Deliverable D3.1 Existing technology and solutions · PDF fileBCP Business Continuity Plan ......
Transcript of Deliverable D3.1 Existing technology and solutions · PDF fileBCP Business Continuity Plan ......
Deliverable D3.1 – Existing technology and solutions portfolio
Work package WP3 Due date 31/01/2014 Submission date 14/02/2014 Revision V2.00 Status of revision Final
Responsible partner: Atos Contributors:
ENG Detica VisionWare SAP Selex STM UPM
Project Number FP7-ICT-2011-8 / 318355 Project Acronym CYSPA Project Title European Cyber Security Protection Alliance Start Date of Project 01/10/2012
Dissemination Level [move to the appropriate line]
PU: Public
PP: Restricted to other programme participants (including the Commission)
RE: Restricted to a group specified by the consortium (including the Commission)
CO: Confidential, only for members of the consortium (including the Commission)
Version history
Rev. Date Author Notes
1.01 1/11/2013 Atos ToC
1.02 14/11/2013 Atos Updated for Partner contributions
1.03 1/12/2013 Atos Updated following partner contributions
1.04 12/12/2013 Atos Re-aligned table of contents
1.05 18/12/2013 Atos Populated for further partner contributions
1.06 2/01/2014 Atos Partner contributions incorporated
1.07 12/01/2014 Atos Update to contents
1.08 18/01/2014 Atos Update to contents, Partner contributions
1.09 30/01/2014 Atos Update to contents, formatting
1.10 10/02/2014 Visionware and Engineering
Internal Review
1.11 12/02/2014 Atos Update following review comments
2.0 14/02/2014 EOS Final review and submission
Glossary
Acronym Description
ADSL Asymmetric Digital Subscriber Line
APT Advanced Persistent Threat
ARO Annual Rate of Occurence
BCP Business Continuity Plan
BIA Business Impact Analysis
CERT Computer Emergency Response Team
CIP Critical Infrastructure Protection
CIS Communications and Information Systems
CIWIN Critical Infrastructure Warning Information Network
CYSPA European Cyber Security Protection Alliance
DBMS Database Management System
DG Directorate-general of the European Commission
DNS Domain Name Server
DRP Disaster Recovery Plan
EC European Commission
ENISA European Network and Information Security Agency
EOS European Organisation for Security
EU European Union
IP Internet Protocol
ISDN Integrated Services Digital Network
ISP Internet Service Provider
ITIL Information Technology Infrastructure Library
LDAP Lightweight Directory Access Protocol
NATO North Atlantic Treaty Organization
PKI Public Key Infrastructure
PSTN Public Switched Telephone Network
RPO Recovery Point Objective
RTO Recovery Time Objective
WP Work Package
Table of contents
Table of Contents 1. Introduction ...................................................................................................................................... 7 2. Methodology ..................................................................................................................................... 8 3. Cyber Security Solutions– A Market Overview ................................................................................. 8
3.1. Driving trends in the Cyber Security Solutions Market.............................................................. 9 3.1.1. Cloud Computing ................................................................................................................ 9 3.1.2. Mobility .............................................................................................................................10 3.1.3. Secure design / application security .................................................................................10 3.1.4. Data Loss Prevention, Digital Rights management, Archiving and Filtering ....................10
3.2. Security solution provider landscape ......................................................................................11 4. Cataloguing Existing Technology and Market Solutions .................................................................12
4.1. Approach ..................................................................................................................................12 4.2. Access Control Solutions ..........................................................................................................14
4.2.1. Main solutions, with brief description..............................................................................14 4.3. Compliance Monitoring and Enforcement Solutions ..............................................................17
4.3.1. Main solutions, with brief description..............................................................................17 4.4. Configuration Management and Assurance Solutions ............................................................18
4.4.1. Main solutions, with brief description..............................................................................19 4.5. Cryptography Technologies .....................................................................................................19
4.5.1. Main solutions, with brief description..............................................................................20 4.6. Data Loss Prevention Solutions ...............................................................................................20
4.6.1. Main solutions, with brief description..............................................................................21 4.7. Identity Management Solutions ..............................................................................................22
4.7.1. Main solutions, with brief description..............................................................................22 4.8. Information Rights Management Solutions .............................................................................23
4.8.1. Main solutions, with brief description..............................................................................24 4.9. Mobile Security Technologies ..................................................................................................24
4.9.1. Main solutions, with brief description..............................................................................25 4.10. Network Security Solutions ..................................................................................................27
4.10.1. Main solutions, with brief description ..........................................................................28 4.11. Security Assessment Solutions .............................................................................................29
4.11.1. Main solutions, with brief description ..........................................................................29 4.12. System Integrity Solutions....................................................................................................30
4.12.1. Main solutions, with brief description ..........................................................................30 4.13. Anti-malware Solutions (anti-spam, anti-virus, anti-phishing, secure browsing) ................31
4.13.1. Main solutions, with brief description ..........................................................................31 4.14. Audit and Monitoring Solutions ...........................................................................................33
4.14.1. Main solutions, with brief description ..........................................................................33 4.15. IP Traffic Surveillance & Monitoring Solutions ....................................................................35
4.15.1. Main solutions, with brief description ..........................................................................35 4.16. Personal and Equipment Tracking Solutions ........................................................................36
4.16.1. Main solutions, with brief description ..........................................................................36 4.17. Security Incident Management Solutions ............................................................................37
4.17.1. Main solutions, with brief description ..........................................................................37 4.18. SIEM Products ......................................................................................................................37
4.18.1. Main solutions, with brief description ..........................................................................38 4.19. Denial of Service Protection Solutions .................................................................................39
4.19.1. Main solutions, with brief description ..........................................................................39 4.20. Forensic Investigation Solutions ..........................................................................................40
4.20.1. Main solutions, with brief description ..........................................................................41 5. Available Research Results ..............................................................................................................41
5.1. Existing Research Results .........................................................................................................41 5.1.1. AVANTSSAR .......................................................................................................................42 5.1.2. CONSEQUENCE .................................................................................................................42 5.1.3. MASTER ............................................................................................................................44 5.1.4. MICIE .................................................................................................................................45 5.1.5. PICOS ................................................................................................................................46 5.1.6. UAN ...................................................................................................................................47 5.1.7. VIKING ...............................................................................................................................47 5.1.8. ANIKETOS ..........................................................................................................................49 5.1.9. ASSERT4SOA .....................................................................................................................50 5.1.10. MASSIF ..........................................................................................................................51 5.1.11. POSECCO .......................................................................................................................51 5.1.12. TAMPRES .......................................................................................................................53 5.1.13. UTRUSTIT.......................................................................................................................54
5.2. Individual Research Organisations ...........................................................................................54 6. Cyber Security Related Training and Education. .............................................................................57
6.1. Cybersecurity strategies ..........................................................................................................58 6.2. Education & Training Programmes ..........................................................................................59
6.2.1. (UK) CESG – Awareness & Training ...................................................................................59 6.2.2. (UK) Cyber Security Challenge ..........................................................................................59 6.2.3. (US) SANS – Cyber Defense Foundations .........................................................................59 6.2.4. (US) INL - National SCADA Test Bed Program ...................................................................60 6.2.5. (US) NICCS – National Initiative for Cybersecurity Careers and Studies ..........................60 6.2.6. (US) NICE – National Initiative for Cybersecurity Education ............................................60
6.3. Exercises ...................................................................................................................................60 6.3.1. (EU) Cyber Europe ............................................................................................................61 6.3.2. (EU-US) Cyber Atlantic ......................................................................................................62 6.3.3. (US) Cybersecurity Training & Exercises ...........................................................................62 Cyber Storm: Securing Cyber Space ................................................................................................63
6.4. Security-related Certifications .................................................................................................63 6.4.1. CSIH – Computer Security Incident Handler .....................................................................64 6.4.2. CESG - Communications-Electronics Security Group (UK) ................................................64 6.4.3. CCP - CESG Certified Professional .....................................................................................64 6.4.4. CompTIA – Computing Technology Industry Association .................................................65 6.4.5. A+ ......................................................................................................................................65 6.4.6. Security+ ...........................................................................................................................65 6.4.7. CASP - CompTIA Advanced Security Practitioner .............................................................66 6.4.8. EC-Council – International Council of Electronic Commerce Consultants .......................66 6.4.9. CEH – Certified Ethical Hacker ..........................................................................................66 6.4.10. CHFI - Computer Hacking Forensic Investigator ...........................................................66 6.4.11. ECIH - EC-Council Certified Incident Handler ................................................................66 6.4.12. ENSA – Network Security Administrator .......................................................................67 6.4.13. ECSP – EC-Council Certified Secure Programmer .........................................................67 6.4.14. ECSA – EC-Council Certified Security Analyst ................................................................67 6.4.15. DoD Directive 8570.01 Information Assurance Training, Certification and Workforce Management (US) ...........................................................................................................................67 6.4.16. GIAC – Global Information Assurance Certification ......................................................68 6.4.17. GCIA – GIAC Certified Intrusion Analyst ........................................................................68 6.4.18. GCIH – GIAC Certified Incident Handler ........................................................................69 6.4.19. GSEC – GIAC Security Essentials Certification ...............................................................69 6.4.20. GSLC – GIAC Security Leadership Certificate ................................................................69
6.4.21. GSNA – GIAC Systems and Network Auditor ................................................................69 6.4.22. CISA - Certified Information Systems Auditor ...............................................................69 6.4.23. CISM . Certified Information Security Manager ............................................................69 6.4.24. CGEIT - Certified in the Governance of Enterprise IT. ...................................................70 6.4.25. CISRC - Certified in Risk and Information Systems Control ...........................................70 6.4.26. (ISC)2 - International Information Systems Security Certification Consortium ............70 6.4.27. CISSP - Certified Information Systems Security Professional ........................................70 6.4.28. CAP – Certification Authorisation Professional.............................................................70 6.4.29. ISSAP – Information Systems Security Architecture Professional ................................70 6.4.30. ISSEP – Information Systems Security Engineering Professional ..................................71 6.4.31. ISSMP – Information Systems Security Management Professional ..............................71 6.4.32. SSCP – System Security Certified Practitioner ..............................................................71 6.4.33. OSCP - OSCE ..................................................................................................................72
7. Conclusions and Next Steps ............................................................................................................72 8. References.......................................................................................................................................73 9. Annex I: list of European projects considered for analysis .............................................................74 10. Annex II mapping of European projects to cyber Security topics ...............................................98
1. Introduction
CYSPA deliverable 3.1– Existing technology and Solutions portfolio is the first of six deliverables due
as part of work package 3 activity. The purpose of this document is to present a portfolio of existing
technology and solutions which address various areas of cyber security and trust. The document will
act as a basis of input for two main activities:
CYSPA Gap Analysis (Deliverable D3.5)
This aims to identify the gaps in technology and solutions which contribute to decreasing
cyber disruption and building trust and will act as feedback for alliance strategy when
defining specific strategic actions.
CYSPA Technology and solutions observatory (Deliverable D3.6)
The aim of this is to create a platform which allows access to a comprehensive catalogue of
knowledge about security technology and solutions in line with our CYSPA benefits. Namely
to “Provide mechanisms for different types of market stakeholders to engage, collaborate
and share information”
The figure below depicts the relationship of this deliverable in perspective with other work package
deliverables.
Figure 1- Relationship of WP3 deliverables
This document does not evaluate solutions in terms of how they operationally address a particular
area of security or whether there are gaps in what the solutions do address. This activity will be
carried out in CYSPA D3.5 Gap Analysis and will be informed by the work undertaken for CYSPA
D2.4.2 “Consolidated CYSPA impact report on cyber disruptions”
Much of the focus of this document is on available market solutions. During our stakeholder
engagement activity, CYSPA target audiences (namely Users of security solutions and Providers)
communicated directly to us that they saw great value in being able to access a catalogue of
independently collated cyber security solutions detailing what areas of cyber security was addressed
by each and the current state of the security solutions landscape. Hence we have maintained this as
the focus of the document.
The document is structured as follows:
Section 2: Methodology: Details our approach to the document
Section 3: Cyber security solutions – A market overview:
o details the current landscape of cyber security solutions in the market and factors
driving change. This section has been included following feedback from stakeholders
who stated inclusion of such information would be valuable to them
Section 4: Cataloguing of existing technology and market solutions
Section 5: Available Research Results
Section 6: Education and Training
Section 7: Conclusions and next steps
2. Methodology
The document has been constructed drawing on several sources of information and bodies of
knowledge. Firstly we leveraged an understanding of the security market from within the CYSPA
consortium to assimilate a portfolio of available solutions and their areas of applicability. Secondly,
to ensure a broader perspective on available solutions, existing market studies were referred to from
research institutes such as Gartner, to supplement our knowledge and decision making process as to
which market solution providers to include in this deliverable. Lastly, to facilitate the study of existing
research in Europe, we teamed up with another EU initiative (Seccord Project www.seccord.eu)
recognising the shared interests both projects had in analysing the EU research landscape.
3. Cyber Security Solutions– A Market Overview
In this section we explore some high level perceptions across industry regarding technology trends
which in turn influence the security market and available solutions. We believe these trends are not
necessarily sector specific, but are horizontal across many sectors influencing the landscape. When
we refer to “industry”, we are referring to organisations which under the CYSPA terminology are
classified as “Users”.
3.1. Driving trends in the Cyber Security Solutions Market
During the CYSPA work package 2 study which aims to analyse the impact of cyber disruptions across
five domains (finance, transport, energy, telecommunications and e-Government) we learnt that one
of the main priorities in terms of IT security can be coined as "digital trust", a holistic and converged
approach towards security. Traditionally, IT security has been based on strong perimeter defences
(firewalls, intrusion detection and prevention etc), meaning a hard “fringe” and a soft “core”.
However, in a distributed and always connected world, the paradigm has changed. The core (or the
information/data of an organisation itself) must be hardened and protected. Additionally,
increasingly reactivity-based businesses will need a softer or more open perimeter to allow for
commercial agility. To reach this type of system, security must focus more on the data and the
business side than on IT infrastructures. These complex IT systems and business models also require
comprehensive security governance which is tightly coupled with the business issues. The security
market is still far from this goal: security remains a diverse and fragmented market with structured
submarkets, such as archiving or threat management, and strong national differences and players.
Certain key technological trends, which are common across multiple sector, impact the way
businesses aim to protect themselves. These trends include:
– Cloud based systems and protection services,
– Further growth in the mobile, BYOD, and application security areas,
– The introduction of analytically based advanced threat protection (Focused on Data
analysis and loss prevention)
Now we explore a high level description of each of these trends and how they impact the cyber
security landscape
3.1.1. Cloud Computing
Cloud computing causes a major shift in the IT, which impacts security at three levels:
– It opens the IT systems at a global scale, thus reinforcing the need for security.
– It is the biggest factor for “consumerization”, with approaches such as Dropbox or Facebook
that offer huge security breaches in an IT system.
– On the other hand, the cloud can also give the capacity to create “mainframe” types of
systems, on open architectures, which are very centralized and then very secure.
As a delivery mode, cloud architecture is very interesting for security management. Systems like anti-
virus already rely on architectures that are very close to cloud computing. Cloud computing is and
will stay one of the most important fields in security. Its advent has forced some IT providers to
quickly move to the security markets (Logica, Accenture, HP for example) or to rejuvenate their
security offers (CSC, IBM, Bull for example). Security software companies are increasingly present in
this market.
Cloud computing is also a strong catalyst for a holistic security approach and governance. Security
cannot be only assured at perimeter level (as the cloud is very pervasive in the IT system) but also
needs to be addressed at content level, with strong ID management capacities.
3.1.2. Mobility
Mobility is the other big concern of IT managers, one that is closely linked to cloud computing, but
also to device proliferation inside organisation, with approaches such as Bring Your Own Device
(BYOD). As with cloud computing, mobility requires security to be handled globally, with strong ID
and data management solutions. Mobile devices often have less efficient device protection than
personal computers, and often store unprotected important data. This means, mobile device
management is increasingly important, linking to an even higher degree security and system
management. The degree of complexity involved in the management of mobile devices in addition to
their integration with an organisations IT system, can leave security gaps. This calls for unified
security management solutions.
Providers of security solutions for mobile devices range from specialists like Mimecast to software
giants like IBM and SAP (Sybase) and even free software such as Avast.
3.1.3. Secure design / application security
We have observed during our market study that organisations are moving away from the mindset
security is just infrastructure-oriented. The components of the system must be secure. Applications,
except for critical and embedded systems, are rarely designed to be secure. Now, with very
distributed applications that interconnect multiple IT systems, security cannot be only on the
perimeter, it has to be “built into” the applications, to reduce the threats. In our increasingly
important IT systems, best practices of secure development are developing fast to add more safety
to the IT systems. This is not a traditional IT security market, but one that is more closely linked to
software modeling, development and testing. Major companies in these segments are looking into
secure development to boost their revenues with security: HP, IBM and Microsoft.
3.1.4. Data Loss Prevention, Digital Rights management, Archiving and Filtering
IT is about its data, more and more about any kind of data, and if an organisations data is secure,
system will be secured at the lowest possible granularity. As such, data is the core component of
holistic security and hence of digital trust.
But data security is still a manifold segment with:
– Data filtering,
– Archiving, a dynamic offer especially around legal archiving,
– Digital rights management (DRM)
– Data loss prevention (DLP) mostly used against internal security breaches.
While filtering and DLP are market extensions for the security specialist, DRM and archiving are
specific markets. DRM is closely linked to the media industry, its players and its international and
national regulations. Companies active in this market include players such as Nagravision, Viacess,
Adobe, Microsoft, Real Networks and Apple. This market remains close to hardware, and close to the
archiving market. Archiving in turn is also close to hardware and is one of the fast moving segments
of the security market, boosted by exponential data creation and increasing regulations.
Some providers of security solutions in these domains are traditional security companies, such as
Symantec, while others are local players.
3.2. Security solution provider landscape
In this section, we look at a high level landscape of solution providers currently accessible within
Europe with some global references.
More cyber security solution providers are established than those who dissolve or are acquired. For
some years there has been a wave of acquisitions of security specialists by generalists like McAfee by
Intel, and it may continue. Global IT giants such as IBM or HP have reinitiated their security strategy.
Hardware and software giants such as Microsoft, SAP, Oracle or Dell are also entering this market by
integrating security features in their machines and by acquiring software solutions. In very
specialized and critical markets, such as biometrics or encryption, defense and homeland security
contractors like Thales, EADS or Northrop Grumman, are very active. The players in this market could
also sell pure software solutions or virtual appliances.
Security software solution providers are well segmented in software infrastructure giants such as
IBM, HP, CA or Oracle, and security specialists such as Symantec or McAfee. Those segments are
often mixed with the most basic, commoditized appliance vendors. This solution is also shaken by big
competition moves:
- Acquisitions, such as McAfee by Intel, Watchfire by IBM or SonicWall by Dell.
- The strengthening of the business models of formerly new entrants, often of Eastern
European origin such as Kasperski, Eset and Bit Defender. They often have profited
from the capacities of the open source software to quickly enter the market.
- Appliances vendors that move up the ladder: Fortinet, Cyberroam, Checkpoint etc.
- The growing pressure of software giants such as IBM, Microsoft or Oracle that have
acknowledged the importance of security.
- Network specialists: F5 Networks, Juniper Networks, Cisco, etc.
Another way to segment the cyber security solution providers is from the large software companies’
initial positioning that often shape the market segment from their market of origin:
- Security specialists often come from threat management: Symantec, Netasq, McAfee
- System management with IBM, CA or HP that focus on Security console
- Storage specialists that focus on archiving like EMC, IBM or Symantec
Software infrastructure solutions are largely dominated by US providers although there are also a
good number of local champions, some of them being internationally active. Examples include the
following:
- Checkpoint, Thrustware and Oppsec in Israel.
- Trend Micro in Japan.
- Kasperski in Russia.
- Sophos and Clearswift in the UK.
- F-Secure in Finland.
- Wallix, Arkoon and Bull in France.
- BitDefender in Romania.
- Torrid Networks in India.
4. Cataloguing Existing Technology and Market Solutions
4.1. Approach
Security technology aims to implement the controls required for each organisation, according to
their specific risk profile. To catalogue the existing security solutions we derive from a commonly
used baseline of security controls that can be then mapped to each technology, according to their
function and objectives.
Security best practice dictates that security controls should be derived from risk analysis processes,
to ensure an optimal alignment between the usage of resources to secure the information systems of
an organisation and its business objectives and risk profile. However, there is a commonly used set of
controls that, according to industry best practice, are assumed to be of recommended
implementation to all organisations, regardless of size or sector they operate in. These “commonly
used controls” establish a baseline from which organisations can start to implement their
Information Security Management Systems.
Commonly used security control baselines include the ISO/IEC 27001 and the NIST SP 800-53
standard. Since our goal at this point is to catalogue existing security technology, we opted to use the
NIST SP 800-53 standard as a reference point, since it is much more technological oriented, whereas
the ISO 27001 standard stays away from the technology and control-specific implementation details,
focusing primarily on the security goals to be achieved in each control.
The NIST SP 800-53 – “Recommended Security Controls for Federal Information Systems and
Organizations”1 standard was initially published by the United States National Institute of Standards
and Technology in 2009 and subsequently updated in 2010. It defines a security controls framework
that defines over 200 individual controls spread over 18 control families that take care of the
baseline information security requirements of an organisation.
The security controls baseline established by the standard includes the usage of a number of distinct
security technology groups, which can be divided into the following top level categories:
1. Category I: Understand & Protect
2. Category II: Monitor & Detect
3. Category III: Respond & Mitigate
1 Reference: NIST Special Publication 800-53, Revision 3
The following table shows the association between these three top level categories and the related
security technology groups:
Category Security Technology Groups
Category I: Understand & Protect Access control
Compliance monitoring and enforcement
Configuration management and assurance
Cryptography
Data loss prevention
Identity management
Information rights management
Mobile security
Network security
Security assessment
System integrity
Category II: Monitor & Detect Anti-malware (anti-spam, anti-virus, anti-phishing, secure browsing)
Audit and monitoring
IP traffic surveillance & monitoring
Personal and equipment tracking
Personal surveillance technology
Security incident management
SIEM products
Category III: Respond & Mitigate Denial of service protection
Forensic investigation
Offensive cyber warfare
The next sections of this chapter catalogue market solutions under the aforementioned security
technology groups. The cataloguing process captures market solutions offered by CYSPA partner
organisations. In addition to this, we had to find a way to ensure we capture a broad sense of the
market offerings from organisations that were not necessarily connected to the CYSPA consortium,
while at the same time limiting ourselves to only include solutions with a minimum degree of
credibility in the market. To help us with selecting these solutions, we undertook a study of Gartner
magic quadrants relating to our categorisation. Gartner Magic Quadrants are a culmination of
research in a specific market, giving a wide-angle view of the relative positions of the market's
offerings. They offer Gartner’s view on four categories of technology providers:
Leaders: Those who execute well against their current vision and are well positioned for
tomorrow.
Visionaries: Those who understand where the market is going or have a vision for changing
market rules, but do not yet, according to Gartner execute well.
Niche Players: Those focus successfully on a small segment, or are unfocused and do not out-
innovate or outperform others.
Challengers: Those execute well today or may dominate a large segment, but do not
demonstrate an understanding of market direction.
A study of 18 different Gartner magic quadrants facilitated our decision making as to which solutions
to include in our catalogue. We selected solutions mainly from those organisations categorized as
“leaders”. We do recognise however focusing on the leaders' quadrant isn't the only course of
possible action for organisations. There can be good reasons to consider market challengers or niche
players. It does depend on individual business goals of organisations, but Leaders in a broader sense
would fit the requirements for the CYSPA target sectors.
The cataloguing is presented in the following tabular format:
Provider Name Of solution and Description Specific Threat Application Specific
Application Sector
Name of the Solution Provider
Name of the solution and brief overview Specific Type of threat, if any, that the solution addresses. Correlated to threats highlighted in Impact Reports
Highlights if a solution is specifically suitable for one or more sector (Finance, Transport, energy, Telecoms, eGov) or whether it addresses one or more of the threat associated to the sector as highlighted in the Impact Reports
The next sections of this document represent the first CYSPA cataloguing of market solutions which
address cyber security.
4.2. Access Control Solutions
Any organisation must control the access to the Information systems of the organisation. The
management of the access includes authorisation, authentication, access approval, audit, identity
management, user privileges, security levels, etc. The entities that can perform actions in the
organisation systems are not only human users but also software services.
The essential services that the Access control technologies must provide are:
Authorisation
Identification and authentication
Access approval
Accountability.
The list of threats that the access control technologies must deal with is huge, and the impact in case
of success of these attacks in the organisation can be tremendous for the business and for the
corporate’s image.
4.2.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
BAE Systems Detica EnterpriseProtect: EnterpriseProtect is a commercial-grade gateway product securing interaction between a network and the internet. It allows businesses to segregate, or sandbox, applications that require open access to the Internet from those that do not. It breaks attackers’ infiltration and exfiltration paths to high-value commercial environments, defeating threats such as phishing, drive-by downloads, zero-day and unpatched vulnerabilities and data exfiltration via encrypted command and control channels, website upload and webmail. Additional benefits include simplification of the IT estate, increased user awareness and accountability, enhanced business agility, and improved insights into user behaviour
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Commercial organisations, Cross Sector
Oracle Oracle Access Management Suite Plus is a solution for securing applications, data, web services and cloud-based services. The features includes are:
Authentication
Single Sign-on mobile
Social sign-on
Entitlement management
Fine-grained authorisation
Fraud detection
Risk-aware authentication
Security tokens services
Identity federation. Oracle Access Management provides an integrated modular architecture that enables customers to deploy a complete access solution.
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector Application
Oracle Oracle API Gateway: Acts as a control point for managing how internal users and applications are exposed to outside cloud offerings. Extends authentication authorisation. In cloud environments Oracle API Gateway allows:
Proxy and manage interactions with Cloud Services
Restrict, throttle and manage web services and REST APIs
SSO for web services and internet APIs
API key authentication
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
SOA services, cloud and mobile Application
Cisco Cisco Secure Access Control System serves as a policy administration point and policy decision point for policy-based network device access control, main features are:
Access policies rules based and attribute driven.
Authentication protocols PAP, MS-CAP, EAP-MD5, TLS, etc.
Integration with external identity and policy databases, Windows Active Directory, LDAP server and RSA token servers.
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector Application
Cisco Cisco Identity Services Engine is as security policy management and control platform it automates and simplifies access control and security compliance for wired, and VPN connectivity. Cisco Identity Services Engine is primarily used to :
provide secure access
provide guest access
support BYOD initiatives
enforce usage policies
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector Application
IBM Security Access Manager for Enterprise
IBM Security Access Manager for Enterprise Single Sign-On is a simple and flexible access management solution that combines single sign-on with session management and user tracking/audit capabilities. The product simplifies password management, supports a variety of strong authentication devices, and helps secure kiosks and shared workstations, enforcing compliance at the endpoints - Strengthens access control with
convenient single sign-on (SSO) to enterprise and mobile applications and with strong authentication support.
- Improves productivity by eliminating multiple passwords, simplifying the user experience and supporting mobility
- Increases auditability and compliance by tracking and auditing fine-grained user access to information
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector
SAP SAP Access Control allows organisations to confidently manage and reduce unauthorised access, fraud, and the cost of compliance across enterprise. Features include - Automatically detect and remediate
access risk violations across SAP and non-SAP systems
- Embed compliance checks and mandatory risk mitigation into business processes
- Empower users with self-service, workflow-driven access requests, and approvals
- Automate reviews of user access, role authorisations, risk violations, and control assignments
- Better manage super-user access controls with a centralized, closed-loop process
- Create a comprehensive audit trail of user and role management activities
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector
4.3. Compliance Monitoring and Enforcement Solutions
The security strategy of any organisation can be expressed in terms of rules, policies, or procedures
among others. After the implementation of the security strategy in the common operational
procedures, it is required to monitor that the rules, policies or procedures are followed in any
operation or transaction. Also it is required to detect if the security strategy has been properly
implemented and enforced.
The technologies involved in the compliance monitoring and Enforcement should provide:
Relevant information of the business activity
Information about implementation of the security strategy
Reports of security breaks.
Reports of policies compliance.
Reports of threats detected.
A clear picture of the system and of the organisation’s assets
4.3.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
ForeScout
CounterACT for Network Access Control: is an automated security control platform that lets an organisation see, monitor and control everything connected to the corporate network. Today most attacks come from inside a network, bypassing the security provided by traditional firewalls and IPS system. Modern threats include: Visitors, Wireless and mobile users, rogue devices, malware and botnets, compliance. ForeScout CounterACT automatically enforces whatever network access policies are defined. Features included:
integrated appliance
802.1X or not
Built-in RADIUS
Automated exception handling
Automated 802.1x troubleshooting and remediation
Tactical map
Guest registration
BYOD friendly
Real-time mobile device control
threat detection
Rogue device detection
Role-based access control
Flexible control options
Policy management
Out-of-band deployment, scalability
Optional agent
IT infrastructure integration, Reporting
Endpoint compliance, Data Exchange.
Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks
Cross Sector Application
IBM
IBM compliance insight manager offering provides an easy-to-use security compliance dashboard that summarizes billions of log files. This allows analysts to quickly gain an overview of security compliance posture, understand user activities and security events in comparison to acceptable-use frameworks, and monitor privileged users and related security events.
Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks
Cross Sector Application
Microsoft
Security Compliance Manager: SCM enables organisations to centrally plan, view, update, and export thousands of Group Policy settings for Microsoft client and server operating systems and applications. It makes it easier for organisations to plan, implement, and monitor security compliance baselines in their Active Directory infrastructure. With SCM, IT Professionals can obtain baseline policies based on security best practices, customize them to the particular needs of their organisation and export them to a number of formats for use in different scenarios. For example, SCM can be used to help create different baselines for mobile devices, laptops, desktops, high security desktops, traditional datacenters and private cloud environments.
Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks
Cross Sector Application
IBM
IBM Endpoint Manager for Security and Compliance helps support endpoint security throughout an organisation. This software can help protect endpoints and assure regulators that security compliance standards are being met. Helps support continuous security and compliance using an intelligent agent that assesses and remediates issues. Manages hundreds of thousands of endpoints, both physical and virtual, regardless of location, connection, type or status. Simplifies operations with a single console for management, configuration, discovery and security functions. Delivers a broad range of security functions and gives the ability to add other targeted functions as needed, without adding infrastructure or implementation costs. Makes the most of BigFix technology. This single-infrastructure approach distributes decision-making to the endpoints.
Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks
Cross Sector Application
4.4. Configuration Management and Assurance Solutions
An information system is composed of many components. Those components are interconnected
required to meet a variety of business, mission and information security needs. Any organisation
must assume that the information system is in a constant state of change in response to new
hardware or software capabilities, patches, new business requirements or new security threats. If the
configuration must be modified in order to implementing information systems changes it is required
to ensure that the required adjustments to the system configuration do not adversely affect the
security of the information system or the organisation from operation of the information system.
The dependence on the information systems has increased due to the ubiquity of information
technology. Organisations are facing an increase in the number and severity of threats that can have
adverse impacts on operations assets and individuals. The information Security Program address the
efforts aimed to manage organisational risk related to information systems.
The offer of the technologies must provide support for all the activities required for the
Configuration management:
Role definition
Elaboration of Configuration Management Plan
Configuration Item identification
Configuration Change Control
Configuration Monitoring
Risk management
4.4.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
Citrix CloudPlatform enables an organisation to orchestrate every workload from a single platform, so that short and long term needs of users and business objectives can be focused upon. CloudPlatform infrastructure management technologies provide a secure multitenant cloud environment to be built on shared datacenter hardware. Provide central administration of the cloud across different regions or availability zones.
Network sniffers Packet spoofing Session-hijacking Industrial espionage Analysis of vulnerabilities
Cross Sector Application
HP HP Configuration Management System (CMS) is a set of tools for:
Collecting
Storing
Managing
Updating
Presenting data IT services configuration items (software and infrastructure) and about their relationships. HP Configuration Management System includes HP Universal Discovery (UD) and a federated configuration management database (UCMDB) that integrates with trusted sources.
Network sniffers Packet spoofing Session-hijacking Industrial espionage Analysis of vulnerabilities
Cross Sector Application
4.5. Cryptography Technologies
Cryptography Technologies enable encryption of sensitive data to:
To protect the confidentiality and integrity of remote access sessions
To protect the integrity of audit information and audit tools
To implement Digital signatures
To protect information in storage
To protect classified information
4.5.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
McAfee McAfee Anti-Theft allows encryption and password-protect sensitive files on a PC.
Industrial espionage Network sniffers Packet spoofing Automated probes and scans DLP Advanced Persistent Threat
Cross Sector Application
Sophos SafeGuard Enterprise, central data encryption and protection, makes regulatory compliance easier with policy enforcement and reporting. Delivers better data security through proven encryption algorithms and performance. Provides key management that lets authorised users shared data securely and easily.
Industrial espionage Network sniffers Packet spoofing Automated probes and scans DLP Advanced Persistent Threat
Cross Sector Application
Dell Dell Data Protection Encryption protects data and addresses compliance. DDP provides comprehensive data protection for:
Devices
External media
Public cloud storage. Implement encryption options ranging from simplified Microsoft BitLocker management to full disk encryption. Hardware Crypto Accelerator supports the highest level of FIPS 140-2 protection commercially available for system disks. Centralized management for remotely manage encryption and authentication policies with a single console.
Industrial espionage Network sniffers Packet spoofing Automated probes and scans DLP Advanced Persistent Threat
Cross Sector Application
SafeNet Hardware security modules (HSMs) provide protection for transactions, identities, and applications by:
Securing cryptographic keys
Provisioning encryption, decryption, authentication, and digital signing services.
SafeNet HSMs enable application developers to integrate security into custom applications.
Industrial espionage Network sniffers Packet spoofing Automated probes and scans Advanced Persistent Threat
Cross Sector Application
4.6. Data Loss Prevention Solutions
Strategies for Data Loss Prevention are aimed at detecting potential data breach or data disclosure
by monitoring, detecting and blocking sensitive data while data is in-use, in-motion and at rest.
Network DLP techniques are based in the analysis of network traffic to detect sensitive
data that is being sent in violation of information security policies.
Endpoint DLP or in-use monitors activity in the endpoint workstations in the
organisation.
Data at Rest is referred to archived information stored in an endpoint, on a network
storage device, on a file server or on a backup system.
4.6.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
Novell Novell File Reporter The objective of data loss prevention is to avoid the loss or inappropriate access of sensitive data from network storage devices. Novell File Reporter provides comprehensive reporting on key aspects of any data loss prevention strategy including:
Data at rest
Data in use
Data identification. Reports can specify the data's location and when users last accessed or modified it. Additionally, Novell File Reporter can report on who can access this data. Using these reports, one can determine, based on the sensitivity and importance of the data, whether any additional precautionary measures need to be taken, such as moving the data, archiving it or changing access rights.
Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat
Cross sector application
Check Point software Technologies
Check Point DLP Software Blade combines technology and processes allowing Data Loss Prevention (DLP), helping businesses to pre-emptively protect sensitive information from unintentional loss, educating users on proper data handling policies and empowering them to remediate incidents in real-time. The features of this product are:
Check Point UserCheck
Protect Against Data Breaches Both Externally and Internally
Inspect SSL Encrypted Traffic
Check Point MultiSpect
Network-wide Protection Coverage
Watermarking
Fingerprint Sensitive Files
Whitelist Files and Repositories
Central Policy Management
Event Management
Rapid and Flexible Deployment
Integrated into Check Point Software Blade Architecture
Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat
Cross Sector Application
Cisco CISCO Data Loss Prevention (DLP) is a data leakage protection solution that helps organisations assess risk and prevent data loss over the highest points of risk. It safeguards proprietary information against security threats due to enhanced employee mobility, new communication channels, and diverse services. Cisco DLP includes:
Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat
Cross Sector Application
In-motion data leakage protection against loss over the web and through email, with policies that include content, context, and destination knowledge Services to understand data loss risk and develop data leakage protection strategies that incorporate people, processes, and technology Protecting at-rest data by encrypting backup tapes and other storage devices Providing data leakage protection from other avenues of risk, such as unauthorised physical or network access, malware, and end-user actions
IBM IBM Enterprise data loss prevention solution features include: - Helps enforce data protection policies to
enable more security-rich business processes
- Helps better manage compliance with corporate policies to protect business value and avoid fines
- Implements an integrated endpoint and network data loss prevention technology to help optimize data protection investment
Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat
Cross Sector Application
4.7. Identity Management Solutions
The responsibility of any identity management system is:
Creation of electronic identities
Use of electronic identities
Termination of electronic identities.
The electronic identity can be determined by a password, by a token or by any kind of
biometric of any individual person, Face, iris, fingerprints, voice, etc.
4.7.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
Microsoft Microsoft Forefront Identity Manager Deliver self-service identity management for users, allows simplifying identity lifecycle management through automated workflows and business rules, and provides easy integration with heterogeneous platforms. Features:
Policy management
Credential management
User management
Group management
Access management Compliance
Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning Advanced Persistent Threat techniques. Targeting of specific users. Identity Theft Social media
Cross Sector Application
Oracle Oracle Identity Management is a complete and integrated, next-generation identity
Automated probes and scans.
Cross Sector Application
management platform that provides breakthrough scalability; enables organisations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. This platform provides:
Directory Services
Simplified Identity Governance
Managing High Risk Accounts
Mobile and Social Access
Access Management
Single Sign On services.
Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Identity Theft Advanced Persistent Threat Social media
CA Technologies The CA identity management and governance includes CA GovernanceMinder and CA IdentityMinder. This solution provides automating identity-related controls across physical, virtual and cloud environments.
Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Advanced Persistent Threat Identity Threat Social media
Cross Sector Application
SAP SAP NetWeaver Identity Management allows: - Lower IT support costs and reduce risk
with centralized user identification management
- Improve productivity with self-services such as automatic password resets and rules-driven workflows
- Boost flexibility with standards-based functionality that integrates fully with company processes
- Improve insight and compliance with centralized, integrated logging and reporting
Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Advanced Persistent Threat Identity Threat Social media
Cross Sector Application
4.8. Information Rights Management Solutions
These technologies are considered as a type of the digital rights management aimed to protect
sensitive information from unauthorised access. Whereas digital rights management technologies
are associated with the protection of media content like music and video. Information Rights
management allows that information and its control have separated lifecycles.
The IRM technologies possess the following features:
Secure and track all copies of information.
Information encryption
Control of editing features copy & paste, preventing screenshots, printing.
Rights model/policy
Allow for revocable offline working
Full auditing of access to document and changes to the rights/policy by business users.
4.8.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
Documentum-emc Documentum Information rights management (IRM) for unauthorised access prevention to secured content enabling organisations to maintain control of information rights beyond firewall:
Mobility and secure access
Persistent protection
Dynamic policy control Continuous audit trail
Industrial espionage APT Social engineering
Cross Sector Application
McAfee McAfee Data Protection Suite for Rights management automatically discovers sensitive data and applies policy-based usage and data access restrictions to safeguard critical information wherever it resides.
Industrial espionage APT Social engineering
Cross Sector Application
Adobe Adobe LiveCycle Rights Management ES2 enable more secure collaboration by helping to maintain control over processes such as product development collaboration, supplier collaboration, work instructions, and field service management:
Reduce the risk of theft and misuse of sensitive information
Protect, manage, and monitor the use of sensitive documents outside the firewall.
Rights manage sensitive information from a wide range of applications and file formats
Industrial espionage APT Social engineering
Cross Sector Application
4.9. Mobile Security Technologies
Mobile devices are ubiquitous today, not only in the personal use but also companies are taking
advantage of these devices in daily operations. Therefore mobile devices need to support multiple
security objectives like confidentiality, integrity and availability. Herein there is a list of threats that
mobile devices must tackle with:
Lack of Physical Security Controls
Use of untrusted Mobile Devices-BYOD
Use of untrusted networks
Use of Applications Created by Unknown Parties
Interaction with other systems
Use of Untrusted Content
Use of Location Services
4.9.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific Application Sector
CISCO Cisco AnyConnect: Provides:
• Context-aware, comprehensive, and
preemptive security policy enforcement
• Intelligent, seamless, and always-on
connectivity experience
• Secure mobility across today’s proliferating
managed and unmanaged mobile devices
Mobile Malware Cross Sector Application
McAfee McAfee Secure Container for Android: software
creates an encrypted and manageable data
store on each smartphone and tablet.
Enterprise data stays locked inside the
container, safe from malware and risky
interaction with the personal apps, games, and
messaging the users loves on their devices.
If the device is stolen or misplaced, the
container can be remotely locked and wiped
without affecting the rest of the data on the
device
Container ensures that Microsoft Word
Documents and Adobe PDFs that are sent as
corporate email or calendar attachments are
opened in an encrypted viewer, and prevents
the ability to copy, paste, or save the document
content elsewhere.
Cyber Espionage
DLP
Cross Sector Application
McAfee McAfee Virus Scan Mobile
Detect threats in real time
Block malware in email, text messages, and
attachments without any noticeable delay.
McAfee VirusScan Mobile scans for a range of
malicious threats in less than 200 milliseconds,
providing automatic and comprehensive
protection for smartphones.
Safeguard corporate assets
Keep confidential corporate and customer
information safe. Trust VirusScan Mobile to
protect mobile devices from viruses, worms,
dialers, Trojans, and other malicious code that
can cause the loss of vital data.
Mobile Malware Cross Sector Application
McAfee McAfee Enterprise Mobility Management: Integrated solution, couple Virus Scan and Secure Container products with Policy management. Aims to offer:
Cross Sector Application
Data and application security
Full device management
Device and OS support for widely-used platforms
BYOD Support
Policy-based security
Enterprise-class scalability
Unified management
Security for mobile and traditional endpoints from the
MobileIron Sentry: MobileIron Sentry is an intelligent gateway that provides secure tunnelling and access control to protect data-in-motion. Supports email, app, document, and web traffic, and establishes session trust through the use of certificates to prevent man-in-the-middle attacks. With Sentry, only secured and authorised services can access enterprise resources, and that access can be automatically disabled if the mobile user or device falls out of compliance.
Man in the mobile attack Cyber Espionage
Cross Sector
MobileIron Docs@Work: Creates a secure content hub for the end user to access and manage corporate documents. This hub allows the user to securely view and store documents in specific apps on their device which are defined by IT. The secure content hub can also selectively wipe documents when a user or device falls out of compliance and blocks clipboard actions (cut/copy/paste) for enterprise content. Docs@Work 1) Controls whether third-party apps can access stored documents and 2) Utilizes policies, users, roles, groups, and permissions. The App is also able to scan and assess
Mobile Malware Cross Sector
MobileIron Web@Work: Secure Access to Enterprise Web Content and Mobile Web Apps Web@Work enables secure web browsing by protecting both data-in-motion and data-at-rest on the device. Secure data-in-motion – Enterprise web traffic is tunneled through MobileIron Sentry for secure transport and access control. To comply with privacy laws required in some geographies, IT can enable split-tunnel configurations. This allows external websites to bypass Sentry and IT visibility. Browser-exclusive tunnel – Unlike a VPN, the tunnel is exclusive to Web@Work, meaning IT can restrict access to only those internal web resources users require based on their group membership in the enterprise directory or other user and device characteristics. If the user or device falls out of compliance, the tunnel will be automatically blocked until the compliance
Secure Browsing Cross Sector
4.10. Network Security Solutions
There are many threats that a corporate network must tackle with in order to grant the security for
the business users within the network. To mention some of the attacks:
ARP poisoning
Buffer overflow
Cyber attack
Denial-of-service
Idle scanner
Man in the middle.
The number of technologies in the field of network security is huge, from physical to logical security:
issue is remediated. VPN is not required.
BAE Systems
Detica
MobileProtect: MobileProtect, powered by StreamShield, is a global cloud-based solution. It uses our StreamShield content security gateway to provide flexible URL filtering for employee provisioned mobile devices operating on iOS, Android and Windows 7 & 8. MobileProtect integrates with the service provider’s Mobile Device Management (MDM) platform providing a seamless process for provisioning new devices. Policies set up on the MDM are automatically synchronized with the MobileProtect management hub meaning no additional administration is required. DeviceProtect: Our DeviceProtect solution provides front-line operational staff with access to local and global operational and business intelligence systems on the move. Our devices can be accredited to handle data at high protective marking levels for government use. They are also suitable for commercial organisations seeking high levels of protection. Our device technologies include Mobile Data Terminals, PDAs, laptop PCs and will soon cover the latest tablets and smartphones. When combined with MobileProtect, our network gateway and monitoring capabilities and experience developing and managing mobile applications we offer highly secure and resilient communications to operational teams. This delivers improved intelligence flows and data quality, enables better decision making, increases operator productivity and efficiency and provides enhanced situational awareness.
Cross Sector Application Secure government, commercial organisations with front line/mobile operatives
SAP SAP Mobile Secure enables: - Protection of critical corporate data with
the scalable, secure architecture - Scalable and flexible deployment methods
Cloud or On-Premise - Support for both personally owned and
Bring Your Own Device (BYOD) scenarios
Mobile Malware
IBM IBM MobileFirst Security access Manager and Security AppScan
Mobile Malware, mobile app security
Cross Cutting, Financial servcies
Firewall
Antivirus/malware software
Monitors
Strong authentication, strong encryption
DMZ
Whitelist for wireless connections.
4.10.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific Application Sector
Juniper networks Juniper Networks network security system includes:
SA Series SSL VPN appliances
IDP Series Intrusion Detections and Prevention Appliances
SRX Series Services Gateways. Juniper Networks provides a scalable IP network security system that is built to provide the performance required to support next-generation services such as VoIP and IPTV. The IP network security system leverages industry-leading technology to protect the service provider network from both known and unknown network security threats.
Network sniffers Packet spoofing Automated probes and scan Distributed attack tools Advanced Persistent Threat
Cross Sector Application
Cisco Application Centric Infrastructure Security Solutions, protects data centers and cloud deployments. It provides security policy-based. The security can be deployed for transaction – completely independent of the underlying topology. ACI management tools provide a single point of control for both network and security management.
Network sniffers Packet spoofing Automated probes and scan Distributed attack tools
Cross Sector
BAE Systems Detica
Interactive link data diode: We offer both 100mbps and 1gbps data diodes evaluated to Common Criteria EAL 7+.Our accompanying software suite provides interfaces for a range of IP protocols, SMTP and file transfer as well as a high availability solution and management. Data diodes provide a hardware enforced one-way only connection between two networks. Our Interactive Link family are suited to a wide range of applications in both government and commercial markets. The combination of high assurance and advanced functionality result in them being trusted by many governments and businesses to protect their most sensitive data.
Network sniffers Packet spoofing Automated probes and scan Distributed attack tools Advanced Persistent Threat
Cross Sector
BAE Systems Detica
Secure Export Gateway: SEG is a high assurance electronic gateway component that is currently used by the UK and international governments. It ensures that only authorised systems are allowed to send data across the network boundary it protects and allows one way communication. It is suited to all situations
Advanced Persistent Threat Network sniffers Packet spoofing Automated probes and scan Distributed attack tools Advanced Persistent
Cross Sector
where an information release business process must be enforced, for example the provision of updates to industrial control systems or the release of information to networks of lower classification.. It is designed for use up to UK Government Impact Level 6.
Threat
4.11. Security Assessment Solutions
The process of security Assessment is the principal mechanism to verify that the security goals and
objectives have been properly implemented and correctly operated. The output of the assessment is
to provide useful information about:
The effectiveness of security controls in the information systems.
KPIs of the quality of the risk management process.
Analysis of vulnerabilities of the information systems in a global environment and
changing threats.
4.11.1. Main solutions, with brief description
Provider Name Of solution and Description
Specific Threat Application Specific Application Sector
Cisco Cisco Security Auditor 1.0 enables to audit their network infrastructure against corporate security policies and industry best practices. Key product features include:
An extensive built-in library of security policies based on guidelines from the National Security Agency (NSA), SAFE Blueprints from Cisco, and the Center for Internet Security (CIS)
Ability to import device list from various sources (for example, RME, DCR, local directory, CSV, XML, other Network Management platforms) on an on-demand or scheduled basis
Ability to group devices into static/dynamic device groups based on device attributes
Ability to assign a weight to a security policy to reflect its importance; both raw and weighted results reflected in audit reports
Ability to define which specific policies to check or not check for a defined group of devices; for those policies checked, the ability to customize the policy parameters
Ability to conduct audits online on a live network or offline using locally stored or remotely accessible configuration files
Ability to conduct audits on demand or
Automated probes and Scans Advanced Persistent Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Cross Sector Application
automatically according to a defined schedule
A wide variety of standard reports from executive-summary graphical reports down to specific policy pass/fail results with recommended corrective actions
Bottom 10 device report to quickly identify the devices with the poorest security policy compliance
Bottom 10 policy report to quickly identify the security policies with the poorest compliance
Trending reports to visualize compliance of the network over time
HP HP Security Assessment Tool this tool provides a methodology to evaluate the effectiveness of the information security. It cover five critical areas:
Fundamental services management
Strategy management
Infrastructure management
Issue management
Compliance management
Automated probes and Scans Advanced Persistent Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Cross Sector Application
4.12. System Integrity Solutions
It is considered that the system integrity is completely assured when under all conditions an IT
system is based on:
Data integrity
The logical completeness of the hardware and software
The logical correctness and reliability of the operating system
The technologies required have to cover a wide range in order to audit the system integrity in a
complex business environment. To mention some: data bases, non-sql database, big-data, business
logic, operative systems, servers, network devices, storage appliances, load balancers, etc.
4.12.1. Main solutions, with brief description
Provider Name Of solution and Description
Specific Threat Application Specific Application Sector
Cimcor Inc CimTrak is a security, integrity and compliance application that is easy to deploy and scales to the largest of global networks.
Automated detection process
Flexible response options
Auditing capabilities
Compliance, information assurance.
Automated probes and Scans Advanced Persistent Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Cross Sector Application
Assuria Assuria Auditor provides automated vulnerability assessment and configuration assurance for servers and endpoints through a blend of Resident Agent
Automated probes and Scans Advanced Persistent
Cross Sector Application
4.13. Anti-malware Solutions (anti-spam, anti-virus, anti-phishing, secure browsing)
In the current global world of internet where software can be acquired everywhere, there is a big risk
that malware could be introduced in the organisations information systems, either intentionally or
unintentionally. This software potentially can be used to disrupt services, gather sensitive
information or any unauthorised use of the resources of the information systems.
4.13.1. Main solutions, with brief description
Provider Name Of solution and Description
Specific Threat Application Specific Application Sector
Sophos Sophos Endpoint Antivirus for computers and servers plus web filtering. Effective and efficient protection with minimal impact Block web-borne threats before they’re download Antivirus, HIPS, device control, application control and DLP.
Malware Viruses Spyware Rootkits Trojans Adware PUAs DLP
Cross Sector Application
Symantec Symantec Endpoint Protection for servers provides strong host-based intrusion capabilities. SEP provides a EPP solution, including:
anti-malware protection
device control
Sonar engine for behavioral heuristics.
Encryption capabilities
DLP
A plug-in to the SPC provides IT analytics capabilities and offers data cubes for the analysis of SEP data.
Symantec has MDM capabilities
Symantec Power Eraser is a tool for scrubbing hard-to-remove infections and provides a free alternative to Malwarebytes.
Malware Viruses Spyware Rootkits Trojans Adware PUAs DLP
Cross Sector Application
Kaspersky lab Kaspersky Anti-Virus product to keep PC and data secure against malware.
Advanced Antivirus
Real time protection
Instant Safety Check
Virus infections Cybercriminals Malware
Cross Sector Application
McAfee McAfee Total Protection provides protection :
Anti-virus
Anti-spyware
Anti-spam
Anti-phishing
Two-way Firewall
Malware Viruses Spyware Rootkits Trojans Adware
Cross Sector Application
and Remote Agentless scanning approaches:
Server hardening
Vulnerability Assessment
Compliance Assessment
Change detection
Inventory reporting
Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Website Safety Ratings
Parental Controls
Online Backup
PUAs
BAE Systems Detica
Detica CyberReveal® is the multi-threat
monitoring, analytics, investigation and
response product. It enables security analysts
to identify and manage cyber threats quickly
and efficiently. It provides big data correlation,
security analytics, contextual information
linking and threat intelligence all
Features include:
CyberReveal Platform™ enables security analysts to rapidly query and analyse huge volumes of data. This scalable platform is built to meet the needs of the enterprise without the linear expense of ‘Big Data’ solutions.
CyberReveal Analytics™ represents of BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.
CyberReveal Investigator™ gives insight through a single unified view across the whole security estate. It enables security analysts to make appropriate decisions quickly, without the need for specialist technical skills while supporting collaboration across the security organisation.
Malware Viruses Spyware Rootkits Trojans Adware PUAs
BAE Systems Detica
EnterpriseProtect: EnterpriseProtect is a commercial-grade gateway product securing interaction between an organisations network and the internet. It allows businesses to segregate or “sandbox” applications that require open access to the Internet from those that do not. It breaks attackers’ infiltration and exfiltration paths to high-value commercial environments, defeating threats such as phishing, drive-by downloads, zero-day and unpatched vulnerabilities and data exfiltration via encrypted command and control channels, website upload and webmail. Additional benefits include simplification of the IT estate, increased user awareness and accountability, enhanced business agility, and improved insights into user behaviour.
Malware Viruses Spyware Rootkits Trojans Adware PUAs
Selex FireEye is a threat protection solution focused on combating advanced malware, zero-day and targeted APT attacks. The FireEye solution supplements security defences such as next generation and traditional firewalls, IPS, AV and Web gateways, which can’t stop advanced malware. These technologies leave significant security holes in the majority of corporate networks. FireEye’s Malware Protection Systems feature both inbound and outbound protection and a signature-less analysis engine that utilizes the most sophisticated
Malware Viruses Spyware Rootkits Trojans Adware PUAs
Cross Sector
virtual execution engine in the world to stop advanced threats that attack over Web and e-mail.
4.14. Audit and Monitoring Solutions
Audit and monitoring are different activities but both with the same goal, security assessment of the
information system. The processes are not the same, continuous auditing performs activities on a
frequent repeated basis, to provide ongoing assurance and more timely insight into risk and control
issues. Continuous monitoring key business process transactions and controls are constantly
assessed. This permits ongoing insight into the effectiveness of control and immediate response to
cyber-attacks or threats.
In both cases it is required a process of measure specific metrics with different scope if required
regarding the activity, audit or monitoring, and reporting tools that provide the required information
to the security management.
4.14.1. Main solutions, with brief description
Provider Name Of solution and Description
Specific Threat Application Specific Application Sector
Oracle Oracle Audit Vault and Database Firewall monitors database traffic to detect and block threats, as well as improves compliance reporting by consolidating audit data from databases, operating systems, directories and other sources
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Cross Sector Application
CXL ltd. AZScan is a tool for auditing the security of mid-range systems:
Review and report systems
Reporting for non-experts of problems, risks and recommended solutions
Creation of actionable business plans
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
Cross Sector Application
BAE Systems Detica
Detica CyberReveal® is the multi-threat
monitoring, analytics, investigation and
response product. It enables security analysts
to identify and manage cyber threats quickly
and efficiently. It provides big data
correlation, security analytics, contextual
information linking and threat intelligence all
Features include:
CyberReveal Platform™ enables security analysts to rapidly query and analyse huge volumes of data. This scalable platform is built to meet the needs of the enterprise without the linear expense of ‘Big Data’ solutions.
CyberReveal Analytics™ represents of
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
Cross Sector Application
BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.
CyberReveal Investigator™ gives insight through a single unified view across the whole security estate. It enables security analysts to make appropriate decisions quickly, without the need for specialist technical skills while supporting collaboration across the security organisation.
BAE Systems Detica Protective Monitoring monitors network
security systems in real time 24/7 and raises
fully qualified and prioritised security
incidents at the point action is required
Our clear, concise security advice is backed up
by decades of experience in information
security and our UK government certified
incident response service.
Leveraging an organisations existing security
technologies they can extract maximum value
from existing investment. And our near-zero
false positive rate ensures an organisations IT
team’s efforts are focussed on the most
important threats.
Protective Monitoring helps an organisation
to achieve cost-effective security hygiene to
reduce the business impact of high-frequency,
low-grade attacks.
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
Cross Sector Application
BAE Systems Detica
Advanced Threat Detection monitors a
network for sophisticated attacks hiding in
legitimate activity to breach perimeter
defences.
Our Detica CyberReveal platform analyses
the behaviour of devices on a network and
their connections with the Internet to pick
out attacks from within legitimate network
traffic. Skilled security analysts investigate
suspicious activity and raise security
incidents when action needs to be taken.
Our Threat Intelligence function monitors key
attack groups, ensuring that the latest
techniques can be detected.
Advanced Threat Detection helps to stop
sophisticated attacks with the potential for
serious impact to a business before the
damage is done.
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
Cross Sector Application
BAE Systems Detica Security Device Management takes away the
DLP Industrial espionage
problem of constantly maintaining security
systems, providing full lifecycle management
of the devices on a network. This includes
configuration, backups, software upgrades
and patching. 24/7 monitoring for availability
and performance is also included.
We pro-actively update devices in response to
security incidents or known threats, updating
proxy white or black lists or deploying IPS
signatures for example.
We take full advantage of our Threat
Intelligence function and intelligence gleaned
from attacks across our client base to ensure
that an organisations perimeter security is as
effective as it can be in blocking known
threats.
Analysis of vulnerability Distributed attack tools Targeting of specific user
4.15. IP Traffic Surveillance & Monitoring Solutions
The virus threat cannot be 100% avoided with anti-virus protection, especially from Trojan horses
and malicious spyware programs. There are many threats that only can be detected analysing the IP
traffic, other way they remain hidden. Specific devices must be devoted to this task to avoid network
overhead, and to provide useful information that could prevent and detect any menace to the
security and integrity of the organisation’s network and system.
4.15.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector
Wireshark Cascade Shark VE:
WLAN packet capture and transmission
Full 802.11 a/b/g/n support
View management, control and data frames
Multi-channel aggregation
Packets analysis Reporting
Network sniffers Packet spoofing Automated probes and scan Wide scale Trojan distribution and worms
Cross Sector Application
Paessler PRTG Network Monitor is a IP traffic monitor:
Packet sniffing
Netflow monitor
Bandwidth usage
Availability monitoring
Wireless network troubleshooting
Network sniffers Packet spoofing Automated probes and scan Wide scale Trojan distribution and worms
Cross Sector Application
BAE Systems Detica
Detica CyberReveal® is the multi-threat
monitoring, analytics, investigation and
response product. It enables security analysts
to identify and manage cyber threats quickly
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
and efficiently. It provides big data correlation,
security analytics, contextual information
linking and threat intelligence all
Features include:
CyberReveal Platform™ enables security analysts to rapidly query and analyse huge volumes of data. This scalable platform is built to meet the needs of the enterprise without the linear expense of ‘Big Data’ solutions.
CyberReveal Analytics™ represents of BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.
CyberReveal Investigator™ gives insight through a single unified view across the whole security estate. It enables security analysts to make appropriate decisions quickly, without the need for specialist technical skills while supporting collaboration across the security organisation.
4.16. Personal and Equipment Tracking Solutions
The number of items, devices and personnel that compose the value chain of any product or service
is huge, and today the mobility of all of them is increasing day by day. Therefore it is critical for
organisations locating the components of the value chain to avoid attacks, thefts and to protect the
items, persons and the business. The technologies employed must be the less intrusive possible and
must allow the localization of the subjects of interest at any time. Although it can be considered
physical security, the protection of some key assets helps to prevent many cyber-attacks because
they can provide access to the information systems of the organisation, for example mobile devices.
4.16.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific
Application Sector
SILENT PARTNER RFID equipment tracking solutions, Accurate Asset inventory:
Fixed Asset financial reporting
Equipment maintenance scheduling
Efficient asset utilization, redeployment and retirement
Capture accurate equipment locations
Social engineering attacks Advanced persistent Threat
Cross Sector Application
Pocketfinder GPS Trakers for personnel, and equipment location. Allocation in maps.
Social engineering attacks Advanced persistent Threat
Cross Sector Application
4.17. Security Incident Management Solutions
The sophistication of the cyber-attacks is increasing as the same rhythm that security measures are
improving, therefore security breaches will occur in our system. These security incidents must be
detected through continuous monitoring of security events and the subsequent execution of the
proper response by the security management.
After the security incident is solved, it is required an incident investigation, required to improve the
responses and to learn more about the strengths and weaknesses of the organisation’s system.
4.17.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific
Application Sector
TIBCO
Tibco Loglogic security event manager enables better identification of even the most sophisticated threats to IT infrastructure and assets:
Actionable security intelligence within seconds
Sophisticated incident management and trouble ticketing integration
Instant real time protection
Malware DLP Advanced Persistent threat
Cross Sector Application
GoToAssist GoToAssist Service Desk is a tool that supports people for manage, track and resolve issues.
Manage incidents to resolve issues
Routing service desk records and assign appropriate priorities
Track infrastructure changes and releases
Malware DLP Advanced Persistent threat
Cross Sector Application
4.18. SIEM Products
The Security Information and Event Management (SIEM) is a software system devoted to provide
real-time analysis of security alerts generated by network devices or organisation’s applications.
The SIEM product can be composed by software, devices and services as well as reporting tools and
dashboard services. Herein a list of the required capabilities:
Data aggregation
Correlation
Alerting
Dashboards
Compliance
Retention
Forensic Analysis.
All these capabilities help security management in the tasks of manage service privileges, log auditing
and generate incident response.
4.18.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector
HP HP ArcSight platform analyses and correlates every event that occurs across the organisation-login, logoff, file access, database query, etc.- in order to deliver accurate prioritization of security risks and compliance violations.
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
Splunk Splunk Enterprise is a platform for real-time operational intelligence. It analyses and visualizes the massive streams of machine data generated by IT systems and technology infrastructure- physical, virtual and in the cloud.
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
NetIQ NetIQ Sentinel it is a Security Information and Event Management solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers “actionable intelligence” required to quickly understand their threat posture and prioritize response.
Collect, retain and report against log data.
Detect out-of-the box threats
Monitoring of user activities
Collection, storage, analysis and management of IT infrastructure event and security logs.
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
Tripwire Tripwire Log Center is a product that provides log intelligence with advanced correlation, visualization, and trend analysis of log data for early indicators of potentially unauthorised activity.
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
Logpoint Logpoint enables the correlation of events and reporting on critical business operation in real-time, allowing enterprises to gather insight and understand the context of billions of events generated daily by both core business applications as well as the infrastructure supporting and enabling the business. LogPoint provides a rich analysis platform and out-of-the-box dashboarding and reporting
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
for infrastructure and critical business applications, enabling effective management and measurements of the enterprise security.
Perform analysis of security events a APTs
Automate and optimize the time spent meeting compliance and regulatory guidelines.
Articulate and define the efficiency potential within the enterprise.
Obtain data needed for business-process reengineering.
Identify misconfiguration and errors within the infrastructure. Gain substantial time-reduction when conducting root-cause analysis.
AlienVault
AlienVault Open Source Security Information Management, OSSIM is an open source SIEM system, providing the essential security capabilities built into a unified platform by integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention. The software is distributed freely under the GNU General Public License. Unlike the individual components which may be installed onto an existing system, OSSIM is distributed as an installable ISO image designed to be deployed to a physical or virtual host as the core operating system of the host. OSSIM is built using Debian GNU/Linux distribution as its underlying operating system .
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
4.19. Denial of Service Protection Solutions
Denial of Service or Distributed Denial of Service is a cyber-attack technique which aim is to make a
resource unavailable interrupting the service it provides. These kinds of attacks can be sent by one
attacker or more attackers, the attacker can be physical persons, systems or bots. The technologies
employed to prevent and to handle the DoS attack cover many hardware and software solutions:
Firewalls
Switches
Routers
IPS based detection
Application front en hardware
4.19.1. Main solutions, with brief description
Provider Name of solution and Description
Specific Threat Application Specific Application Sector
Radware Radware’s family of security solutions provide integrated application and network security.
Denial of Service attack Cross Sector Application
The Attack Mitigation Systems (AMS) protects application infrastructure in real time against network and application downtime, application vulnerability exploitation, malware spread, Denial of Service attack and Distributed Denial of Service attacks
CISCO Cisco IOS integrated services, Cisco embeds network security into the hardware, routers, switches, etc. providing additional protection against Denial of Service attacks among other threats.
Denial of Service attack Cross Sector Application
BAE Systems Detica
Digital Forensics: If a network is
breached or other malicious activity is detected, a detailed forensic investigation may be required. Our team of forensic experts follow industry best practice to ensure that the integrity of original evidence is maintained from initial response to court proceedings if required. We follow a well-documented, repeatable process across all digital platforms including computers, mobile phones, storage and other ICT systems. We carry out successful operations into highly sensitive issues on behalf of government agencies and commercial organisations at our ISO 17025 accredited lab.
Denial of Service attack Cross Sector Application
BAE Systems Detica
Malware analysis and reverse engineering: When an organisation
identifies an unknown threat in its environment, our specialist team uses dynamic threat analysis and reverse engineering to interpret the threat. We then present the results in an appropriate manner for both technical and business audiences.
Denial of Service attack Cross Sector Application
4.20. Forensic Investigation Solutions
After a security incident has occurred and solved, it is required to analyse the chain of events to
gather the information required to provide legal evidence for further actions against the hacker or
cyber-terrorist that have perpetrated the illegal action on the organisation’s information system.
The forensic investigation is associated with a wide variety of techniques for data recovery with the
goal of creating a legal audit trail.
The investigations are performed on static data and some of the required techniques are:
Cross-drive analysis
Live analysis
Physical analysis of deleted files.
Analysis of volatile data
4.20.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific
Application Sector
Guidance EnCase Forensic solution enables:
Rapid acquisition of data from the widest variety of devices
Unearth potential evidence with disk-level forensic analysis
Produce comprehensive reports on findings
Maintain the integrity of evidence in a format the courts have come to trust.
Malware Executable code attacks Automated widespread attacks Industrial espionage Anti-forensic techniques
Cross Sector Application
AccessData Forensic Toolkit is an integrated computer forensics solution:
Create images, process a wide range of data types from forensic images to email archives analyse the registry, conduct an investigation, decrypt files, crack passwords, and build a report.
Recover of passwords
KFF has library
Advanced, automated analysis without the scripting.
Malware Executable code attacks Automated widespread attacks Industrial espionage Anti-forensic techniques
Cross Sector Application
5. Available Research Results
5.1. Existing Research Results
This section looks at existing results from the European research arena, and the areas of cyber
security they address. In order to compile this section, CYSPA undertook a study of 53 European
research projects in an attempt to provide a concise view of their results. The full list of these
projects can be found in annex I of this document. In addition, we attempted to map European
Research projects (in collaboration with Seccord project WP5 and WP3 activity www.seccord.eu ) to
the cyber security topics they address. This mapping can be seen in annex II of this document. The EU
driven research landscape was found to be very diverse with a leading role played by security
projects funded by the EU commission, but national member states also have a number of
cybersecurity focus research funding activities. In order to focus our activity and directly collect
information from within the projects themselves, CYSPA decided to continue to partner with another
EU initiative (SecCord project, www.seccord.eu). The following sections of this chapter focus on some
of the completed projects, or projects whereby the results and tools are now available, in high level
detail. A comprehensive account of upcoming project results can be found in CYSPA deliverable 3.2
“Upcoming results from research initiatives”
5.1.1. AVANTSSAR
Acronym AVANTSSAR
Project Automated VAlidatioN of Trust and Security of Service-oriented ARchitectures
Website http://www.avantssar.eu Classification Trustworthy Service Infrastructures
Objectives of the Project
Driven by rapidly changing requirements and business needs, IT systems and applications are
undergoing a paradigm shift: components are replaced by services, distributed over the network, and
composed and reconfigured dynamically in a demand-driven way into service-oriented architectures.
Exposing services in future network infrastructures entails a wide range of trust and security issues.
Therefore there is a need for validation of both the service components and their composition into
secure service architectures.
AVANTSSAR has proposed a rigorous technology for the formal specification and automated
validation of trust and security of service-oriented architectures. This technology was automated into
an integrated toolset, the AVANTSSAR validation platform, tuned on relevant industrial case studies.
Innovation targets
The project has developed:
- ASLan++ - a formal language for specifying trust and security properties of services, their
associated policies, and their composition into service architectures.
- Automated techniques to reason about dynamic composite services, and their associated
security policies.
- The AVANTSSAR validation platform - an automated toolset for validating trust and security
aspects of service-oriented architectures.
- A library of validated composed services and service architectures, proving that our
technology scales to envisaged applications.
Impact
Migrating project results to industrial development environments and standardization organisations
may speed up the development of new network and service infrastructures, enhance their security
and robustness, and increase the public acceptance of emerging IT systems and applications based
on them. The project has included Industry Migration to facilitate exploitation of the AVANTSSAR
results; experiences and lessons learned during the AVANTSSAR technology migration are presented
in the deliverables of this work package.
CYSPA Interest
CYSPA could look to explore or learn from project activity which has tried to transfer project results
to standards organisations and industry. This may form part of CYSPA activity in developing cyber
security standards for organisations as referred to in CYSPA D4.1.2 “Detailed Table of Contents of the
European Strategy to Protect Cyberspace”
5.1.2. CONSEQUENCE
Acronym CONSEQUENCE
Project Context-aware data-centric information sharing Website http://www.consequence-project.eu Classification Trustworthy Service Infrastructures, Technology & Tools
Objectives
The CONSEQUENCE project has worked on a data-centric information protection framework based
on data-sharing agreements. While data exchange is vital for the society today it is often hindered by
privacy and confidentiality threats associated with unauthorised data sharing. The CONSEQUENCE
project devised its framework for data sharing taking into account not only technological, but also
economical and social aspects of data exchange.
Innovation targets:
CONSEQUENCE has achieved:
- A scalable, secure, context-aware and resilient architecture for data sharing that enables
dynamic policy management and enforcement, and end-do-end data protection across
multiple organisations.
- A technique for organisation-neutral data sharing agreements (including models, algorithms
and tools).
- A proof-of-concept implementation of the CONSEQUENCE data-sharing framework.
Impact
The project has especially focused on data sharing in emergency situations. One of the test cases
used in the project for validation was a critical management testbed provided by BAE systems.
Evaluation of the CONSEQUENCE system on this testbed is reported in D5.4 of the project. The
project’s results may prove useful in the emergency situations context, as well as in the context of
sensitive data sharing across multiple companies.
CYSPA Interest
CYSPA could explore the project results further as part of its potential activity in
enhancing/developing Standards for sharing cyber incident and threat information as highlighted in
CYSPA D4.1.2 “Detailed Table of Contents of the European Strategy to Protect Cyberspace”
5.1.3. MASTER
Acronym MASTER
Project Managing assurance, security and trust for services Website Website is not maintained
http://www.master-fp7.eu Classification Trustworthy Service Infrastructures
Objectives The MASTER project aimed at developing a system for ensuring compliance with regulations, internal
policies and contractual obligations by an organisation. Today organisations may have quite complex
and unpredictable business processes, while accountability and regulatory compliance have widely
become mandatory. Therefore a structured and possibly automated approach to governance, risk
and compliance (GRC) is a goal for many companies. MASTER has fulfilled this demand by delivering a
system that assists compliance management in many aspects: by monitoring organisational
performance, enforcing policies and assessing the compliance level.
Innovation targets
MASTER has delivered the following key results:
- The MASTER methodology that describes how an organisation can derive specific activities to
be done and control objectives from high level regulations and policies (delivered in work
package 8.2)
- The MASTER design workbench – a tool to translate high-level regulations and policies into
low-level policies that control management process in an organisation. The tool was
delivered in work package 8.3
Impact
The MASTER approach can increase security in organisations and ensure compliance with the EU
regulations and industry standards. Some parts of the MASTER methodology can be used as an input
to a compliance assessment process standard. The project has validated its results on two case
studies – in an insurance company and in a hospital.
CYSPA Interest
As the project has a specific use case in insurance, which forms part of the Financial Services Sector
within CYSPA, CYSPA could look to leverage the learnings from this project as part of its potential
activities in aiding uptake of sector specific solutions which contribute to reducing cyber disruption.
Another aspect to explore could be whether the project results can also contribute to potential
CYSPA activity in working with insurance companies to improve cyber risk management as
highlighted in CYSPA D4.1.2 “Detailed Table of Contents of the European Strategy to Protect
Cyberspace”
5.1.4. MICIE
Acronym MICIE
Project Tool for systemic risk analysis and secure mediation of data exchanged across linked CI information infrastructures
Website http://www.micie.eu Classification Critical Information Infrastructure Protection
Objectives
The MICIE consortium was contributing to the Critical Infrastructure (CI) protection. Critical
Infrastructures can be damaged by malicious activities or natural disasters. Disruptions in the CI
facilities can be a serious threat to the society. It is therefore crucial to ensure security and reliability
of CIs as well as to be able to have disaster notification and recovery services in place. The MICIE
project has developed an alerting system to identify in real time the level of possible threats induced
on a particular CI or on other interdepended critical facilities, and notify the authorities providing
them a real risk level.
Innovation targets
MICIE has produced the alerting system including the following innovative components:
- The off-line design of critical infrastructure models that are able to detect dominant
dynamics from a series of occurring undesired events.
- The MICIE secure mediation gateways responsible for collection of undesired events,
translation of these events into a common meta-data model and exchange of the meta-data.
- The MICIE on-line risk prediction tool that is able to predict the risk levels in real time from
the CI models and the meta-data received.
Impact
The MICIE project results are directly in line with the EU initiative to establish a Critical Infrastructure
Warning Information Network (CIWIN), contributing to safety of the EU society.
The energy distribution domain was chosen as an application for validation of the project results. The
project has evaluated whether the MICIE tool could increase the quality of service in this domain.
After analysing the communication fault events and their influence on the quality of service of the
electric energy supply in presence of the MICIE tool and without it, the consortium has concluded
that the MICIE technology can increase the quality of service by assisting the operator in identifying
faults and countermeasures.
CYSPA Interest
There is a clear potential for CYSPA to leverage work in this project to explore aiding uptake of sector
specific solutions which contribute to reducing cyber disruption (energy sector). Also results can be
considered for delivery of the following strategic options as highlighted in CYSPA D4.1.2 “Detailed
Table of Contents of the European Strategy to Protect Cyberspace”
“Collaborating with critical infrastructure operators through CIWIN”
5.1.5. PICOS
Acronym PICOS
Project Privacy and identity management for community services Website http://www.picos-project.eu Classification Privacy Management
Objectives The main goal of the PICOS project was to advance the state-of-the-art in technologies providing
privacy-enhanced identity and trust management features within complex services such as online
communities managed by mobile communication service providers. PICOS aimed at building and
trying out with real users of a privacy-respecting identity management platform that supports
provision of online community services and a client application for this platform.
Innovation targets
PICOS has delivered the following innovative technologies:
- The Partial Identity concept that allows users to reveal only selected personal information as
their identity (e.g. a position at a company or a social role).
- The Privacy Advisor tool to guide the users in aspects of their privacy and identity
management, for example to raise early warnings before the user discloses personal
information in an unsecure context.
- A privacy-friendly targeted advertising technology.
- The PICOS platform that combines the aforementioned technologies and an accompanying
mobile phone client to serve as a user interface.
Impact
The PICOS results can support developments in the EU policy and regulations for privacy protection
and protection of minors on the Internet. The project has run pilots with real end-users from an
online gaming community and an angler community and has gained a lot of insights of the society
requirements on privacy.
5.1.6. UAN
Acronym UAN
Project Underwater acoustic network Website http://www.ua-net.eu Classification Critical Information Infrastructure Protection
Objectives
UAN was developing a wireless sensor network for protection of off-shore and coastline critical
infrastructures (CI). The acoustic network developed by UAN includes underwater, land and air-based
sensors in order to gather environmental information for surveillance, monitoring and deterrence.
Innovation targets
UAN has produced the next key innovative results:
- The UAN acoustic modems, gateway access point, a ground station and accompanying
software.
- The full UAN network demonstrator.
Impact
The UAN acoustic framework was the first one of its kind with fixed and mobile nodes that was
seamlessly integrated in a land communication network. The project has demonstrated with two real
seal experiments that the UAN network is fully operational. Potential beneficiaries of the UAN
network deployments are search and rescue operation bodies, port authorities, oil and gas
exploration entities, marine scientists and military units.
CYSPA Interest
The project results are interesting for CYSPA activities aimed towards protecting critical
infrastructure.
5.1.7. VIKING
Acronym VIKING
Project Vital infrastructure, networks, information and control systems management
Website http://www.vikingproject.eu Classification Critical Information Infrastructure Protection
Objectives The VIKING project investigated cyber threats on SCADA systems that control electricity supply and
proposed mitigation against exploits of these threats. Society is highly dependent on electricity grids,
which are large-scale and complex systems that need to be always reliable, available and cost-
effective. VIKING worked towards a holistic framework for identification and assessment of
vulnerabilities in SCADA systems and for estimation of societal consequences from power
breakdowns.
Innovation targets
VIKING has developed the next key innovations:
- A system to run model-based risk assessment for SCADA systems.
- A set of quantitative metrics for cybersecurity for different control system solutions.
- Estimation of vulnerabilities in higher order applications like State Estimators and Automatic
Generation Control and suggestions for mitigations to these threats
- Secure communication solutions
- The ViCiSi simulator of a virtual society used for calculation of economical and non-
economical consequences from electrical blackouts
- A test bed that can be used to simulate and demonstrate cyber-attacks on SCADA systems.
Impact
The results of the VIKING project are of high importance for the EU society and governments. The
experiments with the VIKING simulator can be used to estimate the impact of potential attacks on
national welfare. The industrial partners plan to use parts of the findings in their commercial
offerings and in the operation of their power networks.
CYSPA Interest
There is a compelling case within this project for CYSPA to explore in efforts to facilitate increasing
cyber resilience within the energy sector.
5.1.8. ANIKETOS
Acronym ANIKETOS
Project Secure and Trustworthy Composite Services Website http://www.aniketos.eu Classification Trustworthy Service Infrastructures
Objectives
Users of service mashups typically have low assurance of what service they are actually using and
whether it is secure and reliable. Future Internet will likely worsen this situation, with more services
offered for dynamic consumption and composition based on service availability, quality, price and
security attributes. Applications will be composed of multiple services from many different providers,
and the end user may have little guarantee that a particular service will actually deliver the security
claimed (if any). The ANIKETOS project aims to establish and maintain trustworthiness and secure
behaviour of services in a constantly changing environment.
Innovation Achievements
ANIKETOS works on the following innovative artefacts:
- A language to express security and trustworthiness requirements on socio-technical systems:
the Socio-Technical Security Modelling Language (STS-ml) and the accompanying tool (STS-
tool).
- The security-by-contract paradigm for services that enables services to express their security
and trust requirements in their machine-readable contracts.
- The ANIKETOS platform and accompanying tools to support service designers in building
composite services that meet security requirements, and system administrators to monitor
execution of composite services and react in case of violations.
Impact
Adoption of the ANIKETOS framework will bring assurance of trustworthiness to service consumers,
which are not only individual end-users, but also composite service designers and providers. The
ANIKETOS approach adoption will facilitate the European service marketplace.
CYSPA Interest
This project has demonstrated applications within two of CYSPA´s target sectors, eGov and Telecom
Services.
European Cyber Security Protection Alliance
Page 50 / 99
5.1.9. ASSERT4SOA
Acronym ASSERT4SOA
Project Advanced Security Service cERTificate for SOA Website http://www.assert4soa.eu Classification Trustworthy Service Infrastructures
Objectives ASSERT4SOA focuses on security certification for service-based applications. Today the Service-
Oriented Architecture (SOA) paradigm has become a de-facto architectural standard for deployment
of dynamic large-scale infrastructures and applications consisting of independent modules – services.
The benefits of this paradigm include flexibility, cost-effectiveness and ease of modules replacement.
Yet deployment of SOA-based solutions in the domain of sensitive and critical applications is limited
due to absence of guarantees that composite third-party services are secure. In the conventional
software domain security certification is used for guaranteeing security and trustworthiness of a
software component. ASSERT4SOA aims to produce security certification standards for services,
taking into account the dynamic nature of services and tackling assurance for service compositions.
Innovation achievements
Certification for services is a very new topic with few existing proposals. The project has delivered the
following key artifacts:
- The machine-readable description language called ASSERT for service security certificates.
- The ASSERT architecture that enables an ontology-based format for certificates and supports
linking of security properties to evidence supporting them. The architecture allows run-time
certificate-aware service selection based on a target assurance level for composite
applications.
- The ASSERT4SOA integrated prototype that implements an ASSERT-enabled service
marketplace.
Impact
Certification for SOA enables more trustworthy services and composite service-based applications.
The ASSERT framework also aligns well with the upcoming EU Data Protection Regulation where
certification is mentioned explicitly.
CYSPA Interest
CYSPA could look to explore findings within this project to understand if they can facilitate CYSPA
efforts to advise the EC on cyber policy and legislative landscape. (As highlighted in CYSPA D4.1.2
“Detailed Table of Contents of the European Strategy to Protect Cyberspace”)
European Cyber Security Protection Alliance
Page 51 / 99
5.1.10. MASSIF
Acronym MASSIF
Project MAnagement of Security information and events in Service InFrastructures Website http://www.massif-project.eu Classification Trustworthy Service Infrastructures
Objectives MASSIF works on advancements in security information and event management systems (SIEM) that
deal with real-time analysis of events and security alerts. Standard SIEM systems typically are
deployed at a platform layer and they do not take into account data from higher layers, such as the
business process view. Being usually deployed on a single node responsible for processing all event
correlation rules, they are not scalable. Moreover, existing systems are not able to react to detected
attacks.
Innovation achievements
The MASSIF SIEM framework supports scalable multi-level event processing and predictive security
monitoring. The key innovative artefacts are:
- Advanced attack detection methods.
- Cross-layer security event correlation and decision support for analysis of possible impacts an
attack may have on the system.
- Predictive security monitoring that detects potential future critical states in the monitored
process.
- Attack response mechanisms that propose countermeasures based on security ontologies.
- The MASSIF SIEM architecture that integrates the components above in a secure and reliable
way.
Impact
MASSIF provides two open source implementations of SIEM solutions called OSSIM and Prelude,
which can be further used by the community. The MASSIF approach can make total cost of ownership
of a SIEM system affordable for SMEs due to the open specifications and open source components
available.
The project contributes to the ETSI Information Security Indicators group that aims at measuring
security levels of organisations with deployed SIEM systems.
Deployment of SIEM systems in critical infrastructures has a huge potential, especially in the light of
the Directive on Critical Infrastructures Protection.
5.1.11. POSECCO
Acronym PoSecCo
Project Policy and Security Configuration Management Website http://www.posecco.eu Classification Technology&Tools
Objectives Internet service providers now have to manually resolve the inter-dependencies between high-level
requirements and policies and low-level configurations. In this setting errors are inevitable due to
high complexity of the systems and constant changes in requirements, policies regulations, and
European Cyber Security Protection Alliance
Page 52 / 99
configurations. The PoSecCo project deals with this complexity by enabling traceable and sustainable
link between requirements and configuration settings in the system.
Innovation Achievements
The traceability link enabled by PoSecCo includes two key artifacts:
- The PoSecCo models representing functional elements of IT systems and corresponding
models of security-relevant information for each of these elements. The PoSecCo model
repository can be further extended with new models suitable for different kinds of policies.
- The PoSecCo integrated prototype that smoothly consolidates different prototypes
developed in the project. The integrated prototype includes the central model repository
(the MoVE tool), a collaborative system for eliciting security requirements and high-level
policies monitoring (the CoSeRMaS system), a tool for policies specification and conflict
resolution (the IT Policy tool), a decision support system for security (SDSS), and tools for
audit support and configuration validation.
Impact
The PoSecCo approach allows organisations to manage consistently their high-level requirements and
low-level software system configuration and to ensure compliance with existing laws and regulations.
European Cyber Security Protection Alliance
Page 53 / 99
5.1.12. TAMPRES
Acronym TAMPRES
Project TAMper Resistant Sensor node Website http://www.tampres.eu/ Classification Trustworthy Network Infrastructure, Future Internet
Objectives
TAMPRES works on security mechanisms for microcontrollers hardware that will be used in various
devices in the Internet of Things (IoT). IoT envisions integration of computing devices and physical
world into a seamless global communication network. Specific focus of TAMPRES is on wireless
sensor nodes that are likely to become the most vulnerable part in the chain of trust. The nodes
therefore need to be protected at the physical level against attacks on their security mechanisms; yet
the novel protection mechanisms have to be low cost.
Innovation achievements
The TAMPRES methodology follows an attack-driven approach. Starting from identifying attacks on
existing commercial microcontrollers the project develops hardware mechanisms for protection
against these attacks, while taking into account the device constraints, such as energy. The key novel
contributions by the project are:
- Secure development process for microcontrollers that enable resistance to physical attacks,
fault injection and side-channel attacks.
- A number of security engines, such as cryptographic engines and hashing engines.
- Secure wireless interface for microcontrollers.
- Secure memory mechanism to run attested code.
- The attack-resistant TAMPRES architecture that integrates securely all developed
components, including protected interfaces for testing and debugging, a secure
bootstrapping capability and lightweight memory protection.
Impact
TAMPRES secures microcontroller chips for wireless sensor networks in a holistic way yet taking into
account cost-effectiveness. The technology can be immediately accepted by end-consumers.
European Cyber Security Protection Alliance
Page 54 / 99
5.1.13. UTRUSTIT
Acronym uTRUSTit
Project Usable TRUST in the Internet of Things Website http://utrustit.cure.at Classification Mobile Devices and Smartphones, Technology&Tools
Objectives
The UTRUSTIT project focuses on understanding trust in the Internet of Things formed by a variety of
interconnected devices that are becoming integrated into everyday objects like washing machines,
fridges, medical cabinets and even lamps. The Internet of Things collects a large number of
communication and information devices, and with this network it is becoming difficult for the user to
keep track of the personal information she shares with those devices and control how this
information is propagated across the Internet of Things. UTRUSTIT has aimed at putting the user back
in control of these personal data sharing and at providing transparency of what information is being
sent, while ensuring usability and compliance with the EU Regulations.
Innovation achievements
UTRUSTIT delivers the following key results:
- 6 Personas: 6 archetypical users representing the diverse target groups of the project ranging
from early adopters to technology reacting users as well as elderly users and users with
disabilities.
- The Trust Feedback Toolkit (TFT) that enables the user to administer the relevant devices and
to get an understanding of their potential to transmit private information.
- A Virtual Environment implementation comprising various devices where users can navigate
and interact with the devices. The Virtual Environment is used for evaluation of the project
TFT prototype (based on the UTRUSTIT methods for simulation, assessment and evaluation of
secure, trustworthy and trusted design).
- An investigation of legal and ethical constraints for the Internet of Things and the TFT.
Impact
Availability of the UTRUSTIT TFT framework in the Internet of Things will enable more trustworthy
and secure infrastructure for all end-users. The results of the validation activities conducted by
UTRUSTIT with real end-users and the body of knowledge regarding legal, ethical and usability
requirements compliance in the Internet of Things can be used by policy makers, enterprises and
research organisations active in the area.
5.2. Individual Research Organisations
This section gives an overview of individual research organisations active in Europe or globally with
potential overlap with CYSPA interests. We include this section here due to its relevance to the
potential audience of this document, however this work was carried out in detail within CYSPA
deliverable D4.2.1 “Contributing Roles of Stakeholders” and the following paragraphs are based on
this work.
The Cyber Security Research Institute (CSRI)
European Cyber Security Protection Alliance
Page 55 / 99
The Cyber Security Research Institute is a research centre specialising in studying the vulnerabilities
in the world of technology and the impact that these have on a world now completely dependent on
computer technology. CSRI uses the services of top academics, leading industry figures and opinion
formers to create research produced by journalists and film makers that provides essential
information to politicians, decision makers, and industry as a whole. This is underlined with topical
events and webinars to ensure a constant dialogue between members of the CSRI, innovators, the
authorities and the media.
MAIN ACTIVITIES:
Providing concise and timely information on issues ranging from cyber sabotage and cyber
espionage to data awareness and computer crime
Raising awareness on the latest threats and weaknesses in technology
OVERLAP WITH CYSPA ACTIVITIES:
Dissemination of cyber security materials
Awareness-raising
Support to governments
Support to industry
Conferences / roundtables
Information exchange / best practices
Clustering activities
Cyber Security Research Alliance (CSRA)
CSRA is a non-profit consortium founded by industry stakeholders as a forum to develop R&D
strategies to address grand challenges in cyber security, and to facilitate public-private partnerships
that define a more focused, coordinated, and concerted approach to cyber security research and
development. This effort was established in response to the growing need for increased public-
private collaboration to address R&D issues in cyber security. The founding members of the CSRA are
Advanced Micro Devices, Inc. (AMD), Honeywell International, Inc., Intel Corporation, Lockheed
Martin Corporation, and RSA, the Security Division of EMC.
MAIN ACTIVITIES:
Addressing challenges in cyber security by facilitating the development of R&D strategies for
protecting digital content and information technology networks and systems
Tracking cyber security R&D activities by enhancing models for public-private information
sharing and collaboration to address current and emerging cyber security threats to national
security
Transferring technology by enhancing collaboration in cyber security R&D to accelerate
innovation and time to market for new technologies
OVERLAP WITH CYSPA ACTIVITIES:
Public-private partnership
R&D
Providing recommendations on cyber security
Accelerating innovation and time to market
Identifying and / or driving new solutions and technologies
European Cyber Security Protection Alliance
Page 56 / 99
Security Research in Italy (SERIT)
SERIT is a joint initiative launched by CNR and Finmeccanica. It brings together Italian industries (both
large industries and SMEs), academia, research centres and end-users, in order to promote and
develop a National Research Agenda to drive the future technological developments, while
responding to identified National Security needs. SERIT aims to reinforce the networking among
national researchers, industries, end-users and institution’s representatives, allowing them to
cooperate on common interest projects, to activate public-private partnerships and to strengthen
national and international participation to research programs (including national research/national
cluster activities and Horizon 2020).
MAIN ACTIVITIES:
Researching various topics, such as ICT security, security of generation, supply and
distribution of electricity, and built infrastructure protection
Defining a technology roadmap for defined capabilities
Focus on 7 technology areas: surveillance & situation awareness; communication; detection
& identification systems; technologies for crisis management; information processing &
management; CBRNE; standardisation, certification, and testing
Networking among the most qualified national research centres, industries and institutions
or operators on agreed projects
Enabling public-private partnership, also including the SME sector
OVERLAP WITH CYSPA ACTIVITIES:
Public-private partnership
R&D
Identifying gaps and challenges in cyber security
Providing recommendations on cyber security
Critical Infrastructures Protection
Methodologies for risk analysis and action planning
Dissemination of cyber security materials
Standardisation of methods and procedures
Clustering activities
Cyber Security Center (CSC)
The Cyber Security Centre has been established to bring together experts from a number of
disciplines in Oxford and the wider world to address the cyber security challenges of the 21st
century. The Cyber Security Centre (UK) embraces challenges in technical difficulty and in new and
potentially disruptive ideas, welcomes new contributors to the domain, and will facilitate creativity.
The centre will drive major developments in the theory and practice of cyber security, and aims to
help in the creation of a safe, secure and prosperous cyberspace through internationally leading
research and educational programs.
MAIN ACTIVITIES:
Supporting the ability to anticipate, deter, detect, resist and tolerate attacks, understand and
predict cyber risks, and respond and recover effectively at all levels, whether individual,
enterprise, national or across international markets.
European Cyber Security Protection Alliance
Page 57 / 99
Supporting new understanding, governance, regulation, partnerships, skills, and tools related
to cyber security to meet the demands of the future.
OVERLAP WITH CYSPA ACTIVITIES:
Risk assessment / management
Responding to cyber threats / disruptions
Identifying gaps and challenges in cyber security
Providing recommendations on cyber security
Improving resilience against cyber-attacks / disruptions
Identifying and / or driving new solutions and technologies
Support to governments
Support to industry
Information exchange / best practices
Studying cyber vulnerabilities
6. Cyber Security Related Training and Education.
These sections address the human factor in cyber security and will be used as a basis to inform CYSPA
strategic Option 7.15 “Education and awareness raising on cyber security threats and mitigation” as
documented in CYSPA D4.1.2. It is widely recognised that human capital makes a difference both in
preparation for and in reaction to cyber incidents. Currently, there is thought to be a significant
deficit in the availability of skilled human capital to staff the information security requirements of
organisations. The work package 2 CYSPA studies into impact of cyber disruption into Financial
Services and eGovernment organisations specifically highlighted the deficit of skilled resources as a
current risk to cyber resilience. In addition, according to an IBM study1, nearly 1 out of 2 industrial
organisations recognise having too few staff working to ensure cyber security. Efforts to alleviate this
situation drive education and training in the area of cyber security.
With this in mind, there are three areas to cover on the topic:
Formal (theoretical) education
Practical training
in the field experience, that may be initially achieved by means of [real] exercises
A related issue is the accreditation of persons. There are initial steps to identify the topics that must
be in curricula for cyber security, mostly driven by the United States of America. And once the
curriculum is determined, there is a need for personal accreditations so that it is feasible to request
and allocate the right people to the needed positions.
These sections present the current situation, mostly focussed on Europe, but not forgetting the USA
who currently are drivers in this area.
From The 2013 (ISC)2 Global Information Security Workforce Study
The information security profession, in addition to being a large and growing field, is a barometer of
economic health and the changing nature of how business is being conducted. Information security
professionals are critical guardians in the protection of networked operations and informational
1 http://www-03.ibm.com/press/us/en/pressrelease/42479.wss
European Cyber Security Protection Alliance
Page 58 / 99
assets. Growth in this profession is a testament to the need for their expertise and also a signal that
global economic activity is advancing. Furthermore, changes in information technology (IT) and
evolving IT norms on how, when, and where business operations occur—such as BYOD, cloud
computing, and social media—remind us that information security professionals must be highly
adaptable in learning and applying new skills, technologies, and procedures in order to manage a
dynamic range of risks. Not to be overlooked, hackers, attackers, and other threatening entities are
also advancing and evolving. Change and complexity in IT and IT norms represent new opportunities
for them to succeed in their nefarious pursuits. Consequently, information security professionals have
no downtime; there are always new risk management challenges to address.
The reasons for an inability to bridge the need for additional information security workers are fuelled
by three factors: business conditions, executives not fully understanding the need, and an inability to
locate appropriate information security professionals.
When asked which job title experienced the greatest workforce shortage, security analyst (chosen by
47 percent of respondents) topped the list, followed by security engineering-planning and design (32
percent), and security auditor (31 percent).
In the path to solve the current security workforce shortage, one important aspect to take into
account is the need for a significant increase of practical training and exercising activities. That
would contribute to a better preparation for the security incidents that, unavoidably, will continue to
happen and with increasing frequency and risk.
As the current situation is that most (all) countries are significantly behind the estimated needs of
cybersecurity professionals, there is a need for the different countries and the European institutions to
give a real high priority to the necessary training activities, increasing significantly their scale and
making sure that much more emphasis is made in practical collaborative cyber-exercises at the
national, European and international levels.
6.1. Cybersecurity strategies
Most of the national strategies on cybersecurity address topic on education, training and readiness
excises. Currently, most of the strategies are not yet implemented, but the will is clear, and the aim
to allocate appropriate resources is starting to be transformed into actual investment in the area.
From ENISA, “National Cyber Security Strategies”
Common themes
To develop or improve preparedness, response and recovery plans and measures for
protecting such CIIs (e.g. national contingency plans, cyber exercises, and situation
awareness). The Lithuanian strategy states that “To ensure cyberspace security it is necessary
to establish a continuous and properly managed system covering all phases of incident
management, such as early warning, prevention, detection, elimination and investigation.”.
This also includes defining integrated organisational structures that develop, implement and
test these preparedness, response and recovery plans and measures. This may also mean an
integration of existing structures (e.g. national/governmental CERTs).
European Cyber Security Protection Alliance
Page 59 / 99
To define the needs for new curricula with emphasis on cyber security for IT and security
professionals and specialists; and also training programs that allow the improvement of skills
of users. For example, the UK strategy aims to improve training and education for information
security specialists to create a strong cyber security profession
6.2. Education & Training Programmes
On education and training, the path is signalled by US DoD directive 8570 that identifies areas of
knowledge, and points to some current certifications. In Europe, all national strategies plan to work
on this area, but an observation can be made that the UK is moving forward concretely with action.
Here we highlight some of the professional bodies currently accessible providing training in the area
of Cyber Security.
6.2.1. (UK) CESG – Awareness & Training
http://www.cesg.gov.uk/awarenesstraining/Pages/index.aspx
CESG the UK Government's National Technical Authority for Information Assurance (IA). Their core
customers are the UK's central government departments and agencies, and the Armed Forces, but
they also work with UK's Critical National Infrastructure, including power and water and the wider
public sector. CESG works to increase awareness of Information Assurance in the UK engaging
partnerships with academia, and certifying professionals working in the Information Assurance and
Cyber Security areas both in government and industry.
6.2.2. (UK) Cyber Security Challenge
https://cybersecuritychallenge.org.uk/about.php
Cyber Security Challenge UK Ltd. aims to bring more talented people into the Cyber Security
Profession.
Whether it’s Key Stage 4 or degree level, the Cyber Security Challenge UK helps education institutions
introduce the concepts behind cyber security. It offers an innovative way to ensure students are
accurately prepared for a career as a cyber security professional.
6.2.3. (US) SANS – Cyber Defense Foundations
http://cyber-defense.sans.org/
SANS (SysAdmin, Audit, Network, Security) Institute is a cooperative research and education
organisation and one of the most trusted and largest source for information security training and
security certification in the US. It develops, maintains and makes available to the wider public a large
collection of research documents about various aspects of information security and operates the
Internet Storm Centre, the Internet’s early warning system.
It offers three GIAC (Global Information Assurance Certification) certifications to prepare security
professionals.
European Cyber Security Protection Alliance
Page 60 / 99
6.2.4. (US) INL - National SCADA Test Bed Program
http://www.inl.gov/scada/training/
INL (Idaho National Laboratory) is a science-based, applied engineering national laboratory dedicated
to supporting the U.S. Department of Energy's missions in nuclear and energy research, science, and
national defence. INL is a significant contributor to the US National SCADA (Supervisory Control and
Data Acquisition) Test Bed program, a research initiative to help private utilities improve the
resilience of control systems associated with energy critical infrastructure. Therefore one of their
main missions is to provide Control System Security training programmes designed to increase Cyber
Security Awareness and Defensive Capabilities for IT/Control System managers, IT/Control System
security personnel and personnel related to control system cyber security.
6.2.5. (US) NICCS – National Initiative for Cybersecurity Careers and Studies
http://niccs.us-cert.gov/
NICCS is part of The National Initiative for Cybersecurity Education (NICE) promoted by the
Department of Homeland Security and aims to be a national resource for cybersecurity awareness,
education, careers and training. They provide a robust listing of all the cybersecurity or cybersecurity-
related education and training courses offered in the US submitted by Federal and industry training
and education providers as well as a list of professional certifications.
6.2.6. (US) NICE – National Initiative for Cybersecurity Education
http://csrc.nist.gov/nice/
NICE is a national governmental campaign designed to improve the cyber behaviour, skills and
knowledge of every segment of the population. Their aim is to bolster formal cybersecurity education
programs encompassing kindergarten through to higher education and vocational programs with a
focus on the science, technology, engineering and math disciplines to provide a pipeline of skilled
workers for the private sector and government.
6.3. Exercises
This section focuses on another aspect of cyber security that is the training of personnel in response
to cyber incidents.
Cyber exercises provide expertise in the creation, collaboration and execution of table top and live
action exercises which are entirely cyber-specific or which have cyber components. The coverage
ranges from physical security and surveillance to industrial facilities, smart grid, transportation
agents, information security and many other areas.
Most usually, exercises are run by multidisciplinary teams of persons, either working on Sometimes,
exercises are executed on models, sometimes on real platforms.
Participants learn:
to identify cyber incidents
to qualify and report cyber incidents
to communicate and cooperate
European Cyber Security Protection Alliance
Page 61 / 99
to apply remedies, either reactive, corrective, or recovery, and
to evaluate the effectiveness and weaknesses of preventive controls
There are many exercises in European countries. Most are nation-wide. ENISA presents a summary of
reported exercises.
Cyber exercises in Europe for the period 2002–2012 (numbers indicate exercises per country)
Source: ENISA - On National and International Cyber Security Exercises
6.3.1. (EU) Cyber Europe
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-
europe
Cyber Europe 2010 – was the first ever pan European Cyber Exercise with the objective to
trigger communication and collaboration between countries to respond to large-scale cyber-
attacks. Over 70 Experts from participating public bodies worked together to counter +300
simulated hacking attacks aimed at paralysing the Internet and critical online services across
Europe. During the exercise, a simulated loss of Internet connectivity between the countries
took place, requiring cross border cooperation to avoid a (simulated) total network crash.
Cyber Europe 2012 – second pan European Cyber Exercise more extensive and sophisticated
than the first with three main objectives: test the effectiveness and scalability of
European Cyber Security Protection Alliance
Page 62 / 99
mechanisms, procedures and information flow for public authorities’ cooperation in Europe,
explore cooperation between public and private stakeholders and identify gaps and
challenges on improving effectiveness.
These exercises underlined a need for increased collaboration between the Member States in order
to find the relevant points of contact within organisations, the importance of the private sector in
ensuring security, explore deeper the inter-sectorial dependencies and focus on specific
communities, enhance the training of stakeholders on the use of security procedures.
6.3.2. (EU-US) Cyber Atlantic
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-
atlantic
A EU-US Working Group on Cybersecurity and Cyber Crime (EU-US WG) was established in the
context of the EU-US summit of 20 November 2010 held in Lisbon. The purpose of the EU-US WG is
to address a number of specific priority areas and report progress on these within a year. The EU-US
WG is composed of the following subgroups:
Cyber Incident Management
Public-Private Partnerships
Awareness Raising
Cybercrime.
In the area of Cyber Incident Management (CIM), the WG intention was to deliver a cooperation
programme providing for synchronized and coordinated cyber exercises in the EU and US,
culminating in a joint cyber exercise in 2013. In order to determine in which areas the EU and the US
could cooperate regarding CIM, it was decided to organise a table top exercise, CYBER ATLANTIC, in
November 2011. The referred exercise was planned by a joint EU-US planners group facilitated by the
European Network and Information Security Agency (ENISA) and Department of Homeland Security
(DHS). The specific objectives of Cyber Atlantic 2011 were:
Explore and improve the way in which EU Member states would engage the US during cyber
crisis management activities, notably using operating procedures for cooperation during
cyber-crises;
Explore and identify issues in order to improve the way in which the US would engage the EU
Member states during their cyber crisis management activities, using the appropriate US
procedures;
Exchange good practices on the respective approaches to international cooperation in the
event of cyber crises, as a first step towards effective collaboration.
6.3.3. (US) Cybersecurity Training & Exercises
http://www.dhs.gov/cybersecurity-training-exercises
Department of Homeland Security
European Cyber Security Protection Alliance
Page 63 / 99
Cyber Storm: Securing Cyber Space
Cyber Storm, the Department of Homeland Security’s biennial exercise series, provides the
framework for the most extensive government-sponsored cybersecurity exercise of its kind.
Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public
and private sectors. Securing cyber space is the Office of Cybersecurity and Communication’s top
priority.
Cyber Storm participants perform the following activities:
Examine organisations’ capability to prepare for, protect from, and respond to cyber attacks’
potential effects;
Exercise strategic decision making and interagency coordination of incident response(s) in
accordance with national level policy and procedures;
Validate information sharing relationships and communications paths for collecting and
disseminating cyber incident situational awareness, response and recovery information; and
Examine means and processes through which to share sensitive information across boundaries
and sectors without compromising proprietary or national security interests.
Each Cyber Storm builds on lessons learned from previous real world incidents, ensuring that
participants face more sophisticated and challenging exercises every two years.
Cyber Storm IV (2011-2012)
Cyber Storm III (September 2010)
CyberStorm II (March 2008)
CyberStorm I (February 2006)
6.4. Security-related Certifications
This section covers the current situation related to personal certifications. Most of the activity is
carried on in the USA, and the US Government currently prefers to depend on private initiatives,
setting the goals (curricula) and accepting the accreditations. It is also true that most of the private
companies are US-based.
Activity in Europe is rare beyond the branches of the American companies, and so far there is no
formal recognition of accreditations by governments, though they are accepted as de-facto
accreditations.
The following sections are alphabetically ordered, but it is suggested to start with US DoD 8570 for a
landscape view of the different components.
The CESG (UK) accreditation is the most advanced one in Europe.
It is worth mentioning as well some manufacturers. Many manufacturers provide certification
programs to cover their own products. The certificates accredit the competence to configure and
administer their products. These certifications are important to the extent that the products are
European Cyber Security Protection Alliance
Page 64 / 99
deployed in networked organisations, since they are a critical part of the attack surface for cyber
attacks.
It is worth mentioning
CISCO
o CCNA - Cisco Certified Network Associate Security Certification
Check Point
o CCSA – Check Point Certified Security Administrator
6.4.1. CSIH – Computer Security Incident Handler
The CERT®-Certified Computer Security Incident Handler (CSIH) certification program has been
created for incident handling professionals, computer security incident response team (CSIRT)
technical staff, system and network administrators with incident handling experience, incident
handling trainers and educators, and individuals with some technical training who want to enter the
incident handling field. It is recommended for those computer security professionals with three or
more years of experience in incident handling and/or equivalent security-related experience.
6.4.2. CESG - Communications-Electronics Security Group (UK)
http://www.cesg.gov.uk/
The Government Communications Headquarters (GCHQ) is a British intelligence agency responsible
for providing signals intelligence (SIGINT) and information assurance to the UK government and
armed forces. Based in Cheltenham, it operates under the guidance of the Joint Intelligence
Committee.
CESG (originally Communications-Electronics Security Group) is the branch of GCHQ which works to
secure the communications and information systems of the government and critical parts of UK
national infrastructure.
6.4.3. CCP - CESG Certified Professional
CESG has developed a framework for certifying IA professionals who meet competency and skill
requirements for specified IA roles.
The CESG Certified Professional (CCP) scheme recognises the expertise of those working in the
Information Assurance and Cyber Security arenas in both government and industry. It sets the
standard for IA professionals working in this sector and provides a rigorous and independent
assessment of the competence of IA professionals. CCP status is an endorsement of IA expertise and
confirms that information risk in support of a business is managed in a balanced and pragmatic way.
The purpose of certification is to improve the matching between public sector requirements for IA
expertise and the competence of those recruited or contracted to provide that expertise.
The scheme allows one to gain certification in one or more of the following roles:-
IA Accreditor
IA Architect
IA Auditor
European Cyber Security Protection Alliance
Page 65 / 99
Communications Security Officer
Information System Security Officer / Information Security System Manager / IT Security
Officer
Security and Information Risk Advisor (SIRA)
There are three levels of certification for each of the roles:-
Practitioner
Senior Practitioner
Lead Practitioner
6.4.4. CompTIA – Computing Technology Industry Association
The Computing Technology Industry Association (CompTIA), a non-profit trade association, was
created in 1982 as the Association of Better Computer Dealers, Inc. (ABCD) by representatives of five
microcomputer dealerships. Over the course of a decade, ABCD laid the groundwork for many of
CompTIA’s initiatives and member benefits.
ABCD later changed its name to the Computing Technology Industry Association to reflect the
association's evolving role in the computer industry and in the U.S. business landscape at large. The
1990s was a period of growth as the association broadened the scope of its activities to address the
needs of the expanding computer industry. Its initiatives increased to include networking, UNIX,
imaging, mobile computing, and multimedia arenas. In an effort to monitor and take positions on
public policy issues, the association added a full-time Director of Public Policy position. In 2010,
CompTIA added a new executive director for a newly named "Creating IT Futures" Foundation, a
philanthropic arm that focuses on training and certifying low-income students and adults in IT, as
well as returning veterans—and helping connect them with potential employers.
6.4.5. A+
The CompTIA A+ certification is the starting point for a career in IT. The exams cover maintenance of
PCs, mobile devices, laptops, operating systems and printers.
The A+ certification demonstrates competency as a computer technician. Officially, CompTIA A+
certification is a vendor neutral certification that covers numerous technologies and operating
systems from such vendors as Microsoft, Apple Inc., Novell and some of the Linux distributions.
6.4.6. Security+
Even though the Security+ is more of an entry-level certification than others, it’s still a valuable
certification in its own right. Another benefit of the Security+ is that it’s vendor-neutral, instead
choosing to focus on security topics and technologies in general, without limiting its focus to any one
vendor and their approach.
European Cyber Security Protection Alliance
Page 66 / 99
6.4.7. CASP - CompTIA Advanced Security Practitioner
CompTIA offers a more advanced certification, the CompTIA Advanced Security Practitioner (CASP),
providing a progressive certification path for those who want to continue their security career and
studies. Like the Security+, the CASP covers security knowledge across a number of knowledge
domains, but the depth and complexity of the questions asked on the CASP exam exceed those of the
Security+.
6.4.8. EC-Council – International Council of Electronic Commerce Consultants
The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported
professional organisation. The EC-Council is headquartered in Albuquerque, New Mexico.
The EC-Council is known primarily as a professional certification body. Its best-known certification is
the Certified Ethical Hacker.
6.4.9. CEH – Certified Ethical Hacker
Certified Ethical Hacker, CEH for short, is a computer certification that indicates proficiency in
network security, especially in thwarting malicious hacker attacks through pre-emptive
countermeasures.
6.4.10. CHFI - Computer Hacking Forensic Investigator
CHFI v8 Program certifies individuals in the specific security discipline of computer forensics from a
vendor-neutral perspective. The C|HFI certification will fortify the application knowledge of law
enforcement personnel, system administrators, security officers, defense and military personal, legal
professionals, bankers, security professionals, and anyone who is concerned about the integrity of
the network infrastructure.
A CHFI is a skilled professional trained in the application of computer investigation and analysis
techniques in the interests of determining potential legal evidence. CHFI certified professionals are
aware of legally sound detailed methodological approach to computer forensics and evidence
analysis.
6.4.11. ECIH - EC-Council Certified Incident Handler
The EC-Council Certified Incident Handler certification is designed to provide the fundamental skills
to handle and respond to computer security incidents in an information system. A Certified Incident
Handler is a skilled professional who is able to handle various types of incidents, risk assessment
methodologies, and various laws and policies related to incident handling.
European Cyber Security Protection Alliance
Page 67 / 99
6.4.12. ENSA – Network Security Administrator
A CHFI is a skilled professional trained in the application of computer investigation and analysis
techniques in the interests of determining potential legal evidence. CHFI certified professionals are
aware of legally sound detailed methodological approach to computer forensics and evidence
analysis.
6.4.13. ECSP – EC-Council Certified Secure Programmer
ECSP certification verifies advanced programming skills of all application developers and
development organisations in producing applications with greater stability and posing lesser security
risks to the consumer. The ECSP certification standardizes the knowledge base for application
development by incorporating the best practices followed by experienced experts in the various
domains.
6.4.14. ECSA – EC-Council Certified Security Analyst
The ECSA is an advanced security certification that complements the Certified Ethical Hacker (CEH)
certification by validating the analytical phase of ethical hacking. An ECSA is a step ahead of a CEH by
being able to analyse the outcome of hacking tools and technologies.
6.4.15. DoD Directive 8570.01 Information Assurance Training, Certification and
Workforce Management (US)
As an extension of Appendix 3 to the DoD 8570.01-Manual, the following certifications have been
approved as IA baseline certifications for the IA Workforce. Personnel performing IA functions must
obtain one of the certifications required for their position category or specialty and level. Refer to
Appendix 3 of 8570.01-M for further implementation guidance.
European Cyber Security Protection Alliance
Page 68 / 99
6.4.16. GIAC – Global Information Assurance Certification
Global Information Assurance Certification, GIAC, is an information security certification entity that
specialises in technical and practical certification as well as new research in the form of its GIAC Gold
program. SANS Institute founded the certification entity in 1999 and the term GIAC is trademarked
by The ESCAL Institute of Advanced Technologies.
GIAC provides a set of vendor-neutral computer security certifications linked to the training courses
provided by the SANS. GIAC is specific to the leading edge technological advancement of IT security in
order to keep ahead of "black hat" techniques. Papers written by individuals pursuing GIAC
certifications are presented at the SANS Reading Room on GIAC's website.
Initially all SANS GIAC certifications required a written paper or "practical" on a specific area of the
certification in order to achieve the certification. In April 2005, the SANS organisation changed the
format of the certification by breaking it into two separate levels. The "silver" level certification
requires two multiple-choice tests, whereas the "gold" level certification has both the multiple-choice
tests requirement as well as a practical.
6.4.17. GCIA – GIAC Certified Intrusion Analyst
GIAC Certified Intrusion Analysts (GCIAs) have the knowledge, skills, and abilities to configure and
monitor intrusion detection systems, and to read, interpret, and analyse network traffic and related
log files. The target of this certification are individuals responsible for network and host monitoring,
traffic analysis, and intrusion detection.
European Cyber Security Protection Alliance
Page 69 / 99
6.4.18. GCIH – GIAC Certified Incident Handler
Incident handlers manage security incidents by understanding common attack techniques, vectors
and tools as well as defending against and/or responding to such attacks when they occur. The GCIH
certification focuses on detecting, responding, and resolving computer security incidents and covers
the following security techniques:
The steps of the incident handling process
Detecting malicious applications and network activity
Common attack techniques that compromise hosts
Detecting and analysing system and network vulnerabilities
Continuous process improvement by discovering the root causes of incidents
6.4.19. GSEC – GIAC Security Essentials Certification
The target for this certification are security professionals that want to demonstrate they are qualified
for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate
an understanding of information security beyond simple terminology and concepts.
6.4.20. GSLC – GIAC Security Leadership Certificate
The target for this certification are security professionals with managerial or supervisory
responsibility for information security staff.
6.4.21. GSNA – GIAC Systems and Network Auditor
GIAC Systems and Network Auditors (GSNAs) have the knowledge, skills and abilities to apply basic
risk analysis techniques and to conduct a technical audit of essential information systems. The target
for this certification are technical staff responsible for securing and auditing information systems;
auditors who wish to demonstrate technical knowledge of the systems they are responsible for
auditing.
6.4.22. CISA - Certified Information Systems Auditor
Certified Information Systems Auditor (CISA) is a globally recognised certification in the field
of audit, control and security of information systems.
6.4.23. CISM . Certified Information Security Manager
Certified Information Security Manager (CISM) is a certification for information security
managers awarded by ISACA.
European Cyber Security Protection Alliance
Page 70 / 99
6.4.24. CGEIT - Certified in the Governance of Enterprise IT.
Certified in the Governance of Enterprise IT. The CGEIT is designed for professionals who have
management, advisory, and/or assurance responsibilities relating to the governance of IT.
6.4.25. CISRC - Certified in Risk and Information Systems Control
Certified in Risk and Information Systems Control (CRISC) is a certification for information technology
professionals with expenrience in managing IT risks, awarded by ISACA.
6.4.26. (ISC)2 - International Information Systems Security Certification Consortium
The International Information Systems Security Certification Consortium, (ISC)², is a non-profit
organisation which specializes in information security education and certifications. It has been
described as "world's largest IT security organisation". The most widely known certification offered
by (ISC)² is a Certified Information Systems Security Professional (CISSP) certification.
6.4.27. CISSP - Certified Information Systems Security Professional
Certified Information Systems Security Professional (CISSP) is an independent information
security certification governed by ISC, focussing on cyber security.
6.4.28. CAP – Certification Authorisation Professional
Today’s utilisation of technology does not ensure the safety of information assets for tomorrow.
Instead, technology must be dutifully monitored and validated against changing security
requirements triggered by emerging threats. Because of this, the objective of this certification is to
ensure an employer that the security professionals possess the necessary knowledge, skills, and
abilities and experience to effectively monitor and evaluate a company’s security risks and
requirements today and for the future.
The CAP domains are:
Risk management framework
Categorisation of information systems
Selection of security controls
Security control implementation
Security control assessment
Information system authorisation
Monitoring of security controls
6.4.29. ISSAP – Information Systems Security Architecture Professional
CISSP-ISSAP requires a candidate to demonstrate two years of professional experience in the area of
architecture and is an appropriate credential for Chief Security Architects and Analysts who may
typically work as independent consultants or in similar capacities. The architect plays a key role
European Cyber Security Protection Alliance
Page 71 / 99
within the information security department with responsibilities that functionally fit between the C-
suite and upper managerial level and the implementation of the security program. He/she would
generally develop, design, or analyse the overall security plan.
The six domains of the CISSP-ISSAP CBK® are:
Access Control Systems and Methodology
Communications & Network Security
Cryptography
Security Architecture Analysis
Technology Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Physical Security Considerations
6.4.30. ISSEP – Information Systems Security Engineering Professional
CISSP-ISSEP is the guide for incorporating security into projects, applications, business processes, and
all information systems.
The four domains of CISSP-ISSEP are:
Systems Security Engineering
Certification and Accreditation (C&A) / Risk Management Framework (RMF)
Technical Management
U.S. Government Information Assurance Related Policies and Issuances
6.4.31. ISSMP – Information Systems Security Management Professional
CISSP-ISSMP establishes, presents and governs information security programs demonstrating
management and leadership skills. Typically the CISSP-ISSMP certification holder or candidate will be
responsible for constructing the framework of the information security department and define the
means of supporting the group internally.
The five domains of CISSP-ISSMP are:
Security Leadership and Management
Security Lifecycle Management
Security Compliance Management
Contingency Management
Law, Ethics and Incident Management
6.4.32. SSCP – System Security Certified Practitioner
SSCP is open to all candidates with as little as one year experience, making it an ideal starting point
for a new career in information security or to add that layer of security needed in an organisations
current IT staffing.
The related domains are:
Access Controls
Cryptography
Malicious Code and Activity
Monitoring and Analysis
European Cyber Security Protection Alliance
Page 72 / 99
Networks and Communications
Risk, Response and Recovery
Security Operations and Administration
6.4.33. OSCP - OSCE
Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive
Security - a training spin off of the BackTrack Penetration Testing distribution.
The OSCP challenges the students to prove they have a clear practical understanding of the
penetration testing process and lifecycle through an arduous twenty four (24)
hour certification exam. The OSCP exam consists of a dedicated vulnerable network, which is
designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is
completed with the examinee submitting an in-depth penetration test report of the OSCP
examination network and PWK labs. The coveted OSCP certification is awarded to students who
successfully gain administrative access to systems on the vulnerable network.
As we can see from the sections above, many cyber security training and educational initiatives are
driven by the US and this makes a compelling case for CYSPA to further analyse Strategic option 7.15
“Education and awareness raising on cyber security threats and mitigation” (as documented in CYSPA
deliverable D4.1.2) when making the creating the initial European Strategy to Protect Cyber Space
(CYSPA Deliverable D4.3.1)
7. Conclusions and Next Steps
According to the CYSPA timeline and strategy, the work presented in this document is part of the
analysis of current and planned state of the European cyber security landscape (as is the situation).
This document has assembled a first look at the portfolio of cyber security solutions, an analysis of
the solution provider landscape and market behaviours which will be built upon to form the basis of
the technology and solutions observatory. The technology and solutions observatory (CYSPA
deliverable 3.6) will be an online tool which will be accessible to members of the CYSPA Alliance and
aims to provide a comprehensive body of knowledge about technology and solutions available which
target specific threats relevant to the sectors CYSPA explores. We explored a broad variety of
solutions from a number of different providers and the catalogue in this document will be refreshed
until the technology and solutions observatory is live.
European research initiatives were explored in collaboration with the SecCord Project and a number
of project results have come to light which may be able to facilitate delivery of the final CYSPA
strategy, to be taken into consideration when assembling CYSPA European Strategy to Protect Cyber
Space (Deliverable D4.3.2)
An analysis of existing education and training programmes highlighted a compelling gap in EU driven
cyber security education programmes, with only the United Kingdom showing a serious level of
concrete action in better equipping the market with the required level of skilled human capital.
European Cyber Security Protection Alliance
Page 73 / 99
In conclusion, there are several outcomes from this document which will feed into the production of
upcoming CYSPA deliverables, and in turn inform the final CYSPA European Strategy to Protect Cyber
Space.
8. References
[1] EU Research for a Secure Society July 2012. ec.europa.eu/enterprise/.
[2] ENISA National Cyber Security StrategiesMay 2012
[3] ENISA
National Cyber Security Strategies
Practical Guide on Development and Execution
December 2012
[4] ENISA
On National and International Cyber Security Exercises
Survey, Analysis and Recommendations
October 2012
[5] The 2013 (ISC)2 Global Information Security Workforce Study
https://www.isc2cares.org/
[6] CORDIS EUROPA. http://cordis.europa.eu/fp7/ict/security/projects_en.html#TSI
[7] SECCORD Deliverable 3.1 Research and Innovation Yearbook 2013, and Deliverable 5.3 Year
one Catalogue 2013 deliverables available at http://www.seccord.eu/
[8] http://www.gartner.com/technology/research/methodologies/magicQuadrants.jsp
[9] Oracle Security solutions catalogue at
http://www.oracle.com/us/technologies/security/overview/index.html.
[10] Cisco Security Solutions catalogue
http://www.cisco.com/c/en/us/products/security/solution-listing.html
[11] Juniper Networks Security solutions http://www.juniper.net/us/en/solutions/service-
provider/network-security/
[12] 1 HP ArcSight SIEM http://www8.hp.com/us/en/software-
solutions/software.html?compURI=1340712
European Cyber Security Protection Alliance
Page 74 / 99
9. Annex I: list of European projects considered for analysis
Annex I gives the descriptions of all the EU research projects explored for evaluation to include within this document
European Cyber Security Protection Alliance
Page 75 / 99
ACTIBIO.- Unobtrusive authentication using activity related and soft
biometrics.
ACTIBIO will develop the innovative concept of extraction off multi-
modal biometric signatures based on the response of the user to specific
stimuli, while performing specific but natural work-related activities.
Fusing information from various sensors capturing either the dynamic
behavior profile of the user or the physiological response of the user to
events will also research the use of unobtrusive sensors.
ACTOR.- ACcelerate Trust in digital life Organisation and Relations.
On November 2008, Phillips, Microsoft, Nokia and Gemalto took the
initiative to establish the Trust in Digital Life Partnertship.
The coordination action ACTOR supports the TDL Partnership raising
awareness of research and its results of trustworthy ICT.
ACTOR supports the partnership in establishing a network by involving
additional members for the definition of a SRA and implementation
through research projects.
The objectives of the proposed CA project ACTOR are focused on:
- Establishing a multidisciplinary partnership
- Broad support to the TDL research roadmaps for longer-term
research in the field of trustworthy ICT
- Bundling and coordinating the effort of the Partnership members to
develop a promising and ambitious SRA and Work
- Identification of a balanced portfolio with concrete project ideas for
public funded research and innovation projects.
ASSERT4SOA.- Advanced Security Service cERTificate for SOA
ASSERT4SOA will produce novel techniques and tools fully integrated
within the SOA lifecycle for expressing, assessing and certifying security
properties for complex service-oriented applications, composed of
distributed software services that may dynamically be selected,
assembled replaced and running within complex and continuously
evolving software ecosystems.
AVANTSSAR.- Automated validation of trust and security of service-oriented
architectures
AVANTSSAR proposes a rigorous technology for the formal specification
and automated validation of Trust and Security of Service-Oriented
Architectures. This technology will be automated into an integrated
toolset, the AVANTSSAR Validation Platform, tuned on relevant industrial
case studies.
The project will develop:
- ASLAN, the first formal language for specifying trust and security
properties of services, their associated policies, and their
composition into service architectures.
European Cyber Security Protection Alliance
Page 76 / 99
- Automated techniques to reason about services and their associated
security policies into secure service architecture.
- An automated toolset for validating trust and security aspects of SOA
architectures.
CACE.- Computer Aided Cryptography Engineering.
CACE goal is to design, develop and deploy a toolbox that will support the
specific domain of cryptographic software engineering. Security and trust
is mission critical and modern application processing sensitive data
typically require the deployment of sophisticated cryptographic
techniques. The toolbox will allow non-experts to develop high-level
cryptographic applications and business models by means of
cryptography-aware high level programming languages and compilers.
The description of such applications in this way will allow automatic
analysis and transformation of cryptographic software to detect security
critical implementation failures.
DITSEF.- Digital & innovative technologies for security & efficiency of first
responder operations
One of the main problems of First Responders (FR) (fire fighters, police, etc.)
in the case of a crisis occurring at critical infrastructures is the availability of
relevant information for the First Responder itself and for the local manager.
The loss of communication and location, the lack of information concerning
the environment (temperature, hazardous gases, etc.) and the poor
efficiency of the Human Machine Interface (HMI) on the FR side are the main
current drawbacks. Therefore, during the intervention there is a gap
between the First Responders’ situation (positioning, health, etc.) and the
overall overview at their mobile headquarters.
DITSEF aims at increasing the effectiveness and safety of First Responders
through optimal information gathering and sharing with their higher
command levels.
The DITSEF project will provide solutions in four areas:
- Communication;
- Indoor localization;
- Sensors;
- Human Machine Interface.
The aim of the project is to propose to integrate these technologies into a
system through scenarios validated by the end users.
These new technologies must respond to the end user’s needs.
ECRYPT II.- European network of excellence in cryptology - Phase II
Its main objective is to ensure a durable integration of European research
in both academia and industry and to maintain and strengthen the
European excellence in these areas. In order to reach this goal, 11 leading
players propose to integrate their research capabilities within three
virtual labs focusing on symmetric key algorithms, public key algorithms
and protocols, and hardware and software implementation. They will be
joined by more than 20 adjoint members to the network who will closely
European Cyber Security Protection Alliance
Page 77 / 99
collaborate with the core partners. ECRYPT II plans to build on an expand
the integration activities developed within ECRYPT that include joint
workshops, exchange of researchers and students, development of
common tools and benchmarks and a website and forum which will be a
focal point for the network and the wider cryptographic community.
Spreading activities will include a training program, a substantial
contribution towards standardization, bodies and an active publication
policy. The project team has the critical mass and breadth to address the
key questions in these areas.
EFFECTS+.-European Framework for Future Internet Compliance, Trust,
Security and Privacy through effective clustering
EFFECTS+ provides a coordination service for R&D for Trust, Security,
Privacy and Compliance (TSPC) in the Information Society and the Future
Internet (FI). It has three parallel, related goals:
(1) coordination of project contribution to the development of Future
Internet;
(2) coordination of project activities through Project Clustering;
(3) coordination and integration of the results and findings from (1)
and (2), feeding them into an ongoing roadmap that contributes to the
agenda for future European research, development, and practice. To
date, there has been no overall co-ordination of Future Internet
Assembly (FIA) work with early T&S project clustering.
ESCORTS.- European network for the security of control and real-time
systems
ESCoRTS was a joint endeavor among EU process industries, utilities, leading
manufacturers of control equipment and research institutes, to foster
progress towards cyber security of control and communication equipment in
Europe. This coordination action addressed the need for standardization in
this area (where Europe lags behind other world actors), indicating R&D
directions by means of a dedicated roadmap.
ESCoRTS aimed at the dissemination of best practices on Supervisory Control
And Data Acquisition (SCADA) security implementation, thus ensuring
convergence and hastening the standardization process worldwide, and
paving the way to establishing cyber security testing facilities in Europe.
Networked computers reside at the heart of critical infrastructures
and systems on which people rely, such as the power grid, the oil & gas
infrastructure, water supply networks etc. Today these systems are
vulnerable to cyber-attacks that can inhibit their operation, corrupt valuable
data, or expose private information.
Attacks compromising security of monitoring and control systems may also
have negative impact on the safety of personnel, the public and the
environment by causing severe accidents like blackouts, oil spills, release of
pollutants in the air, water and soil.
European Cyber Security Protection Alliance
Page 78 / 99
Pressure to ensure cyber security of control and communication systems is
strong in the US, where industry sectors - electricity, oil, gas etc. are issuing
guidelines and have set up a common platform, the Process Control Systems
Forum. There national facilities where to test the security of control and
communication components are available. In the EU, the importance of the
issue starts to be recognised as well: vendors and many users are trying to
accommodate what emerges as best practice security.
Nevertheless, a common strategy towards standardization is lacking; the
efforts are scattered across industrial sectors and companies. In addition,
due to the lack of testing facilities in the EU, manufacturers and operators
currently need to resort to US cyber security facilities to verify their products
and services.
ESC . European Security Challenge.
Other regions of the world, particularly the US, use competitive incentives
such as awards and prizes to encourage innovation in security research, but
Europe has lagged in this area. The focus of this one-year project was to
examine how such a model could be used to Europe’s advantage. ESC’s
three-member consortium, consisting of Global Security Challenge LLP (UK),
Jožef Stefan Institute (Slovenia) and PR agency 3D Communications (France),
was tasked to design prize competitions that encourage innovators (from
industry, academia, etc.) to deliver innovation solutions in European security
– and to provide ideas and guidelines to the European Commission for doing
so.
A parallel objective was to examine how competitions could visibly involve
EU citizens in the innovation process.
The ESC team conferred with experts, policymakers, companies and other
stakeholders to shape its work, surveying 523 SMEs and interviewing 24
international innovation decision-makers from both public and private
sectors, for example.
This led to the definition of three competition packages as options for the
Commission to use in the future. The three are:
- the “UAV Crisis Response Challenge”, designed to advance unmanned aerial
systems (UAS) technology for emergency response to disasters.
- The “Citizens’ Frontline Emergency Management Competition” to create
open source software applications for emergency management, based on
use of social media and modern communications technology.
- The “Cloud Castle Challenge” to encourage the creation of an open source
software repository, or ‘toolbox’, for cyber security and the protection of
cloud computing.
ESC’s final report will allow European policy-makers to assess the potential
for using prize competitions to boost innovation in security.
“Our analysis has shown that both applicants/innovators and prize
promoters/sponsors can benefit from prizes,” says the team. It adds that
contest applicants and winners profit from wide media coverage and easier
access to funding for the commercialization of their research, while contest
European Cyber Security Protection Alliance
Page 79 / 99
promoters and sponsors pull in participants from non-conventional fields
that traditional methods fail to reach. Indeed, other methods for attracting
innovation such as research grants or patents are discussed in the report and
compared to prize competitions.
The report ends with a suggestion to integrate prize competitions in the EU’s
existing funding schemes.
ETCETERA.- Evaluation of critical and emerging technologies for the
elaboration of a security research agenda.
The ETCETERA project is a contribution to effective and efficient security
research planning on a European level.
Its aim is three-fold :
- to develop novel methodologies for future strategic research planning
- to identify risks and potential benefits associated with Critical Dependencies
and Emerging Technologies with security implications.
- to recommend a research agenda to deal with these risks and potential
benefits.
INSPIRE.- Increasing security and protection through infrastructure resilience
The INSPIRE goal is enhancing the European potential in the field of
security by assuring the protection of critical information infrastructures
through the identification of their vulnerabilities and the development of
innovative techniques for securing networked process control systems.
To increase the resilience of such systems INSPIRE will develop traffic
engineering algorithms, self-reconfigurable architectures and diagnosis and
recovery techniques. Therefore, the core idea of the INSPIRE proposal is to
protect critical information infrastructures by appropriately configuring,
managing, and securing the communication network which interconnect the
distributed control systems.
A working prototype will be implemented to be used as final
demonstrator of specific scenarios. Involved experts will support project
partners in the validation and demonstration activities, thus enhancing the
effectiveness of such multidisciplinary consortium. INSPIRE will also
contribute to standardization process in order to foster multi-operator
interoperability and coordinated strategies for securing lifeline systems.
In order to achieve its objectives, INSPIRE has identified the following
areas of work:
- Analysis and modelling of vulnerabilities of networked process control
systems.
- Design and implementation of techniques and architectures for
increasing security and resilience of networked controls systems.
- Verification, validation and integration of the developed tools.
- Exploitation, dissemination and standardization.
European Cyber Security Protection Alliance
Page 80 / 99
INSPIRE-INTERNATIONAL.- INcreasing Security and Protection through
Infrastructure REsilience-International cooperation aspects
Critical Infrastructures (CI) are increasingly interconnected and consequently
opposed to multiple new threats such as cyber and terroristic attacks.
Therefore, Critical Infrastructure Protection (CIP) is getting more and more
important. Supervisory, Control and Data Acquisition (SCADA) systems are
widely deployed in CIs and should be therefore well protected.
The INSPIRE project aims at systematically understanding SCADA threats and
accordingly developing mitigation and prevention techniques. Power grid is a
SCADA-based wide area highly interconnected CI. The high level of
interconnectivity can be easily concluded from the low number of power
grids in Europe. To the best of our knowledge there is no real data from the
European power grids that can be used for evaluating power grid protection
techniques such as those developed in INSPIRE.
INSPIRE is developing a P2P-based middleware that aims at increasing the
protection level of SCADA systems, which can be easily adopted for power
grid infrastructures. A cooperation between INSPIRE and GridStat will allow
to compare both approaches and derive best practices as well as directions
towards an integrative/adaptive approach.
MASSIF1.MAnagement of Security information and events in Service
Infrastructures, Secure information management system.
MASSIF will provide innovation techniques in order to enable the
detection of upcoming security threats and trigger remediation actions
even before the occurrence of possible security incidences. Thus, MASSIF
will develop a new generation SIEM framework for service
infrastructures supporting intelligent, scalable, and multi-level/multi-
domain security event processing and predictive security monitoring. It
provides cross-layer correlation of security events from various sources,
enabling protection of the service infrastructure, as well as predictive
security analysis, proactively preventing further attacks by taking
appropriate countermeasures. Highly scalable processing techniques
used will provide means to handle large volumes of security events,
while elastic scalable event processing offers an adaptive environment to
suit computing resources.
MASTER.- Managing assurance, security and trust for services
MASTER aims at providing methodologies and infrastructures that
facilitate the monitoring, enforcement, and audit of quantifiable
indicators on the security of a business process, and that provide
manageable assurance of the security levels, trust levels and regulatory
1 http://www.massif-project.eu/
European Cyber Security Protection Alliance
Page 81 / 99
compliance of highly dynamic service- oriented architecture in
centralized, distributed (multi-domain), and outsourcing contexts.
To this extents MASTER will identify new innovation components in
terms of key assurance indicators, key security indicators, protection and
regulatory models and security model transformations coupled with the
methodological and verification tools for the analysis and assessment of
business processes. It will further define an overall infrastructure for the
monitoring, enforcement, reaction, diagnosis and assessment of these
indicators centralized, distributed (multi-domain), and outsourcing
contexts. It will show a proof-of-concept implementation in the
challenging realms of Banking/Insurance and in the e-Health IT systems.
MASTER will thus deliver a strategic component of the security and trust
pillar of the European Technology Platform NESSI which makes it a NESSI
strategic project.
PARSIFAL.- Protection and trust in financial infrastructures
PARSIFAL proposal is targeting the ambitious objective concerning how
to better protect FCI and information infrastructure that link FCI with
other Critical Infrastrucutre in Europe.
PARSIFAL has the following objectives:
1) Bringing together CFI and TSD research stakeholders;
2) Contributing to the understanding of CFI challenges;
3) Developing longer term visions, research roadmaps, CFI scenarios and
best practice guides;
4) Co-ordinating the relevant research work, knowledge and experiences.
The need to create forums at EU level is specifically mentioned in order
to facilitate exchanges of views on general and sector specific CIP issues.
PARSIFAL is aiming to bring together all financial critical infrastructure
stakeholders in the public and private sphere which would provide the
MS, Commission and the industry with an important platform through
which to communicate on whichever new CIP issue arise. Furthermore,
PARSIFAL Forum would asses a possibility of the creation of EU FCI
related industry/business associations. The success of PARSIFAL will be
largely based on its ability to build a large consensus in the financial,
security industrial and scientific community. This will require the ability
to contact and involve a large number of SME's that are working in this
field, as well as Academia and Research Organisation all over Europe and
bring them together with all the relevant national or regional CIP and
Financial sector actors.
PASSIVE.- Policy-Assessed system-level Security of Sensitive Information
processing in Virtualized Environments
The PASSIVE project proposes an improved model of security for
virtualized systems to ensure that:
European Cyber Security Protection Alliance
Page 82 / 99
- Adequate separation of concerns (e.g. policing, judiciary) can be
achieved even in large scale deployments.
- Threats from co-hosted operating systems are detected and dealt
with.
- Public trust in application providers is maintained even in a
hosting environment where the underlying infrastructure is highly
dynamic.
To achieve these aims, the consortium proposes:
- A policy-based Security architecture, to allow security provisions to
be easily specified, and efficiently addressed.
- Fully virtualized resource access, with fine-grained control over
device access, running on an ultra-lightweight Virtual Machine
Manager.
- A lightweight, dynamic system for authentication of hosts and
applications in a virtualized environment. In so doing, PASSIVE will
lower the barriers to adoption of virtualized hosting by government
users, so that they may achieve the considerable gains in energy
efficiency, reduced capital expenditure and flexibility offered by
virtualization.
POSECCO.- Policy and Security Configuration Management.
PoSecCo establish a traceable and sustainable link between high-level
requirements and low-level configuration settings. Operations will be
supported by self-managed features and decision support systems.
Substantial improvements are expected in the areas of policy modeling
and conflict detection across architectural layers, decision support for
policy refinement processes, policy and configuration change
management including validation, remediation and audit support, and
security management processes in FI application scenarios. PoSecCo
addresses the economic viability of the chosen approach by assessing
cost and organisational benefits of an improved policy and configuration
management.
PoSecCo continues other EC projects, especially DESEREC, POSITIF, and
MASTER, and adopts existing industry-standards for change management
and audit to ensure its impact.
PRIMELIFE.- Privacy and identity management in Europe for life.
PrimeLife will resolve the core privacy and trust issues; its long-term
vision is to counter the trend to life-long personal data trails data without
compromising on functionality. The project will build upon and expand
the sound foundation of the FP6 project PRIME that has shown how
privacy technologies can enable citizens to execute their legal rights to
control personal information in on-line transactions. Resolving these
issues requires substantial progress in many underlying technologies.
PrimeLife will substantially advance the state of the art in the areas of
human computer interfaces, configurable policy languages, web service
federations, infrastructures and privacy-enhancing cryptography.
European Cyber Security Protection Alliance
Page 83 / 99
PrimeLife will ensure that the community at large adopts privacy
technologies. To this effect PrimeLife will work with the relevant Open
Source communities and standardisation bodies, and partner projects. It
will further organise workshops with interested parties such as partner
projects to transfer technologies and concepts. This will also validate the
project's results on a large scale. European industry will be strengthened
by providing building blocks for trustworthy treatment of customers'
data.
RADICAL.- Road mapping technology for enhancing security to protect
medical and genetic data.
RADICAL coordination action aims at approaching coherently, studying in
depth and revealing scientifically, the beyond the state-of the art
research and policy roadmap for security and privacy enhancement in
Virtual Physiological Human, taking into consideration technology
advancements, business and societal needs, ethics and challenges that
should be addressed and answered.
RADICAL objectives are:
- Benchmarking existing security and privacy technologies. There will be a
special focus on Privacy Enhancing Technologies, which assist in
designing information and communication systems and services in a way
that minimizes the collection and use of personal data and facilitate
compliance with data protection rules.
- Identify the required technology developments and implementation
challenges in order to define the gap between the present (as is
situation) and the future desired status.
- Identify the societal needs and challenges that should be addressed in
order to protect health patient records and regulate their usage. Analyse
the implications of health data usage, with special focus to the genetic
data usage.
- Capitalize on existing knowledge acquired by EC funded projects under
6th Framework, using their Provide a Policy Paper Roadmap for the
Future Agenda in Medical and Genetic Data.
- Develop a Good Practice Guide, presenting the best practices that should
be adopted by different stakeholders.
- Creating a network of stakeholders
SAFECITY.- Future Internet Applied to Public Safety in Smart Cities
Safecity deals with smart Public safety and security in cities. The main
objective is to enhance the role of Future Internet in ensuring people feel
safe in their surroundings at time that their surroundings are protected.
Safecity is the result of the elaboration of a vertical Use Case Scenario
based on Public Safety in European cities. The main goal of this project is
to collect specific requirements driven by relevant users on the Future of
Internet versus to the generic ones that will be collected through other
objectives.
European Cyber Security Protection Alliance
Page 84 / 99
SECURECHANGE.- Security engineering for lifelong evolvable systems.
The project will develop processes and tools that support design
techniques for evolution, testing, verification, re-configuration and local
analysis of evolving software. Our focus is on mobile devices and homes,
which offer both great research challenges and long-term business
opportunities.
Concrete achievements will include:
- Architectural blueprint and integrated security process for lifelong
adaptable systems
- Methodology for evolutionary requirements with tools for incremental
requirements models evaluation and transformation
- Security modelling notation for adaptive security with formally founded
automated security analysis tools.
- IT security risk assessment with tool-support for lifelong adaptable
systems
- Techniques and tools to verify adaptive security while loading on-device
- Model-based testing approach for evolution
The results are continuously validated jointly with key industry players.
SHIELDS.- Detecting known security vulnerabilities from within design and
development tools
The main objective of SHIELDS is to increase software security by bridging
the gap between security experts and software practitioners and by
providing the software developers with the means to effectively prevent
occurrences of known vulnerabilities when building software.
Development of novel formalisms for representing security information, such
as known vulnerabilities, in a form directly usable by development tools, and
accessible to software developers. This information will be stored in an
internet-based Security Vulnerabilities Repository Service (SVRS) that
facilitates fast dissemination of vulnerability information from security
experts to software developers. We will also present a new breed of security
methods and tools (some open source, some commercial) that are constantly
kept up-to-date by using the information stored in the SVRS.
In addition to the SVRS, and new security tools, we will create a SHIELDS
Compliant certification for tools and a SHIELDS Verified logo program for
software developers that will offer an affordable and yet technically effective
evaluation and certification method in the fight against common security
vulnerabilities. Commercial exploitation will be through these programs, the
tools, and through subscriptions to the repository (parts will be free).
SPIKE.- Secure process-oriented integrative service infrastructure for
networked enterprises.
European Cyber Security Protection Alliance
Page 85 / 99
SPIKE will develop a software platform for the easy and fast setup of business
alliances. The project targets two main organisational objectives: first,
outsourcing parts of the value chain to business partners; second, enabling
collaboration between members of participating organisations. SPIKE will
enable collaboration and cooperation between the networked enterprises.
The user partners will demonstrate the potential of SPIKE at the case of pilot
deployments and use cases, i.e. a collaborative business alliance and two
services ready for use in the networked enterprise. Because of its focus, the
project will have an impact on organisations of all sizes that want to
collaborate with each other.
This way, SPIKE will have a special impact on SMEs. It will enable them to
offer their services to potential new customers in a cost-saving and timely
manner.
VIRTUOSO.- Versatile information toolkit for end-users oriented open
sources exploitation.
The VIRTUOSO Project aims to provide an integrated open source
information exploitation (OSINF) toolbox to European authorities working in
border security. This toolbox will extend the “security distance” of Europe’s
borders by allowing EU agencies and member states to anticipate, identify
and respond to strategic risks and threats in a timely manner. In short, the
project aims to :
- Improve the situational awareness of those organisations and individuals
charged with securing Europe’s borders.
- Help anticipate risks such as terrorism, illegal migration and the trafficking of
goods and people using OSINF-
- Create the kernel of a pan-European technological platform for the
collection, analysis and dissemination of open source information, thus
ensuring greater interoperability among European actors involved in
border security.
- Provide the tools for crisis management response if anticipation fails or in
the event of a rupture scenario.
This seamless OSINF platform will aggregate, in real time, content from the
internet, leading subscription providers, and broadcast media. This content
will be filtered and analysed using text mining and other decision support
technologies to improve situational awareness and provide early warning to
end-users.
The project’s deliverables include a demonstrator of the VIRTUOSO toolkit
(one that integrates various information services and intelligence
applications) and full documentation on the platform itself.
The core platform will be freely available as open source software at the end
of the project.
European Cyber Security Protection Alliance
Page 86 / 99
ANIKETOS1 .Secure Development of Trustworthy Composite Services.
The Main objective is to provide service developers and providers with a secure service development, improving tools, methods, and languages for handling security issues. This includes the evolution of agreements and requirements for users of services, who want to obtain certification for composed services. Aniketos offers a way of expressing different aspects of trustworthiness and provide design-time and runtime modules for evaluating and monitoring the trust level between service providers/components
ARENA.- Architecture for the Recognition of threats to mobile assets using
networks of multiple affordable sensors.
The objective of ARENA is to develop methods for automatic detection
and recognition of threats, based on multisensory data analysis:
- Robustly and autonomously detect threats to critical mobile assets in
large unpredictable environments.
- To reduce the number and impact of false alarms and work towards
optimized decision making.
- To demonstrate automatic threat detection for the land case.
- To assess automated threat detection for the land case and the
maritime case.
- To evaluate detection performance and contribute to standards.
- To respect and respond to social, legal and ethical issues arising from
the design, implementation and deployment.
The expected result is a system consisting of low cost sensors which are
easy to deploy. The system will be adaptable to various platforms and
increase the situation awareness.
ASPIRE.- Advanced Software Protection: Integration, Research and
Exploitation
ASPIRE will research and provide a radical change in the current RFID
deployment paradigm through innovative, programmable, royalty-free
and privacy friendly middleware. This new middleware paradigm will be
particular beneficial to European SME, which are nowadays experiencing
significant cost-barriers to RFID deployment. ASPIRE will significantly
lower SME entry costs for RFID technology, through developing and
providing a lightweight, royalty-free, innovative, programmable, privacy
friendly, middleware platform that will facilitate low-cost development
and deployment of innovative RFID solutions. This platform will act as a
main vehicle for realizing the proposed swift in the current RFID
deployment paradigm.
BEAT.- Biometrics Evaluation and Testing
The goal of BEAT is to propose a framework of standard operational
evaluations for biometric technologies.
The BEAT project will provide standardized criteria (and metrics) to evaluate
biometric systems for both academic and commercial entities. This
standardization is currently lacking and would likely lead to : an improved 1 http://www.aniketos.eu/project
European Cyber Security Protection Alliance
Page 87 / 99
communication between academic and commercial entities in the field of
biometrics by providing a common basis for comparison, and an
improvement in the state-of-the-art for biometric systems by providing a fair
and centralized method to evaluate systems.
The standardization would include methods to evaluate :
- The performance (accuracy) of a biometric system.
- The vulnerability of a biometric system to direct attacks (spoofing) or
indirect attacks (hill-climbing attacks).
- The performance of privacy preservation techniques.
There will be three outcomes of this project. The first is that the reliability of
biometric systems will be measurable and thus should lead to a meaningful
increase in performance. The second is that technology transfer from
research to companies will be much easier as there will be an interoperable
framework. Finally, decision-makers and authorities will be informed about
the progress that is made in biometrics as the results will have an impact on
standards. Given these outcomes we expect that BEAT will significantly
contribute to the development of a European Identification Certification
System.
BIC.- Building International Cooperation for Trustworthy ICT: Security,
Privacy and Trust in Global Networks & Services.
The BIC project responds to FP7 Call 5 Objective ICT-2009.1.4
Trustworthy ICT, specifically d) Networking, Coordination and Support of
networking, road-mapping, coordination and awareness raising of
research and its results in trustworthy ICT with priority towards (vii)
International co-operation in fields where global action will create added
value.
With this Coordination Action, successful models developed by the
project partners will be used to engender co-operation of EU researchers
and program management in Trustworthy ICT with their peers in
countries who have already signed Science and Technology (ST)
agreements, namely Brazil, India and South Africa.
The objectives of the work performed by the proposed BIC project will
be:
1. Chart landscape and Initial EU alignment;
2. Prioritisation of the EU influenced vision and research directions
amongst the new countries (Brazil, India and South Africa), including
alignment of work programmes;
3. Global alignment, consensus and outreach of the visions and
challenges of all countries;
4. Definition of Tangible International Activities including success metrics
and setting up global projects.
BUTLER.- uBiquitous, secUre inTernet-of-things with Location and contExt-
awaReness
European Cyber Security Protection Alliance
Page 88 / 99
BUTLER will be the first European project to emphasise pervasiveness,
context-awareness and security for IoT. Through a consortium of leading
Industrial, Corporate R&D and Academic partners with extensive and
complementary know-how, BUTLER will integrate current and develop new
technologies to form a bundle of applications, platform features and services
that will bring IoT to life. For this purpose, BUTLER will focus on:
- Improving/creating enabling technologies to implement a well-
defined vision of secure, pervasive and context-aware IoT, where
links are inherently secure (from PHY to APP layers) applications cut
across different scenarios (Home, Office, Transportation, Health,
etc.), and the network reactions to users are adjusted to their needs
(learned and monitored in real time).
- Integrating/developing a new flexible smartDevice-centric network
architecture where platforms (devices) function according to three
well-defined categories: smartObject (sensors, actuators, gateways),
smartMobile (users personal device) and smartServers (providers of
contents and services), interconnected over IPv6.
- Building a series of field trials, which progressively integrate and
enhance state-of-the-art technologies to showcase BUTLERs secure,
pervasive and context-aware vision of IoT. In addition to these R&D
innovations, BUTLER and its External Members Group will also
aggregate and lead the European effort in the standardisation and
exploitation of IoT technologies.
C-DAX.- Cyber-secure Data and Control Cloud for Power Grids
C-DAX exploits the properties of novel, information-centric networking (ICN)
architectures that are by design more secure, resilient, scalable, and flexible
than conventional information systems. C-DAX will be tailored to the specific
needs of smart grids for efficient support of massive integration of
renewables and a heterogeneous set of co-existing smart grid applications.
Realistic and pertinent use cases from different domains (low-voltage,
medium-voltage, and trading) will be used to guide the design and provide
validation criteria. Further, C-DAX will provide added value to current
protocols and data models used within the power systems domain for
monitoring and control purposes. C-DAX concepts will be proposed for
standardization and industry interest groups.
CAPITAL.- Cyber security research Agenda for PrIvacy and Technology
chALlenges
CAPITAL has been built around two pillars: coordinate European R&D efforts
in the cyber security domain and jointly address research and innovation
within an Integrated Research & Innovation Agenda. The project will
therefore cover two sub-bullets of the call objective.
CAPITAL is proposed by a strong consortium gathering nine representatives
from leading Industries and Research Organisations, well positioned -in
terms of networking, expertise and market outreach - in the cyber security
domain. CAPITAL complements the CYSPA project started on October 2012,
European Cyber Security Protection Alliance
Page 89 / 99
also coordinated by EOS which aims at defining an overall strategy and
creating a community of solution providers, Researchers and end-users to
enhance the industrial community to protect itself from cyber-disruptions
and support the European elaboration of regulations to enhance the overall
protection level.
CIRRUS.- Certification, InteRnationalisation and standaRdization in cloUd
Security.
Certification, InteRnationalisation and standaRdization in cloUd Security
(CIRRUS) aims to bring together representatives of industry organisations,
law enforcement agencies, cloud services providers, standard and
certification services organisations, cloud consumers, auditors, data
protection authorities, policy makers, software component industry etc. with
diverse interests in security and privacy issues in cloud computing.
CIRRUS project aims to provide "high-level, high-impact" support and
coordination for European ICT security research projects. Project activities
target joint standardization, certification schemes, link research projects with
EU policy and strategy, internationalization, as well as industry best practices
and public private cooperation initiatives.
CUMULUS.- Certification infrastrUcture for MUlti-Layer cloUd Services
CUMULUS will address the limitations of Cloud technologies by developing
an integrated framework of models, processes and tools supporting the
certification of security properties of infrastructure (IaaS), platform (PaaS)
and software application layer (SaaS) services in cloud. CUMULUS framework
will bring service users, service providers and cloud suppliers to work
together with certification authorities in order to ensure security certificate
validity in the ever-changing cloud environment.
CUMULUS will rely on multiple types of evidence regarding security,
including service testing and monitoring data and trusted computing proofs,
and based on models for hybrid, incremental and multi-layer security
certification. Whenever possible, evidence gathering will build upon existing
standards and practices (e.g., interaction protocols, representation schemes
etc.) regarding the provision of information for the assessment of security in
clouds.
To ensure large-scale industrial applicability, the CUMULUS framework will
be evaluated in reference to cloud application scenarios in some key
industrial domains, namely Smart Cities and eHealth services and
applications.
CUMULUS is aligned with the recommendations of a recent industrial
consultation to the European Commission which identified cloud certification
as an enabling technology for building trust for end users through the
deployment of standards and certification schemes relevant to cloud
solutions, and included it in the ten key recommendations and actions for a
cloud strategy in Europe.
European Cyber Security Protection Alliance
Page 90 / 99
COCKPITCI.- Cybersecurity on SCADA: risk prediction, analysis and reaction
tools for Critical Infrastructures.
The CockpitCI project aims on one hand to continue the work done in MICIE by refining and updating the on-line Risk Predictor deployed in the SCADA centre, on the other hand to provide some kind of intelligence to field equipment, allowing them to perform local decisions in order to self-identify and self-react to abnormal situations induced by cyber attacks.
The main expected result is the demonstration that the convergence among physical security, cyber security and business continuity is possible with positive fallouts for all the involved players. Benefits will arise from the security point of view thanks to the availability of a larger amount of field data, while, from the business point of view, a better real-time risk evaluation will allow a tailored definition of service level agreement and the avoidance of large domino effects.
DISASTER.- Data Interoperability Solution At Stakeholders Emergency
Reaction.
Design of a reference architecture to solve interoperability problems in data
exchange in SOA-based Emergency Management Systems (EMS), addressing
interdisciplinary environments at a European level.
- Designing and developing an integrative and modular interoperable data
model. This objective may be split into two sub-objectives :
• The core framework data model, common to every stakeholder
involved in emergency management.
• Complementary transversal (spatial and temporal) & vertical (domain-
specific) modules.
- Designing and developing mediation techniques, a set of bridges, enabling a
transparent integration of the data model within already-existing SOA-based
EMSs.
- Developing and executing a validation pilot phase in an actual environment,
based on a representative scenario, in order to get feedback from end-users,
and evaluating the project’s outcomes and their benefits to the European
multicultural domain related to emergency management.
The project’s target outcome is an integrative and modular ontology for
establishing a common knowledge structure between all the first responders
involved in an emergency, but being compliant with legacy international data
formats exchanged in the European Union as long as they are seamlessly
integrated within current SOA-based Emergency Management Systems.
INTER-TRUST.- Interoperable Trust Assurance Infrastructure
The main objective of the INTER-TRUST project is to develop a framework to
support trustworthy applications in heterogeneous networks and devices
based on the enforcement of interoperable and changing security policies.
This framework will allow developers, integrators and operators of systems
to act during the development and operation phases to obtain systems with
European Cyber Security Protection Alliance
Page 91 / 99
components that communicate and share data in a secure trusted manner
dictated by negotiated security policies that we also refer to as dynamic
security Service Level Agreements.
The result will incorporate trustworthiness by integrating legal, social and
economic concerns, allowing applications and devices to negotiate and be
strained by them.
INTER-TRUST intends to validate the results using two different case studies
with complex, highly demanding critical services. The two case studies, E-
voting and Vehicle-to-Vehicle and Vehicle-to-Infrastructure Communications
for Intelligent Transport Systems, involve key European players and will
perfectly illustrate the importance and cross-domain applicability of the
INTER-TRUST's results and offer unique opportunities for their wide-spread
exploitation.
IPACSO.- Innovation Framework for Privacy and Cyber Security Market
Opportunities
Innovation drives new product realization and development. Significant
opportunities exist for innovation in the privacy and cyber security (PACS)
technology space, yet complex market, regulatory, policy, commercial, and
economic considerations create several barriers to transforming research
outputs into market-centric product and service applications. In response,
Innovation Framework for Privacy and Cyber Security Market Opportunities
(IPaCSO) will develop a structured knowledge and decision-support
innovation framework for identifying, assessing and exploiting market
opportunities in the privacy and cyber security technology space. IPaCSO will
support security innovators, policy makers and research spectrum
stakeholders in identifying, assessing and exploiting new ideas and research
assets using innovation and market assessment best-practice and guidelines
IPaCSO will address the following main goals:
- Assess existing innovation processes used in the PACS domain via in-depth
stakeholder engagement.
- Identify a set of innovation framework requirements, interleaving improved
innovation practices and case study scenarios, that support PACs domain
concerns
- Assess existing economic barriers to innovation and identify appropriate
economic incentives needed to increase security product and service
adoption
- Develop an appropriate knowledgebase and decision support approach that
is transferrable to PACS technologies exploiting potential market
opportunities.
- Develop effective training, exploitation and dissemination of the resultant
IPaCSO framework to target stakeholder groups, both during and beyond the
project lifecycle.
MATTHEW.- Multi-entity-security using active Transmission Technology for
improved Handling of Exportable security credentials Without privacy
restrictions.
European Cyber Security Protection Alliance
Page 92 / 99
With the increasing pervasion of our society by mobile devices like smart
phones and tablets and many users running several security relevant
applications on multiple mobile devices at the same time, security and
privacy challenges outranging those on personal computers arise. In the near
future, users are expected to move personal roles and identities between
mobile platforms. Electronic representations of rights associated with such
roles will be mobilised and residing on multiple devices. These devices could
be nanoSIMs used in smartphones or microSDTM cards used in tablets.
The objective of MATTHEW is to develop novel, privacy-preserving security
applications with Anonymity and Attribute Based Credentials (ABC) being
transferable over various mobile platforms like smart phones and tablets
using Near Field Communication (NFC). Introducing active transmission
technology for NFC, MATTHEW will overcome the most blocking obstacle in
scalability of form factors for NFC antennas, thus facilitating integration of
NFC-enabled security components in mobile devices.
MATTHEW directly addresses Security and privacy in mobile systems of the
objective ICT-2013.1.5 Trustworthy ICT and will, based on application
requirements, specify an architecture with focus on multiple entity security
with privacy preservation. Component development will encompass secure
elements with physically uncloneable functions (PUFs) and privacy algorithms
support, active transmission technology and antenna designs as well as
specialized packages for small form factor integration.
MATTHEW results will be demonstrated by a transferable payment
application and a multi-key access control system. An ABC-based
cryptographic API will provide pseudonyms for privacy.
MATTHEW brings together eight highly qualified European partners, world
market leading industries (IFAT, GTO, AMS, IFAG), research oriented SMEs
(IMA, TEC, CRX) as well as a high esteemed university institute for ICT
security (IAIK).
PANOPTESEC.- Dynamic Risk Approaches for Automated Cyber Defense
The PANOPTESEC consortium will deliver a beyond-state-of-the-art prototype
of a cyber-defense decision support system, demonstrating a risk based
approach to automated cyber-defense that accounts for the dynamic nature
of information and communications technologies (ICT) and the constantly
evolving capabilities of cyber attackers. "Panoptes" is an ancient Greek term
meaning 'all eyes' or 'all seeing'. This term has incorporated into the project
name to represent the PANOPTESEC consortium because the overall goal of
the PANOPTESEC project is to deliver a continuous cyber security monitoring
and response capability.
The PANOPTESEC prototype will proactively and reactively evaluating system
weaknesses, identifying potential attack paths, providing a list of prioritized
response actions, and delivering a means to execute these responses; all
supported by automated analysis engines. The resulting PANOPTESEC
prototype will provide a continuous monitoring and response capability to
prevent, detect, manage and react to cyber incidents in real-time. The near
European Cyber Security Protection Alliance
Page 93 / 99
market-ready system will support breach notifications and improve situation
awareness while supporting the decision-making process required by security
personnel. PANOPTESEC will deliver this capability through an integrated and
modular, standards-based integration of technologies that will collectively
deliver the required capabilities.
PCAS.- Personalised Centralized Authentication System
PCAS aims at providing an innovative, trustworthy, handheld device. The
Secured Personal Device (SPD) will allow users to securely store their data, to
share it with trusted applications, and to easily and securely authenticate
him. The SPD will recognise its user using multiple biometric sensors,
including a stress level sensor to detect coercion. Using the same biometric
authentication, the SPD will be able to enforce secure communication with
servers in the cloud, relieving the user from memorizing passwords.
The SPD will take the form of a smartphone add-on that draws power from
the smartphone and uses its communication services. The security and
authentication mechanisms will use software components running on the
SPD, on the smartphone, and in the cloud. These software components will
enable the use of biometric sensors to perform authentication on the
smartphone and on the cloud, authorise access to the stored data on the SPD
and securely transfer data from/to remote devices: USB or NFC connected
computers or remote web services. The project will develop a full
environment composed of programming APIs (needed to develop trusted
applications) and modules that allow the easy integration of PCAS with
existing web services. The benefits of the project will be demonstrated with
two use cases: electronic health and university campus access control.
PRACTICE.- Privacy-Preserving Computation in the Cloud
PRACTICE has assembled the key experts throughout Europe and will provide
privacy and confidentiality for computations in the cloud. PRACTICE will
create a secure cloud framework that allows the realization of advanced and
practical cryptographic technologies providing sophisticated security and
privacy guarantees for all parties in cloud-computing scenarios. With
PRACTICE users no longer need to trust their cloud providers for data
confidentiality and integrity.
PRACTICE will deliver a Secure Platform for Enterprise Applications and
Services (SPEAR) providing application servers and automatic tools enabling
privacy-sensitive applications on the cloud. SPEAR protects user data from
cloud providers and other users, supporting cloud-aided secure
computations by mutually distrusting parties and will support the entire
software product lifecycle.
PRACTICE is strongly industry-driven and will demonstrate its results on two
end-user defined use cases in statistics and collaborative supply chain
management.
European Cyber Security Protection Alliance
Page 94 / 99
PRIPARE.- PReparing Industry to Privacy-by-design by supporting its
Application in Research
The mission of PRIPARE is twofold: facilitate the application of a privacy and
security -by-design methodology that will contribute to the advent of
unhindered usage of Internet against disruptions, censorship and
surveillance, support its practice by the ICT research community to prepare
for industry practice; foster risk management culture through educational
material targeted to a diversity of stakeholders. To this end PRIPARE will
• specify a privacy and security-by-design software and systems engineering
methodology, using the combined expertise of the research community and
taking into account multiple viewpoints (advocacy, legal, engineering,
business),
• prepare best practices material (guidelines, patterns, success stories) for
the development and implementation of products and services of ICT-based
systems and use-cases in the area of cloud computing, mobile services and
the management of cyber incidents,
• provide educational material on approaches for risk management of
privacy and create awareness on the need for risk management culture
among users. Material consistent with PRIPARE methodology will be
structured in a modular way in order to fit to different targets (policy makers,
users, ICT students and professional).
• identify gaps and provide recommendations on privacy and security-by-
design practices, support of unhindered usage of Internet and on the
creation of a risk management culture. A research agenda will be proposed.
RASEN.- Compositional Risk Assessment and Security Testing of Networked
Systems
The European society increasingly depends on ICT systems, in particular ICT
systems within critical infrastructures such as telecommunication services,
public health services, banking services and power supply. At the same time
such systems become increasingly heterogeneous and complex, both with
respect to their underlying technology and infrastructure and with respect to
their social, economic and legal context. Furthermore, heterogeneous
networked service and computing environments cross organisational and
geographical borders, posing security challenges that need to be addressed
from a broad perspective. For organisations, enterprises and service
providers to continuously ensure a sufficient level of protection of complex
networked systems, a thorough understanding of security risks is required.
However, the nature of such systems makes security assessment very
challenging. First, assessing the security of such large, complex networked
systems in their entirety is infeasible. Second, security assessment is usually
performed either at a high-level (e.g. by risk assessment) or at a technical
low-level (e.g. by security testing) with few methods to combine the levels
and make use of them complementary. The RASEN project addresses these
challenges by, on the one hand, developing support for systematic
composition of security assessment results, allowing global security
assessments to be derived from assessments of smaller parts of the system.
European Cyber Security Protection Alliance
Page 95 / 99
On the other hand, RASEN will develop support for systematically combining
high-level security risk assessment with low-level security testing, such that
risk assessment can be used to derive security test cases and security test
results can be used to verify or updating the risk assessment.
The expected result of RASEN is an approach to security assessment that
consists of methods and techniques to support the following. Compositional
security assessment: How the security assessment can be broken down into
smaller parts and systematically composed to obtain the global assessment.
Risk-based security testing: How to derivative security test cases from
security risk assessment results. Test-based security risk assessment: How to
verify and update of the security risk assessment based on security test
results. Legal security risk assessment: How to assess and understand
compliance with legal norms related to information security. Continuous
security assessment: How reuse results from previous security assessments
and to rapidly update the security risk assessment based on passive testing
(also called monitoring). Additionally, RASEN will deliver a toolbox that
integrates the RASEN tool portfolio consisting of a security risk assessment
tool and a security testing tool, as well as tools to make transformations
between the two. All the results will be evaluated and validated in relevant
use cases derived from the domains of healthcare, finance and the IT
industry.
SECCORD.- SECurity and trust COoRDination and enhanced collaboration
SecCord provides coordination and services for the Trust and Security (T&S)
research program and its projects. There are five inter-related threads to its
work plan that correspond to the project objectives.
[1] Build on the current collaborations between the T&S projects, evolving
the clustering activities, development of state-of-the-art ideas and
knowledge, extending membership to other projects and groups with T&S
needs, outreaching to legal, social and economic projects with a trust and
security related interest.
[2] Conducting a detailed analysis of the work of the projects, demonstrate
the dividends outputs and benefits- resulting from the investment in T&S
research, providing evidence of valuable and meaningful results and
potential impact.
[3] Provide greater visibility of T&S research program through a high-profile
annual conference and a T&S research web repository that provides a central
focus and exchange for T&S research information and links; the goal is that
these become a recognisable brand. Visibility and outreach will be extended
by building on an already established community of interests to include
relationships with industry and T&S initiatives of member states.
[4] Leverage the potential and impact of T&S project results by maintaining a
catalogue and showcase of results, and by interpreting and matching them
against use-cases of current and foreseen market needs covering a wide
spectrum of social considerations -legal, economic, and personal.
European Cyber Security Protection Alliance
Page 96 / 99
[5] To provide context for the impact and visibility of the research program,
provide a strategic outlook of the emerging and developing T&S issues,
challenges, requirements, and priorities, with attention given to legal, social,
and economic concerns. Set up an expert Advisory focus group that includes
external members to advise on key strategic issues and priorities. The
Advisory focus group will consist of two sub-groups: academic focus group
and industry oriented focus group.
SECFUNET.- Security for Future Networks
The goal of the SecFuNet project is to design and develop a coherent secure
architecture for virtual networks and cloud accesses. The proposed
architecture will provide solutions allowing the management of the security
of communications for all machines connected to a public cloud using virtual
networks. Hence, we need a coherent and robust identification scheme as
well as a strong authentication system. Algorithms robust to intrusions are
also needed for creating a secure environment. Besides, the proposed
architecture must guarantee security in the virtualized infrastructure,
through isolation of virtual networks and access control for users and
managers. The identification of authorised users, however, must not
compromise their privacy. Moreover, it is necessary to bring an ergonomic
security scheme that is acceptable for all users, even those unknowledgeable
in computer science. And finally, the proposed scheme must take into
account the heterogeneity of equipment (wireless and wired) to preserve
interoperability.
SECURED.- SECURity at the network Edge
The SECURED project proposes an innovative architecture to achieve
protection from Internet threats by offloading execution of security
applications into a programmable device at the edge of the network such as
a home gateway or an enterprise router.
The project targets citizens, network providers, and companies. The latter
will be able to enforce a company-wide security policy not only when the
employee is connected to the corporate network but also when she is on the
move (e.g. home network, 3G connection, airport WiFi).
SECURED will produce concrete results in the form of open specifications and
sample open-source implementations for (A) creation of trusted network
security applications, (B) policy-based security configuration, with support
for hierarchical and multi-source policies, and (C) security marketplace to
trade applications and exchange best-practice policies (useful to encourage
adoption by non-skilled individuals or companies)
In summary, the project will empower mobile users with better Internet
security and enable different business models for network service providers
and security application developers.
SEPIA.- Secure, Embedded Platform with advanced Process Isolation and
Anonymity Capabilities
European Cyber Security Protection Alliance
Page 97 / 99
Mobile and embedded devices are rapidly evolving into powerful, ubiquitous
personal assistants. As such, they will be involved in security-critical
operations like authentication, payment, e-Banking and e-Government
applications. Nevertheless, they have to be open platforms on which
entertainment applications need to find their place. Being part of the
Internet of Things, these platforms become an interesting target to attack
and efficient security mechanisms are required to increase people’s and
companies trust in them. The SEPIA project addresses and considers
trustworthiness, security and protection capabilities of such devices as key
enablers for new businesses and the integration of mobile platforms in the
eEurope initiative.
Establishing trust requires assessments from independent organisations.
However, existing evaluation methodologies do not keep pace with the
rapidly evolving mobile and embedded market.
SEPIA will focus on three topics: Security enhancements of mobile platforms,
cryptography and privacy protecting technologies, delta-evaluation and
certification methodologies. A major objective of SEPIA is to define a next-
generation security-architecture for mobile and embedded systems,
addressing topics such as isolated execution space, virtualization as well as
secure protection of confidential data. Moreover, privacy protecting
mechanisms based on strong cryptography and time- and cost efficient
certification processes reducing the time from design to market will be
researched in the project. In SEPIA, establishing trustworthiness is seen as an
asset that is considered right from the design phase rather than being
addressed as add-on feature. SEPIA will include theoretical and practical
research as well as the development of proof-of-concept prototypes. All
these efforts will result in the SEPIA reference platform which will be
disseminated via demonstrators and as an open platform for further
research and product development.
SPECS.- Secure Provisioning of Cloud Services based on SLA management
SPECS offering:
- Mechanisms to specify Cloud security requirements and assess the
standalone and comparative security features offered by CSPs.
- Ability to integrate desired corporate security services (eg. credential
and access management) into Cloud services.
- Systematic approaches to negotiate, monitor and enforce the
security parameters specified in Service Level Agreements (SLA).
- Approaches to develop and deploy security services that are "Cloud
SLA-aware", implemented as an open-source Platform-as-a-Service
(PaaS).
Providing such comprehensible and enforceable security assurance by CSP's
is a critical factor to deploy trustworthy Cloud ecosystems. Targeting ICT-
2013.1.5 "Trustworthy ICT", SPECS will develop and implement an open
European Cyber Security Protection Alliance
Page 98 / 99
source framework to offer Security-as-a-Service, by relying on the notion of
security parameters specified in Service Level Agreements (SLA) and
providing the techniques to systematically manage their life-cycle.
The SPECS framework addresses both CSP's and users to provide techniques
and tools for:
a) Enabling user-centric negotiation of security parameters in Cloud SLA,
along with a trade-off evaluation process among users and CSPs, in order to
compose Cloud services fulfilling a minimum required security level.
b) Monitoring in real-time the fulfillment of SLAs agreed with CSPs, notifying
both users and CSPs, when a SLAs not being fulfilled.
c) Enforcing agreed SLA in order to keep a sustained Quality of Security
(QoSec) that fulfills the specified security parameters. SPECS' enforcement
framework will also "react and adapt" in real-time to fluctuations in the
QoSec by advising/applying the requisite countermeasures.
Using real case studies SPECS will demonstrate that the contributed
framework and architecture can be integrated "as-a-Service" into real life
Cloud environments, with a particular emphasis on small/medium/federated
CSP and end users.
10. Annex II mapping of European projects to cyber Security topics
Annex II maps European research projects to the cyber security subjects they look to address
European Cyber Security Protection Alliance
Page 99 / 99
-END-