Periodic Reporting for period 1 - ResilMesh (ResilMesh: Situation Aware enabled Cyber Resilience for Dispersed, Heterogenous Cyber Systems)
Período documentado: 2023-10-01 hasta 2025-03-31
The nature of digital communications, services and infrastructures is constantly in flux, driven by both societal and business needs as well as technological innovation. Enterprise and critical infrastructure architectures are becoming dispersed , heterogeneous and multi-layered. This creates a complex attack surface that is prohibitively difficult to defend. At the same time the range and sophistication of cyber-attacks is also growing. This makes it more difficult to avoid disruptions caused by malicious cyber activities that threaten economies, as well as the freedoms and values of Europe.
Digital infrastructure security teams lack the tools to adapt their security defences to the complexity of networks and services. Often, the defence systems not prepared for new security approaches such as Zero Trust and may lack operational capacity required to operate effectively.
Resilmesh aims to provide tools to help defenders manage the complexity and diversity of services and infrastructure. It will also provide algorithms and tools to enable early attack detection and prediction to combat sophisticated APTs as well as tools and processes to improve cyber resilience, including building resilience into the Resilmesh platform itself. Moreover Resilmesh aims to support strengthened competitiveness of European security sector products and services
To support these aims Resilmesh has defined the following six key objectives:
ENABLE-Develop a data aggregation and tools collaboration framework to adapt security defense systems to the needs of complex and heterogeneous cyber system infrastructures and applications.
UNDERSTAND- Develop a digital service structure awareness system to improve resilience through greater understanding of cyber system structure and dependencies.
PREPARE- Improve capacity building, disruption preparedness and resilience awareness.
DETECT: Develop algorithms and tools to for early and ongoing attack detection and prediction
ASSESS: Develop a situation assessment system to view and project network level risk.
EVALUATE &TRANSFER: Evaluate the ResilMesh concept in near production environments and demonstrate the extensibility and transferability of the ResilMesh system across multiple IT and OT sectors.
As a result of fulfilling these objectives Resilmesh expects that digital service providers will have increased organisational and operational security capacity to withstand APT’s and an increased awareness and use of AI in cyber defence and recovery leading to better protection for critical services as well as more resilient infrastructures and services
Digital infrastructure security teams lack the tools to adapt their security defences to the complexity of networks and services. Often, the defence systems not prepared for new security approaches such as Zero Trust and may lack operational capacity required to operate effectively.
Resilmesh aims to provide tools to help defenders manage the complexity and diversity of services and infrastructure. It will also provide algorithms and tools to enable early attack detection and prediction to combat sophisticated APTs as well as tools and processes to improve cyber resilience, including building resilience into the Resilmesh platform itself. Moreover Resilmesh aims to support strengthened competitiveness of European security sector products and services
To support these aims Resilmesh has defined the following six key objectives:
ENABLE-Develop a data aggregation and tools collaboration framework to adapt security defense systems to the needs of complex and heterogeneous cyber system infrastructures and applications.
UNDERSTAND- Develop a digital service structure awareness system to improve resilience through greater understanding of cyber system structure and dependencies.
PREPARE- Improve capacity building, disruption preparedness and resilience awareness.
DETECT: Develop algorithms and tools to for early and ongoing attack detection and prediction
ASSESS: Develop a situation assessment system to view and project network level risk.
EVALUATE &TRANSFER: Evaluate the ResilMesh concept in near production environments and demonstrate the extensibility and transferability of the ResilMesh system across multiple IT and OT sectors.
As a result of fulfilling these objectives Resilmesh expects that digital service providers will have increased organisational and operational security capacity to withstand APT’s and an increased awareness and use of AI in cyber defence and recovery leading to better protection for critical services as well as more resilient infrastructures and services
Resilmesh is structured into 10 work packages (WP) of which the technical work packages are:
WP2 – Requirements and Architecture - has collected and defined the system requirements including those from discussion with end users. These requirements in turn have fed into the specification of the system functional and software components which together describe the Resilmesh architecture.
WP3- System Platform – has built and delivered the security log collection, routing, normalization, processing and storage infrastructure for the project.
WP4 – Threat Awareness –develops several privacy aware AI-based function to detect and predict threats as well as share the information securely between different partners. Initial, prototype versions have been developed during the first period of the project.
WP5 – Situation Assessment –develops functions to give service providers greater awareness of the threat surface and risk situation of their infrastructure and services as well means to respond to and mitigate on going attacks. Initial prototype versions have been developed during the first period of the project.
WP6 – Resilience Preparedness and Capacity Building –develops measures to increase resilience capacity by demonstrating the use of Resilmesh in a cyber range environment and providing AI-based penetration testing.
WP7 – System Integration – will integrate the platform and applications in to a complete systems.
WP8 -Pilots – and WP9 – Open Calls – will extend the Resilmesh scope and demonstrate its use in actual end user scenarios. The first open calls are ongoing in the energy generation , electric vehicle charging and building automation domains and the first pilot is about to start.
WP2 – Requirements and Architecture - has collected and defined the system requirements including those from discussion with end users. These requirements in turn have fed into the specification of the system functional and software components which together describe the Resilmesh architecture.
WP3- System Platform – has built and delivered the security log collection, routing, normalization, processing and storage infrastructure for the project.
WP4 – Threat Awareness –develops several privacy aware AI-based function to detect and predict threats as well as share the information securely between different partners. Initial, prototype versions have been developed during the first period of the project.
WP5 – Situation Assessment –develops functions to give service providers greater awareness of the threat surface and risk situation of their infrastructure and services as well means to respond to and mitigate on going attacks. Initial prototype versions have been developed during the first period of the project.
WP6 – Resilience Preparedness and Capacity Building –develops measures to increase resilience capacity by demonstrating the use of Resilmesh in a cyber range environment and providing AI-based penetration testing.
WP7 – System Integration – will integrate the platform and applications in to a complete systems.
WP8 -Pilots – and WP9 – Open Calls – will extend the Resilmesh scope and demonstrate its use in actual end user scenarios. The first open calls are ongoing in the energy generation , electric vehicle charging and building automation domains and the first pilot is about to start.
In the first period Resilmesh has developed an initial set of key results including:
1) The Resilmesh platform - built on top of the NATS message streaming framework to provide secure event collection and processing over highly distributed heterogeneous digital infrastructures including any combination of cloud, on-premise, edge and IoT endpoints as well as the underlying network and devices. Moreover the platform utilises the NATS service mesh capabilities to enshrine key resilience engineering best practices such as redundancy , segmentation, realignment (i.e. structure systems and resource uses to meet and adapt mission or business function needs) and dynamic positioning (i.e. .distribute and dynamically relocate functionality or system resources).
2) Tools , processes and AI algorithms for security event processing including end point and network anomaly detection and correlation (to reduce false positives) as well as threat hunting and digital forensics. Anomaly detection may be deployed at any point across the distributed Resilmesh platform including at the edge or cloud and may include federated learning to ensure privacy.
3) A collection of tools to improve situational awareness for cyber defence teams. This includes an asset management system to catalogue key internal and external facing assets and their dependencies as well as tools to estimate and visualize risk at a component and systems level. This enables defenders to view and manage their attack surfaces and security posture.
4) Tools for automation of processes including asset management and risk based attack mitigation though the use of orchestration playbooks.
5) Mechanisms for robust cyber threat intelligence sharing including the use of ‘Indicators of Attack’ to flag suspicious adversary infrastructure.
1) The Resilmesh platform - built on top of the NATS message streaming framework to provide secure event collection and processing over highly distributed heterogeneous digital infrastructures including any combination of cloud, on-premise, edge and IoT endpoints as well as the underlying network and devices. Moreover the platform utilises the NATS service mesh capabilities to enshrine key resilience engineering best practices such as redundancy , segmentation, realignment (i.e. structure systems and resource uses to meet and adapt mission or business function needs) and dynamic positioning (i.e. .distribute and dynamically relocate functionality or system resources).
2) Tools , processes and AI algorithms for security event processing including end point and network anomaly detection and correlation (to reduce false positives) as well as threat hunting and digital forensics. Anomaly detection may be deployed at any point across the distributed Resilmesh platform including at the edge or cloud and may include federated learning to ensure privacy.
3) A collection of tools to improve situational awareness for cyber defence teams. This includes an asset management system to catalogue key internal and external facing assets and their dependencies as well as tools to estimate and visualize risk at a component and systems level. This enables defenders to view and manage their attack surfaces and security posture.
4) Tools for automation of processes including asset management and risk based attack mitigation though the use of orchestration playbooks.
5) Mechanisms for robust cyber threat intelligence sharing including the use of ‘Indicators of Attack’ to flag suspicious adversary infrastructure.