A Novel Adaptive Cybersecurity Framework for the Internet-of-Vehicles

nIoVe aims to deploy a novel multi-layered interoperable cybersecurity solution for the Internet-of-Vehicles (IoV), with emphasis on the Connected and Autonomous Vehicles (CAVs) ecosystem by employing an advanced cybersecurity system enabling all relevant stakeholders and incident response teams to share cyber threat intelligence, synchronise and coordinate their cybersecurity strategies, and apply response and recovery activities. To do so, the project develops a set of in-vehicle and V2X data collectors that will feed nIoVe a comprehensive data processing pipeline for threat analysis and situational awareness across the IoV ecosystem. Advanced visual and data analytics are further enhanced and adapted to boost cyber-threat detection performance under complex attack scenarios, while IoV stakeholders are jointly engaged in incident response activities through trusted mechanisms. The proposed approach is supported by interoperable data exchange between existing and newly proposed cybersecurity tools. nIoVe solution is demonstrated and validated in three pilots, including a hybrid execution environment, simulated environment, and real-world conditions. Overall, nIoVe ambitiously expects to:

1. Reduce the attack surface of the overall IoV ecosystem.
2. Showcase effective and real-time detection of novel advanced threats and cyber-attacks in IoV ecosystems.
3. Reduce the response time substantially and reduce the impact of breaches drastically.
4. Contribute to the establishment and sustainable operation of Computer Security Incident Response Teams (CSIRTs), stimulating information and knowledge sharing across the IoV ecosystem.
5. Paves the way for the next generation of robust, scalable, and resilient IoV infrastructure.

nIoVe draws and builds upon the accumulated experience from its consortium of 12 partners from 6 European countries and Israel and implements the project, which is organised in 8 work packages with a 40-month duration.

Overall, all work packages were successfully accomplished, resulting in the achieved all KPIs (i.e. technical, pilots, dissemination and communication, and exploitation). This high-level outline of the results of the nIoVe project execution is summarised below:

- Management processes and procedures are established, and management organisation and structure are defined.
- Risks are continuously monitored and reported, and mitigation or response actions are performed.
- The user needs and requirements are defined, and a user-centred design approach is established.
- The system requirements are defined, and the architecture is finalised.
- nIoVe tools are developed, integrated into the nIoVe platform and deployed.
- Use cases and attack scenarios are analysed, defined, and described.
- Hybrid, simulated, and real-world conditions pilots are executed.
- Active end-user engagement within the development lifecycle was accomplished, and two user studies were conducted (17 and 15 participants).
- Adaptive UI is defined and fully integrated.
- Dissemination and communication actions are continuously planned, monitored, and executed by all consortium members, focusing on both scientific and industry communities.
- Collaboration and knowledge exchange with other projects and consortia are established and practised.
- nIoVe exploitation foreground, including products, business models, and financial planning, are defined.
- Exploitation strategy is defined.
- Continuous contributions to standardisation bodies and working groups, and alliances are rehearsed.

The project's key innovation is the delivery of the comprehensive cybersecurity nIoVe platform, which consists of numerous integrated tools and services, including advanced adaptability at several levels of user professional and personal needs, which reached level TRL6 and TRL7 (Technology Readiness Level), positioning the outcomes that were tested and successfully demonstrated and validated in relevant environments (i.e. hybrid, simulation), including the operational environment in different settings (i.e. real-world conditions). Giving more detail, the following innovation objectives were accomplished:

- Delivery of a dynamic real-time risk assessment linked with anomaly detection where a deep understanding of risk propagation and interdependencies within the network is available concerning the needs of the IoV environment.
- Implementation of visual analytics principles in cybersecurity real-time attacks monitoring, utilising the results of the entire nIoVe data pipeline and processing; more specifically, the delivery of intuitive and customisable dashboards to offer unique linked data exploration, perception and knowledge extraction for effective cyber-threat assessment based on state-of-the-art advances on visual analytics, and enabling the dynamic connection of different datasets with several types of visualisation, linked together, so that user selection in one visualisation has a direct impact on the others.
- Delivery of a forensic readiness tool for the IoV ecosystem by ensuring that necessary forensic information can be collected and used as a knowledge base about the cyber attacks in CAVs and the IoV ecosystem and supporting active and passive responses to known attacks.
- Delivery of a response toolkit that takes appropriate response actions, ranging from passive (e.g. notifications) to active (e.g. data packets jamming), while also issuing silent visual cues to the end-users based on evaluated incident meta-data and associated risks.
- Introduction of a trust and identity management platform based on blockchain technology to support remote and on-site vehicle maintenance, creating a secure and privacy-preserving environment.
- Development of advanced threat intelligence sharing services and handling of info on various cybersecurity engineering artefacts (e.g. malicious payloads, cybercrime laws and lessons learned, weblogs), as well as permitting cross-border attack propagation identification and tracking.
- Delivery of virtual honeypots infrastructure integrated with attack propagation monitoring services and supported by advanced visual analytics.
- Integration of a comprehensive approach towards the user-centred design of the nIoVe platform and services and platform adaptability and scalability of the services.

There are four core potential impacts are envisioned to advance further the IoV and CAVs ecosystem, including the following:

1. Enhanced protection against novel advanced threats.
2. Advanced technologies and services to manage complex cyber-attacks and reduce the impact of breaches.
3. The technological and operational enablers of cooperation in response and recovery will contribute to the development of the CSIRT Network across the EU, which is one of the key targets of the NIS Directive.
4. Robust, transversal and scalable ICT infrastructures resilient to cyber-attacks that can underpin relevant domain-specific ICT systems (e.g. for energy), providing them with sustainable cybersecurity, digital privacy and accountability, are still valid for the project overall.