FISHY addresses the challenge of building trusted ICT supply chains,which are complex and delicate systems,integrated by heterogeneous and highly distributed components.Supply chains work under demanding requirements,mainly about responsiveness.Social well-being is dependent on their flawless operation.Being critical,their increasing complexity has made the attack surface for cyber criminals to become larger.
FISHY objectives are:1)Implement a functional platform for cyber resilience provisioning for supply chains of complex ICT systems, leveraging trust and security management;2)Develop an evidence-based security assurance and certification methodology identifying security claims and metrics;3)Develop a metrology model and system for supply chains leveraging trust among parties relying on distributed interledger technologies alongside forecasting and estimation concepts basing on AI methods;and 4)Deploy,validate and demonstrate FISHY platform in heterogeneous,real-world pilots.
FISHY considers all the supply chain components,facing the complex problems of the IoT,Edge and Cloud layers.FISHY combines innovative functionalities that cover the whole cycle of cybersecurity,from detection to application of countermeasures.
FISHY deploys diverse data collectors gathering a set of relevant metrics about the activity in the supply chain.These data are used at a higher intelligence layer where diverse monitoring techniques are applied,performing analysis,raising alerts and proposing mitigation actions.We got satisfactory results with enhanced detection capabilities adapted to each single supply chain.FISHY uses this knowledge to conduct a security assurance and certification process involving both auditing and reasoning stages, relying on certifiable evidence.
FISHY covers reaction when incidents arise.FISHY researched on the (semi)automation of responses leveraging intent-based networking techniques.FISHY explored the definition of security policies by means of intents that use close-to-human language and in parallel the project sets the ground for (semi) automatic reconfiguration of the supply chain to mitigate the effects of attacks.Using predefined policies,FISHY can react to detected threats automatically of after user confirmation, and enforce security rules.
FISHY established a solid cornerstone connectivity pattern that copes with a wide range of needs posed by the supply chains while allowing for great flexibility regarding the deployment on a specific client infrastructure.
Finally,FISHY adopted a GDPR-compliant and privacy-centric approach for end-to-end protection of supply chains.