The main goal of RESISTO is to improve risk control and resilience of modern Communication CIs, against a wide variety of cyber-physical threats, being those malicious attacks, natural disasters or even unexpected faults.In order to achieve the above goal the following...
The main goal of RESISTO is to improve risk control and resilience of modern Communication CIs, against a wide variety of cyber-physical threats, being those malicious attacks, natural disasters or even unexpected faults.
In order to achieve the above goal the following objectives are foreseen:
• Help managers of Communication CIs to guarantee improved business and asset continuity, delivering an innovative platform for optimized decision support in the face of physical, cyber and combined cyber-physical.
• Develop an Integrated Risk and Resilience analysis and management tool, that takes account of cyber and/or physical threats and disruptions jointly at the level of telecommunication service functions and performance functions.
• Provide, experiment and assess a suite of innovative cyber/physical security solutions for prevention, protection, detection and reaction that can deliver unprecedented cost-effective performances in a holistic technology framework.
• Support a progressive adoption path for the RESISTO platform and services through extensive validation in relevant use cases.
• Contribute to the European Programme for Critical Infrastructure Protection and to the objectives of the Cybersecurity Strategy of the European Union.
Communications play a fundamental role in the economic and social well-being of the citizens. Nowadays, most of existing CIs rely on communication infrastructures for their operations. Therefore they are a primary target for cyber-criminals. The same arguments hold true for physical attacks and even more coordinated cyber-physical events. But also extreme weather events and natural disasters represents a challenge due to their increase in frequency and intensity. That requires smarter resilience of the Communication CIs, which are extremely vulnerable due to the ever-increasing complexity of the architecture also in light of the evolution towards 5G, the extensive use of programmable platforms and exponential growth of connected devices (IoT). The fact that most enterprises still manage physical and cyber security systems independently represents a further source of vulnerability.
RESISTO platform is an innovative solution for CI holistic (physical/logical) situation awareness and enhanced resilience. Based on an Integrated Risk and Resilience analysis management, RESISTO implements an innovative Decision Support System to protect from combined cyber/physical threats, exploiting cyber/physical data improved correlation, integrated threat propagation modelling, and the Software Defined Security model. It provides state of the art security components and services for detection and reaction: Blockchain for data integrity, Machine Learning for threat Intelligence, IoT Security and smart spectrum surveillance for physical security, enhanced and holistic video-audio analytics for improved situational awareness, Airborne threat detection for malicious UAV prevention, vulnerability assessment and 0-day attack analysis services for attack prevention and mitigation.
Through RESISTO, Operators will be able to select and adopt a set of mitigation actions and countermeasures that significantly reduce the impact of negative events in terms of performance losses, social consequences, and cascading effects, by efficiently restoring full operational status.
Work performed during the first year (reporting period M1-M12) can be summarized on two main branches.
On a first branch a set of activities have been addressed to collect knowledge elements and state-of-the-art about different subjects relevant to RESISTO purposes, select those applicable to RESISTO project, apply them to RESISTO components development/adaptation. It belongs to this branch tasks addressing cyber-physical threat risk scenarios, telecommunication system models and interfaces, methods for cyber-physical security management for telecom Critical Infrastructures (CIs), Damage/Vulnerability models for physical and cyber threats of telecom CIs, Active and Passive Sensor Definition, Countermeasures definition.
On the other branch system engineering activities have been carried out. So, telecom operators needs have been analysed and translated in coded system requirements. The analysis have addressed the requirements needed for a TRL7 platform, the target of RESISTO project, as well as the requirements that a TRL8-9 should cover to be employed in a production environment. Then, system architecture has been addressed in different steps, identifying sub-systems, components, main functional chains, internal and external interfaces. The main architecture sub-systems, Long Term Control Loop in charge of off-line Risk and Resilience assessment and management and the Short Term Control Loop in charge of the run-time activities to detect, react and mitigate threatening events, have been designed. An higher control loop addressing a continuous monitoring and improving of CI resilience has been identified, it represents a innovation step that will be more deeply analysed and defined in the following project activities.
In parallel with requirements and system design a big job have been started with telecom operators to define and refine validation Use Cases and relevant testbeds to be interfaced during the validation phase. Then, a task about KPIs has been carried out to address a qualitative and quantitative RESISTO evaluation during the validation phase. Starting from a state-of-the-art analysis, a KPI definition methodology has been selected and setup. Then a superset of KPIs have been categorized to cover different aspects of RESISTO platform: detection capabilities, reaction capabilities and so on. Each KPI has been defined and evaluated with respect to the validation phase. An already foreseen second steps of this activity will be performed in the following year.
The above activities have been accomplished through the following milestones:
MS1, Project Launch
MS2, End user needs definition
The progress Beyond State of The Art can be summarized with the following main points:
• Innovative tools, concepts, and technologies to face, in a unified approach, physical, cyber as well as combined physical/cyber threats to Communication CIs.
• Security risk and resilience management plans integrating systemic and both physical and cyber aspects.
• A complete and integrated framework to cover off-line Identification and Prevention activities as well as Detection, Reaction and Mitigation on-line activities.
• RESISTO framework approach will be applicable to different kind of CIs and, most important, will be applicable to address physical/cyber threat protection of interconnected CIs as those providing public services: transport, health, public safety and so on.
• A modular framework based on versatile technologies easily adaptable to face physical and cyber threats in continuous evolution.
• Innovative physical and cyber threatening events detectors.
More info: http://www.resistoproject.eu/.