ENSURESEC started in June 2020 and ended in May 2022. The consortium successfully concluded the activities, achieved all proposed objectives and demonstrated the developed results.
ENSURESEC carried out an e-commerce ecosystem risk assessment, which generated relevant knowledge for the development activities in the project and for future initiatives concerning e-commerce security. Partners have identified and categorized the most critical cyber and physical assets in e-commerce ecosystems, and analysed the main risks, threats and vulnerabilities potentially affecting the whole ecosystem. In parallel, an ontology was developed for identifying and analysing cascading effects in critical infrastructures. Moreover, partners have also undertaken a thorough analysis of the evolving regulatory landscape, emerging threats and business state of practice with regards to security in e-commerce, which has resulted in relevant technical and policy recommendations for e-commerce SMEs and regulatory bodies at EU level.
At a technical level, after eliciting and defining the main user, legal, ethical and technical requirements, defining relevant use cases, and defining the architecture and the data flow of the toolkit, the ENSURESEC system was developed. This is a cyber-physical security toolkit to protect e-commerce operators, by integrating with the existing complex infrastructure of the companies which are part of the ecosystem. This modular security toolkit is composed of 19 tools, 9 of them working as backend tools (monitoring the interfaces of the ecosystem and detecting incidents), and 10 being user-facing (raising alerts and mitigation measures). The user-facing tools are available to the user through a common dashboard, that provides a continuous situational picture of the e-commerce critical infrastructure. Although the toolkit can assume different configurations depending on the infrastructure and needs, the consortium has also integrated all tools into a unified platform. Furthermore, the tools have been security tested to guarantee that they have no vulnerabilities that can affect the ecosystem.
The toolkit was demonstrated and validated by end-users in 3 complementary pilots, composed of different scenarios: (i) the first pilot was focused on Cyber-attacks to an e-commerce platform; (ii) the second comprised Physical attacks on pharmacy e-commerce operator; and (iii) the third focused on Cyber-physical attacks to a Bank providing online payment services. All pilots have been successfully executed and evaluated, receiving very positive feedback from the project end-users and external stakeholders.
In addition to the technical solution, ENSURESEC also developed and implemented an e-commerce-tailored cybersecurity training and awareness campaign, aimed at customers of digital commerce. The training and awareness campaign aims at educating online consumers on how to identify malicious practices in e-commerce and how to avoid them (
https://becyberaware.eu/(si apre in una nuova finestra)).
With regards to extending the project impact, partners have undertaken numerous communication and dissemination activities through the project website and social media, and by presenting the project in both physical and virtual events. 12 scientific papers have been published, and 2 non-scientific publications. The joint and individual exploitation plans have been defined, after a market analysis has been carried out to define the main target segments. A joint exploitation framework agreement is currently being discussed among the partners.