Critical infrastructure is an asset or system which is essential for providing vital economic and social functions: health, food, security, transport, energy, information systems, financial services, etc. The damage to critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact on the security of the EU and the well-being of its citizens.
The concern for cybersecurity lies in giving continuity to the activity and services provided to citizens. Minimal service disruption can have a high impact on an organization and consequently large numbers of people. In turn, the target of cyberattacks has changed. The economic benefit sought by cybercriminals goes to the background, their intentions go far beyond obtaining money through illicit activity, their ambition is increasing.
The current cybercriminal looks for vulnerabilities in critical infrastructure systems in order to obtain relevant information, take control of an activity or an entire organization and what could be worse, paralyze or end the activity. Therefore, security and protection measures become essential in an increasingly complex, interconnected and constantly evolving environment.
The projects in this cluster seek to provide solutions to cybersecurity challenges in critical infrastructures, also complying with the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union. This initiative is synergistic with ECSCI (European Cluster for Securing Critical Infrastructures)[MR1] , which fosters emerging disruptive solutions for security problems through collaboration and innovation between projects that seek to protect critical infrastructure and services, highlighting the different approaches between grouped projects and establishing close and productive connections with closely related and complementary H2020 projects.
Some of the main goals of the projects included in the cluster are the following:
The challenges of this macro sector include the challenges of all the sectors it encompasses, such as those that occur in the health, energy or finance cluster:
CyberSANE aims to contribute towards the emerging need to improve the level of prevention, preparedness, reaction and resilience to cyber incidents and threats of the CIIs.
This approach is validated with three use cases: Solar Energy Production, Storage & Distribution Service, Solar Energy Production, Storage & Distribution Service and Real-time patient monitoring and treatment service.
CYBERWISER.eu is an educational, collaborative, real-time civil cyber range platform where cybersecurity competitions will take place, making it the EU’s reference, authoritative, independent cybersecurity platform for professional training. Users can play the role of attackers and/or defenders in different scalable and configurable scenarios, composed of a set of virtual resources representing a company ICT infrastructure. They are currently offering 4 courses with different levels of learning from basic to advance and they are validating the project with 3 full-scale pilots: Energy Generation And Distribution, Railroad Transport and Professional And Academic Training.
They also offer a cybersecurity assessment service for SMEs and the Cybersecurity Professional Register, where professionals of any age can promote their specific skill sets and experiences in cybersecurity courses taken and qualifications.
EnergyShield project will:
It develops, demonstrates and brings to market an integrated, intelligent, collaborative and predictive approach to the security of critical infrastructures in the financial sector. To this end, FINSEC will introduce, implement and validate a novel reference architecture for the integrated physical and cybersecurity of critical infrastructures, which will enable handling of dynamic, advanced and asymmetric attacks, while at the same time boosting financial organizations’ compliance to security standards and regulations.
Addressing the current fragmentation of available security solutions and technology, InfraStress provides an integrated framework including cyber and physical threat detection, integrated C/P Situational Awareness, Threat Intelligence, and an innovative methodology for resilience assessment – all tailored to each site. Their solutions include:
The InfraStress solutions will be tested and demonstrated in 5 pilot sites, with a participative approach involving the owners, operators and stakeholders.
The PANACEA project has developed, with three European Healthcare Centres, a people-centric toolkit of nine tools, to assess and improve the cybersecurity readiness of healthcare socio-technical systems (ICT, networked medical devices, staff) and medical device/system lifecycles. It includes software-based innovative tools:
It also includes non-technical tools, influencing staff behaviour and supporting the management through:
Potential integrated use of the nine tools’ is a further innovative feature, supporting full plan-do-check-act and multi-disciplinary approaches to cybersecurity preparedness.
ReAct aims to improve the resilience of computing systems and critical infrastructures via a two-pronged approach:
RESISTO platform is an innovative solution for Communication CIs holistic situation awareness and enhanced resilience (aligned with ECSO objectives). Based on an Integrated Risk and Resilience analysis management and improvement process availing all resilience cycle phases (prepare, prevent, detect, absorb, etc.) and technical resilience capabilities (sense, model, infer, act, adopt). RESISTO implements an innovative Decision Support System to protect communication infrastructures from combined cyber-physical threats exploiting the Software-Defined Security model on a suite of state of the art cyber/physical security components (Blockchain, Machine Learning, IoT security, Airborne threat detection, holistic audio-video analytics) and services (Responsible Disclosure Framework) for detection and reaction in presence of attacks or natural disasters. Through RESISTO, Communications Operators will be able to implement a set of mitigation actions and countermeasures that significantly reduce the impact of negative events in terms of performance losses, social consequences, and cascading effects in particular by bouncing efficiently back to original and forward to operational states of operation.
SDN-microSENSE project will contribute towards
It has developed an all-hazards risk management framework (based on the EU ISO Risk Management Framework (ISO 31000:2009), for the physical and cyber protection of water critical infrastructures. Prevention, detection, response and mitigation of relevant risks are taken into account to generate modular solutions (technologies, tools and guidelines) embedded into an integrated, scalable, adaptable and modular software platform. The STOP-IT platform is structured in nine modules clustering technological solutions and analysis tools that can be further distinguished in strategic/tactical tools and operational tools:
Furthermore, the STOP-IT project enhances the practical knowledge on cyber-physical protection of water critical infrastructure through advanced, interactive and modular training activities.
Wojciech Wideł, Preetam Mukherjee, and Mathias Ekstedt from our partner KTH published in IEEE Access about their work in the SOCCRATES project.
In order to ensure that the SOCCRATES platform is fit for purpose, the project will carry out three pilots to validate the platform in realistic environments. This webinar will show results and experiences from the second pilot, in which the complete SOCCRATES platform was validated in realistic (on-site) environments at Vattenfall, mnemonic and Shadowserver.
Martin Eian, Researcher, Mnemonic
Piotr Kijewski, CEO Shadowserver
Maciej Kosz, IT Security Officer, Vattenfall
SOCCRATES provides a deep dive session on the SOCCRATES platform at the ONE Conference 2022.
Within the H2020 EU project SOCCRATES a security decision support platform has been developed for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs). This, so called ‘SOCCRATES Platform’ is targeted at organisation’s inhouse SOC and at Managed Security Service Providers (MSSP) that provide SOC services.