Community Research and Development Information Service - CORDIS

H2020

WISER Report Summary

Project ID: 653321
Funded under: H2020-EU.3.7.

Periodic Reporting for period 1 - WISER (Wide-Impact cyber SEcurity Risk framework)

Reporting period: 2015-06-01 to 2016-05-31

Summary of the context and overall objectives of the project

With the number of threats, attacks and incidents related to cyber-security growing exponentially, the cyber-resilience of companies in Europe and all over the world, no matter their size, has become a hot topic and a challenge for numerous CEOs. The main characteristics of the problem are enumerated below:

* Cyber-crime is a flourishing business
* Cyber-criminals are using ever more sophisticated methods
* Cyber-crime slows down the growth of the Digital Single Market
* Cyber-crime is a clear obstacle for European economies to strive
* Cyber-crime targets sensitive information and critical infrastructures
* Cyber-terrorists are cyber-criminals capable of performing attacks that may lead to loss of human lives

Risk management frameworks have been traditionally complex and have demanded amounts of resources difficult to afford for many companies. On top of that, those risk management processes have been rather manual with a very small degree of automation. The approach is static and iterative, with periodical executions but lack of continuous monitoring. Any problem will be only detected during the next assessment, which may take place several months later.

The demand for automated cyber-risk management systems affordable for everyone is growing exponentially and entails a remarkable market opportunity. Nowadays, more than ever, the democratization of cyber-security is urgent.

WISER aims at responding to this challenge. WISER is an Innovation Action belonging to the Horizon 2020 Framework Programme under Grant Agreement 653321. The project starts on 01.06.2015 and finishes on 30.11.2017. The objectives of the project are enumerated below:

• The Development of a novel Cyber-Risk Management Framework able to assess risks in real-time, considering the impact of cyber-incidents in the company business.
• This framework must be able to evaluate the risk not only at a technical level, but also from the business side, evaluating the economic impact and the societal dimension if cyber-incidents taking place.
• Apart from providing a business-oriented evaluation of cyber-risk, WISER is expected to be capable of suggesting mitigation measures for given risks and assist the user during the decision-making process on which mitigation measures actually apply.
• WISER is expected to provide a very relevant contribution to the state-of-the-art of best practices and develop a universal methodology to assess cyber-risk.
• The WISER concept, methodology and framework of tools and services must be demonstrated their applicability to different verticals by means of feasibility experiments.
• Finally, a sustainable business model must be developed and a sound exploitation plan must be developed in order to make the most of the project outcomes and guarantee their smooth transferability to industry and good marketability, with an appropriate Return of Investment (RoI).

In order to achieve these objectives, WISER builds on the state of the art of methodologies and tools, leveraging best practices from multiple industries, and integrating technological advancements related to the implementation of assessment, monitoring and mitigation IT platform for cyber-risk management in real-time.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

The first year of the WISER project has witnessed several relevant achievements that put the project in the correct direction towards its future success. The WISER Consortium, after a thorough work of understanding the challenge and a joint discussion work, managed to make clear the requirements of the future platform (deliverable D2.1). These requirements account for the innovative methodology proposed in the project. Then, a coordinated effort was put into transforming the requirements into a clear design with a view to ease the future implementation work. The WISER modules, their functionalities, the flow of data exchanged and the interplay among them were defined. The WISER design supports the WISER Risk Assessment Cycle. An intermediate version of the design was published in deliverable D2.2. A mature version of the design was submitted in three different deliverables: D2.3 describes the design at high-level, while D4.1 and D5.1 focus respectively on the monitoring infrastructure and the real-time assessment engine, providing more detailed information about their design.

The WISER Consortium has recently started the task of solution visioning of the project, which closely cooperates with market analysis and exploitation activities, and benefits from the outcomes produced by such activities so far (deliverables D7.1 and D8.7) as valuable inputs. This is done with a strong focus on the wide adoption of the WISER concept.

The Consortium has devoted effort to an extensive analysis of the state-of-the-art on best practices, including standards and methods for risk management and vulnerabilities and threats detection. This is documented as a draft in D6.1 and as final version in D6.2

Another remarkable highlight of the first year has been the Interaction with WISER External Associate Partners, who have been involved in the activity of the Early Assessment Pilot of the WISER solution. WISER EAPs are a group of 11 entities both public and private, and belonging to different verticals. WISER partners have obtained a good understanding of the EAP business goals, critical business processes, their current practice regarding cyber-security and their cyber-security needs. Moreover, two physical workshops have been held to strengthen the interaction with the EAPs, who have given the WISER Consortium the opportunity of learning from their experience and have given very valuable insights and advice in order to drive the design of the WISER Framework towards a realistic and accomplishable marketability.

A very important milestone has been the development of a first set of cyber-risk models. Extensive effort has been put into finding out the way to model cyber-risk and create a first list of cyber-risk patterns addressing the most common attack scenarios. These patterns are used as a basis to develop machine-readable risk assessment algorithms, aimed at giving the user valuable information about the exposure to cyber-risk her company has. The algorithms linked to these patterns receive a set of inputs called indicators. These indicators have been extensively described. All these outcomes are described in detail in deliverable D3.1. The modelling process is documented including guidelines to get to produce representative cyber-risk models, for which to derive the model rules to be evaluated within the framework, producing the cyber-risk assessment. Three different languages are used for modelling purposes: CORAS, DEXi and R. D3.2 provides guidelines to produce CORAS diagrams and to derive DEXi and R models, while these tools are documented in D3.3. WISER evaluates the cyber-risk to which the client is exposed in qualitative terms (a scale of 5 levels, namely: very-low, low, medium, high, very-high) and in quantitative terms (economical terms, actually, the risk is measured in a currency). In addition, WISER is expected to produce a qualitative assessment of the societal impact of the risk. The activities to envision the methodology to calculate the economical and the societal impact of the risk have started during the second half of the year.

The WISER concept relies on the WISER cycle, which envisages these steps:
• Gathering the relevant information, coming from the business and the technical, and collected using several techniques, such as questionnaire filling, monitoring (deployment of sensors within the client infrastructure) and testing (executing vulnerability scanners against the client infrastructure)
• Processing and analysis of the information in order to produce alarms
• Translation by means of mapping techniques of these alarms to make them understandable by WISER evaluation algorithm
• Issuing a risk assessment report with risk evaluation from business point of view, understandable by top management positions
• Support to decision-making
• Actual decision on mitigation actions.

During the second half of the year the Full Scale Pilots activity has started. This activity envisions rolling out WISER to three different scenarios. In order to do so, a comprehensive methodology has been designed. It is explained in deliverables D6.3 and D6.5. It addresses: 1) criteria to select the infrastructure elements to which apply WISER; 2) once such elements are selected, a methodology is used to evaluate their business impact (and associate an economic consequence of an attack taking place); 3) how to deploy the data collectors to be used in the infrastructure. The methodology used in the context of the Full Scale Pilots activity aims at ensuring adherence to ICT strategies and to the goals of the corporate business. AON, REXEL and ENERVALIS are providing the scenarios, where the corresponding target infrastructures with the involved elements are already defined.

The portfolio of the WISER services, with their associated features, has been defined. WISER considers three different products, corresponding with three service levels, starting with a non-intrusive one, following by a basic/intermediate level and concluding with an advanced one. The names of the three services are, respectively: CyberWISER Light, CyberWISER Essential and CyberWISER Plus. Solution visioning, marketing and exploitation activities cooperate to define the way in which the client is provided the service, the inherent value proposal, and the fitting in the chain of value.

Out of these three services, the non-intrusive one, called CyberWISER Light, has gone live and is available for the users. It is a free service which offers a first picture of the user cyber-risk exposure. It is specially oriented to SMEs, who lack of this information since a big money investment is necessary to put in place a cyber-risk management process for the company, what they cannot afford. CyberWISER Light allows SMEs to perform the first steps as far as the creation of a cyber-security strategy is concerned. Several users, among whom the EAPs are, have tried CyberWISER Light with a good overall feedback and with the feeling that WISER can really help them to develop a cyber-security strategy.

WISER integrates the technological advancements related to the implementation of the assessment, monitoring and mitigation IT platform for cyber-risk management in real-time. WISER capabilities are enumerated below:
• Provision of cyber-risk assessment and follow-up the evolution of such assessment. WISER updates the evaluation of cyber-risk any time a relevant change happens in the cyber climate. These changes are reflected in a dashboard put in place to visualize the risk reports. The economical and societal impact analysis is also offered.
• Provision of monitoring of the cyber-climate, considering event detection, alarms raising and follow-up features.
• Provision of testing features. WISER is able to scan vulnerabilities and follow them up.
• Provision of modelling features, paramount to make the risk evaluation. WISER allows risk models and model rules edition, and provides modelling tools and guidelines for risk modelling.
• Finally, WISER provides support to the decision-making process by suggesting possible mitigation measures and comparing, ranking and prioritizing the measures by means of cost-benefit analysis techniques.

During the first year strong effort has been put into making a difference as for communication and dissemination actions, thanks to presence in the Consortium of people combining good IT and communication skills. The main highlights with this respect were the following:
• Provision of the media platform (reported in deliverable D8.1)
• Continuous presence in the social networks (reported in deliverables D8.4 and D8.5)
• Presence in the media (reported in D8.4 and D8.5)
• Presence in events (reported in D8.4 and D8.5)
• Use of CyberWISER Light as a tool for community building and stakeholder engagement.

The communication strategy is performed with messages shaped for each client target audience segment: small firms, large companies, public sector, policy stakeholders and general public. The communication plan foresees a specific communication campaign for the launch of CyberWISER products.

The first version of the exploitation plan (reported in deliverable D8.7) has been issued. The main contents are the definition of the WISER value proposition, the initial plans for joint and individual exploitation of WISER outcomes, and the initial version of the business models for WISER outputs, looking for sustainability in years to come.

An important outcome is also the first version of the market watch (deliverable D7.1). The outcomes of the market research identify a big market opportunity to be seized. Risk management in real-time will be highly demanded and will make a difference. SMEs need cyber-risk management services to be affordable, while reducing or removing the need for specialized consultancy. Currently, cyber-risk management solutions are expensive and involve consultancy. Some on-line tools are emergying, but the market offers plenty of opportunities anyway.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

WISER outcomes are expected to produce a remarkable impact, as summarized below:
• WISER is expected to contribute to increase the trustworthiness of the Internet as a cornerstone for running businesses. It is very important not to oversight that more and more businesses depend on a smooth functioning of ICT systems, therefore it can be stated that a secure Internet will boost the European economy. Then, the future availability and adoption of the WISER services have to produce a clear benefit to the European economy.
• WISER aims at contributing to the modernization of risk management processes, shifting away from processes done manually on a periodic basis (like ISO 31000) to a new risk management approach done automatically and continuously, being more efficient, affordable and easier to adopt.
• WISER methodology has to be capable of assessing cyber-risk from both the ICT and the business perspective, this is, WISER has to provide ,multi-level assessment. It is not only about monitoring incidents, it is about assessing the risk they mean for a company. WISER goes a step beyond the purely technical monitoring of cyber-incidents incorporating the evaluation of the economical and societal impact of risk.
• WISER methodology aims at creating wide impact being clear affordable and easy to adopt. The expected consequences are clear: a raise of awareness about cyber-security issues; the involvement of SMEs, traditionally lacking of resources, in the process of drawing a cyber-security strategy; companies will implement prevention measures, beyond purely mitigation actions, and all of this being compliant with European Directives and legal frameworks regarding ICT security.

Related information

Record Number: 190403 / Last updated on: 2016-11-15