D2.5 Final Version of the CIPSEC Unified Architecture and Initial Version of the CIPSEC Framework Prototype

Summary:

This deliverable is the final outcome of T2.1. Throughout this task the Consortium has addressed, taking into account the technical and business requirements coming from WP1 and WP5, the design of the CIPSEC Framework, the definition of the reference architecture and the integration activities leading to an initial version of the CIPSEC Framework prototype.

The deliverable covers three main topics: firstly, it documents the final version of the reference architecture, which was refined after being first published in D2.2 (M18). Secondly, it offers technical details regarding the first software release of the CIPSEC platform, i.e. the initial version of the CIPSEC Framework prototype. Finally, it addresses two important methodology aspects: the guidelines to be followed to integrate the components and the CIPSEC Framework extension, taking the architecture as a starting point.

Regarding the final reference architecture and considering the feedback obtained from the pilots’ activity in WP3, we have slightly refined the design of the top layers, offering architectural principles for open extensions in the bottom layer. These principles lead to a general reference architecture in which the core of the framework could be integrated in most CI scenarios and provide a way for new tools/services (either legacy or future ones) to easily be integrated, in case that new security requirements arise that would not be covered by the currently available tools/services.

Concerning the first release of the software components, the chosen approach considers in the first place the CIPSEC core components. These are responsible for the delivery of valuable information to the critical infrastructure operator, thanks to the processing of the cybersecurity-related information gathered by the collectors deployed on the client infrastructure. In the second place, it provides extensive information about the collectors themselves and the interplay with the core components is described with plenty of technical details.

As for methodology, since the CIPSEC framework can be adapted to many different types of CI with different security requirements, CIPSEC proposes in this document a flexible extension methodology in a way that new components can be added to the acquisition layer. Future events from sensors, services or security data can be monitored, enhancing the detection layer with new sources of information that would improve the detection of threats or attacks, or would enable the detection of new ones. As a result of this extension methodology, this section also includes a comprehensive chapter dedicated to events taxonomy considered in CIPSEC. Regarding integration, the deliverable also contains a discussion about the compliance feasibility of the integration of each CIPSEC component within CI environment. Within this discussion, we assess the requirements for a framework which deals with improving critical infrastructure cybersecurity and justify how it covers and complies with the requirements.

The results presented in this report, together with those presented in Deliverables D2.1 [M12] and D2.2 [M18], correspond to the main results of the CIPSEC WP2 - T2.1(“CIPSEC security framework design, integration and optimization”). These results will guide the deployment activities, as well as the design and implementation of the composite test scenarios developed in WP4.