CIPSEC 2nd newsletter

The first year of the CIPSEC project is over and major work milestones have been successfully achieved. A brief report of the main achievements is included next, split into two domains, technical and dissemination. From a technical perspective the main activities have gathered main project efforts: Workpackages, milestones and CIPSEC architecture During these months, we continued working in the design of the CIPSEC architecture in WP2 (Development of the CIPSEC security framework for Critical Infrastructure environments), started the activities in Task T2.1 and kept working in tasks T2.2 and T2.3 as well in task T2.4. Fruit of this work of design, we concurred on a proposal for the CIPSEC architecture, agreed on the second assembly meeting in Luzern (Switzerland). This architecture corresponds to the milestone MS5, Architecture system design. WP2 is continuing the work and in October 2017 we are expected to achieve a second milestone, MS6 (First release: preliminary version of the CIPSEC security platform different) to be reported in deliverables D2.2, D2.3 and D2.4.

On the other hand, we have also started the integration of components in WP3 (Integration of CIPSEC solution to transportation, health and environment pilots) in February 2017 with tasks T3.1, T3.2 and T3.3; as well as in task T3.4, started in June 2017. All this started work will produce the first WP3 milestones in October

Cri cal Infrastructure Components

(sensors, computers, network, servers, routers, …)

Vulnerability

Assessment Crypto

services

Iden ty Access

Management Integrity

Management

Data anonymiza on

and Privacy

Con ngency plan

Dashboard

Forensics service

Acquisi on

Layer

Detec on

Layer

Data

Processing

Layer

Presenta on

Layer

User/System

manager Layer

Upda

ng/P

atch

ing

User training

Compliance

Management

CIPSEC Core Framework

System

manager

Historic

anomalies DB

Cri cal Infrastructure Pla orm

Future security

services plugged Ac vity on auth

and authz

Vulnerability

reports Integrity

failures

Store anonymized data

- Integrity checks (i.e.., fir

m

wa r e checksum)

- Latency checks (i.e., ping)

- Data integrity check (encryp on strenght)

- Vulnerability

scans

- Authen ca ons report (access failures)

- Unauthorized accesses

- Phishing/scam

detec on

Reac on mi ga on

ac ons

Reconfigura ons/adjustments plan

poten al anomalies inferred, risk

assessment

Anomaly detec on reasoner

Config

u

ra on of detec on reasoner

Endpoint Detec on

and Response

Security logs

- Connect to legacy security

services already available at

CIs (IDS, IPS, fir

e

wa l ls, etc.)

- Sani za on

OT sensor

data

External security

services

- DDoS detec on

- Malware scans

- Honeypot detected events

- Network logs from agents

- NIDS/HIDS info

- Latency checks

Network logs

and anomaly

reports

Incidents, events, alarms

Forensics Analysis Visualiza on Tool

Network Security (DPI firewalls, routers with ACL, network segmenta on, DMZ, NAC, etc)

security

data

Sensi ve

data

Anonymized

Sensi ve data

events/alerts (threats, etc)

Recommenda ons

2017: MS10 (Preliminary report for pilots integration) and MS11 (Preliminary report on CI intra/inter-dependencies). Deliverables In this period, different deliverables have been delivered: D2.1 CIPSEC System design in month M10 (January 2017) D5.2 CIPSEC annual report on exploitation, dissemination and standardization (Year 1) (April 2017) Adaptation of security components to Critical Infrastructure environments

We gained insight into the parameters driving the need for security and privacy solutions in critical infrastructure environments. The activity started defining what must be protected, putting together the list of the fundamental protection utilities that must be in place. Furthermore, the State-of-the-Art for the security components, was surveyed and consolidated into a solid foundation to be used to specify a set of guidelines for CIPSEC and its respective pilots. This work was divided into four distinct tasks all aiming at both analysing the set of requirements and identifying how the different security components provided by the consortium can be integrated all together into the CIPSEC framework:

• In depth security analysis for CIPSEC pilot’s CIs.

• Evaluation of CIPSEC market products in relation to CIs and pilots needs.

• Requirements set by the need to integrate heterogeneous CIPSEC market products (from different companies) into unified solutions.

• Interdependences of CIs. Functional prerequisites for collaboration between different CIs or CI domains.

Through these tasks a number of reports were produced and are made available at the CIPSEC web site (http://cipsec.eu/content/publications)

• Critical Infrastructure base security characteristics and market analysis

• Report on Functionality Building Blocks

• Report on taxonomy of the Critical Infrastructure environments Development of the CIPSEC security framework for Critical Infrastructure environments The design of the whole CIPSEC platform, from both technically and business wise, is yet work in progress that will be presented to the public in the near future along with a prototype deployment, including the integration of the different tools building the CIPSEC solution. From the dissemination perspective, main events handled during the first project year are the following.

Liaisons and collaborations CIPSEC consortium has agreed a collaboration strategy with related projects. CIPSEC consortium has agreed a collaboration strategy with related projects such as: RESISTAND, S2R, mF2C, ECOSSIAN, WISER and KONFIDO. For each of the projects a contact person in CIPSEC (or more than one) has been assigned. In this first year, the focus of the collaboration with these projects has been to find the specific synergies between CIPSEC and the related projects. Project meetings

• CIPSEC Second General Assembly Meeting The meeting was held successfully in February 6-7, 2017 in Luzern, Switzerland and was organized by Empelor.

• CIPSEC Third General Assembly Meeting The meeting was held successfully in June 12-13, 2017 in Vilanova i la Geltrú, Spain and was organized by UPC. Apart of the regular project meeting there were some sessions devoted to present the evolution of the project to the advisory board. The advisory board was composed by: Javier Larrañeta (PESI, Tecnalia), Jorge Cuéllar (Siemens Germany) and Frank Fransen (TNO). Events

• ESORICS 2016 CIPSEC has participated in the ESORICS 2016 Conference, Heraklion, Crete, Greece on September 2016. The CIPSEC project was represented at ESORICS by FORTH. Sotiris Ioannidis, the Technical Manager of CIPSEC organized ESORICS as General Chair. The topics of the keynote presentations were selected as to have topics related to the problems addressed by the CIPSEC Consortium. Furthermore, during the event there was active promotion of CIPSEC via posters, social media, and other material.

• Smart City Expo 2016 The Smart City Expo World Congress held in Barcelona from 15 to 17 November 2016, is a global reference within the smart city sector where many influencers come together: political representatives, agencies, academic leaders and

research centres along with tech companies. Apart from the commercial novelties, Worldsensing ´s innovation team presented updates on the CIPSEC project aiming to create and offer the most advanced solution to protect critical infrastructures from cyber attacks.

• PatrasIQ On the 7th-8th and 9th of April 2017, the biggest technology and innovation exhibition in Western Greece “Patras Innovation Quest – PatrasIQ” was held in Patras. The University of Patras participated in the exhibition with an expo booth where many of the University’s technological and innovation solutions were demonstrated. Among them, UoP presented/demonstrated the CIPSEC EU project and its association with innovation to Critical Infrastructure Security and IoT Security. In the UoP booth, the CIPSEC project flyers were distributed and the CIPSEC poster was displayed. Visitors of PatrasIQ expressed vivid interest for the CIPSEC solution and Critical Infrastructure Security in general.

• SRSS 2017 The “Scientific Railway Signaling Symposium (SRSS)” will be co-hosted by TU Darmstadt with DB Netz AG over April 19, 2017. The symposium will discuss research approaches to control and safety/security engineering, and specifically for the new generation of interlocking technology under the theme "The Management of the Railways of the Future"

• JNIC 2017 For third consecutive year, Nation

al Cybersecurity Research Days

organized by URJC and INCIBE has been a meeting point for researchers and professionals of cybersecurity at the national level. It has been a privileged forum in which to expose, know and reward the latest advances in R & D, establish new collaborations and make contacts. In short, the Conference allows the different agents of the ecosystem to participate in terms of their experiences and knowledge in order to promote research, teaching innovation and technology transfer in the area of cybersecurity at the national level. Diverse papers were presented within the broad spectrum of cybersecurity research, with dedicated sections to Critical Infrastructures protection, Industrial Control Systems, and IoT. Joaquin Rodriguez from Atos was presenting, on June 2 2017, his accepted work named "Improving SIEM capabilities within CIPSEC Project", giving an overview about CIPSEC Project and what are going to be the most relevants innovation features in the Atos XL-SIEM to cover general Critical Infrastructures' security requirements.

• 1st CIPSEC workshop Named as “Security vs Quality: A Dilemma for Critical Infrastructures”, (http://www.cipsec.eu/content/agenda-first-cipsec-workshop) was collocated with the IEEE/ACM IWQoS 2017 at the UPC premises in Vilanova i la Geltrú, in June 14, 2017. In this workshop, two research papers were presented from UoP and UPC, and there were presentations of related projects: mF2C, WISER, Shift2Rail, SMESEC. Moreover, all industrial partners presented their products and the innovation to be addressed in the CIPSEC project. Finally, there was a discussion panel: Security vs Quality in Critical Infrastructures Management: searching for a trade-off, with Jian-Ping Wang (City University of Hong Kong), Admela Jukan (Technische Universität Braunschweig), Javier Larrañeta (PESI, Tecnalia), Jorge Cuéllar (Siemens Germany), Rodrigo Díaz (ATOS) and Xavi Masip (Universitat Politècnica de Catalunya)

• 1st CIPSEC Critical Infrastructure Protection Tutorial Held in 3rd of July 2017 in Heraklion, Crete in parallel with the 22nd ISCC 2017 conference (http://www.ics.forth.gr/iscc2017/index.html). A number of tutorials were presented and more than 50 experts from around the world participated in the tutorial sessions. Five sessions took place discussing the following topics:

- Securing Critical Infrastructures through hardware means: Strong and weaknesses of Hardware security tokens – by Apostolos Fournaris, UOP

- Honeypots – by Antonios Krithinakis, Christos Papachristos, Manos Athanatos, FORTH

- DDoS attacks on Critical Infrastructures – by Omri Sargon, COMSEC

- Digital Forensics – by Vasilis Prevelakis, AEGIS

- A gentle introduction to advanced anonymization of databases – by Ahmad Mezher, UPC

• 2nd CIPSEC workshop The S-CI Workshop was organized as a full day Workshop for the ARES 2017 conference, held in Regio Calabria on 29th of August 2017. ARES is a European conference primarily focused on Availability, Reliability and Security that has gained over the years a good reputation on European Security and Cryptography research community and has strong ties with European Project related Research since it dedicates each year specific slots for European project dissemination actions (hosting the ARES European Union Project Symposium). The S-CI 2017 workshop technical program included two invited talks by CIPSEC members, Christian Schlehuber from Deutsche Bahn (DB) and Aljosa Pasic from ATOS R&I (ARI), as well as six contributed peer reviewed research papers organized in two technical sessions: https://www.ares-conference.eu/program/detailed-program/. Publications During this period the project has published thirteen conference papers, one whitepaper, five press releases and two journal papers: http://www.cipsec.eu/article/publications

Social media

• Creation of LinkedIn, Twitter, Research and YouTube accounts, with periodical update of CIPSEC activity.

• Creation of a CIPSEC blog with monthly entries (http://www.cipsec.eu/auto/blog)

• Video presentation of the project uploaded in the CIPSEC YouTube channel: https://www.youtube.com/watch?v=eb02CUfK648&feature=youtu.be