SDN Security System for Critical Infrastructure
The project aims to create a new Polish cybersecurity technology for industrial systems, enabling better, faster, and more precise management of computer network resources. This will allow for the identification of potential attacks, understanding their scope, and taking effective defensive measures.
Importance of Critical Infrastructure Security
Critical infrastructure consists of systems essential for ensuring the essential functioning of society, the economy, and the state. These include individual facilities such as power plants, heating plants, water treatment stations, and sewage treatment plants, as well as complex systems like the electricity transmission network, water supply systems, transportation networks, and fuel pipelines. Critical infrastructure is largely equipped with devices for automated and centralized monitoring of installation status and process parameters, as well as controlling actuators (e.g., valves or pumps), configuration, and operating parameters. These devices are networked, and due to the often geographically extensive nature of the installations, the network itself has a broad architecture, uses various communication media (often redundantly), and its nodes are formed by many different types of network devices.
In the era of increased cyberattack threats, it is crucial to ensure the security of critical infrastructure. Cyberattacks on critical infrastructure have already occurred in many countries. Sometimes they are merely demonstrations of power, while other times they aim to limit the operational capacity of the infrastructure by affecting network traffic or even physically destroying or permanently disabling specific devices. One prominent example of such an attack was the destruction of uranium enrichment centrifuges at a nuclear power plant in Iran. Nowadays, cyberattacks are often used as elements of hybrid warfare. Given the important role of critical infrastructure in the functioning of society, the economy, and the state, and the fact that even minor disruptions can lead to destabilization, it is extremely important to ensure the security of the ICT networks that constitute it.
Application of Technologies Developed in the CriNet Project
With the system developed in the CriNet project, critical infrastructure operators will gain full situational awareness in cyberspace and the ability to easily implement security policies. In the event of an incident, the system will allow for rapid reconfiguration of the network to neutralize the attack or at least significantly limit its effects, greatly enhancing the cybersecurity aspect of critical infrastructure.
The technologies developed in the CriNet project will also have broader applications. They will enable increased cybersecurity not only for critical infrastructure but also for other systems that connect physical technical infrastructure with complex ICT networks: in industrial plants, warehouse complexes, logistics and transportation infrastructure, and even Internet of Things (IoT) networks.
EXATEL’s partners in this project are Rzeszów University of Technology and GAZ-SYSTEM, which operates one of the most important elements of critical infrastructure in Poland – specifically the natural gas transmission system. Thus, the project will contribute to enhancing the security of this key resource.
The Specific Nature of Threats Requires Special Security Measures
CriNet addresses the state’s need to protect critical infrastructure and enhance the overall cybersecurity of the Republic of Poland. Its goal is to develop innovative technology to secure networks and devices of critical infrastructure using the Software Defined Networking (SDN) philosophy.
The system will operate based on proprietary and commercial hardware solutions with EXATEL’s system software and IT platform. Its functionality can be summarized in four main areas:
- Identification: Dynamic discovery of network resources and lifecycle management (including vulnerabilities and updates), and flexible security policy management.
- Active and Passive Protection: Ensuring scalability and redundancy, anti-DDoS protection, network segmentation management, and deterministic control assurance.
- Threat Detection: Identifying anomalies in network traffic or device operating parameters and providing operators with situational awareness mechanisms.
- Incident Response: Isolating resources and network segments where threats are detected (without interfering with the infrastructure’s processes), automated network filter implementation, and supporting SOC/NOC team operations.
General information about project
Project Title: Critical Network SDN Security System – SDN Security System for Critical Infrastructure
Project Goal: The goal of the CriNet project is to develop groundbreaking SDN (Software Defined Network) technology for Operational Technology (OT) and related products: IT systems and prototypes of Polish network devices. These will enable the application of modern SDN philosophy to protect industrial devices (OT).
Grant Agreement Number: DOB-SZAFIR/01/A/027/03/2021
Total Eligible Project Costs: 35,909,906 PLN
Funding for EXATEL SA: 23,979,250 PLN
Project Duration: January 2023 – December 2026
Primary Recipients: The main recipients of the services based on the developed solution include all organizations and enterprises that are operators of critical infrastructure, such as:
- Government institutions, military
- Corporations or other organizations requiring advanced communication and security solutions
CriNet Project, Critical Network Security System SDN – SDN network security system for basic infrastructure. Project co-financed by the National Center for Research and Development under the programme for national defense and security entitled “Development of universal, breakthrough technologies for national security and defense”.
