ML). It is important to underline that for confidential or classified datasets, model training may be quite complicated as ML training may implicitly leak information about the training data. Thus, ATLANTIS adopts a novel confidentiality preserving Federated ML (FML) [1, 2] model training framework, while zero-knowledge proof [3] is used to validate that the ML training has been realised on a proper dataset, without revealing, disclosing, moving or copying any data of the original training dataset, and thus reducing the risk of information leakage, along with any legacy constraints. Moreover, ACF employs Intelligence Amplification (IA) [4] to actively engage the humans (i.e. operators, stakeholders, HiVIC) and the processes (i.e. operation, control, maintenance), in Technology-Humans-Process symbiotic relationship implementing “Situation Awareness.” Results are forwarded to the ACF Decision Support System (DSS) which based on a multi-criteria decision support tool and ATLANTIS FML framework, aims to detect/predict short-term incidents (that occurred or are about to happen) or foresee/forecast long-term (natural or manmade) systemic risks, implementing “Situation Comprehension.” In addition, Risk Reduction & Incidents Mitigation Framework (RRIM) enables incident mitigation and countermeasures enforcement via several technology innovations. Based on ACF output, the Risk Reduction DSS will propose several mitigation actions and countermeasures considering specific Service Level Agreements (SLAs), priorities and the Physical Security as a Service (PSaaS) business model in order to minimise downtime, reduced production and cascading effects. Mitigation strategies include information provision to the CI operators for preventive maintenance and detection of problems before they happen, location of problems (e.g., cracks), intruders’ presence in critical areas using Copernicus data for security application, information provision to the citizens in vicinity including early and trusted warnings using secure smartphones applications.

  • Layer 3 is a federated Cross-CI collaborative Knowledge Sharing, Risk Assessment, State Awareness and Incidents Mitigation (CCI-SAAM) platform between collaborative cross-border and cross-domain CIs. ATLANTIS collaborative risk mitigation system targets not only a single CI but also aims to be able to trigger simultaneous risk assessment and collaborative management of cyber-physical threats over multiple interconnected CIs. Starting from H2020 PHOENIX [5] Incidents Information Sharing Platform (I2SP), which collects and shares data from various energy utilities, and platforms such as MISP [6] and MeliCERTes [7], ATLANTIS creates a CCI-SAAM platform that covers the compete for CI ecosystem and coordinates risk assessment, state awareness, collaborative incidents mitigation and countermeasures enforcement over multiple cross-connected CI, such as Energy 5G telecoms and ground satellite segment.

ATLANTIS offers interconnection with external systems (e.g., other IDS and CI Security Systems, weather forecast, Earth Observation systems) along with external Information Sharing and Analysis Centers (ISACs) (e.g., MeliCERTes).

Within ATLANTIS, we strongly support that a case-by-case techno-economic analysis is needed for each site to match the costs with the severity/cascading effects of a potential incident or accident. Thus, the ATLANTIS toolbox is quite modular and different components may be applied per CI site. To meet the resiliency, survivability, high availability, and minimal delay requirement for systemic security, we consider moving the ATLANTIS framework to the micro-services mesh model. Moreover, for increased survivability and fast recovery in case of mass attacks or large-scale incidents, we are studying reallocation of critical control functions to the 5G Edge Cloud thus utilising the 5G inherently enabled sophisticated security (via e.g. intensive processing and scaling by default) and resiliency features (e.g. network slicing, offloading to Mobile Edge Cloud).

Tools and Implementation

ATLANTIS relies on several preventive, protective and remediation technologies. Specifically, it defines the ATLANTIS “Cross-CI Risk Assessment & Incidents Mitigation Strategies” to consistently identify the security systemic threats related to natural hazards, physical and cyberattacks. Moreover, it implements “Preventive Technologies to reduce systemic risk by design” realising Earth Observation (EO) and physical protection, resiliency and self-healing, resilient Positioning, Navigation and Timing (PNT) services and geolocation as GNSS [8] fall-back and Information & meta-data Traceability using inter-DLT [9] technology. In addition, it implements “Protective Technologies to reduce systemic risks by innovation” including a Unified Monitoring System (UMS), tools to fight disinformation, the Situation Awareness & Comprehension Framework (ACF), Systemic Risks Foresight and Incidents Detection DSS and the Risk Reduction & Incident Mitigation Framework (RRIM), along with solutions to for “Humans in Vicinity Sensing and Engagement” (HiVIC). Finally, it implements “Cooperative prevention, anticipation and mitigation of systemic risks” including strategies & tools for cooperative remediation, mitigation and response along with the cross-domain, cross-CI, cross-border knowledge sharing, risk assessment, threat analysis and countermeasures mitigation (CCI-SAAM) platform. A DevSecOps continuous integration approach, setup is realised to perform real-life Cross-CI LSP validation & penetration testing.

ATLANTIS follows an agile and incremental approach of iteration cycles. In the first phase, the aim is to build the baseline solution and provide the initial ATLANTIS proof of concept, by integrating and validating all key components and tools. The second phase of implementation will increase the TRLs and introduce additional functionalities, where stronger integration with 5G networks will be realised and validated in the LSPs. Finally, the third phase will mature the solutions and focus on validation and optimisation in realistic conditions, while the impact creation and stakeholder engagement activities will be strengthened.

To achieve these goals, a Continuous Integration/ Continuous Deployment/Continuous Piloting (CI/CD/CP) will be followed, based on SCRUM [10] methodology, allowing concurrent research, design, development, integration, deployment, testing, validation and qualification throughout the whole project, gradually providing an increasingly refined set of features, ultimately delivering the measurable KPIs as defined in the ATLANTIS objectives (as per section “Objectives and Expected Outcomes”).

Impact and Targeted End Users

The importance of CIs’ resilience against large-scale transnational and systemic risks cannot be overstated. It is not merely an option for CI operators, but a strategic imperative for governments, policymakers and other stakeholders. By investing in resilient CIs, countries can safeguard their national security, protect their economies, ensure the well-being for their society and address environmental challenges.

Increasing International and Cross-Sectorial Collaboration

Our collaborative, cross-organisational/-sectorial/-border approach to vulnerability assessment and anticipation of systemic risks to the CIs in Europe allows for a comprehensive long-term risk assessment concerning various challenges. The assessment includes the analysis of the impact of climate change and increasingly frequent and severe natural disasters, as well as the relentless pace of technological advancements. The CI operators often struggle to keep up with the evolving technologies, while malicious attackers continually refine their tactics and capabilities, making it increasingly challenging to safeguard the infrastructure effectively. Additionally, this risk assessment considers other crucial factors, such as the EU’s dependence on critical supplies from non-EU countries, as well as human factors like ageing population, lack of skills and even potential acts of sabotage.

By jointly and holistically identifying and understanding these complex and interrelated issues, we can (i) better equip the CI operators, technology developers and researchers working in this field to adequately protect and safeguard our vital infrastructure from evolving threats and (ii) support governments and policymakers to make informed decisions when developing new regulatory mechanisms.

Facilitating Coordinated and Effective Protection and Response

By having a unified understanding of (i) interdependencies, (ii) pertaining systemic risks, hybrid threats, and natural hazards and (iii) the possible large-scale, pan-European cascading effects of local disruptions, organisations across Europe representing different sectors can cooperate in countering these threats more efficiently and effectively. On a strategic as well as an operational level. Namely, apart from facilitating more effective communication and information sharing among the CI stakeholders, ATLANTIS is also fostering and driving business innovation within the CI sector by developing and offering cutting-edge solutions for the protection, response and recovery from incidents and attacks. These solutions are the result of collaborative efforts and support from diverse stakeholders across Europe. By tapping into the knowledge and best practices shared by representatives from different economies, geographies, cultures, backgrounds, interests and worldviews, ATLANTIS is creating a powerful synergy that not only actively supports the CI operators and other stakeholders (e.g., Civil Protection Agencies, Law Enforcement Agencies, CERTs) in enforcing better security mechanisms and approaches but also drives advancements and improvements in the CI domain in terms of research and development.

Improving Security, Well-Being, Skills and Opportunities for EU Citizens

In its innovation, ATLANTIS is taking a user-driven approach to encapsulate the needs and expectations of society, business owners, regulators and policymakers, as well as the skills of the CI employees. With this, ATLANTIS is ensuring that the delivered solutions will be easily used by the CI operators and offer wider benefits to the entire society in terms of safety, security, well-being and quality of life. Moreover, with cutting-edge technologies, ATLANTIS is also creating new fields of investment and generating new employment opportunities.

Embracing the ATLANTIS approach forms a resilient foundation upon which societies and economies can thrive, even in the face of unprecedented challenges.

Conclusions

The envisioned ATLANTIS system is intended to be used by critical infrastructures in order to increase their awareness, capability and cooperation in managing systemic threats to their physical and digital security considered as the pillars of the new legal framework for critical infrastructures, as known as the Directive on Resilience of Essential Entities (CER Directive) [11] and the revised Network and Information Systems (NIS2) Directive [12].

Consequently, the mission for ATLANTIS is to create a platform and tools (the ATLANTIS system) capable of improving the resilience and the security of interconnected critical infrastructures and ensuring the continuity of their operations, while minimising potential cascading effects. The ATLANTIS system is also intended to enable public and private actors to adopt sustainable solutions which allow them to improve (1) their knowledge on vulnerability assessment and long-term systemic risks; (2) their systemic resilience through customisable security measures (“by design”) and tools (“by innovation”); and, (3) their effective cooperation with other critical infrastructures as well as with government security stakeholders.