Operationalizing Cyber-Physical Resilience for the Security and Integrity of Strategic Gas CI Installations

Introduction and Business Case framing

Business Case 3 (BC3) focuses on the cyber-physical resilience for the security and asset integrity of strategic gas installations. It addresses Production and Transportation assets (mainly Upstream to Midstream) with particular emphasis on import pipelines and connections with National Grids.

BC3 takes place in Italy and is owned by Eni SpA (see Figure 1). The Eni gas infrastructure to be used for the pilot test is a gas pipeline 16” ID section, long 100 km between Chivasso (TO) and Pollein (AO) in North Italy, managed by Eni Logistic Department. BC3 addresses the adaptation, customization, deployment, and testing of the High-Level Reference Architecture (HLRA) built upon the SecureGas system and the extended components. Different scenarios have been defined and will be applied in the pilot test to validate the results and evaluate the SecureGas solution, in an effort to combine security and resilience aspects across both upstream and midstream gas infrastructures.

The Business Case 3 describes different scenarios in order to address the following threats:

Third Party Interference and Leak Detection.

This scenario assesses the reliability of TPI (Intrusion, Impacts, Gas Leakage, Drilling, Digging) detection systems in different environmental conditions.

Early Warning of Landslides

Natural events like rainfall-induced debris-flows can impact the gas infrastructure causing serious consequences. Starting from detailed and quantitative rainfall forecast for the BC3 area, the early warning tool and its connections with the whole infrastructure will be tested.

Resilience of the OT/IT Network and the Forecast

Protection from cyber attack to SCADA systems are simulated in a dedicated Test Bed.

As result, SecureGas seeks to determine the best outcome among various choices, potential decisions and the interactions between decisions and ultimately prescribes an optimal course of action to be taken in real cases. The extended components involved in the BC3 are the following, organized according to the system architecure.


In the Field Layer for physical protection:

Provided by end-user ENI:

  • e-kmf™ (Eni Kassandra-meteo-forecast) provides meteorological high-resolution forecast modeling referred to the Alpine area. This information will be exploited by the GHZ component
  • e-vpms® is the technology developed and patented by Eni for the remote detection of leaks and third-party interference on fluid filled transportation pipelines


Provided by technical partners:

  • DAS (Distributed Acoustic Sensing): a fibre optic solution based to monitor the pipeline
  • GHZ (Geohazard Assessment) applied along a portion of the Chivasso-Aosta pipeline historically affected by debris flow phenomena
  • UAV composed by a smart docking station for deploy and operate UAV for automatic operations as survey, change detection or on-demand patrolling

In the Field Layer for cyber protection:


  • Cyber-events Simulator aimed at generating data related to cyber events not possible in real environment
    The extended component S&SP (Safety&Security Platform for Gas CI) is “splitted” on the HLRA in order to depict the roles of its sub-components. In addition to the sub-component Cyber-events Simulator:

In the Normalization Correlation Layer:

  • Cyber-physical Correlator acquires and correlates data source events generated in the field layer and identifies potential threats based on a list of rules set by skilled operators and rules originating from a machine-learning expert system


In the Situational Awareness and Diffusion Layer:

  • Decision Support makes a deep analysis of the provided data and events’ correlations establishing whether there is an undergoing attack and what type of mitigation measures and responses might be adopted. The component is positioned above the 2 two layers “Situational Awareness” and “Diffusion” because it incorporates a workflow aimed at involving and providing the necessary information to the public authorities.



  • Customization of technical components
    The above-mentioned components have been customized by the technical    partners in the application of the defined HLRA to Business Case 3, related to Eni  setup. In this phase, the customization focused on the interface of each component with the others and with l       egacy systems, mainly the legacy Eni Chivasso-Aosta pipeline.


  • System adaptation and infrastructure set up
    Infrastructure area for BC3 pilot demonstration is located between Aosta and Chivasso where ENI makes available a pipeline instrumented with the e-vpms® system and the Optic Fiber infrastructure exploitable for the DAS system.  The infrastructure set up involves the extended components provided by the technical partners together with the legacy systems.


  • Achieved field test activities
    First campaign took place in 5-9 Oct 2020. The scope of the campaign was to record signals from different field tests in order to tune and enhance the field layer systems (e-vpms® and DAS) in gas scenarios. Several  Third-Party Intrusion (TPI) tests and Leak Detection (LD) tests have been performed. The TPI tests simulate the intrusion on pipe and impacts on pipe shell.

Some pictures of TPI tests during the first SecureGas campaign

Leak Detection (LD) tests were performed to simulate a real fluid leakage due to a pipe corrosion-induced crack and/or third part intrusion.  The attacks to e-vpms® sensors were performed by disconnecting progressively the system components, the Power Supply and the communication systems during a Leak Detection test. The simulated attack is meant to prevent the e-vpms® system from issuing alarms, caused by Third-Party Interference actions jeopardizing the asset.

The registered signals will be reprocessed after calibration and the results will be the triggering of alarms and notifications due to the different physical threats.


  • Other remote activities on-going
    Other activities are carried out remotely: they focus mainly on the verification of  interface and  connectivity check between components.
  • Second field test campaign
    The second field campaign will deploy and test the whole SecureGas HLRA over the above-mentioned scenarios. This will result in the deployment of an advanced technological solution, integrated as far as possible into operations and evaluated by the business case owner during the pilot activities. The second campaign will take place in the second half of May: it has been postponed in order to let all the technological providers to be on field.


  • SecureGas BC3 demonstration
    The Business Case demonstration is planned for the week 7-11 June with technological providers and external stakeholders. In that context, SecureGas partners and external stakeholder will evaluate the result of the demonstrated Business Case through dedicated questionnaires.





SecureGas will provide a better situational awareness about the integrity of the gas pipeline, providing methodologies, tools and guidelines to secure existing and incoming installations and make them resilient to cyber-physical threats.