Periodic Reporting for period 1 - DYNABIC (Dynamic business continuity of critical infrastructures on top of adaptive multi-level cybersecurity)
Reporting period: 2022-12-01 to 2024-05-31
The strategic objective of DYNABIC is to increase the resilience and business continuity capabilities of European critical services in the face of advanced cyber-physical threats. DYNABIC solution approach relies on the use of Digital Twin (DT) technology to provide real-time monitoring and awareness of physical infrastructure and to enable intelligent response against cyber-physical threats. The approach proposes to leverage the DT technology for business level risk management and resilience. During the first half of the project, DYNABIC has successfully achieved all the objectives and milestones of the period. The specification and architecture of the initial version of the DYNABIC framework is completed, together with the initial prototype implementation of the seven key exploitable results (KER) composing the framework. The services range from the multi-aspect DT of the critical infrastructure to other services on top of it such as smart situational awareness, dynamic risk assessment, and intelligent response against cyber-physical threats
DYNABIC has timely completed all the deliverables due in the first reporting period.
The scientific research of DYNABIC has progressed as planned and WP2 has defined the solution architecture and specification, and all initial component prototypes are ready and their integration has started.
WP3 focused on the research of dynamic and quantitative assessment of system and business risks in critical infrastructures (CI) and has developed the models, methods and engines to support the intra and inter CI risk assessment (RISKM4BC).
WP4 activities researched the data models, storage and sharing methods and tools, building the multi-aspect digital twin MADT4BC as a holistic virtual representation of the CI supporting cyber resilience services. As part of these services, the SIM4BC data simulator and AWARE4BC for situational awareness components were designed and implemented.
In WP5, SOAR4BC component was researched which integrates the security orchestration and smart adaptation of responses (SOAR4BC), the AVATAR4BC as the main HMI interface with security operators, the Chat4XAI for explainability of adaptation and Chat4Operators for personalised assistance. Finally, the risk-aware information sharing CTI4BC was also delivered as part of WP5.
WP6 is dedicated to the planning and execution of the DYNABIC pilots, and the evaluation of the scenarios for the four use cases were already defined, together with the and cyber threats and disruptions for which the components will be evaluated.
The scientific research of DYNABIC has progressed as planned and WP2 has defined the solution architecture and specification, and all initial component prototypes are ready and their integration has started.
WP3 focused on the research of dynamic and quantitative assessment of system and business risks in critical infrastructures (CI) and has developed the models, methods and engines to support the intra and inter CI risk assessment (RISKM4BC).
WP4 activities researched the data models, storage and sharing methods and tools, building the multi-aspect digital twin MADT4BC as a holistic virtual representation of the CI supporting cyber resilience services. As part of these services, the SIM4BC data simulator and AWARE4BC for situational awareness components were designed and implemented.
In WP5, SOAR4BC component was researched which integrates the security orchestration and smart adaptation of responses (SOAR4BC), the AVATAR4BC as the main HMI interface with security operators, the Chat4XAI for explainability of adaptation and Chat4Operators for personalised assistance. Finally, the risk-aware information sharing CTI4BC was also delivered as part of WP5.
WP6 is dedicated to the planning and execution of the DYNABIC pilots, and the evaluation of the scenarios for the four use cases were already defined, together with the and cyber threats and disruptions for which the components will be evaluated.
The seven key components of the DYNABIC framework and their advances are explained in the following:
• RISKM4BC is an innovative and dynamic business risk management framework. Designed to offer both design and operational support, this tool is specifically tailored for cascading impact assessment and real-time risk quantification within the chain of Critical Infrastructures (CIs).
• MADT4BC is a comprehensive knowledge graph-based multi-aspect digital twin of the critical infrastructure system, providing data storage and analysis capabilities for real-time situational awareness. It allows users to easily access, perform advanced analytics and visualize outputs at different layers of abstraction, leveraging heterogeneous data from integrated databases.
• SIM4BC is a highly realistic data simulator of diverse incidents and cyber attacks against critical infrastructures that will enable and support the prognosis of risk estimation and the decision-making of preventive strategies.
• AWARE4BC is an integrated solution for multi-concern resilience and security monitoring and analysis of CIs which combines the monitoring of the system and of its physical environment. The solution leverages a unique algorithm and implementation to provide root cause analysis of incidents and minimise false positives.
• SOAR4BC is an innovative security orchestration and automation solution for CIs which integrates reinforcement learning-based adaptation intelligence with digital twin technology, offering a holistic security orchestration with LLM-powered explainability of response actions.
• AVATAR4BC is a real-time personalised Intelligent Virtual Assistant (IVA) for Security Operations Centers’ operators designed to provide real-time personalised technical assistance and enhanced human-machine interaction through avatar and chatbots that take into account the Social Sciences and Humanities (SSH) aspects (psychological and behavioural).
• CTI4BC is an innovative Cyber Threat Intelligence platform based on MISP, integrating with DTs to enhance the way CIs detect, respond, predict, and prevent cyber threats. CTI4BC enables automatic and seamless exchange of CTI and digital evidence among CIs, as well as incident reporting to CSIRTs, in compliance with NIS 2 Directive, and supporting the handling of cascading risks between CIs.
The initial exploitation models and IPR principles are currently defined and will be revised as the prototypes mature and get evaluated.
• RISKM4BC is an innovative and dynamic business risk management framework. Designed to offer both design and operational support, this tool is specifically tailored for cascading impact assessment and real-time risk quantification within the chain of Critical Infrastructures (CIs).
• MADT4BC is a comprehensive knowledge graph-based multi-aspect digital twin of the critical infrastructure system, providing data storage and analysis capabilities for real-time situational awareness. It allows users to easily access, perform advanced analytics and visualize outputs at different layers of abstraction, leveraging heterogeneous data from integrated databases.
• SIM4BC is a highly realistic data simulator of diverse incidents and cyber attacks against critical infrastructures that will enable and support the prognosis of risk estimation and the decision-making of preventive strategies.
• AWARE4BC is an integrated solution for multi-concern resilience and security monitoring and analysis of CIs which combines the monitoring of the system and of its physical environment. The solution leverages a unique algorithm and implementation to provide root cause analysis of incidents and minimise false positives.
• SOAR4BC is an innovative security orchestration and automation solution for CIs which integrates reinforcement learning-based adaptation intelligence with digital twin technology, offering a holistic security orchestration with LLM-powered explainability of response actions.
• AVATAR4BC is a real-time personalised Intelligent Virtual Assistant (IVA) for Security Operations Centers’ operators designed to provide real-time personalised technical assistance and enhanced human-machine interaction through avatar and chatbots that take into account the Social Sciences and Humanities (SSH) aspects (psychological and behavioural).
• CTI4BC is an innovative Cyber Threat Intelligence platform based on MISP, integrating with DTs to enhance the way CIs detect, respond, predict, and prevent cyber threats. CTI4BC enables automatic and seamless exchange of CTI and digital evidence among CIs, as well as incident reporting to CSIRTs, in compliance with NIS 2 Directive, and supporting the handling of cascading risks between CIs.
The initial exploitation models and IPR principles are currently defined and will be revised as the prototypes mature and get evaluated.