Opendata, web and dolomites

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - YAKSHA (Cybersecurity Awareness and Knowledge Systemic High-level Application)

Teaser

The YAKSHA: Cybersecurity Awareness and Knowledge Systemic High-level Application project consortium consists of 13 partners from 10 European and Southeast Asian countries, which provides an important opportunity for these partners to engage, collaborate, and implement a...

Summary

The YAKSHA: Cybersecurity Awareness and Knowledge Systemic High-level Application project consortium consists of 13 partners from 10 European and Southeast Asian countries, which provides an important opportunity for these partners to engage, collaborate, and implement a project with a relevant impact in both regions.

YAKSHA emerges from the recognition that information is as an enabling factor for developing economies and society. However, countries from the ASEAN region, particularly those classified as low and middle income countries, have long been subject to several cybersecurity issues and are exposed to specific risks, ranging from data breaches to intentional intrusions by adversaries.

Thus, while progress has been made in Southeast Asia in the adoption of ICT solutions to combat cybersecurity threats, there is also an opportunity to leverage existing know-how and establish partnerships to develop new and tailored cybersecurity solutions.

With this in mind, the overarching objective of YAKSHA is to reinforce EU-ASEAN cooperation and the building of partnerships in the cybersecurity domain by developing a solution tailored to specific user and national needs, supported and leveraging EU know-how and local expertise. YAKSHA will develop and introduce the innovative concept of honeypots-as-a-service, which will greatly enhance the process of gathering threat intelligence. It will enhance cybersecurity readiness levels for end users, help prevent cyber-attacks, mitigate cyber risks and better govern the whole cybersecurity process.

Work performed

The project carried out an extensive review of the cybersecurity context and status in the EU and ASEAN with the objective of identifying and analysing relevant opportunities for developing new technological solutions that can support and improve the later regions’ cybersecurity status. The review provided an understanding of the two regions’ regulatory frameworks, best practices, existing solutions and ongoing initiatives. In parallel, the project mapped over 300 actors from the European and Southeast Asian cybersecurity ecosystem. Complementarily, the project organised three co-creation workshops in Southeast Asia (i.e. Malaysia, Vietnam and Thailand) in order to develop a common vision and roadmap for these countries’ cybersecurity ecosystems. The workshops were attended by 75 participants from these countries, enabling a relevant discussion on the future of cybersecurity in the three countries.

From a technological and development perspective, the project also carried out various activities, initially related to data collection. Specifically, the project defined the methodology to collect data. The methodology establishes a baseline of activities that help determine what data YAKSHA has to collect, what methods and tools to adopt for data collection, and what reference architecture design is suitable for data collection, management and processing. In parallel, the project also defined the ontology to be used to store the information from the honeypots, and standards to be used to ensure interoperability. Lastly, the project has focused on researching new methods for malware detection and collection, as well as to measure impact. Among other results, this effort has led to the development of four scientific publications.

Still at the technological level, in this period the project began the development of the YAKSHA technology, which has, in this period, resulted in two versions: Prototype and Beta Version. Specific activities included the development of the sandbox environments required to trap malware and to monitor their actions, as well as the development of the process to automate the deployment of honeypots and collect information. In parallel, a database was developed that is used to store the information collected by the honeypots, based on the already defined ontology. Furthermore, a data analytics correlation engine has been developed, which analyses dynamic/behavioural aspects of malware, correlates similarity of behaviour of malware samples, among others. Lastly, the project has initiated the system integration, which has led to the development of the testbed for trialling the currently available version.

With the YAKSHA solution already in a mature state, the project also began the planning of three pilots with different use cases: Greece, Malaysia and Vietnam. Trial protocols were defined for the three pilots, followed by the actual pilot planning. Pilot deployment began at the beginning of M18.

The success of the project is dependent on an effective dissemination and communication of the project to ensure maximum awareness, which has been carried out since the beginning of the project. Interaction with stakeholders is also a critical aspect of the project, namely for the uptake and sustainability of the YAKSHA solution in the future. The position of Ambassador has several responsibilities and advantages, including early access to the final solution. Specific activities have been organised to recruit Ambassadors, as well as to inform them about the project. Future activities will include face-to-face interactions, namely during two end-user events that will take place in the second period of the project (November 2019 and April 2020). Thus far, 36 Ambassadors have been recruited covering various Southeast Asian countries. During this period, the project organised a Business Model Workshop to understand the potential business scenarios for the YAKHA solution, namely from the perspective of Malaysi

Final results

In the next 12 months of the project, one of the main results to be achieved is the finalisation of the YAKSHA system integration and delivery of the Final version of the software. This version will take into account results of the pilots that are already ongoing, having started at the end of the present reporting period. Results from the pilots will provide inputs towards the development and fine-tuning of the Final version, thus contributing to a solution that responds to a wider range of end users’ needs. Related to this result, it is expected that a detailed business scenario for the software be defined, ensuring that it is well exploited and contributing to the sustainability of the project.

By the end of the project, YAKSHA expects to reach the target value of 100 Ambassadors from different Southeast Asian countries. The YAKSHA Ambassadors are potential end-users and re-sellers of the YAKSHA solution. The continuous involvement of Ambassadors in the project is crucial for the exploitation of the YAKSHA software, as they are the local ASEAN region representatives who have access to a wide network of other stakeholders and potential clients.

In addition to these key results, YAKSHA will continue to develop research on novel methods in malware detection and collection, as well as impact assessment, thereby contributing to advances in the current state of the art in these two areas.

With regard to impact, the efforts in raising awareness and disseminating YAKSHA have already proved successful. External stakeholders/ organisations have already shown interest in testing the YAKSHA software on their own premises. The possibility of expanding testing outside of the core project team will be examined in the second period of the project.

Website & more info

More info: https://project-yaksha.eu/.