The second year of the CIPSEC project is coming to an end on April 30 and with many new milestones to have been successfully achieved. A brief report of the main achievements since our last newsletter published in September 2017 is presented here split into two main sections, dissemination activities and technical advances.DISSEMINATION PERSPECTIVE Blog
6 new CIPSEC blog entries have been released with monthly periodicity:
- "When IT and OT Collide" by COMSEC
- "Critical Infrastructure Security Starts with Endpoints" by Bitdefender
- "Aspects on end to end and link encryption" by Empeloros
- "Introduction to Digital Forensics" by AEGIS
- "Most common attack vector over Critical Infrastructures" by ATOS
- "Private data in Critical Infrastructures: a security threat or a business opportunity?" by WoS
Tutorial videos from the 1st CIPSEC Critical Infrastructure Protection Training Session held in Heraklion on July 3rd, 2017 have been uploaded to YouTube:Liaisons and related events
During the duration of the project, CIPSEC has established new liaisons with the projects: Cyberwatching ,SMESEC, ReCRED and SAINT. A summary of these fruitful collaboration activities are the following:
- CIPSEC was included in the Cyberwatching catalogue of services .
- On 31st of January Ilias Spais from AEGIS presented the CIPSEC project in the H2020 clustering event organized by ReCRED with more than 16 project presentations.
- Manos Athanatos from FORTH have presented the CIPSEC project in the SAINT workshop on 20th of March:
- CIPSEC Fifth General Assembly Meeting. The meeting was held successfully in October, 2018 in Bucharest, Romania and was organized by Bitdefender.
- CIPSEC Sixth General Assembly Meeting. The meeting was held successfully in February 21-22, 2018 in Athens, Greece and was organized by AEGIS.
The 2nd CIPSEC Workshop International Workshop on Securing Critical Infrastructures (S-CI 2017) was organized by TUD in collaboration with UoP, in conjunction with the ARES EU Projects Symposium 2017. It was as a full day Workshop collocated with ARES 2017 conference: held in Regio Calabria on 29th of August 2017. The S-CI 2017 workshop technical program included two invited talks by CIPSEC members, Aljosa Pasic from ATOS and Christian Schlehuber from DB, as well as six peer reviewed research papers organized in two technical sessions.
The first CIPSEC review meeting, covering months 1-18 of the project, took place on November 22nd, at the Hospital Clínic de Barcelona (HCPB) in Barcelona. The review meeting was led by our Project Officer, assisted by an expert from the French Network and Information Security Agency, and an a researcher from the Escola Superior de Tecnologia de Viseu.
The consortium presented the progress and the milestones achieved during the first phase of the project to the EC, including an early prototype demo of the CIPSEC framework, which integrated a number of tools such as XL-SIEM (ATOS), antimalware tool (Bitdefender), Honeypot tool (FORTH), Forensics Visualization Tool (AEGIS) and DoSSensing Antijamming tool (Worldsensing). COMSEC acted as an attacker, performing numerous vulnerability tests like attacking well known exploitable bugs, uploading a malicious file to the web server and more in order to demonstrate how the CIPSEC framework can effectively detect the attempted attacks and visualise them through the XL-SIEM (ATOS). A demo specifically designed for the the health pilot was successfully carried out with the CIPSEC framework being able to detect attack attempts to assets like infusion pumps, security cameras and more.
Publication of six new conference papers:
- FORTH has a new paper accepted in ESORICS 2017 conference, “No Sugar but all the Taste! Memory Encryption without Architectural Support", presented in September 2017.
- TUD joint with DB have a new paper, “A Security Architecture for Railway Signalling”, in the SafeCom 2017 conference, presented on September 2017.
- UPC, joint with ATOS have an accepted paper, “An SDN-based Architecture for Security Provisioning in Fog-to-Cloud (F2C) Computing Systems”, presented in the Future Technologies Conference, FTC 2017 on November 2017.
- UoP has an accepted paper, “A Flexible Leakage Trace Collection Setup for Arbitrary Cryptographic IP Cores” to be presented in the IEEE International Symposium on Hardware Oriented Security and Trust 2018 (IEEE HOST 2018) on May 2018.
- UoP has an accepter paper, “Trusted Hardware Sensors for Anomaly Detection in Critical Infrastructure Systems”, to be presented in the 7th International Conference on Modern Circuits and Systems Technologies (MOCAST) on Electronics and Commuications 2018 on May 2018.
- TUD has an accepted paper, “A Detection Mechanism for Internal Attacks in P2P Streaming Systems”, to be presented in the IEEE WoWMoM 2018 conference on June 2018.
- Christos Liaskos, Sotiris Ioannidis, “Network Topology Effects on the Detectability of Crossfire Attacks”, IEEE Transactions on Internet Forensics and Security, Volume: 13, Issue: 7, July 2018, by FORTH.
On a yearly basis, the ATOS web booklet is released including updated information about the diverse research lines and related projects ATOS participates to. CIPSEC is a strategic project for the Research and Innovation area of ATOS, and it is reflected as such in this web booklet
TECHNICAL PERSPECTIVE Workpackages and milestones WP2
The main milestone of this workpackage is:
- First release: preliminary version of the CIPSEC security platform verified by means of deliverables D2.2-D2.3-D2.4 D2.2:
- D2.2. CIPSEC Unified Architecture First Internal Release
- D2.3: CIPSEC products integration on the Unified Architecture
- D2.4: CIPSEC services integration on the Unified Architecture
- The security requirements and commonalities specified in WP1.
- The characteristics of the CIPSEC tools and services provided by CIPSEC partners.
- The foreseen extensions to such tools and services.
Regarding the products integration in this architecture, the transformation from initial security products to the CIPSEC security products has been divided into two subsections/phases.
- Phase 1: Transformation (through innovation) from the initial form of the products and their state just before the beginning of the integration into the overall architecture. This phase includes the description of all applications, hardware and software modules/submodules, APIs etc. required to be modified to make each individual product “ready to integrate”.
- Phase 2: Transformation during/after the integration. This phase documents the innovation that each solution provider plans to introduce to his solution in order to be appropriately integrated it to the CIPSEC overall framework.
CIPSEC DASHBOARD In WP2 we have been also working on creating a unified dashboard. The main objectives of the CIPSEC dashboard are:
- To provide a unified, harmonised view of the CIPSEC framework.
- To integrate all the CIPSEC framework functionalities and heterogeneous products.
- To easy the usability of the CIPSEC framework.
In this workpackage we are still working in tasks T3.1, T3.2 T3.3 and T3.4 that started on February and June 2017 respectively, and a new task started on November 2017 namely, T3.5 Complexity analysis and policies definition.
The main milestone of this workpackage for this period have been:
- Preliminary report for pilots integration verified by means of deliverables:
- D3.1: Preliminary Pilot I Integration: Incident Discovery and Response for Railway use case
- D3.2: Preliminary Pilot II Integration: Hospital’s Operational Technology Management System use case
- D3.3: Preliminary Pilot III Integration: Air quality Monitoring System use case
- Understanding the pilot.
- A list of security features is accurately defined.
- Pilot providers choose the security features they believe suits them to their pilot’s device / resource, justifying their choice.
- Once the pilots defined their needs based on their assets, and the product providers analyzed how their products can provide the required security features, a matching between these two lists is generated, reporting any kind of tool modification required for its integration with the specific pilot.
- With the analysis of the coverage of security features by the products, the pilot owner can choose the products to be used to secure the critical infrastructure.
- The tool providers specify the hardware and software requirements each solution requires.
- The pilot analyses the feasibility of using the products on the infrastructure in question, according to the specs obtained in the previous step.
- The pilot proceeds to adapt their infrastructure to accommodate the solutions.
- Subsequently the pilot produces the final detailed definition of the infrastructure map with all the associated technical details.
- Both pilot and providers work together to determine how and where the different selected products are going to be deployed within the pilot infrastructure.
- Preliminary report on CI intra/interdependencies verified by deliverable:
- D3.4: CIPSEC Intra/Inter-dependencies Analysis Preliminary Report
WP4 started on November 2017. This WP focuses on the efforts required to build a working prototype to run on operational CI scenarios. In this sense task T4.1 Setup and configuration of the trials that started in November 2017, defines the details of different scenarios for the trial of the system framework; Task T4.2 Field configuration for pilot deployment started on January 2018, undertakes the preparatory actions for the field trial as well as the integration of the system modules for the pilot implementations.