The new IoT/Fog/Cloud platforms bring clear advantages in the functionalities that can be implemented for the electricity and energy sector. Therefore, also for these platforms the need arises to study tools capable of evaluating and directing the development of security aspects.

In continuity with the work started last year, this year the security specificities of these emerging architectures have been evaluated. In particular, the use of the Internet as a communication network has been considered, focusing on some specific application cases. In fact, the controlled devices and the ICT infrastructure are often not sufficiently protected and require adequate measures. The implementation of the secure platform, the study of which began last year, has been extended by integrating additional security measures of both a preventive and defensive nature and the impact on the performance of the security solutions adopted in infrastructure including different technological choices has been evaluated. In order to test the effectiveness of the implemented protection measures with respect to hostile actions, specific attack scenarios for emerging architectures have been studied and developed.

A further contribution described concerns the development of tools capable of promptly identifying any operating anomalies in ICT infrastructures, whether malicious or accidental, in order to activate adequate defense and contrast measures. In particular, some solutions based on artificial intelligence techniques have been taken into consideration. By analyzing the steps that the attacker follows in the process that leads to the compromise of the service, the measurable quantities and parameters that allow the presence of operating anomalies in the ICT infrastructure have been highlighted. Tools such as Bayesian networks and decision networks prompted the development of models for the evaluation of the anomaly occurrence probability and the influence of each element in said anomaly occurrence. The use of techniques based on Machine Learning and Deep Learning opened the path to the analysis of attack processes with a high success probability, with a view to their timely detection.

Progress has also been made in developing tools suitable for the real-time and offline collection of events and evidence on the operating status of ICT infrastructure.

A preliminary platform for the emulation of attack processes has also been developed, in particular for Information Technology aspects, preparing it for the integration of aspects more closely linked to Operation Technology .