Periodic Reporting for period 1 - AERAS (A CybEr range tRaining platform for medicAl organisations and systems Security)
Okres sprawozdawczy: 2019-12-01 do 2023-05-31
The AERAS project aims at developing a realistic and rapidly adjustable cyber range platform for systems and organisations in the critical healthcare sector, to effectively prepare stakeholders with different types of responsibility and levels of expertise in defending high-risk, critical cyber-systems and organizations against advanced, known and new cyber-attacks, and reduce their security risks. The platform will be a virtual cyberwarfare solution enabling the simulation of the operation and effects of security controls and offering hands-on training on their development, assessment, use and management. The platform will be based on an evidence-based approach where virtual cyberwarfare and simulations are configured according to evidence regarding: (i) the occurrence of cyber threats, and (ii) the effectiveness of the operation of the internal and external system defence mechanisms. Evidence will be collected by multi- faceted real- time monitoring and assessed according to Cyber Range Security Assurance (CRSA) models specifying potential cyber-attacks, the security mechanisms used against them, and the methods for assessing their effectiveness. The AERAS solution will be delivered at TRL-7 and validated through two different pilots in the healthcare sector.
To address the above, AERAS will pursue the following objectives:
1) Develop Cyber Range Security Assurance models (CRSA models) to drive the generation of Cyber Range Simulation and Training (CRST) programmes.
2) Develop novel hybrid cyber security risk analysis models, which combine traditional static cyber security risk analysis principles and standards with continuous risk estimates.
3) Develop mechanisms to support the adaptation of cyber range simulation and training programmes, via feedback received from multiple sources, including multi-layer system, trainee and programme performance monitoring, and CSLAs monitoring.
4) Develop capabilities required for the delivery of effective cyber training, namely emulation, simulation, security assurance assessment, and visualisation capabilities
5) Integrate capabilities developed under Objectives 1-4 into a common platform that delivers realistic and highly adjustable cyber training, offering hands-on experience against cyber-attacks.
6) To ensure the dissemination and communication of the project’s results and the uptake of the AERAS innovation to organisations in critical domains, and cyber security stakeholders.
To address the above, AERAS will pursue the following objectives:
1) Develop Cyber Range Security Assurance models (CRSA models) to drive the generation of Cyber Range Simulation and Training (CRST) programmes.
2) Develop novel hybrid cyber security risk analysis models, which combine traditional static cyber security risk analysis principles and standards with continuous risk estimates.
3) Develop mechanisms to support the adaptation of cyber range simulation and training programmes, via feedback received from multiple sources, including multi-layer system, trainee and programme performance monitoring, and CSLAs monitoring.
4) Develop capabilities required for the delivery of effective cyber training, namely emulation, simulation, security assurance assessment, and visualisation capabilities
5) Integrate capabilities developed under Objectives 1-4 into a common platform that delivers realistic and highly adjustable cyber training, offering hands-on experience against cyber-attacks.
6) To ensure the dissemination and communication of the project’s results and the uptake of the AERAS innovation to organisations in critical domains, and cyber security stakeholders.
The initial workplan has been adapted to cope with the COVID19 outbreak that didn't allow the execution of secondments. The work at the time of the writing of the report is still at its early stage and focused mainly in the requirements collection and elicitation.
In the following, the work carried out of single WP is summarized:
WP1) Overall management of the project, organization of the MidTerm Meeting in Milan, and management of periodic reporting
WP2) Within Tasks 2.1 and 2.2 the secondments has been worked on the following points: Making and administering a Survey - Interviews; Getting input from pilots about their needs in terms of cybersecurity training; Study relevant cybersecurity standards and certification; Study of technological landscape and AERAS novelty and of an initial specification of the AERAS platform technical requirements for each platform's component; Discussing the initial version of the reference architecture for the AERAS platform.
WP3) The work involved the three work packages’ tasks. Within T3.1 the secondee focused on the definition of a language to support the development of CRSA models and CRST programmes, through the following steps: Language definition to support the development of CRSA models; Language definition to support the development of CRSA-driven CRST programmes; within T3.2 study of the development of CRSA and CRST models for both pilots; within T3.3 development of means to enable basic forms of analysis and determination of the impact that certain changes in specific parts of the CRSA model will have on other parts of the CRSA model and means to support completeness and consistency; within T3.4 initial specification of the hybrid cyber security risk analysis models to support different types of hybrid approaches for various security assessments.
WP4) The preliminary work done in WP4 has been mainly focused on the following points: Specification of tools and technologies to develop the AERAS platform components; Study of the design of a user-friendly Cyber range training platform; Initial designing the AERAS platform architecture.
WP5) The work in WP5 is at an early stage of development. Secondees worked mainly on the following points: evaluation of the current state of cybersecurity in healthcare sector organizations and identification of the requirements for building a cybersecurity training platform; study on the candidate subsystems for PAGNI’s Use Case and their interconnection and integration with other systems; collection of feedback from health professionals' questionnaire (doctors, nurses, administrative staff, researchers, IT specialists, etc).
WP6) WP6 Team, together with the whole Consortium, has worked on fostering Dissemination and communication activities related to the project. In particular, the AERAS website and social channels has been created and kept updated with partners’ activities in the area of cybersecurity training. Metrics about stakeholders involvement are under monitoring by the team.
In the following, the work carried out of single WP is summarized:
WP1) Overall management of the project, organization of the MidTerm Meeting in Milan, and management of periodic reporting
WP2) Within Tasks 2.1 and 2.2 the secondments has been worked on the following points: Making and administering a Survey - Interviews; Getting input from pilots about their needs in terms of cybersecurity training; Study relevant cybersecurity standards and certification; Study of technological landscape and AERAS novelty and of an initial specification of the AERAS platform technical requirements for each platform's component; Discussing the initial version of the reference architecture for the AERAS platform.
WP3) The work involved the three work packages’ tasks. Within T3.1 the secondee focused on the definition of a language to support the development of CRSA models and CRST programmes, through the following steps: Language definition to support the development of CRSA models; Language definition to support the development of CRSA-driven CRST programmes; within T3.2 study of the development of CRSA and CRST models for both pilots; within T3.3 development of means to enable basic forms of analysis and determination of the impact that certain changes in specific parts of the CRSA model will have on other parts of the CRSA model and means to support completeness and consistency; within T3.4 initial specification of the hybrid cyber security risk analysis models to support different types of hybrid approaches for various security assessments.
WP4) The preliminary work done in WP4 has been mainly focused on the following points: Specification of tools and technologies to develop the AERAS platform components; Study of the design of a user-friendly Cyber range training platform; Initial designing the AERAS platform architecture.
WP5) The work in WP5 is at an early stage of development. Secondees worked mainly on the following points: evaluation of the current state of cybersecurity in healthcare sector organizations and identification of the requirements for building a cybersecurity training platform; study on the candidate subsystems for PAGNI’s Use Case and their interconnection and integration with other systems; collection of feedback from health professionals' questionnaire (doctors, nurses, administrative staff, researchers, IT specialists, etc).
WP6) WP6 Team, together with the whole Consortium, has worked on fostering Dissemination and communication activities related to the project. In particular, the AERAS website and social channels has been created and kept updated with partners’ activities in the area of cybersecurity training. Metrics about stakeholders involvement are under monitoring by the team.
The project is still at its early stage and the partners are laying the basis for the future impact it can have on the European healthcare landscape.
In particular, the impact of the project will be focused in the following areas:
1) Enhancing the potential and future career perspectives of the staff members: Secondees reported in the MidTerm Review and during the project meetings a strong collaborations with the hosting organizations and a good exchange of knowledge.
2) New and lasting research collaborations: Discussion on future collaborations and common works and projects have been nurtured during the secondments periods. In particular, the Consortium is working on a joint research paper that will collect contribution for all secondees, giving them the opportunity to exchange knowledge even if their secondment periods have already been completed.
3) Self-sustainability of the partnership after the end of the project: Due to the extension and the COVID outbreak, the project is still at an early stage and discussions about self-sustainability after the project end will be postponed when WP4 and WP5 will reach a good level of maturity and prototype of the infrastructure will be available.
4) Improving research and innovation potential within Europe and worldwide: The joint paper is a first step that could pave the way to a series of papers on the acceptance and efficiency of the platform in terms of enhancement of the overall cybersecurity knowledge and landscape of the adopting organizations.
At the time of the wirting of the report, the Impact Awarness Metrics valorized so far are the following:
- AERAS Website accesses 7745
- AERAS Website downloads 225
- AERAS on Social Media - Announcements 82
- AERAS on Social Media - followers 200
- AERAS Regular newsletters 1
- Journal and Magazine Publications 4
- Conference & Workshop Publications 2
- Public lectures and/or networking event for the general public 1 with >= 100 attendees
In particular, the impact of the project will be focused in the following areas:
1) Enhancing the potential and future career perspectives of the staff members: Secondees reported in the MidTerm Review and during the project meetings a strong collaborations with the hosting organizations and a good exchange of knowledge.
2) New and lasting research collaborations: Discussion on future collaborations and common works and projects have been nurtured during the secondments periods. In particular, the Consortium is working on a joint research paper that will collect contribution for all secondees, giving them the opportunity to exchange knowledge even if their secondment periods have already been completed.
3) Self-sustainability of the partnership after the end of the project: Due to the extension and the COVID outbreak, the project is still at an early stage and discussions about self-sustainability after the project end will be postponed when WP4 and WP5 will reach a good level of maturity and prototype of the infrastructure will be available.
4) Improving research and innovation potential within Europe and worldwide: The joint paper is a first step that could pave the way to a series of papers on the acceptance and efficiency of the platform in terms of enhancement of the overall cybersecurity knowledge and landscape of the adopting organizations.
At the time of the wirting of the report, the Impact Awarness Metrics valorized so far are the following:
- AERAS Website accesses 7745
- AERAS Website downloads 225
- AERAS on Social Media - Announcements 82
- AERAS on Social Media - followers 200
- AERAS Regular newsletters 1
- Journal and Magazine Publications 4
- Conference & Workshop Publications 2
- Public lectures and/or networking event for the general public 1 with >= 100 attendees