ZONeSEC in ERNCIP

ZONeSEC early warning
technologies
Jose-Ramon Martinez-Salio
Technical manager of ZONeSEC
Atos

ZONeSEC at a glance
• ZONeSEC: “Towards an EU
framework for the security of Wide
zones”
– Start date: 1 December 2014
– End date: 30 November 2018 (48
months)
http://www.zonesec.eu/
Contact points:
Dimitris Petrantonakis (Project Coordinator)
dpetr@exodussa.com
Jose Ramon Martinez (Technical coordinator)
jose.martinezs@atos.net
2ZONeSEC overview2/10/2018

Cyber threats
Physical threats

42/10/2018
Overview of our pilot activities
23/02/2018
4
Y1 Y2 Y3 Y4
PROJECT TIMELINE
Maturitylevel
BetaAlfaTRLlevel
OIP ACC
(M12)
OIP ATTD
(M25)
OIP AQS
(M31)
OIP DESFA
(M37)
PILOTS
ACC
(M40)
AQS
(M43)
ATTD
(M47)
ZONeSEC overview

The second Pilot
2/10/2018 5WP8 – ZONeSEC Framework Design, Development and Integration
The second Pilot demonstration was
hosted by COMPANIA AQUASERV SA at
its premises in Tirgu Mures, Romania,
between 21st and 22nd of June 2018

62/10/20182/10/2018 6
What was included in the second Pilot
WP8 – ZONeSEC Framework Design, Development and Integration
During the Second Pilot we integrated:
• All ZONeSEC Security Capillaries including the
MIMORadar have been successfully integrated and
are running
• Security Clusters have been integrated and are
running. Most processing of sensor signal (Security
Capillaries) has been made distributed over the
Security Clusters
• All security features have been integrated and are
running
• Scalability in processing has been integrated and
has been demonstrated

ZONeSEC key technical challenges (1/2)
• Near real time: Time has to be reasonable short
between incident and notification
• No lost of any alert: Alert data should be “reliable”. It
is mandatory that alerts don’t get lost in transit
• No false alerts: Operator need real alerts, not false
alerts
• All kind of networks: All kind of networks are in use
in wide-zones simultaneously
• Flexibility: Plug and play: All the security capillaries
can enter or leave the system at any moment without
affecting the stability of the entire system
• Scalability: The resulting system or framework should
be scalable to any number of security capillaries and
any arbitrary extended area

ZONeSEC key technical challenges (2/2)
• Security: Security has to be taken into account in all possible layers
(including tampering the physical devices)
• Portability: The resulting framework should be portable to any
localization
• Legacy sensors: Already existing sensors (aka “legacy sensors”)
should be included in the framework as seamlessly as possible
• Lack of standards in sensor: Every sensor (new or old) has its own
ways of connection and data formats
• Open platform: The system has to be open allowing the possible
addition of new Security capillaries and old legacy systems
• Arbitrary extensive area: Area covered can reach hundreds of km
• Arbitrary number of sensors: The number of sensor involved can be
literally any, including new and old sensors

102/10/2018
10
Solutions adopted in ZONeSEC
The success of ZONeSEC is based in five main
pillars:
1. Modular decoupled architecture with the
use of micro-services
2. Common data model and a common
protocol for all sensors/adaptors
3. Use of a decoupled communications
framework tailored for any kind of
networks and widezones
4. Scalable automatic processing of data
(including fusion of data)
5. Security in devices and in net (including
tampering and cyber)
ZONeSEC overview

Early warning technologies
in ZONeSEC
2/10/2018 13ZONeSEC overview

ZONeSEC sensing solutions
The technological solutions used in ZONeSEC are all in the front line of
what technology can offer for CIP
ZONeSEChas:
• Evolved these technologies
to become products in
many cases
• Used these technologies in
the field in real premises
and scenarios
• Integrated all these
heterogenous technologies
and also “legacy systems
Thesetechnologies
include:
• Sensing solutions
• Technological solutions
like UAV, video analytics,
data fusion, data
representation and cyber
attacks detection

Sensors on the technological edge (1/3)
• Distributed Acoustic Sensor (IDAS). IDAS is an optoelectronic system
monitoring the acoustic field along an optical fibre cable. Used in
detecting movement near a perimeter set.
• ULTIMA: Ultima is a heat sensor that can be user also for detection of
leakages (gas and liquid).

• Spectral Imaging System: This is a novel multi-sensor system with
thermal, hyperspectral and SWIR cameras. The processing of the huge
amount of spectral video data is locally performed.

• Mimo Radar: (Multiple Input Multiple Output RAdio Detection And
Ranging), detects intrusions of persons into a secure perimeter marked
by a virtual fence. Additionally, the Radar can provide information
about the distance, velocity and azimuth angle of a target.

Technological solutions (1/7)
• AUV: The multirotor and Helly type Mini-UAV systems are equipped with
electro-optic sensors including daylight and thermal cameras (CM100V3, UAV
Vision) as well as communication devices.
• receive Orders from the ZONeSEC System and through the Task-Based
Guidance component to prepare the flight plan using analytics
functionalities for decision making and to upload it in order to execute the
mission.
• real-time video stream including metadata (e.g. position, target)

• Visual analytics: Video footage coming life from IP cameras or the UAV
is analyzed to detect cars and people in real time.
• Position in KLV format is read and analyzed in real time. Position is
sent to central COP
• Tracking of each object is created
• Modified footage is re-streamed

• Abnormal behavior detection: Video footage coming life from IP
cameras is analyzed to detect behavior of people in real time. We
detect movements considered “suspicious” in certain areas.

• Cyber agent: Cyber agents are software agents able to detect any cyber
intrusion and to be trained to detect new threats. The multi-agent
system provides continuous analysis of security events in the cyber-
domain, aggregating data from many sources and providing the ability
to consolidate and correlate monitored data to generate reports and
alerts

• Data fusion (SDAIM): SDAIM performs data and information fusion to aid and
improve the decision making process of the Widezone operatives. This core
function is fulfilled by data and information fusion algorithms configured and
executed as event stream processing workflows. The output of the fusion
process are alerts for possible illicit situations and behaviours and also
supporting information, aimed at the Widezone operatives, and provided over a
standard messaging interface
Configurable Big Data Technologies & Scalable Cloud Computing
Infrastructure
Fusion Resources
Catalogue
Management UI
Brokered
MOM
Brokered
MOM
AMQP
Data and Information Fusion Algorithms
configured in event stream processing
workflows
Fusion Session Data
Fusion Resources
Agent
Fusion Process Configuration & Session
Instatiation
Knowledge Base
 Domain Semantics
 Knowledge Models
 Fusion Actionable Inf.
Specialised communicaiton
AlertsAMQP
Knowledge
Federation API
Fusion Session
Agent
High Data
Volumes
Remote
Data Fusion
Algorithms
Sensor Networks
Security Clusters
Widezone Geo-data
Access/Import API DBs

• COP and simulation of sensors: Common Operational Picture. The COP
displayed a 3D cartographic view of deployed sensors and raised alerts from
subsystems. The simulation tools provided means to add geo-localized virtual
systems and simulate their inputs to ZONeSEC

• Security Clusters: The processing of sensors that are related by geographical
criteria or any other common criteria are aggregated locally and processed
locally (using same SDAIM logic). This provides scalability to the full framework.

252/10/2018
One architecture to integrate all together
 Use of a common data model to all ZONeSEC : Data Agreement
initiative has been followed
 Modular architecture has been used for the
core components:
 Core: is the data hub and
communication module
 Micro services: Independent and
modular entities
 Geographical
 Time synchronization
 Metadata
 Historical alerts
 Bidirectional orders
ZONeSEC overview

The third Pilot
2/10/2018 26
The third and final Pilot demonstration will be
held in Athens, Greece, from 25 to 26 of
October 2018. The event will take place at
Atikes Diadormes premises in the Attiki Odos
highway
ZONeSEC overview

272/10/2018 27
What will be included in the third Pilot
• Detection of denial of service (DDos) cyber intrusion
(in the SCADA system) and brute force attack
• Detection of human presence along perimeter fence
areas
• Detection of physical intrusion and movement inside
the secure perimeter
• Detection of trespassing inside facilities
• Remote Mission assignment to Mini-UAV System
operated in ATTD and tracking of suspects
• Legacy system integration (such as traffic and
meteorological data)
• Field data (pictures and operators position) using
mobile COP
This final pilot demonstration will put together all the
efforts made during the entire project.
ZONeSEC overview

282/10/2018
28
Thank you for your time!
Q&A
ZONeSEC overview
Jose Ramon Martinez (Technical coordinator)
jose.martinezs@atos.net

ZONeSEC in ERNCIP

More Related Content

What's hot (20)

Similar to ZONeSEC in ERNCIP (20)

More from José Ramón Martínez Salio (20)

Recently uploaded (20)

ZONeSEC in ERNCIP

Editor's Notes