The ENSURESEC project achieved its biggest milestone to date. 16 months after kickoff, the partners of the H2020 project ENSURESEC delivered their first set of tools to better protect the whole e-commerce ecosystem against cyber physical attacks.
The definition of use cases and toolkit’s architecture was completed in May 2021, the 22 partners from 14 European countries working closely together to combine their know-how and state-of-the-art technology into one package, from which the first set of tools has been now delivered. “This suite of demonstrators forms the core of the functionality of the ENSURESEC platform”, says Marek Pawlicki, consultant at ITTI Sp. z o.o., one of the technical partners and the lead beneficiary for this project milestone. He explains further: “This suite includes four tools for ENSURESEC prevention and preparedness, six tools for ENSURESEC detection and security enforcement, and four tools that are part of the ENSURESEC response, mitigation and recovery module.”
Verifying that the models that describe the e-commerce ecosystem are protected against security and privacy threats is the scope of the prevention and preparedness work package. This includes a mapping tool to adequately model security threats, the implementation of an open-source interface to aid organisations in case of disruptive incidents and a risk and resilience tool for analysing cyber-physical impacts.
While the previous tools assess that the ecosystems are secure by design, the work package for detection and security enforcement focusses on verifying and enforcing the real time security of the ecosystem. This will be done with tools monitoring various execution aspects of the interfaces like a behavioural monitor which detects inconsistencies in the execution of e-commerce applications, which may be results of materialized threats, or the physical asset monitor which analyses sensor data for physical assets to detect anomalies like a sudden temperature change.
When the tools developed in the previously mentioned work package detect an incident, which may be caused by an attacker, the tools in the response, mitigation and recovery module are designed to lessen the impact of a successful attack. The Response & Mitigation management engine shares the incident information with business partners and their users and initiates a desired mitigation strategy. Latest generation distributed ledger technology provides a complete audit trail of security incidents, as well as a decentralised identity management system, ensuring trust and transparency of operations, and immutability of information. To ensure that the given infrastructure is available at all times, even under attack, the work package partners developed a software recovery engine. The final part of the platform is a post event analyzer, which assesses the impact and recommends the best suitable counter-measures.
The role of SIMAVI in ENSURESEC project
“In the ENSURESEC Project, SIMAVI has the key role of integrating all the tools provided by the partners on a platform that will, in turn, be integrated with e-commerce ecosystems of some operators in banking, pharmaceutical and logistics”, said Elizabeta Savu, the Project Manager of ENSURESEC project at SIMAVI.
In the analysis stage, SIMAVI participated in the definition of use-cases, scenarios, technical and functional specifications, completing the system architecture. After this stage, SIMAVI prepared the platform for the installation and integration of all tools provided by the partners, provided support to the partners for installation and connection on the platform.
„We are currently working on both the interconnection and interoperability of these tools with each other and the integration of the ENSURESEC platform with pilot e-commerce ecosystems”, said Elisabeta Savu.
The next stage
After the success with this important milestone, Pawlicki addresses the next steps in the project: “Now that this part of technical work has been carried out, the partners will focus on implementing the demonstrators in the pilots and integrating the tools with the ENSURESEC e-commerce ecosystem."
In addition to the tools listed above, the project partners are currently developing the final set of tools which focus on closing the loop and providing a complete situational awareness picture of the events detected by the previous tools, including, among others, a tool to assess the impact of multi-level interdependency and cascading effects in organizational ecosystems, as well as a threat intelligence tool. At the same time, the development of the cybersecurity training and awareness campaign is in its final stages. This way the ENSURESEC solution improves not only the technical security of the ecosystem, but it also ensures, that the clients of e-commerce business partners (SMEs) are aware of potential security threats and trained on how to avoid them.
ENSURESEC Website: http://www.ensuresec.eu/
LinkedIn – ENSURESEC
Twitter – ensuresec_eu
ENSURESEC is an ongoing project in the EU Horizon 2020 programme under the topic SU-INFRA01-2018-2019-2020 - Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure in Europe, and part of the programmes H2020-EU.3.7.4. - Improve cyber security and H2020-EU.3.7.2. - Protect and improve the resilience of critical infrastructures, supply chains and tranport modes. The project, with 22 partners from all over Europe, has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement Nº 883242. ENSURESEC started on June 1st 2020 and will end on May 31st 2022, and it is coordinated by INOV from Portugal.