Project Summary

The ExTrABIRE Project has the objective to evaluate the overall resiliency of the Internet infrastructure of a Member State and, more generally, to assess the impacts of a coordinated cyber-attack on its Internet infrastructure.The final aim of the Project is to develop a national Internet contingency plan that will include the identification of processes, procedures, organizational issues and technical countermeasures that Member States and private organizations should adopt and implement to mitigate threats to their Internet connectivity.

As we know, Internet has become pervasive and many critical services relies on it, and even governmental, financial and business organizations strictly depend on Internet performance. Due to its complex architecture, it is not always easy to monitor Internet traffic exchange and the impact of a failure of one or more nodes on the final users, citizens or organizations. Moreover, it is necessary to identify the critical nodes, e.g. the ones whose failure creates the higher impact on final users.

The idea behind this project is to start this analysis from the availability of a huge amount of data, acquired by CASPUR, a university consortium that owns one of the major network datacenters of central Italy, offering housing and colocation space to one of the Italian Internet Exchange Points, Namex, and a wide range of  national and international ISP Points of Presence. From the CASPUR network, it will be possible to perform a wide network data collection, following different objectives:

  • Analyze the real traffic exchange patterns;
  • Analyze the interdependencies among network nodes and links;
  • Analyze and correlate exchanged traffic to malicious events;
  • Identify network metrics for the evaluation of the resiliency of the entire network;
  • Model real-life attack scenarios against public administration services.

All these analysis will be used as input for the second phase of the project, which will aim at simulate the attack scenarios and evaluate their impact on the network infrastructure. The simulations will consider an all-hazard threat (meaning that the impact will be estimated independently by the threat’s origin, natural or man-made, terroristic or not). Thus, the overall objective of the simulations will be the evaluation and quantification of the impacts over the Internet infrastructure of an entire country (or just over a subset of the entire network, such as the public administration services), in case of a coordinated cyber-attack. As the first step analysis will rely on real data (though they will be sanitized to assure their anonymity), it will be possible to build realistic attack scenarios that will be tested through the simulations. Once the impacts are calculated, a detailed risk analysis will be performed, with the final objective to develop a detailed Contingency Plan, composed by procedures, processes and measures that have to be implemented in order to allow the continuity of Internet services in case of a real attack. All these steps will be performed following the best practices and international standards, in order to guarantee an entire coverage and a huge understanding of the issue. Finally, this approach will be generalized and exported to other Member States, and could be applied as a best practice for the protection of the public administration network infrastructures also at the Union level.

The expected results are a better knowledge of the criticalities of a national and international network infrastructure, an increased awareness of the security flaws for the community and the setup of a comprehensive contingency plan that can be adopted by Member States to mitigate the effects of an attack to the Internet. Thus, relevant outputs of the project will be the analysis and simulation’s results and the final contingency plan, that can be adopted also as a guideline for the development of more secure networks.