D2.6 CIPSEC Evaluation plan

Implementing complex security solutions, such as the CIPSEC framework, may require a lot of effort. In order to justify implementation of the framework, to allocate different tools and to provide a full picture of the security level of the tested environment as well as offered mitigation, comprehensive security assessments of the critical infrastructure must be carried out both before and after the deployment of the solution. This deliverable presents a methodology and tests to evaluate the security level of critical infrastructures. In addition, this deliverable presents the CIPSEC solution deployment and the prototype building phases that has been designed to demonstrate the CIPSEC framework.

It should be emphasized that the purpose of the security evaluation, as described in the methodology section, is to evaluate the overall security stance of the critical infrastructure.

The security evaluation process is mostly carried out in a white-box approach, consists of an in-depth assessment of 11 different categories which are detailed in the document, and produces three main products:

  1. List of findings. Each finding is rated according to a risk level, which is determined by the potential impact factor and the likelihood factor.
  2. Recommendations. Some of the recommendations are expected be covered by deploying the CIPSEC framework (as presented in the document).
  3. Numerical indicators, called KPIs (Key Performance Indicators). Besides acting as a metric to evaluate the CI’s security stance, the KPIs will allow us to enumerate all the areas where the CIPSEC package will be of assistance.

Another topic presented in this deliverable is the CIPSEC prototype. At this present stage [M24], the prototype integrates Atos CyberAgent and XL-SIEM, Bitdefender Gravity Zone, Forth Honeypot tool, WOS DoSSensing, and further integration of AEGIS forensics tool is on the verge of implementation. Events from Empelor’s Secocard has been integrated within the framework, however physical tests are still pending. We have achieved first interim outcomes for Unified CIPSEC dashboard. Several technical attacks, which are expected to be detected or prevented by the CIPSEC solutions, are presented in the appropriate section. The final phase of the prototype should contain all of the CIPSEC framework components, and is due to M32 (December 2018).

Additionally, this deliverable presents the detailed process of the CIPSEC solution deployment. The installation of each of the products is described thoroughly, as well as the training platform and the updating platform.