Situation Aware Security Operations Centre (SAWSOC)
Period: 2013 – 2016 Project Value: €5m
Various physical and logical security technologies exist, but their management and function exists in isolation from each other in a security monitoring context.
While some markets and technologies have merged - for example SEM and SIM have combined into SIEM) logical and physical access control technologies have converged into Identity Management (IM), and security operations environments have evolved considerably - more is needed to improve function and security situation awareness.
SAWSOC has developed an advanced SOC platform that will support accurate, timely and trustworthy detection and diagnosis of attacks. It correlates events from a diverse range of physical and logical security sources to achieve enhanced situational awareness.
The project was supported by three critical infrastructure end-users in the air traffic control, energy distribution and stadium management domains.
We performed a gap analysis technical assessment of performance features for existing logical security technologies (e.g. SIEM, network monitoring solutions) to support SAWSOC requirements development.
We also developed appropriate incident response procedures to support the SAWSOC platform, as well as appropriate forensics data acquisition that facilitates legally admissible evidence capture.
More information: http://www.sawsoc.eu/
European Control System Security Incident Analysis Network (ECOSSIAN)
Period: 2013 – 2017 Project Value: €13m
Both regional economies and the wider federated European and global ecosystem require that critical infrastructures function properly and are effectively co-ordinated from a security protection perspective.
Security threats must not only be managed at the individual critical infrastructure level, but must also be co-ordinated at a national and pan-European overall situation awareness level.
ECOSSIAN attempts to develop a Pan-European platform for mitigating and sharing security threat information at individual, national and Pan-European levels.
The project has a dual focus on both technological and societal/legal aspects of this problem. It aims to develop a community cloud threat sharing network, and ensure that issues around trustworthiness, anonymity, privacy and legality are addressed for relevant ECOSSIAN stakeholders and end-users.
We are supporting the ECOSSIAN project by:
- doing a technical assessment of use cases and existing security monitoring technologies,
- carrying out security and privacy risk assessments
- leading the development of a common data acquisition interface
- supporting, with the development of incident response procedures, live forensics data acquisition, and business continuity assessments for the ECOSSIAN platform
More information: http://ecossian.eu/
Comprehensive Approach to Cyber Roadmap Coordination and Development (CAMINO)
Period: 2013 – 2016 Project Value: €1m
CAMINO was a Pan-European, SME-driven initiative that developed a comprehensive cybercrime and cyber terrorism research strategy, to support the European Commission to prioritize and allocate research funding.
The project also supported the development of stronger links between security research experts and organizations across Europe, aligning with other similar clustering initiatives.
The CAMINO consortium was led by six members of the Industrial Mission Group for Security (IMG-S), with BSI collaborating as an associate member
We led activities around assessing and identifying technologies with disruptive potential for cybercrime and cyber terrorism. We established the current state of the art Technology Readiness Levels (TRLs), as well as leading on activities around the adoption and dissemination of the CAMINO research roadmap.
More information: http://www.fp7-camino.eu/
Innovation Framework for Privacy and Cyber Security Opportunities (IPACSO)
Period: 2013 – 2015
We participated in developing a set of market and innovation supports for researchers and innovators in the privacy and cybersecurity marketplace.
More information available at http://ipacso.eu/