CIPSEC - Enhancing Critical Infrastructure Protection with innovative SECurity framework

01/05/2016 to 30/04/2019


The integration of ICT technologies with critical infrastructure services, despite improving the performance and daily operation of those services, has been accomplished without considering security as core requirement, leaving behind shortcomings and weaknesses which have entailed a serious security problems.

CIPSEC develops an integrated framework composed by a heterogeneous set of products and services, providing high levels of protection for the whole critical infrastructure, considering both its IT (information technology) and OT (operational technology) networks.
The outcomes are meant to be exploited in a wide range of verticals. CIPSEC brings use cases in railway, health and environment protection contexts.

Who is the project designed for?

The project intends to provide a cost-effective multi-domain security solution, offering high levels of protection in IT and OT for critical infrastructures. Therefore the market target is very wide and includes verticals such as chemical industry, ICT, energy, financial services, food industry, health, transportation, water systems and facilities, nuclear, emergency services or manufacturing to name but a few.

The stakeholders group includes operators of critical infrastructures (whether public or private), large organizations, academia, SMEs (especially those being ICT-intensive), standardization groups, policy makers, public-private partnerships (PPPs), public authorities and people working on related European Projects, among others. CIPSEC orchestrates a security solution for the critical infrastructure protection lifecycle: before, during and after the incident. CIPSEC is an answer to the question on how to benefit from higher efficiency and better quality of service brought by ICT advances in the field of critical infrastructures without compromising security.

CIPSEC helps support European countries security and boost European competitiveness in critical infrastructure protection.

How will your project benefit the end-user?

CIPSEC contributes to the reduction of the capital investment in controlling and solving security threats for critical infrastructures. CIPSEC aims at increasing the confidence on the role of ICT in the daily operation of critical infrastructures, with positive impact in efficiency, quality of service and business profits.
CIPSEC also makes an impact by reducing the economic exposure linked to the consequence of cyber incidents and the likelihood of environmental disasters.

CIPSEC also has an educational side, creating awareness on the importance to secure all assets involved in critical infrastructure daily operation. Europe needs to become more aware of the dangers existing in the digital world, and as in real life all the segments of the population need to get ready and know the basic rules of thumb to avoid to be victims of cyber attacks and the cyber criminals behind them.
In such sense, CIPSEC offers a training service with a nice plethora of courses addressed to a wide audience, including not only end-users but also people without a technical background, but unavoidably in daily touch with ICT technologies.

Please briefly describe the results your project achieved so far
We have completed the design of the whole framework orchestrating the products and services brought to the project. We have designed all the internal interfaces, the data flow, the communication among the different functional modules and the dashboard being presented to the end-users. An intermediate integrated version has been produced and an early deployment has been carried out in the three pilots of the project.
We have a clear innovation roadmap associated to the whole platform and each of its components.We also have results in the shape of market analysis and key competitors survey. We have established links with some standardization working groups to monitor their activity and take into account their results to steer the internal activities in alignment with industry standards.

  What are the next steps for your project?

  • Delivery of the final platform version
  • Complete piloting of the solution, validation and assessment
  • Complete individual and joint exploitation plans, with business models


Europol - Internet Organised Crime Threat Assessment 2018

Europol has just released its fifth annual Internet Organised Crime Threat Assessment (IOCTA).

The report offers a unique law enforcement view of the emerging threats and key developments in the field of cybercrime over the last year and warns of 15 ways in which people can fall prey to cyber criminals.


29/09/2018 to 05/10/2018
Cryptology And Network Security - 30th September/ 3rd October 2018 - Naples (Italy)

The International Conference on Cryptology And Network Security (CANS) is a recognized annual conference, focusing on all aspects of cryptology, and of data, network, and computer security. CANS 2018 will be held in Naples from the next 30th September until the 3rd October.

06/10/2018 to 11/10/2018
Security of Personal Data Processing Event - 8th October - Athens (Greece)

ENISA and co-organize in October 8, 2018 a workshop on security measures (article 32 GDPR) in Athens.