This post was written by Sotiris Ioannidis, Principal Researcher at the Institute of Computer Science of the Foundation for Research and Technology - Hellas, and CIPSEC Project Scientific & Technological Committee Coordinator
Heraklion, Jan. 31st
Critical Infrastructures are currently evolving to the main role of providing services to public/private bodies and citizens. Governmental services are offered through such infrastructures to citizens for daily operations or for cross-country collaborations. Common services provisioned to hundreds of millions of people every day (e.g. health and transportation) are supported by automated systems heavily based on ICT technologies. Markets’ financial transactions which are vital for companies, industry and countries as a whole are also supported by such systems. ICT enabled Critical Infrastructures are the vehicle for many domains of life to grow globally but they also bring with them traditional pathogeneses related to security and privacy of data and services. Traditional SCADA and ICS (Industry Control System) are autonomous, isolated and usually have specific threats to deal with. Those are mainly caused due to software/hardware failures and intentional or unintentional personnel activities.
The CIPSEC project, with its three pilot activities related to Transportation, Health and Environmental sensors (represented by respective members within the CIPSEC consortium), addresses all security and privacy related aspects needed to better detect, identify and mitigate threats initially for the pilot domains as well as for other domains. Critical Infrastructure domains are closely interconnected, while the CIPSEC framework with domain-specific transformations could be appropriately applied to other CI domains as well.
From a scientific point of view, a broad area of security and privacy issues are raised, explored and addressed. Critical Infrastructures, among other, include autonomous systems, integrated circuits, interlocking systems, embedded systems, IoT, sensors, various types of communication networks, sensitive data, security policies, policy management systems (PDPs and PEPs: Policy Decision Points and Policy Enforcement Points) and many more subsystems. These CIs, when ICT enabled, are vulnerable to cyber-attacks and threats.
CIPSEC has already identified 9 security requirement categories for the three pilot cases (Deliverable 1.2 - Report on Functionality Building Blocks ) that aggregate common security requirements that will be mapped directly into appropriate CIPSEC security blocks under design. These categories are: Anomaly detection and SIEM, IT Network and DDoS protection, Malware Resistance – Antimalware protection, Strong Security – Hardware Security, Forensics Analysis, Secure Communications, User and Device Authentication, OT Network Protection, Data Anonymization and Privacy.
The CIPSEC consortium brings together extensive experience in the field of security and privacy and will address all those aspects with CI domain-specific extensions and disseminate the results to the academia and industry.
CIPSEC project results receive funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700378.
The opinions expressed and arguments employed in this publication do not necessarily reflect the official views of the Research Executive Agency (REA) nor the European Commission.