D3.9 Complete Complexity Analysis

This deliverable reviews CIPSEC architecture (general solution) and compares the tailor-made CIPSEC solution (particular solution) against security solutions which are based on individual products. This deliverable is part of WP3, which concerns with integration of the CIPSEC solution to the pilot CIs.

The document begins with a high level description of the general solution (the reference architecture), which consists of the all the framework components. Subsequently, we review the tailor-made CIPSEC solution (particular solution). The particular tailor-made solution varies between different deployments and critical infrastructures sectors, and contains several customizations compared to the generic CIPSEC framework architecture. The document describes these adjustments, which can be roughly divided into two categories: customization or removal of CIPSEC components, and plugging additional security solutions.

When comparing the customized CIPSEC solution against installation of individual products, several major advantages are shown: seamless integration, lower overall complexity, CI focus, relevant services and preferable technical support.

The next section defines a methodology for determining the appropriate customization to the CIPSEC based solution. In a nutshell, the implementer should analyze the specific security requirements of the CI, and decide which adjustments should be made according to the requirements and a specific complexity assessment. Performing significant adaptation to the generic solution may provide better security coverage, that is tailored to the specific CI’s security needs, but it may require a trade-off in the complexity perspective. Afterwards, we present examples of particular customizations, and to which organizations they are expected to suit. Lastly, we describe the adjustments that were actually chosen for the pilot case studies.

The document concludes with two major insights. First, the CIPSEC framework is flexible enough to fit any critical infrastructure after tailoring and customizing it according to the particular needs and characteristics, as presented with potential examples as well as actual examples taken from the pilots. Secondly, we can spot several advantages of the CIPSEC solution compared to an individual products deployment, as mentioned above.