Skip to main content

End-to-end Security of the Digital Single Market’s E-commerce and Delivery Service Ecosystem

Periodic Reporting for period 1 - ENSURESEC (End-to-end Security of the Digital Single Market’s E-commerce and Delivery Service Ecosystem)

Reporting period: 2020-06-01 to 2021-05-31

ENSURESEC is a sociotechnical solution for safeguarding the Digital Single Market’s e-commerce operations against cyber and physical threats. It combines an automatic, rigorous, distributed and open-source toolkit for protecting e-commerce, with monitoring of the impact of threats in physical space and a campaign for training SMEs and citizens aimed at creating awareness and trust. ENSURESEC addresses the whole gamut of modern e-commerce, from standard physical products purchased online and delivered via post, to entirely virtual products or services delivered online. It addresses threats ranging from maliciously modifying web e-commerce applications or rendering them unavailable to legitimate customers, to delivery issues or fraud committed by insiders or customers. It achieves this by focusing on the common software and physical sensor interfaces that sit along the e-commerce, payment and delivery ecosystem. At technical level, it integrates proven state-of-the-art inductive (machine learning) with deductive (formal methods) reasoning tools and techniques so that e-commerce operations are protected by design, as well as through continuous monitoring, response, recovery and mitigation measures at run-time. Importantly, trust of the infrastructure’s operations among its users is established, benefiting from distributed ledger technology ensuring transparency of the operations and that information has not been modified. Although ENSURESEC innovations are applicable to any critical infrastructure that relies and is monitored by networked software systems, its design and integration philosophy make it uniquely prepared to protect distributed and evolving e-commerce infrastructures with its various forms of payment and delivery (virtual, online and physical). ENSURESEC also enhances citizens’ resilience to threats and their trust in e-commerce companies, especially SMEs, thus contributing towards the vision of a reliable and trusted digital single market.
ENSURESEC started in June 2020, and the present report comprises the period of work until May 2021. During this period, all project activities have officially started, with the most effort being dedicated to the core technical WPs 2-7.
In WP2, the consortium has identified and categorized the most critical cyber and physical assets in e-commerce ecosystems. This work then fed the identification and analysis of the main risks, threats and vulnerabilities potentially affecting the e-commerce ecosystem. In parallel, an ontology was developed, based on a systematic literature review, for identifying and analysing cascading effects in organisations. Moreover, the partners in WP2 also started the analysis of the evolving regulatory landscape, emerging threats and business state of practice with regards to security in e-commerce, through desktop research, as well as questionnaires to consortium partners and Advisory Board members. This work aims at providing relevant recommendations at technical and policy levels for e-commerce SMEs and regulatory bodies at EU level.
In this period, the work in WP3 focused on setting the foundations for the development and deployment of the ENSURESEC toolkit. Based on the work of WP2, the partners elicited the main user requirements for the solution and defined the use cases to be demonstrated in the ENSURESEC pilots. In parallel, an analysis of the main social, privacy, ethical and legal constraints and best practices in e-commerce and cybersecurity was performed, which resulted in the definition of the legal and ethical requirements for the platform. The partners then specified the interfaces of the system and defined and prioritised its technical requirements. Moreover, the logical architecture and the data flow of the toolkit were defined.
The core development WPs (WPs 4 to 7) focused effort in the development and tailoring of the different tools that compose the toolkit. In WP4, a first version of the prevention and preparedness tools was released and demonstrated at the end of the period. WPs 4, 5 (detection and security enforcement) and 6 (response, mitigation and recovery) will release the final version of its tools in M16. WP7 (resilient-oriented situational awareness) will deliver its tools in M19.
In WPs 8 and 9, the work focused, respectively, on: (i) starting the preparation activities for the ENSURESEC pilots, by detailing the scenarios defined in WP3; and (ii) preparing the cybersecurity training and awareness campaign for e-commerce users, by carrying out research on digital marketing tools, techniques and methodologies, and developing the contents and tools for the campaign.
Finally, with regards to extending the project impact (WP10), the partners have undertaken numerous communication and dissemination activities through the project website and social media (LinkedIn and Twitter), and by presenting the project in virtual events. 3 scientific papers have been published, and 2 non-scientific publications. The project Advisory Board has been established, and a plenary meeting has been carried out. Moreover, the joint and individual exploitation plans have started to be defined, after a market analysis has been carried out to define the main target segments.
As an IA dealing with high TRL technologies, ENSURESEC is based on an extensive background, arising from past R&D initiatives, which are now being innovatively adapted and integrated in order to develop an end-to-end security toolkit for e-commerce operations.
In the second period, the development of the ENSURESEC cyber and physical security tools for will be finalized and these will be integrated into a unified platform providing multi-layer, end-to-end security for e-commerce, both at design time and runtime. The added-value of each of these tools as well as of the integrated toolkit will be demonstrated in 3 different pilots which target 3 complementary use cases (cyber-attacks to an e-commerce platform, physical attacks on an e-commerce pharmacy delivering sensitive products, and digital identity protection in a banking platform providing payment services to e-commerce).
These developments are expected to produce relevant impacts in the protection of the e-commerce ecosystem. For example, one of the core principles in the development of the ENSURESEC solution is to combine security-by-design and privacy-by-design, through the prevention and preparedness module, providing a contribution to the enforcement of data protection policies and supporting e-commerce businesses to ensure prevention against certain classes of threats. Moreover, ENSURESEC’s use of DLTs and the implementation of a complete audit trail of cyber and physical security incidents establishes unprecedented transparency of e-commerce operations to its users and business partners. ENSURESEC will also develop response and recovery tools which will minimize the impact of potential incidents, and situational awareness tools which will take into account cascading effects.
Finally, ENSURESEC will promote and develop tools for cybersecurity and awareness training, tailored to the needs of e-commerce users. This campaign will not only focus on cybersecurity threats targeting e-commerce users, but also on unethical, malicious and deceptive e-commerce practices. This will improve overall e-commerce security, promoting the inclusion of SMEs in the sector, as well as increasing the use of e-commerce by less digitally-literate citizens.
Full logo _ ensuresec
Short logo _ ensuresec