CIPSEC pursues these goals:
-Obtain a unified security framework for the CI architecture: The complete CIPSEC Framework has been implemented integrating the envisioned products and services covering different heterogeneous yet complementary features: Endpoint Detection and Response (including in this chapter Intrusion Detection; Malware Detection Blockage; Analysis and Removal; Network and Host Activity Monitoring and Antijamming); Data Encryption; Data Anonymization and Privacy; Anomaly Detection; Identity Access Management; Integrity Management and Forensics Analysis; Vulnerability Analysis; Contingency Planning; Updating and Patching and, last but not least, a complete training platform was put in place with a set of courses covering a wide range of aspects of high interest for critical infrastructure protection, including also face-to-face trainings.
-Obtain a security ecosystem with solutions and services that go beyond the single CI borders: The vulnerability analysis service serves to anticipate likely incidents derived from weaknesses present in the infrastructure under analysis. As for privacy, CIPSEC contributes to fostering the sharing of security information with external entities thanks to anonymization techniques that allow the exchange of relevant information without disclosing delicate data in MISP (Malware Information Sharing Platform) servers. CIPSEC fostered the development of better and more complete contingency plans, encouraging the pilots to move to the next level being engaged with authorities and policy makers and also to keep their current plans monitored searching for ways to improve. The partners have delivered workshops and training courses, making available a training platform with a set of relevant courses. Advanced data visualization techniques have been developed to allow for a better forensic analysis, adding new sources of information to the intelligence layer for the obtention of relevant data. Finally the Consortium has searched for solutions aiming to the automatic updating and patching of different components in CIPSEC.
-Validate the CIPSEC security framework in real CIs: The plans for deployment of the different CIPSEC components in the three pilots have been carried out. The Consortium discovered the peculiarities of the three scenarios and learned that there is no silver bullet when it comes to deploying a security solution for CIs. We tested that the different components act as expected in several simulated risk scenarios and we designed and executed a series of tests to check the performance of the framework. As a side activity, a total cost ownership analysis was conducted to demonstrate that the investment is worthwhile if it mitigates the effects of a major attack or several minor ones.
-Consolidate International and European links and collaborate with standardization bodies: We have continued with the approach adopted in the first half of the project of staying in touch with different working groups following an approach of “monitor, inform and contribute as possible”
-Ready to market solutions and immediate market impact:10 business models have been produced: six for different CIPSEC components such as DoSSensing, XL-SIEM, Secocard, Forensics Visualization Toolkit, GravityZone, and the Vulnerability Assessment; 3 for the different verticals considered in the project (transport, health and environment), and a business case for the joint exploitation of the project results. A cooperation agreement has been signed by the different partners to establish a collaboration framework with terms and conditions to exploit the project outcomes. All partners have further developed their individual exploitation plans.