Descripción del proyecto
Ayudar a las empresas a gestionar los riesgos de ciberseguridad de la cadena de suministro fragmentada de las tecnologías de la información y de las comunicaciones
La mayor parte de las empresas que desarrollan soluciones de tecnologías de la información y de las comunicaciones (TIC) requieren la integración o sinergia de otros componentes TIC desarrollados por terceros. Esto puede suponer un gran riesgo para la seguridad, ya que impide verificar las posibles vulnerabilidades. El proyecto BIECO, financiado con fondos europeos, trabaja en un marco holístico que proporciona los mecanismos necesarios para ayudar a las empresas a comprender y gestionar los riesgos y amenazas para la ciberseguridad que pueden experimentar al formar parte de la cadena de suministro de las TIC. Este marco consta de un conjunto de herramientas y metodologías que abordarán los desafíos relacionados con la gestión de vulnerabilidades, la resiliencia y la auditoría de sistemas complejos.
Objetivo
Nowadays most of the ICT solutions developed by companies require the integration or collaboration with other ICT components, which are typically developed by third parties. Even though this kind of procedures are key in order to maintain productivity and competitiveness, the fragmentation of the supply chain can pose a high risk regarding security, as in most of the cases there is no way to verify if these other solutions have vulnerabilities or if they have been built taking into account the best security practices.
In order to deal with these issues, it is important that companies make a change on their mindset, assuming an “untrusted by default” position. According to a recent study only 29% of IT business know that their ecosystem partners are compliant and resilient with regard to security. However, cybersecurity attacks have a high economic impact and it is not enough to rely only on trust. ICT components need to be able to provide verificable guarantees regarding their security and privacy properties. It is also imperative to detect more accurately vulnerabilities from ICT components and understand how they can propagate over the supply chain and impact on ICT ecosystems. However, it is well known that most of the vulnerabilities can remain undetected for years, so it is necessary to provide advanced tools for guaranteeing resilience and also better mitigation strategies, as cybersecurity incidents will happen. Finally, it is necessary to expand the horizons of the current risk assessment and auditing processes, taking into account a much wider threat landscape. BIECO is a holistic framework that will provide these mechanisms in order to help companies to understand and manage the cybersecurity risks and threats they are subject to when they become part of the ICT supply chain. The framework, composed by a set of tools and methodologies, will address the challenges related to vulnerability management, resilience, and auditing of complex systems.
Ámbito científico
Palabras clave
Programa(s)
Convocatoria de propuestas
Consulte otros proyectos de esta convocatoriaConvocatoria de subcontratación
H2020-SU-ICT-2019
Régimen de financiación
RIA - Research and Innovation actionCoordinador
2829-516 Caparica
Portugal
Organización definida por ella misma como pequeña y mediana empresa (pyme) en el momento de la firma del acuerdo de subvención.