Periodic Reporting for period 1 - IRIS (artificial Intelligence threat Reporting and Incident response System)
Período documentado: 2021-09-01 hasta 2023-02-28
Uptake of IoT and AI driven ICT systems in Europe is crucial for our common future, but it is dependent on our strategic ability to protect these systems from cyber threats and attacks on their privacy.
IRIS addresses this challenge with a collaborative-first approach centered around CERTs/CSIRTs.
From a technological perspective, it deploys (i) autonomous detection of IoT and AI threats, enriched with (ii) privacy-aware intelligence sharing and collaboration, and (iii) advanced data protection and accountability. Crucially, IRIS introduces (iv) the first dedicated online training and cyber exercises to prepare CERTs/CSIRTs to collaboratively protect critical infrastructures and systems against cross-border AI and IoT threats.
Regarding societal importance:
IRIS contributes towards a European strategic autonomy in IoT and AI cybersecurity.
It considers the complete range of cybersecurity and privacy risks associated with IoT and AI-enabled ICT systems and their associated technical and human factors threat intelligence challenges. IRIS addresses the confidentiality, integrity and availability of the data collected, analysed, shared and generated during IoT and AI operations in an ICT system.
It also assesses the reputability of the data collection process and the data processed in relation to its impact on an ICT system’s performance and behaviour to achieve and maintain cyber resilience.
In addition, it equips CERTs/CSIRTs with a state-of-the-art incident response toolkit to mitigate large-scale cybersecurity incidents.
The overall objectives are:
1) To identify the user, technical and business requirements and design the architecture of an AI threat reporting and incident response system to support the operations of CERTs/CSIRTs towards minimizing the impact caused by cybersecurity and privacy risks in IoT platforms and AI-provisions.
2) To analyse the relevant ethics principles and legal framework on privacy concerns, as well as to understand relevant stakeholders’ behaviour to identify the main legal, ethics and social enablers for the IRIS solution.
3) To design and implement an automated threat analytics framework capable of detecting and responding to cyber threats targeting IoT and AI-driven ICT systems, while exhibiting advanced recovery capabilities.
4) To develop a collaborative threat intelligence and information sharing toolkit that allows ICT stakeholders and European CERTs/CSIRTs to create and seamlessly share context-rich information about cyber threats targeting IoT and AI-driven ICT systems.
5) To design and implement a data protection and accountability module to establish trust and enable the protection of data necessary for the successful operation of IoT and AI-enabled ICT systems
6) To design and implement a virtual cyber range platform for training cybersecurity professionals to fight against adversarial AI and machine learning attack
7) To demonstrate and validate the integrated IRIS platform across three realistic pilot demonstrators in three smart cities
8) To ensure wide communication and scientific dissemination of the IRIS results to the research, academic, and CERT/CSIRT community, efficient exploitation and business planning of the IRIS concepts and solutions to the market, and contribution of specific project results to relevant standardisation bodies
IRIS addresses this challenge with a collaborative-first approach centered around CERTs/CSIRTs.
From a technological perspective, it deploys (i) autonomous detection of IoT and AI threats, enriched with (ii) privacy-aware intelligence sharing and collaboration, and (iii) advanced data protection and accountability. Crucially, IRIS introduces (iv) the first dedicated online training and cyber exercises to prepare CERTs/CSIRTs to collaboratively protect critical infrastructures and systems against cross-border AI and IoT threats.
Regarding societal importance:
IRIS contributes towards a European strategic autonomy in IoT and AI cybersecurity.
It considers the complete range of cybersecurity and privacy risks associated with IoT and AI-enabled ICT systems and their associated technical and human factors threat intelligence challenges. IRIS addresses the confidentiality, integrity and availability of the data collected, analysed, shared and generated during IoT and AI operations in an ICT system.
It also assesses the reputability of the data collection process and the data processed in relation to its impact on an ICT system’s performance and behaviour to achieve and maintain cyber resilience.
In addition, it equips CERTs/CSIRTs with a state-of-the-art incident response toolkit to mitigate large-scale cybersecurity incidents.
The overall objectives are:
1) To identify the user, technical and business requirements and design the architecture of an AI threat reporting and incident response system to support the operations of CERTs/CSIRTs towards minimizing the impact caused by cybersecurity and privacy risks in IoT platforms and AI-provisions.
2) To analyse the relevant ethics principles and legal framework on privacy concerns, as well as to understand relevant stakeholders’ behaviour to identify the main legal, ethics and social enablers for the IRIS solution.
3) To design and implement an automated threat analytics framework capable of detecting and responding to cyber threats targeting IoT and AI-driven ICT systems, while exhibiting advanced recovery capabilities.
4) To develop a collaborative threat intelligence and information sharing toolkit that allows ICT stakeholders and European CERTs/CSIRTs to create and seamlessly share context-rich information about cyber threats targeting IoT and AI-driven ICT systems.
5) To design and implement a data protection and accountability module to establish trust and enable the protection of data necessary for the successful operation of IoT and AI-enabled ICT systems
6) To design and implement a virtual cyber range platform for training cybersecurity professionals to fight against adversarial AI and machine learning attack
7) To demonstrate and validate the integrated IRIS platform across three realistic pilot demonstrators in three smart cities
8) To ensure wide communication and scientific dissemination of the IRIS results to the research, academic, and CERT/CSIRT community, efficient exploitation and business planning of the IRIS concepts and solutions to the market, and contribution of specific project results to relevant standardisation bodies
The IRIS Project has achieved most of its objectives and milestones for the period, with relatively minor deviations. Overall, project activities are proceeding as planned and all project deliverables were submitted on time. Dissemination activities are progressing well and most targets for this stage have been met or exceeded.
The consortium has reached the significant milestone of describing the overall IRIS platform architecture in detail. Also, the IRIS team is currently finalizing the software development and integration of all IRIS tools, including:
1) Automated Threat Analytics Module (ATA), including components for: IoT and AI-provision Risk & Vulnerability Assessment, Autonomous AI Threat Analytics & Detection, Risk-based Response & Self-Recovery, and Digital twin honeypot telemetry & analytics.
2) Collaborative Threat Intelligence (CTI) Module, including components for: Dynamic open repositories of threats & vulnerabilities, Threat intelligence sharing, and Advanced Threat Intelligence Orchestrator.
3) Data Protection and Accountability (DPA) Module , including components for: Real-time data protection and recovery, and Accountability, auditing & traceability via DLT.
4) Enhanced MeliCERTes Ecosystem (EME) Module, including a component for Enhanced MeliCERTes-based CSIRT / CIs communication, communities support, collaboration and information sharing with Unified Customizable Dashboard and Intuitive information visualization with Role-based Access Control for different types of end users
5) Virtual Cyber Range (VCR) Module, including components for: Human-centric training & exercises, IRIS lab pods for CERTs/CSIRTs, and CR environment platform and dashboard.
These tools will provide the capability to collect data from IoT sensors, enable threat detection, orchestrate incident response and facilitate information sharing. The innovative end-to-end integration of these capabilities is expected to bring a significant impact to the CERT/CSIRT networks.
The main technological results of the project so far are the collection of use cases, requirements, and architecture of the IRIS platform, as well as the ongoing software developments, setting the ground for building the IRIS platform which will be a major technological achievement with a high impact regarding protection of IoT networks.
Finally, work was initiated towards setting up the three IRIS pilots, consisting of three realistic use cases featuring 3 smart cities in 3 European countries: Barcelona, Tallinn, and Helsinki.
The consortium has reached the significant milestone of describing the overall IRIS platform architecture in detail. Also, the IRIS team is currently finalizing the software development and integration of all IRIS tools, including:
1) Automated Threat Analytics Module (ATA), including components for: IoT and AI-provision Risk & Vulnerability Assessment, Autonomous AI Threat Analytics & Detection, Risk-based Response & Self-Recovery, and Digital twin honeypot telemetry & analytics.
2) Collaborative Threat Intelligence (CTI) Module, including components for: Dynamic open repositories of threats & vulnerabilities, Threat intelligence sharing, and Advanced Threat Intelligence Orchestrator.
3) Data Protection and Accountability (DPA) Module , including components for: Real-time data protection and recovery, and Accountability, auditing & traceability via DLT.
4) Enhanced MeliCERTes Ecosystem (EME) Module, including a component for Enhanced MeliCERTes-based CSIRT / CIs communication, communities support, collaboration and information sharing with Unified Customizable Dashboard and Intuitive information visualization with Role-based Access Control for different types of end users
5) Virtual Cyber Range (VCR) Module, including components for: Human-centric training & exercises, IRIS lab pods for CERTs/CSIRTs, and CR environment platform and dashboard.
These tools will provide the capability to collect data from IoT sensors, enable threat detection, orchestrate incident response and facilitate information sharing. The innovative end-to-end integration of these capabilities is expected to bring a significant impact to the CERT/CSIRT networks.
The main technological results of the project so far are the collection of use cases, requirements, and architecture of the IRIS platform, as well as the ongoing software developments, setting the ground for building the IRIS platform which will be a major technological achievement with a high impact regarding protection of IoT networks.
Finally, work was initiated towards setting up the three IRIS pilots, consisting of three realistic use cases featuring 3 smart cities in 3 European countries: Barcelona, Tallinn, and Helsinki.
Regarding the expected results of IRIS, they are the following:
[KR1] Human factors for co-design of effective cross-border threat intelligence sharing
[KR2] IoT & AI-Provision Risk & Vulnerability Assessment
[KR3] Autonomous AI threat analytics and detection engine
[KR4] Risk-based Response & Self-Recovery
[KR5] Digital Twin Honeypot Telemetry & Analytics
[KR6] IRIS-enhanced MeliCERTes platform for online collaboration
[KR7] CERTs/CSIRTs collaborative threat intelligence sharing
[KR8] Advanced threat intelligence and analytics orchestrator
[KR9] Dynamic repositories of threats & vulnerabilities
[KR10] DLT-based accountability, auditing and traceability
[KR11] Advanced real-time data protection and recovery
[KR12] Human-centric collaborative online IoT & AI training and cybersecurity exercises
[KR13] IRIS lab pods for CERTs/CSIRTs
[KR14] IRIS cyber range environment platform and dashboard
[KR1] Human factors for co-design of effective cross-border threat intelligence sharing
[KR2] IoT & AI-Provision Risk & Vulnerability Assessment
[KR3] Autonomous AI threat analytics and detection engine
[KR4] Risk-based Response & Self-Recovery
[KR5] Digital Twin Honeypot Telemetry & Analytics
[KR6] IRIS-enhanced MeliCERTes platform for online collaboration
[KR7] CERTs/CSIRTs collaborative threat intelligence sharing
[KR8] Advanced threat intelligence and analytics orchestrator
[KR9] Dynamic repositories of threats & vulnerabilities
[KR10] DLT-based accountability, auditing and traceability
[KR11] Advanced real-time data protection and recovery
[KR12] Human-centric collaborative online IoT & AI training and cybersecurity exercises
[KR13] IRIS lab pods for CERTs/CSIRTs
[KR14] IRIS cyber range environment platform and dashboard