Papers by Alberto Stefanini
ESSENCE – Emerging Security Standards to the EU power network controls and other Critical Equipme... more ESSENCE – Emerging Security Standards to the EU power network controls and other Critical Equipment has been a research project funded by the European Union under the CIPS EU program aiming at evaluating costs and benefits of applying emerging security standards to the European power grid controls systems, based on two case studies.
Throughout 2012-2014, the ESSENCE project performed a study in order to evaluate these costs and benefits on a rational base. To our knowledge this exercise has never been performed again so, although not updated, the results represent a unique source for cost benchmarking.
This document is an appendix to “Evaluating the Prudency of Cybersecurity Investments: Guidelines for Energy Regulators” and is intended to explain the background of some information included in the guidelines.
This paper overviews ongoing experiments on a digital edition of Archilochus which is based on th... more This paper overviews ongoing experiments on a digital edition of Archilochus which is based on the readings, translations and comments by Nicolosi [1] and also integrates feedback and requirements from the Digital Classics community. The experiment encompasses a few fragments of the poet of Paros, so as to provide a mock-up of the prototype for evaluation by its intended end-users, in view of developing a fully fledged digital edition. The mock-up provides the philologist with a set of resources and tools that ease a critical appraisal of the text. KEYWORDS Digital methods in the humanities Interfaces and user-friendly data presentation
In recent years, both Europe and America have experienced a significant number of major blackouts... more In recent years, both Europe and America have experienced a significant number of major blackouts. This report specifically focuses on events that affected Europe and North America during 2003 and provides a detailed analysis by critical comparison, where available, of diverse and authoritative information sources. The main information sources used include UCTE, Eurelectric, national and international investigation committees like the joint US-Canada investigation committee on the North East blackout, the UCTE Investigation Committee on the 28 September blackout in Italy, the British, Danish, Italian, French, Swedish and Swiss authorities reports, etc).
The paper provides a conceptual framework for assessing the security risk to power systems assets... more The paper provides a conceptual framework for assessing the security risk to power systems assets and operations related to malicious attacks. The problem is analysed with reference to all the actors involved and the possible targets. The specific nature of the malicious attacks is discussed and representations in terms of strategic interaction are proposed. Models based on Game Theory and Multi Agent Systems techniques specifically developed for the representation of malicious attacks against power systems are presented and illustrated with reference to applications to small-scale test systems.
In recent years, both Europe and America have experienced a significant number of huge blackouts,... more In recent years, both Europe and America have experienced a significant number of huge blackouts, whose frequency and impact looks progressively growing. These events had common roots in the fact that current risk assessment methodologies and current system controls appear to be no longer adequate. Beyond the growing complexity of the electrical system as a whole, two main reasons can be listed: • system analysis procedures based on these methodologies did not identify security threats emerging from failures of critical physical components; • on-line controls were not able to avoid system collapse.
This report provides a state-of-the-art of the technology on both regards.
Lecture Notes in Computer Science, 2008
International Journal of Critical Infrastructures, 2008
This paper analyses the impact of information and communication technologies upon the security of... more This paper analyses the impact of information and communication technologies upon the security of networked infrastructures, making specific reference to the situation of the electric power sector. It discusses the lessons learnt from the recent blackouts, and concludes with ...
Electric Power Systems Research, 2011
... Keywords: Security assessment; Cybersecurity; Power plant security; Critical infrastructures.... more ... Keywords: Security assessment; Cybersecurity; Power plant security; Critical infrastructures. Article Outline. 1 ... failures). For instance this state can be caused bya short circuit inside the generator, a failure of the turbogas, etc. The ...
International Journal of Man-Machine Studies, 1987
Abstract Monitoring and malfunction diagnosis of complex industrial plants involves, in addition ... more Abstract Monitoring and malfunction diagnosis of complex industrial plants involves, in addition to shallow empirical knowledge, knowledge about plant operation, also deep knowledge about structure and function. This paper presents the results obtained in the ...
variations, 1989
The difficulties-encountered in applyin g knowledge-based system technology to comple x industria... more The difficulties-encountered in applyin g knowledge-based system technology to comple x industrial environments have made the need fo r representing and using deep knowledge abou t physical systems increasingly clear to system designers. A rather large ...
In Proceedings, IJCAI-85, 1985
Proc. ECAI-86. Brighton, United …, 1986
Books by Alberto Stefanini
This document is an appendix to “Evaluating the Prudency of Cybersecurity Investments: Guidelines... more This document is an appendix to “Evaluating the Prudency of Cybersecurity Investments: Guidelines for Energy Regulators”. It presents a case study of the real approach adopted by a European Regulator to tackle the problem of the cybersecurity stance of the power system.
EU countries (and the individual states in the U.S.) have adopted different regulatory strategies; some of them are still in an early phase of initial prospection on the problem. In that context, the Ofgem (UK) experience is a very interesting example, because its process to establish a comprehensive regulatory approach for cybersecurity is at a very advanced state. The Office of Gas and Electricity Markets (Ofgem), supporting the Gas and Electricity Markets Authority (GEMA), is the government regulator for the electricity and downstream natural gas markets in Great Britain. We will review here some recent updates concerning cybersecurity. As Ofgem is still working on the legislation for the next regulatory period (called RIIO-22 starting in 2021 for all the sectors except Electricity Distribution which will start in 2023), our analysis covers the main principles used and the process of consultation with the stakeholders.
As stated in the conclusion of the guidelines, several tools and approaches may be adopted while designing a cybersecurity regulation, but it must be clear that no turnkey solutions are available. The guidelines suggest that the contents and features of the regulation should be defined not through a one-step decision, but through a process, including for each step the collection of information, the consultation of relevant stakeholders, and time for internal reflection. For this reason, it is interesting to show an example of this process, even though it is not yet concluded.
Uploads
Papers by Alberto Stefanini
Throughout 2012-2014, the ESSENCE project performed a study in order to evaluate these costs and benefits on a rational base. To our knowledge this exercise has never been performed again so, although not updated, the results represent a unique source for cost benchmarking.
This document is an appendix to “Evaluating the Prudency of Cybersecurity Investments: Guidelines for Energy Regulators” and is intended to explain the background of some information included in the guidelines.
This report provides a state-of-the-art of the technology on both regards.
Books by Alberto Stefanini
EU countries (and the individual states in the U.S.) have adopted different regulatory strategies; some of them are still in an early phase of initial prospection on the problem. In that context, the Ofgem (UK) experience is a very interesting example, because its process to establish a comprehensive regulatory approach for cybersecurity is at a very advanced state. The Office of Gas and Electricity Markets (Ofgem), supporting the Gas and Electricity Markets Authority (GEMA), is the government regulator for the electricity and downstream natural gas markets in Great Britain. We will review here some recent updates concerning cybersecurity. As Ofgem is still working on the legislation for the next regulatory period (called RIIO-22 starting in 2021 for all the sectors except Electricity Distribution which will start in 2023), our analysis covers the main principles used and the process of consultation with the stakeholders.
As stated in the conclusion of the guidelines, several tools and approaches may be adopted while designing a cybersecurity regulation, but it must be clear that no turnkey solutions are available. The guidelines suggest that the contents and features of the regulation should be defined not through a one-step decision, but through a process, including for each step the collection of information, the consultation of relevant stakeholders, and time for internal reflection. For this reason, it is interesting to show an example of this process, even though it is not yet concluded.
Throughout 2012-2014, the ESSENCE project performed a study in order to evaluate these costs and benefits on a rational base. To our knowledge this exercise has never been performed again so, although not updated, the results represent a unique source for cost benchmarking.
This document is an appendix to “Evaluating the Prudency of Cybersecurity Investments: Guidelines for Energy Regulators” and is intended to explain the background of some information included in the guidelines.
This report provides a state-of-the-art of the technology on both regards.
EU countries (and the individual states in the U.S.) have adopted different regulatory strategies; some of them are still in an early phase of initial prospection on the problem. In that context, the Ofgem (UK) experience is a very interesting example, because its process to establish a comprehensive regulatory approach for cybersecurity is at a very advanced state. The Office of Gas and Electricity Markets (Ofgem), supporting the Gas and Electricity Markets Authority (GEMA), is the government regulator for the electricity and downstream natural gas markets in Great Britain. We will review here some recent updates concerning cybersecurity. As Ofgem is still working on the legislation for the next regulatory period (called RIIO-22 starting in 2021 for all the sectors except Electricity Distribution which will start in 2023), our analysis covers the main principles used and the process of consultation with the stakeholders.
As stated in the conclusion of the guidelines, several tools and approaches may be adopted while designing a cybersecurity regulation, but it must be clear that no turnkey solutions are available. The guidelines suggest that the contents and features of the regulation should be defined not through a one-step decision, but through a process, including for each step the collection of information, the consultation of relevant stakeholders, and time for internal reflection. For this reason, it is interesting to show an example of this process, even though it is not yet concluded.