**4.2 Penetration testing**

Following the above assessment, another process that can be used as a tool for identifying vulnerabilities and assessing performance is Penetration Testing (PT). PT is a security testing process in which experts execute real but yet controlled attacks on systems and services to identify methods for circumventing the security features of an application, system, or network [44].

PT methodologies divide the process into four generic phases:

1.A planning phase, focuses on gathering available information on the target systems, as well as on potential methods of attacks, management approval and setting the groundwork for setting up attack strategies and attack scenarios.;

**139**

*Validation Strategy as a Part of the European Gas Network Protection*

gathering and scanning, and vulnerability analysis;

2.A discovery phase, which is broken down into two parts: information

3.An attack Phase, where the tester put in place the knowledge acquired in the previous phase. This phase contains the following substeps: (a) Gaining access, (b) escalating privileges, (c) System browsing, and (d) Install additional tools;

4.A reporting phase, where experts evaluate findings and propose corrective

KPIs typically enable the realization of technical systems towards tangible goals while serving as a benchmark for internal quality assurance. Indeed, KPIs are deemed as a measurable way to assess project's efficiency in reaching its key objectives and to evaluate the quality of the proposed technical solution(s). Through well-defined KPIs, the main areas to be tested, measured and validated during the

The SecureGas KPIs were defined in the early stage of the project so that they guide its targeted implementation. Preliminary activities, regarding user and system requirements identification as well as the CONOPS and HLRA definition, have already been completed providing valuable input to the KPIs definition task.

For the purposes of the SecureGas project, the KPIs were classified along two

a.SecureGas component KPIs, which reflect the key characteristics and functionalities offered by each SecureGas component and are applied for their

b.SecureGas Cross-KPIs, which reflect the key functionalities and the expected

Both the SecureGas component KPIs and the SecureGas Cross-KPIs establish the validation criteria to be measured during SecureGas pilot demonstrations. Although both KPI categories are equally important for the evaluation of objectives' fulfillment, this section emphasizes on the KPIs defined for the integrated SecureGas

The methodology adopted for the definition of the KPIs was built on a bottom-

Considering that KPIs depend on the end-users and stakeholders interested in the SecureGas system, the first step of the adopted methodology regarded their active engagement in the KPIs definition activities. This initiative had already started taking place through the definition of the user requirements (i.e. end-users needs and expectations from an integrated security system (such as the SecureGas system), as well as through dedicated stakeholders' workshops organized for the user requirements validation. The user requirements together with their external validation results shed light to those characteristics of the system that are deemed important by the end-users. In addition, information on the KPIs already applied by the end-users to assess the performance of their gas network daily operations allowed consortium partners to draft broad areas in which evaluations are

up rationale. The SecureGas component KPIs (low level KPIs) were initially defined. Then, drawing on that information, the SecureGas Cross-KPIs (high level KPIs) were derived. The procedural pathway followed for the identification of KPIs

*DOI: http://dx.doi.org/10.5772/intechopen.94644*

actions.

**4.3 Key performance indicators**

piloting activities are established.

performance evaluation;

system (i.e. SecureGas Cross-KPIs).

is depicted in **Figure 3**.

quality of the entire SecureGas solution.

main indicator types:

