D2.2 reports the reference architecture that has been designed in CIPSEC for the protection of critical infrastructures against cybersecurity threats. The design process follows an exhaustive methodology that feeds from the context analysis carried out in WP1 (critical infrastructure requirements and commonalities, market analysis, etc.). D2.2 also feeds from the initial system design created in D2.1. The architecture has been designed with a process where the level of granularity of the design is progressively increased, adding details and components that fulfil the expected requirements. To this end, the design methodology starts with an analysis of the management of data in critical infrastructures, which has been used to define a data lifecycle. This data lifecycle is used for the creation of a high-level architecture, which consists of a layered model where data flows from its acquisition from the critical infrastructure elements (network, devices, sensors, etc.) to the analysis and processing of such information to generate reports, recommendations and contingency plans are presented to the system admin staff. This high-level architecture is presented in detail, with an additional level of granularity, defining components for every layer and its interactions, resulting into the CIPSEC reference architecture. The components and interactions have been defined by using:
- The security requirements and commonalities specified in WP1
- The characteristics of the CIPSEC tools and services provided by CIPSEC partners and reported in D1.2 and D2.1
- The foreseen extensions to such tools and services
The CIPSEC reference architecture has also been mapped to the tools and services from CIPSEC partners. This mapping will guide the implementation of the prototype and the three pilots to be developed in CIPSEC (that will be defined and done in WP3). The architecture is envisioned to be flexible and extensible, so that additional services and tools can be plugged to any layer of the CIPSEC architecture (for example, to retrieve new types of data from the acquisition layer).
This deliverable also details the role of every tool within the CIPSEC architecture. To this end, the interactions between components are defined, including also the information exchanged. This deliverable also describes the potential extensions that these tools require to cover the features and requirements expected in CIPSEC. Similarly, CIPSEC services are also described in terms of their integration within the CIPSEC architecture. Further details about CIPSEC services are given in deliverable D2.4.