Quantification of Dependencies in Electrical and Information Infrastructures: the CRUTIAL approach * Marco Beccuti, Giuliana Franceschinis Dip. di Informatica, Univ. del Piemonte Orientale, Italy {beccuti, giuliana}@mfn.unipmn.it Susanna Donatelli Dip. di Informatica, Univ. di Torino, Italy susi@di.unito.it Silvano Chiaradonna, Felicita Di Giandomenico ISTI Department, CNR, Italy {chiaradonna, digiandomenico}@isti.cnr.it Paolo Lollini Dip. di Sistemi e Informatica, Univ. di Firenze, Italy lollini@unifi.it Giovanna Dondossola, Fabrizio Garrone Power Systems Development, Department CESI Ricerca, Italy {dondossola,garrone}@cesiricerca.it Abstract In this paper we present the CRUTIAL approach to model and quantify (inter)dependencies between the Elec- trical Infrastructure (EI) and the Information Infrastruc- tures (II) that implements the EI control and monitoring sys- tem. The quantification is achieved through the integration of two models: one that concentrates more on the structure of the power grid and its physical quantities and one that concentrates on the behaviour of the control system sup- ported by the II. The modelling approach is exemplified on a scenario whose goal is to study the effects of a II par- tial failure (a denial of service attack that compromises the communication network) on the remote control of the EI. 1. Introduction This paper describes the approach that has been pur- sued in the European project CRUTIAL [9] to use stochas- tic modelling techniques to model and quantify interdepen- dencies in the Electrical Power Systems (EPS). The main challenge for CRUTIAL is to make power control resilient in spite of threats to their information and communication infrastructures. Considering the crucial role of control sys- tems in governing the quality and the stability of the elec- tric power service, it is considered of great importance for the utilities operating the infrastructures to have tools for analysing threat impacts and technologies for avoiding, or * Acknowledgements: This work has been partially supported by the European Commission (project IST-4-27513 CRUTIAL) limiting, most serious consequences. The project focuses on the electrical infrastructure (EI) and the information in- frastructures (II), by considering different topology realms and different kinds of risk. CRUTIAL addresses a num- ber of problems in the field, in particular architectural so- lutions have been devised to make EPS more resilient to cyber attacks and testbeds have been implemented to check the proposed solutions on contexts that emulate, on a nec- essarily small scale, the EPS behaviour. In order to master the complex mechanisms of global failures, particular focus was put on the study and modelling of the types of failures that are characteristic of interdependent critical infrastruc- tures. Although the modelling of such failures has received increasing interest in the last years after the large blackouts of electric power transmission systems in 1996 and 2003, there is still no definite understanding on EPS interdepen- dencies, and on the techniques to evaluate the the impact of cascading, escalating and common cause failures. The effort of CRUTIAL has addressed a number of sce- narios, mainly patterns of interaction between II and EI. In this paper the most critical scenario described in [13] has been selected for experimenting with the CRUTIAL Mod- elling Framework. This scenario explores the security of the communications between the Transmission and Distri- bution System Operators under emergency operating condi- tions, assessing the possible cascading effects of ICT threats to the communication channels connecting the TSO and the DSO Control Centres (TSO CC and DSO CC respec- tively) and the Substation Monitoring Control and Defence Terminal Units (MCD-TUs). Cyber attacks carried out un- der emergency conditions, when defence actions have to be performed under strict real time constraints, can cause se-