Deliverable D3.1 Existing technology and solutions · PDF fileBCP Business Continuity Plan ......

Deliverable D3.1 – Existing technology and solutions portfolio

Work package WP3 Due date 31/01/2014 Submission date 14/02/2014 Revision V2.00 Status of revision Final

Responsible partner: Atos Contributors:

ENG Detica VisionWare SAP Selex STM UPM

Project Number FP7-ICT-2011-8 / 318355 Project Acronym CYSPA Project Title European Cyber Security Protection Alliance Start Date of Project 01/10/2012

Dissemination Level [move to the appropriate line]

PU: Public

PP: Restricted to other programme participants (including the Commission)

RE: Restricted to a group specified by the consortium (including the Commission)

CO: Confidential, only for members of the consortium (including the Commission)

Version history

Rev. Date Author Notes

1.01 1/11/2013 Atos ToC

1.02 14/11/2013 Atos Updated for Partner contributions

1.03 1/12/2013 Atos Updated following partner contributions

1.04 12/12/2013 Atos Re-aligned table of contents

1.05 18/12/2013 Atos Populated for further partner contributions

1.06 2/01/2014 Atos Partner contributions incorporated

1.07 12/01/2014 Atos Update to contents

1.08 18/01/2014 Atos Update to contents, Partner contributions

1.09 30/01/2014 Atos Update to contents, formatting

1.10 10/02/2014 Visionware and Engineering

Internal Review

1.11 12/02/2014 Atos Update following review comments

2.0 14/02/2014 EOS Final review and submission

Glossary

Acronym Description

ADSL Asymmetric Digital Subscriber Line

APT Advanced Persistent Threat

ARO Annual Rate of Occurence

BCP Business Continuity Plan

BIA Business Impact Analysis

CERT Computer Emergency Response Team

CIP Critical Infrastructure Protection

CIS Communications and Information Systems

CIWIN Critical Infrastructure Warning Information Network

CYSPA European Cyber Security Protection Alliance

DBMS Database Management System

DG Directorate-general of the European Commission

DNS Domain Name Server

DRP Disaster Recovery Plan

EC European Commission

ENISA European Network and Information Security Agency

EOS European Organisation for Security

EU European Union

IP Internet Protocol

ISDN Integrated Services Digital Network

ISP Internet Service Provider

ITIL Information Technology Infrastructure Library

LDAP Lightweight Directory Access Protocol

NATO North Atlantic Treaty Organization

PKI Public Key Infrastructure

PSTN Public Switched Telephone Network

RPO Recovery Point Objective

RTO Recovery Time Objective

WP Work Package

Table of contents

Table of Contents 1. Introduction ...................................................................................................................................... 7 2. Methodology ..................................................................................................................................... 8 3. Cyber Security Solutions– A Market Overview ................................................................................. 8

3.1. Driving trends in the Cyber Security Solutions Market.............................................................. 9 3.1.1. Cloud Computing ................................................................................................................ 9 3.1.2. Mobility .............................................................................................................................10 3.1.3. Secure design / application security .................................................................................10 3.1.4. Data Loss Prevention, Digital Rights management, Archiving and Filtering ....................10

3.2. Security solution provider landscape ......................................................................................11 4. Cataloguing Existing Technology and Market Solutions .................................................................12

4.1. Approach ..................................................................................................................................12 4.2. Access Control Solutions ..........................................................................................................14

4.2.1. Main solutions, with brief description..............................................................................14 4.3. Compliance Monitoring and Enforcement Solutions ..............................................................17

4.3.1. Main solutions, with brief description..............................................................................17 4.4. Configuration Management and Assurance Solutions ............................................................18

4.4.1. Main solutions, with brief description..............................................................................19 4.5. Cryptography Technologies .....................................................................................................19

4.5.1. Main solutions, with brief description..............................................................................20 4.6. Data Loss Prevention Solutions ...............................................................................................20

4.6.1. Main solutions, with brief description..............................................................................21 4.7. Identity Management Solutions ..............................................................................................22

4.7.1. Main solutions, with brief description..............................................................................22 4.8. Information Rights Management Solutions .............................................................................23

4.8.1. Main solutions, with brief description..............................................................................24 4.9. Mobile Security Technologies ..................................................................................................24

4.9.1. Main solutions, with brief description..............................................................................25 4.10. Network Security Solutions ..................................................................................................27

4.10.1. Main solutions, with brief description ..........................................................................28 4.11. Security Assessment Solutions .............................................................................................29

4.11.1. Main solutions, with brief description ..........................................................................29 4.12. System Integrity Solutions....................................................................................................30

4.12.1. Main solutions, with brief description ..........................................................................30 4.13. Anti-malware Solutions (anti-spam, anti-virus, anti-phishing, secure browsing) ................31

4.13.1. Main solutions, with brief description ..........................................................................31 4.14. Audit and Monitoring Solutions ...........................................................................................33

4.14.1. Main solutions, with brief description ..........................................................................33 4.15. IP Traffic Surveillance & Monitoring Solutions ....................................................................35

4.15.1. Main solutions, with brief description ..........................................................................35 4.16. Personal and Equipment Tracking Solutions ........................................................................36

4.16.1. Main solutions, with brief description ..........................................................................36 4.17. Security Incident Management Solutions ............................................................................37

4.17.1. Main solutions, with brief description ..........................................................................37 4.18. SIEM Products ......................................................................................................................37

4.18.1. Main solutions, with brief description ..........................................................................38 4.19. Denial of Service Protection Solutions .................................................................................39

4.19.1. Main solutions, with brief description ..........................................................................39 4.20. Forensic Investigation Solutions ..........................................................................................40

4.20.1. Main solutions, with brief description ..........................................................................41 5. Available Research Results ..............................................................................................................41

5.1. Existing Research Results .........................................................................................................41 5.1.1. AVANTSSAR .......................................................................................................................42 5.1.2. CONSEQUENCE .................................................................................................................42 5.1.3. MASTER ............................................................................................................................44 5.1.4. MICIE .................................................................................................................................45 5.1.5. PICOS ................................................................................................................................46 5.1.6. UAN ...................................................................................................................................47 5.1.7. VIKING ...............................................................................................................................47 5.1.8. ANIKETOS ..........................................................................................................................49 5.1.9. ASSERT4SOA .....................................................................................................................50 5.1.10. MASSIF ..........................................................................................................................51 5.1.11. POSECCO .......................................................................................................................51 5.1.12. TAMPRES .......................................................................................................................53 5.1.13. UTRUSTIT.......................................................................................................................54

5.2. Individual Research Organisations ...........................................................................................54 6. Cyber Security Related Training and Education. .............................................................................57

6.1. Cybersecurity strategies ..........................................................................................................58 6.2. Education & Training Programmes ..........................................................................................59

6.2.1. (UK) CESG – Awareness & Training ...................................................................................59 6.2.2. (UK) Cyber Security Challenge ..........................................................................................59 6.2.3. (US) SANS – Cyber Defense Foundations .........................................................................59 6.2.4. (US) INL - National SCADA Test Bed Program ...................................................................60 6.2.5. (US) NICCS – National Initiative for Cybersecurity Careers and Studies ..........................60 6.2.6. (US) NICE – National Initiative for Cybersecurity Education ............................................60

6.3. Exercises ...................................................................................................................................60 6.3.1. (EU) Cyber Europe ............................................................................................................61 6.3.2. (EU-US) Cyber Atlantic ......................................................................................................62 6.3.3. (US) Cybersecurity Training & Exercises ...........................................................................62 Cyber Storm: Securing Cyber Space ................................................................................................63

6.4. Security-related Certifications .................................................................................................63 6.4.1. CSIH – Computer Security Incident Handler .....................................................................64 6.4.2. CESG - Communications-Electronics Security Group (UK) ................................................64 6.4.3. CCP - CESG Certified Professional .....................................................................................64 6.4.4. CompTIA – Computing Technology Industry Association .................................................65 6.4.5. A+ ......................................................................................................................................65 6.4.6. Security+ ...........................................................................................................................65 6.4.7. CASP - CompTIA Advanced Security Practitioner .............................................................66 6.4.8. EC-Council – International Council of Electronic Commerce Consultants .......................66 6.4.9. CEH – Certified Ethical Hacker ..........................................................................................66 6.4.10. CHFI - Computer Hacking Forensic Investigator ...........................................................66 6.4.11. ECIH - EC-Council Certified Incident Handler ................................................................66 6.4.12. ENSA – Network Security Administrator .......................................................................67 6.4.13. ECSP – EC-Council Certified Secure Programmer .........................................................67 6.4.14. ECSA – EC-Council Certified Security Analyst ................................................................67 6.4.15. DoD Directive 8570.01 Information Assurance Training, Certification and Workforce Management (US) ...........................................................................................................................67 6.4.16. GIAC – Global Information Assurance Certification ......................................................68 6.4.17. GCIA – GIAC Certified Intrusion Analyst ........................................................................68 6.4.18. GCIH – GIAC Certified Incident Handler ........................................................................69 6.4.19. GSEC – GIAC Security Essentials Certification ...............................................................69 6.4.20. GSLC – GIAC Security Leadership Certificate ................................................................69

6.4.21. GSNA – GIAC Systems and Network Auditor ................................................................69 6.4.22. CISA - Certified Information Systems Auditor ...............................................................69 6.4.23. CISM . Certified Information Security Manager ............................................................69 6.4.24. CGEIT - Certified in the Governance of Enterprise IT. ...................................................70 6.4.25. CISRC - Certified in Risk and Information Systems Control ...........................................70 6.4.26. (ISC)2 - International Information Systems Security Certification Consortium ............70 6.4.27. CISSP - Certified Information Systems Security Professional ........................................70 6.4.28. CAP – Certification Authorisation Professional.............................................................70 6.4.29. ISSAP – Information Systems Security Architecture Professional ................................70 6.4.30. ISSEP – Information Systems Security Engineering Professional ..................................71 6.4.31. ISSMP – Information Systems Security Management Professional ..............................71 6.4.32. SSCP – System Security Certified Practitioner ..............................................................71 6.4.33. OSCP - OSCE ..................................................................................................................72

7. Conclusions and Next Steps ............................................................................................................72 8. References.......................................................................................................................................73 9. Annex I: list of European projects considered for analysis .............................................................74 10. Annex II mapping of European projects to cyber Security topics ...............................................98

1. Introduction

CYSPA deliverable 3.1– Existing technology and Solutions portfolio is the first of six deliverables due

as part of work package 3 activity. The purpose of this document is to present a portfolio of existing

technology and solutions which address various areas of cyber security and trust. The document will

act as a basis of input for two main activities:

CYSPA Gap Analysis (Deliverable D3.5)

This aims to identify the gaps in technology and solutions which contribute to decreasing

cyber disruption and building trust and will act as feedback for alliance strategy when

defining specific strategic actions.

CYSPA Technology and solutions observatory (Deliverable D3.6)

The aim of this is to create a platform which allows access to a comprehensive catalogue of

knowledge about security technology and solutions in line with our CYSPA benefits. Namely

to “Provide mechanisms for different types of market stakeholders to engage, collaborate

and share information”

The figure below depicts the relationship of this deliverable in perspective with other work package

deliverables.

Figure 1- Relationship of WP3 deliverables

This document does not evaluate solutions in terms of how they operationally address a particular

area of security or whether there are gaps in what the solutions do address. This activity will be

carried out in CYSPA D3.5 Gap Analysis and will be informed by the work undertaken for CYSPA

D2.4.2 “Consolidated CYSPA impact report on cyber disruptions”

Much of the focus of this document is on available market solutions. During our stakeholder

engagement activity, CYSPA target audiences (namely Users of security solutions and Providers)

communicated directly to us that they saw great value in being able to access a catalogue of

independently collated cyber security solutions detailing what areas of cyber security was addressed

by each and the current state of the security solutions landscape. Hence we have maintained this as

the focus of the document.

The document is structured as follows:

Section 2: Methodology: Details our approach to the document

Section 3: Cyber security solutions – A market overview:

o details the current landscape of cyber security solutions in the market and factors

driving change. This section has been included following feedback from stakeholders

who stated inclusion of such information would be valuable to them

Section 4: Cataloguing of existing technology and market solutions

Section 5: Available Research Results

Section 6: Education and Training

Section 7: Conclusions and next steps

2. Methodology

The document has been constructed drawing on several sources of information and bodies of

knowledge. Firstly we leveraged an understanding of the security market from within the CYSPA

consortium to assimilate a portfolio of available solutions and their areas of applicability. Secondly,

to ensure a broader perspective on available solutions, existing market studies were referred to from

research institutes such as Gartner, to supplement our knowledge and decision making process as to

which market solution providers to include in this deliverable. Lastly, to facilitate the study of existing

research in Europe, we teamed up with another EU initiative (Seccord Project www.seccord.eu)

recognising the shared interests both projects had in analysing the EU research landscape.

3. Cyber Security Solutions– A Market Overview

In this section we explore some high level perceptions across industry regarding technology trends

which in turn influence the security market and available solutions. We believe these trends are not

necessarily sector specific, but are horizontal across many sectors influencing the landscape. When

we refer to “industry”, we are referring to organisations which under the CYSPA terminology are

classified as “Users”.

http://www.seccord.eu/

3.1. Driving trends in the Cyber Security Solutions Market

During the CYSPA work package 2 study which aims to analyse the impact of cyber disruptions across

five domains (finance, transport, energy, telecommunications and e-Government) we learnt that one

of the main priorities in terms of IT security can be coined as "digital trust", a holistic and converged

approach towards security. Traditionally, IT security has been based on strong perimeter defences

(firewalls, intrusion detection and prevention etc), meaning a hard “fringe” and a soft “core”.

However, in a distributed and always connected world, the paradigm has changed. The core (or the

information/data of an organisation itself) must be hardened and protected. Additionally,

increasingly reactivity-based businesses will need a softer or more open perimeter to allow for

commercial agility. To reach this type of system, security must focus more on the data and the

business side than on IT infrastructures. These complex IT systems and business models also require

comprehensive security governance which is tightly coupled with the business issues. The security

market is still far from this goal: security remains a diverse and fragmented market with structured

submarkets, such as archiving or threat management, and strong national differences and players.

Certain key technological trends, which are common across multiple sector, impact the way

businesses aim to protect themselves. These trends include:

– Cloud based systems and protection services,

– Further growth in the mobile, BYOD, and application security areas,

– The introduction of analytically based advanced threat protection (Focused on Data

analysis and loss prevention)

Now we explore a high level description of each of these trends and how they impact the cyber

security landscape

3.1.1. Cloud Computing

Cloud computing causes a major shift in the IT, which impacts security at three levels:

– It opens the IT systems at a global scale, thus reinforcing the need for security.

– It is the biggest factor for “consumerization”, with approaches such as Dropbox or Facebook

that offer huge security breaches in an IT system.

– On the other hand, the cloud can also give the capacity to create “mainframe” types of

systems, on open architectures, which are very centralized and then very secure.

As a delivery mode, cloud architecture is very interesting for security management. Systems like anti-

virus already rely on architectures that are very close to cloud computing. Cloud computing is and

will stay one of the most important fields in security. Its advent has forced some IT providers to

quickly move to the security markets (Logica, Accenture, HP for example) or to rejuvenate their

security offers (CSC, IBM, Bull for example). Security software companies are increasingly present in

this market.

Cloud computing is also a strong catalyst for a holistic security approach and governance. Security

cannot be only assured at perimeter level (as the cloud is very pervasive in the IT system) but also

needs to be addressed at content level, with strong ID management capacities.

3.1.2. Mobility

Mobility is the other big concern of IT managers, one that is closely linked to cloud computing, but

also to device proliferation inside organisation, with approaches such as Bring Your Own Device

(BYOD). As with cloud computing, mobility requires security to be handled globally, with strong ID

and data management solutions. Mobile devices often have less efficient device protection than

personal computers, and often store unprotected important data. This means, mobile device

management is increasingly important, linking to an even higher degree security and system

management. The degree of complexity involved in the management of mobile devices in addition to

their integration with an organisations IT system, can leave security gaps. This calls for unified

security management solutions.

Providers of security solutions for mobile devices range from specialists like Mimecast to software

giants like IBM and SAP (Sybase) and even free software such as Avast.

3.1.3. Secure design / application security

We have observed during our market study that organisations are moving away from the mindset

security is just infrastructure-oriented. The components of the system must be secure. Applications,

except for critical and embedded systems, are rarely designed to be secure. Now, with very

distributed applications that interconnect multiple IT systems, security cannot be only on the

perimeter, it has to be “built into” the applications, to reduce the threats. In our increasingly

important IT systems, best practices of secure development are developing fast to add more safety

to the IT systems. This is not a traditional IT security market, but one that is more closely linked to

software modeling, development and testing. Major companies in these segments are looking into

secure development to boost their revenues with security: HP, IBM and Microsoft.

3.1.4. Data Loss Prevention, Digital Rights management, Archiving and Filtering

IT is about its data, more and more about any kind of data, and if an organisations data is secure,

system will be secured at the lowest possible granularity. As such, data is the core component of

holistic security and hence of digital trust.

But data security is still a manifold segment with:

– Data filtering,

– Archiving, a dynamic offer especially around legal archiving,

– Digital rights management (DRM)

– Data loss prevention (DLP) mostly used against internal security breaches.

While filtering and DLP are market extensions for the security specialist, DRM and archiving are

specific markets. DRM is closely linked to the media industry, its players and its international and

national regulations. Companies active in this market include players such as Nagravision, Viacess,

Adobe, Microsoft, Real Networks and Apple. This market remains close to hardware, and close to the

archiving market. Archiving in turn is also close to hardware and is one of the fast moving segments

of the security market, boosted by exponential data creation and increasing regulations.

Some providers of security solutions in these domains are traditional security companies, such as

Symantec, while others are local players.

3.2. Security solution provider landscape

In this section, we look at a high level landscape of solution providers currently accessible within

Europe with some global references.

More cyber security solution providers are established than those who dissolve or are acquired. For

some years there has been a wave of acquisitions of security specialists by generalists like McAfee by

Intel, and it may continue. Global IT giants such as IBM or HP have reinitiated their security strategy.

Hardware and software giants such as Microsoft, SAP, Oracle or Dell are also entering this market by

integrating security features in their machines and by acquiring software solutions. In very

specialized and critical markets, such as biometrics or encryption, defense and homeland security

contractors like Thales, EADS or Northrop Grumman, are very active. The players in this market could

also sell pure software solutions or virtual appliances.

Security software solution providers are well segmented in software infrastructure giants such as

IBM, HP, CA or Oracle, and security specialists such as Symantec or McAfee. Those segments are

often mixed with the most basic, commoditized appliance vendors. This solution is also shaken by big

competition moves:

- Acquisitions, such as McAfee by Intel, Watchfire by IBM or SonicWall by Dell.

- The strengthening of the business models of formerly new entrants, often of Eastern

European origin such as Kasperski, Eset and Bit Defender. They often have profited

from the capacities of the open source software to quickly enter the market.

- Appliances vendors that move up the ladder: Fortinet, Cyberroam, Checkpoint etc.

- The growing pressure of software giants such as IBM, Microsoft or Oracle that have

acknowledged the importance of security.

- Network specialists: F5 Networks, Juniper Networks, Cisco, etc.

Another way to segment the cyber security solution providers is from the large software companies’

initial positioning that often shape the market segment from their market of origin:

- Security specialists often come from threat management: Symantec, Netasq, McAfee

- System management with IBM, CA or HP that focus on Security console

- Storage specialists that focus on archiving like EMC, IBM or Symantec

Software infrastructure solutions are largely dominated by US providers although there are also a

good number of local champions, some of them being internationally active. Examples include the

following:

- Checkpoint, Thrustware and Oppsec in Israel.

- Trend Micro in Japan.

- Kasperski in Russia.

- Sophos and Clearswift in the UK.

- F-Secure in Finland.

- Wallix, Arkoon and Bull in France.

- BitDefender in Romania.

- Torrid Networks in India.

4. Cataloguing Existing Technology and Market Solutions

4.1. Approach

Security technology aims to implement the controls required for each organisation, according to

their specific risk profile. To catalogue the existing security solutions we derive from a commonly

used baseline of security controls that can be then mapped to each technology, according to their

function and objectives.

Security best practice dictates that security controls should be derived from risk analysis processes,

to ensure an optimal alignment between the usage of resources to secure the information systems of

an organisation and its business objectives and risk profile. However, there is a commonly used set of

controls that, according to industry best practice, are assumed to be of recommended

implementation to all organisations, regardless of size or sector they operate in. These “commonly

used controls” establish a baseline from which organisations can start to implement their

Information Security Management Systems.

Commonly used security control baselines include the ISO/IEC 27001 and the NIST SP 800-53

standard. Since our goal at this point is to catalogue existing security technology, we opted to use the

NIST SP 800-53 standard as a reference point, since it is much more technological oriented, whereas

the ISO 27001 standard stays away from the technology and control-specific implementation details,

focusing primarily on the security goals to be achieved in each control.

The NIST SP 800-53 – “Recommended Security Controls for Federal Information Systems and

Organizations”1 standard was initially published by the United States National Institute of Standards

and Technology in 2009 and subsequently updated in 2010. It defines a security controls framework

that defines over 200 individual controls spread over 18 control families that take care of the

baseline information security requirements of an organisation.

The security controls baseline established by the standard includes the usage of a number of distinct

security technology groups, which can be divided into the following top level categories:

1. Category I: Understand & Protect

2. Category II: Monitor & Detect

3. Category III: Respond & Mitigate

1 Reference: NIST Special Publication 800-53, Revision 3

The following table shows the association between these three top level categories and the related

security technology groups:

Category Security Technology Groups

Category I: Understand & Protect Access control

Compliance monitoring and enforcement

Configuration management and assurance

Cryptography

Data loss prevention

Identity management

Information rights management

Mobile security

Network security

Security assessment

System integrity

Category II: Monitor & Detect Anti-malware (anti-spam, anti-virus, anti-phishing, secure browsing)

Audit and monitoring

IP traffic surveillance & monitoring

Personal and equipment tracking

Personal surveillance technology

Security incident management

SIEM products

Category III: Respond & Mitigate Denial of service protection

Forensic investigation

Offensive cyber warfare

The next sections of this chapter catalogue market solutions under the aforementioned security

technology groups. The cataloguing process captures market solutions offered by CYSPA partner

organisations. In addition to this, we had to find a way to ensure we capture a broad sense of the

market offerings from organisations that were not necessarily connected to the CYSPA consortium,

while at the same time limiting ourselves to only include solutions with a minimum degree of

credibility in the market. To help us with selecting these solutions, we undertook a study of Gartner

magic quadrants relating to our categorisation. Gartner Magic Quadrants are a culmination of

research in a specific market, giving a wide-angle view of the relative positions of the market's

offerings. They offer Gartner’s view on four categories of technology providers:

Leaders: Those who execute well against their current vision and are well positioned for

tomorrow.

Visionaries: Those who understand where the market is going or have a vision for changing

market rules, but do not yet, according to Gartner execute well.

Niche Players: Those focus successfully on a small segment, or are unfocused and do not out-

innovate or outperform others.

Challengers: Those execute well today or may dominate a large segment, but do not

demonstrate an understanding of market direction.

A study of 18 different Gartner magic quadrants facilitated our decision making as to which solutions

to include in our catalogue. We selected solutions mainly from those organisations categorized as

“leaders”. We do recognise however focusing on the leaders' quadrant isn't the only course of

possible action for organisations. There can be good reasons to consider market challengers or niche

players. It does depend on individual business goals of organisations, but Leaders in a broader sense

would fit the requirements for the CYSPA target sectors.

The cataloguing is presented in the following tabular format:

Provider Name Of solution and Description Specific Threat Application Specific

Application Sector

Name of the Solution Provider

Name of the solution and brief overview Specific Type of threat, if any, that the solution addresses. Correlated to threats highlighted in Impact Reports

Highlights if a solution is specifically suitable for one or more sector (Finance, Transport, energy, Telecoms, eGov) or whether it addresses one or more of the threat associated to the sector as highlighted in the Impact Reports

The next sections of this document represent the first CYSPA cataloguing of market solutions which

address cyber security.

4.2. Access Control Solutions

Any organisation must control the access to the Information systems of the organisation. The

management of the access includes authorisation, authentication, access approval, audit, identity

management, user privileges, security levels, etc. The entities that can perform actions in the

organisation systems are not only human users but also software services.

The essential services that the Access control technologies must provide are:

Authorisation

Identification and authentication

Access approval

Accountability.

The list of threats that the access control technologies must deal with is huge, and the impact in case

of success of these attacks in the organisation can be tremendous for the business and for the

corporate’s image.

4.2.1. Main solutions, with brief description

Provider Name Of solution and Description Specific Threat Application

Specific Application Sector/Area

BAE Systems Detica EnterpriseProtect: EnterpriseProtect is a commercial-grade gateway product securing interaction between a network and the internet. It allows businesses to segregate, or sandbox, applications that require open access to the Internet from those that do not. It breaks attackers’ infiltration and exfiltration paths to high-value commercial environments, defeating threats such as phishing, drive-by downloads, zero-day and unpatched vulnerabilities and data exfiltration via encrypted command and control channels, website upload and webmail. Additional benefits include simplification of the IT estate, increased user awareness and accountability, enhanced business agility, and improved insights into user behaviour

Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat

Commercial organisations, Cross Sector

Oracle Oracle Access Management Suite Plus is a solution for securing applications, data, web services and cloud-based services. The features includes are:

Authentication

Single Sign-on mobile

Social sign-on

Entitlement management

Fine-grained authorisation

Fraud detection

Risk-aware authentication

Security tokens services

Identity federation. Oracle Access Management provides an integrated modular architecture that enables customers to deploy a complete access solution.


Cross Sector Application

Oracle Oracle API Gateway: Acts as a control point for managing how internal users and applications are exposed to outside cloud offerings. Extends authentication authorisation. In cloud environments Oracle API Gateway allows:

Proxy and manage interactions with Cloud Services

Restrict, throttle and manage web services and REST APIs

SSO for web services and internet APIs

API key authentication


SOA services, cloud and mobile Application

Cisco Cisco Secure Access Control System serves as a policy administration point and policy decision point for policy-based network device access control, main features are:

Access policies rules based and attribute driven.

Authentication protocols PAP, MS-CAP, EAP-MD5, TLS, etc.

Integration with external identity and policy databases, Windows Active Directory, LDAP server and RSA token servers.



Cisco Cisco Identity Services Engine is as security policy management and control platform it automates and simplifies access control and security compliance for wired, and VPN connectivity. Cisco Identity Services Engine is primarily used to :

provide secure access

provide guest access

support BYOD initiatives

enforce usage policies



IBM Security Access Manager for Enterprise

IBM Security Access Manager for Enterprise Single Sign-On is a simple and flexible access management solution that combines single sign-on with session management and user tracking/audit capabilities. The product simplifies password management, supports a variety of strong authentication devices, and helps secure kiosks and shared workstations, enforcing compliance at the endpoints - Strengthens access control with

convenient single sign-on (SSO) to enterprise and mobile applications and with strong authentication support.

- Improves productivity by eliminating multiple passwords, simplifying the user experience and supporting mobility

- Increases auditability and compliance by tracking and auditing fine-grained user access to information


Cross Sector

SAP SAP Access Control allows organisations to confidently manage and reduce unauthorised access, fraud, and the cost of compliance across enterprise. Features include - Automatically detect and remediate

access risk violations across SAP and non-SAP systems

- Embed compliance checks and mandatory risk mitigation into business processes

- Empower users with self-service, workflow-driven access requests, and approvals

- Automate reviews of user access, role authorisations, risk violations, and control assignments

- Better manage super-user access controls with a centralized, closed-loop process

- Create a comprehensive audit trail of user and role management activities


Cross Sector

4.3. Compliance Monitoring and Enforcement Solutions

The security strategy of any organisation can be expressed in terms of rules, policies, or procedures

among others. After the implementation of the security strategy in the common operational

procedures, it is required to monitor that the rules, policies or procedures are followed in any

operation or transaction. Also it is required to detect if the security strategy has been properly

implemented and enforced.

The technologies involved in the compliance monitoring and Enforcement should provide:

Relevant information of the business activity

Information about implementation of the security strategy

Reports of security breaks.

Reports of policies compliance.

Reports of threats detected.

A clear picture of the system and of the organisation’s assets




ForeScout

CounterACT for Network Access Control: is an automated security control platform that lets an organisation see, monitor and control everything connected to the corporate network. Today most attacks come from inside a network, bypassing the security provided by traditional firewalls and IPS system. Modern threats include: Visitors, Wireless and mobile users, rogue devices, malware and botnets, compliance. ForeScout CounterACT automatically enforces whatever network access policies are defined. Features included:

integrated appliance

802.1X or not

Built-in RADIUS

Automated exception handling

Automated 802.1x troubleshooting and remediation

Tactical map

Guest registration

BYOD friendly

Real-time mobile device control

threat detection

Rogue device detection

Role-based access control

Flexible control options

Policy management

Out-of-band deployment, scalability

Optional agent

IT infrastructure integration, Reporting

Endpoint compliance, Data Exchange.

Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks


IBM

IBM compliance insight manager offering provides an easy-to-use security compliance dashboard that summarizes billions of log files. This allows analysts to quickly gain an overview of security compliance posture, understand user activities and security events in comparison to acceptable-use frameworks, and monitor privileged users and related security events.



Microsoft

Security Compliance Manager: SCM enables organisations to centrally plan, view, update, and export thousands of Group Policy settings for Microsoft client and server operating systems and applications. It makes it easier for organisations to plan, implement, and monitor security compliance baselines in their Active Directory infrastructure. With SCM, IT Professionals can obtain baseline policies based on security best practices, customize them to the particular needs of their organisation and export them to a number of formats for use in different scenarios. For example, SCM can be used to help create different baselines for mobile devices, laptops, desktops, high security desktops, traditional datacenters and private cloud environments.



IBM

IBM Endpoint Manager for Security and Compliance helps support endpoint security throughout an organisation. This software can help protect endpoints and assure regulators that security compliance standards are being met. Helps support continuous security and compliance using an intelligent agent that assesses and remediates issues. Manages hundreds of thousands of endpoints, both physical and virtual, regardless of location, connection, type or status. Simplifies operations with a single console for management, configuration, discovery and security functions. Delivers a broad range of security functions and gives the ability to add other targeted functions as needed, without adding infrastructure or implementation costs. Makes the most of BigFix technology. This single-infrastructure approach distributes decision-making to the endpoints.



4.4. Configuration Management and Assurance Solutions

An information system is composed of many components. Those components are interconnected

required to meet a variety of business, mission and information security needs. Any organisation

must assume that the information system is in a constant state of change in response to new

hardware or software capabilities, patches, new business requirements or new security threats. If the

configuration must be modified in order to implementing information systems changes it is required

to ensure that the required adjustments to the system configuration do not adversely affect the

security of the information system or the organisation from operation of the information system.

The dependence on the information systems has increased due to the ubiquity of information

technology. Organisations are facing an increase in the number and severity of threats that can have

adverse impacts on operations assets and individuals. The information Security Program address the

efforts aimed to manage organisational risk related to information systems.

The offer of the technologies must provide support for all the activities required for the

Configuration management:

Role definition

Elaboration of Configuration Management Plan

Configuration Item identification

Configuration Change Control

Configuration Monitoring

Risk management




Citrix CloudPlatform enables an organisation to orchestrate every workload from a single platform, so that short and long term needs of users and business objectives can be focused upon. CloudPlatform infrastructure management technologies provide a secure multitenant cloud environment to be built on shared datacenter hardware. Provide central administration of the cloud across different regions or availability zones.

Network sniffers Packet spoofing Session-hijacking Industrial espionage Analysis of vulnerabilities


HP HP Configuration Management System (CMS) is a set of tools for:

Collecting

Storing

Managing

Updating

Presenting data IT services configuration items (software and infrastructure) and about their relationships. HP Configuration Management System includes HP Universal Discovery (UD) and a federated configuration management database (UCMDB) that integrates with trusted sources.

Network sniffers Packet spoofing Session-hijacking Industrial espionage Analysis of vulnerabilities


4.5. Cryptography Technologies

Cryptography Technologies enable encryption of sensitive data to:

To protect the confidentiality and integrity of remote access sessions

To protect the integrity of audit information and audit tools

To implement Digital signatures

To protect information in storage

To protect classified information




McAfee McAfee Anti-Theft allows encryption and password-protect sensitive files on a PC.

Industrial espionage Network sniffers Packet spoofing Automated probes and scans DLP Advanced Persistent Threat


Sophos SafeGuard Enterprise, central data encryption and protection, makes regulatory compliance easier with policy enforcement and reporting. Delivers better data security through proven encryption algorithms and performance. Provides key management that lets authorised users shared data securely and easily.



Dell Dell Data Protection Encryption protects data and addresses compliance. DDP provides comprehensive data protection for:

Devices

External media

Public cloud storage. Implement encryption options ranging from simplified Microsoft BitLocker management to full disk encryption. Hardware Crypto Accelerator supports the highest level of FIPS 140-2 protection commercially available for system disks. Centralized management for remotely manage encryption and authentication policies with a single console.



SafeNet Hardware security modules (HSMs) provide protection for transactions, identities, and applications by:

Securing cryptographic keys

Provisioning encryption, decryption, authentication, and digital signing services.

SafeNet HSMs enable application developers to integrate security into custom applications.

Industrial espionage Network sniffers Packet spoofing Automated probes and scans Advanced Persistent Threat


4.6. Data Loss Prevention Solutions

Strategies for Data Loss Prevention are aimed at detecting potential data breach or data disclosure

by monitoring, detecting and blocking sensitive data while data is in-use, in-motion and at rest.

Network DLP techniques are based in the analysis of network traffic to detect sensitive

data that is being sent in violation of information security policies.

Endpoint DLP or in-use monitors activity in the endpoint workstations in the

organisation.

Data at Rest is referred to archived information stored in an endpoint, on a network

storage device, on a file server or on a backup system.




Novell Novell File Reporter The objective of data loss prevention is to avoid the loss or inappropriate access of sensitive data from network storage devices. Novell File Reporter provides comprehensive reporting on key aspects of any data loss prevention strategy including:

Data at rest

Data in use

Data identification. Reports can specify the data's location and when users last accessed or modified it. Additionally, Novell File Reporter can report on who can access this data. Using these reports, one can determine, based on the sensitivity and importance of the data, whether any additional precautionary measures need to be taken, such as moving the data, archiving it or changing access rights.

Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat

Cross sector application

Check Point software Technologies

Check Point DLP Software Blade combines technology and processes allowing Data Loss Prevention (DLP), helping businesses to pre-emptively protect sensitive information from unintentional loss, educating users on proper data handling policies and empowering them to remediate incidents in real-time. The features of this product are:

Check Point UserCheck

Protect Against Data Breaches Both Externally and Internally

Inspect SSL Encrypted Traffic

Check Point MultiSpect

Network-wide Protection Coverage

Watermarking

Fingerprint Sensitive Files

Whitelist Files and Repositories

Central Policy Management

Event Management

Rapid and Flexible Deployment

Integrated into Check Point Software Blade Architecture



Cisco CISCO Data Loss Prevention (DLP) is a data leakage protection solution that helps organisations assess risk and prevent data loss over the highest points of risk. It safeguards proprietary information against security threats due to enhanced employee mobility, new communication channels, and diverse services. Cisco DLP includes:



In-motion data leakage protection against loss over the web and through email, with policies that include content, context, and destination knowledge Services to understand data loss risk and develop data leakage protection strategies that incorporate people, processes, and technology Protecting at-rest data by encrypting backup tapes and other storage devices Providing data leakage protection from other avenues of risk, such as unauthorised physical or network access, malware, and end-user actions

IBM IBM Enterprise data loss prevention solution features include: - Helps enforce data protection policies to

enable more security-rich business processes

- Helps better manage compliance with corporate policies to protect business value and avoid fines

- Implements an integrated endpoint and network data loss prevention technology to help optimize data protection investment



4.7. Identity Management Solutions

The responsibility of any identity management system is:

Creation of electronic identities

Use of electronic identities

Termination of electronic identities.

The electronic identity can be determined by a password, by a token or by any kind of

biometric of any individual person, Face, iris, fingerprints, voice, etc.




Microsoft Microsoft Forefront Identity Manager Deliver self-service identity management for users, allows simplifying identity lifecycle management through automated workflows and business rules, and provides easy integration with heterogeneous platforms. Features:

Policy management

Credential management

User management

Group management

Access management Compliance

Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning Advanced Persistent Threat techniques. Targeting of specific users. Identity Theft Social media


Oracle Oracle Identity Management is a complete and integrated, next-generation identity

Automated probes and scans.


management platform that provides breakthrough scalability; enables organisations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. This platform provides:

Directory Services

Simplified Identity Governance

Managing High Risk Accounts

Mobile and Social Access

Access Management

Single Sign On services.

Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Identity Theft Advanced Persistent Threat Social media

CA Technologies The CA identity management and governance includes CA GovernanceMinder and CA IdentityMinder. This solution provides automating identity-related controls across physical, virtual and cloud environments.

Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Advanced Persistent Threat Identity Threat Social media


SAP SAP NetWeaver Identity Management allows: - Lower IT support costs and reduce risk

with centralized user identification management

- Improve productivity with self-services such as automatic password resets and rules-driven workflows

- Boost flexibility with standards-based functionality that integrates fully with company processes

- Improve insight and compliance with centralized, integrated logging and reporting

Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Advanced Persistent Threat Identity Threat Social media


4.8. Information Rights Management Solutions

These technologies are considered as a type of the digital rights management aimed to protect

sensitive information from unauthorised access. Whereas digital rights management technologies

are associated with the protection of media content like music and video. Information Rights

management allows that information and its control have separated lifecycles.

The IRM technologies possess the following features:

Secure and track all copies of information.

Information encryption

Control of editing features copy & paste, preventing screenshots, printing.

Rights model/policy

Allow for revocable offline working

Full auditing of access to document and changes to the rights/policy by business users.




Documentum-emc Documentum Information rights management (IRM) for unauthorised access prevention to secured content enabling organisations to maintain control of information rights beyond firewall:

Mobility and secure access

Persistent protection

Dynamic policy control Continuous audit trail

Industrial espionage APT Social engineering


McAfee McAfee Data Protection Suite for Rights management automatically discovers sensitive data and applies policy-based usage and data access restrictions to safeguard critical information wherever it resides.



Adobe Adobe LiveCycle Rights Management ES2 enable more secure collaboration by helping to maintain control over processes such as product development collaboration, supplier collaboration, work instructions, and field service management:

Reduce the risk of theft and misuse of sensitive information

Protect, manage, and monitor the use of sensitive documents outside the firewall.

Rights manage sensitive information from a wide range of applications and file formats



4.9. Mobile Security Technologies

Mobile devices are ubiquitous today, not only in the personal use but also companies are taking

advantage of these devices in daily operations. Therefore mobile devices need to support multiple

security objectives like confidentiality, integrity and availability. Herein there is a list of threats that

mobile devices must tackle with:

Lack of Physical Security Controls

Use of untrusted Mobile Devices-BYOD

Use of untrusted networks

Use of Applications Created by Unknown Parties

Interaction with other systems

Use of Untrusted Content

Use of Location Services


Provider Name Of solution and Description Specific Threat Application Specific Application Sector

CISCO Cisco AnyConnect: Provides:

• Context-aware, comprehensive, and

preemptive security policy enforcement

• Intelligent, seamless, and always-on

connectivity experience

• Secure mobility across today’s proliferating

managed and unmanaged mobile devices

Mobile Malware Cross Sector Application

McAfee McAfee Secure Container for Android: software

creates an encrypted and manageable data

store on each smartphone and tablet.

Enterprise data stays locked inside the

container, safe from malware and risky

interaction with the personal apps, games, and

messaging the users loves on their devices.

If the device is stolen or misplaced, the

container can be remotely locked and wiped

without affecting the rest of the data on the

device

Container ensures that Microsoft Word

Documents and Adobe PDFs that are sent as

corporate email or calendar attachments are

opened in an encrypted viewer, and prevents

the ability to copy, paste, or save the document

content elsewhere.

Cyber Espionage

DLP


McAfee McAfee Virus Scan Mobile

Detect threats in real time

Block malware in email, text messages, and

attachments without any noticeable delay.

McAfee VirusScan Mobile scans for a range of

malicious threats in less than 200 milliseconds,

providing automatic and comprehensive

protection for smartphones.

Safeguard corporate assets

Keep confidential corporate and customer

information safe. Trust VirusScan Mobile to

protect mobile devices from viruses, worms,

dialers, Trojans, and other malicious code that

can cause the loss of vital data.

Mobile Malware Cross Sector Application

McAfee McAfee Enterprise Mobility Management: Integrated solution, couple Virus Scan and Secure Container products with Policy management. Aims to offer:


Data and application security

Full device management

Device and OS support for widely-used platforms

BYOD Support

Policy-based security

Enterprise-class scalability

Unified management

Security for mobile and traditional endpoints from the

MobileIron Sentry: MobileIron Sentry is an intelligent gateway that provides secure tunnelling and access control to protect data-in-motion. Supports email, app, document, and web traffic, and establishes session trust through the use of certificates to prevent man-in-the-middle attacks. With Sentry, only secured and authorised services can access enterprise resources, and that access can be automatically disabled if the mobile user or device falls out of compliance.

Man in the mobile attack Cyber Espionage

Cross Sector

MobileIron Docs@Work: Creates a secure content hub for the end user to access and manage corporate documents. This hub allows the user to securely view and store documents in specific apps on their device which are defined by IT. The secure content hub can also selectively wipe documents when a user or device falls out of compliance and blocks clipboard actions (cut/copy/paste) for enterprise content. Docs@Work 1) Controls whether third-party apps can access stored documents and 2) Utilizes policies, users, roles, groups, and permissions. The App is also able to scan and assess

Mobile Malware Cross Sector

MobileIron Web@Work: Secure Access to Enterprise Web Content and Mobile Web Apps Web@Work enables secure web browsing by protecting both data-in-motion and data-at-rest on the device. Secure data-in-motion – Enterprise web traffic is tunneled through MobileIron Sentry for secure transport and access control. To comply with privacy laws required in some geographies, IT can enable split-tunnel configurations. This allows external websites to bypass Sentry and IT visibility. Browser-exclusive tunnel – Unlike a VPN, the tunnel is exclusive to Web@Work, meaning IT can restrict access to only those internal web resources users require based on their group membership in the enterprise directory or other user and device characteristics. If the user or device falls out of compliance, the tunnel will be automatically blocked until the compliance

Secure Browsing Cross Sector

4.10. Network Security Solutions

There are many threats that a corporate network must tackle with in order to grant the security for

the business users within the network. To mention some of the attacks:

ARP poisoning

Buffer overflow

Cyber attack

Denial-of-service

Idle scanner

Man in the middle.

The number of technologies in the field of network security is huge, from physical to logical security:

issue is remediated. VPN is not required.

BAE Systems

Detica

MobileProtect: MobileProtect, powered by StreamShield, is a global cloud-based solution. It uses our StreamShield content security gateway to provide flexible URL filtering for employee provisioned mobile devices operating on iOS, Android and Windows 7 & 8. MobileProtect integrates with the service provider’s Mobile Device Management (MDM) platform providing a seamless process for provisioning new devices. Policies set up on the MDM are automatically synchronized with the MobileProtect management hub meaning no additional administration is required. DeviceProtect: Our DeviceProtect solution provides front-line operational staff with access to local and global operational and business intelligence systems on the move. Our devices can be accredited to handle data at high protective marking levels for government use. They are also suitable for commercial organisations seeking high levels of protection. Our device technologies include Mobile Data Terminals, PDAs, laptop PCs and will soon cover the latest tablets and smartphones. When combined with MobileProtect, our network gateway and monitoring capabilities and experience developing and managing mobile applications we offer highly secure and resilient communications to operational teams. This delivers improved intelligence flows and data quality, enables better decision making, increases operator productivity and efficiency and provides enhanced situational awareness.

Cross Sector Application Secure government, commercial organisations with front line/mobile operatives

SAP SAP Mobile Secure enables: - Protection of critical corporate data with

the scalable, secure architecture - Scalable and flexible deployment methods

Cloud or On-Premise - Support for both personally owned and

Bring Your Own Device (BYOD) scenarios

Mobile Malware

IBM IBM MobileFirst Security access Manager and Security AppScan

Mobile Malware, mobile app security

Cross Cutting, Financial servcies

Firewall

Antivirus/malware software

Monitors

Strong authentication, strong encryption

DMZ

Whitelist for wireless connections.


Provider Name Of solution and Description Specific Threat Application Specific Application Sector

Juniper networks Juniper Networks network security system includes:

SA Series SSL VPN appliances

IDP Series Intrusion Detections and Prevention Appliances

SRX Series Services Gateways. Juniper Networks provides a scalable IP network security system that is built to provide the performance required to support next-generation services such as VoIP and IPTV. The IP network security system leverages industry-leading technology to protect the service provider network from both known and unknown network security threats.

Network sniffers Packet spoofing Automated probes and scan Distributed attack tools Advanced Persistent Threat


Cisco Application Centric Infrastructure Security Solutions, protects data centers and cloud deployments. It provides security policy-based. The security can be deployed for transaction – completely independent of the underlying topology. ACI management tools provide a single point of control for both network and security management.

Network sniffers Packet spoofing Automated probes and scan Distributed attack tools

Cross Sector

BAE Systems Detica

Interactive link data diode: We offer both 100mbps and 1gbps data diodes evaluated to Common Criteria EAL 7+.Our accompanying software suite provides interfaces for a range of IP protocols, SMTP and file transfer as well as a high availability solution and management. Data diodes provide a hardware enforced one-way only connection between two networks. Our Interactive Link family are suited to a wide range of applications in both government and commercial markets. The combination of high assurance and advanced functionality result in them being trusted by many governments and businesses to protect their most sensitive data.

Network sniffers Packet spoofing Automated probes and scan Distributed attack tools Advanced Persistent Threat

Cross Sector

BAE Systems Detica

Secure Export Gateway: SEG is a high assurance electronic gateway component that is currently used by the UK and international governments. It ensures that only authorised systems are allowed to send data across the network boundary it protects and allows one way communication. It is suited to all situations

Advanced Persistent Threat Network sniffers Packet spoofing Automated probes and scan Distributed attack tools Advanced Persistent

Cross Sector

where an information release business process must be enforced, for example the provision of updates to industrial control systems or the release of information to networks of lower classification.. It is designed for use up to UK Government Impact Level 6.

Threat

4.11. Security Assessment Solutions

The process of security Assessment is the principal mechanism to verify that the security goals and

objectives have been properly implemented and correctly operated. The output of the assessment is

to provide useful information about:

The effectiveness of security controls in the information systems.

KPIs of the quality of the risk management process.

Analysis of vulnerabilities of the information systems in a global environment and

changing threats.


Provider Name Of solution and Description

Specific Threat Application Specific Application Sector

Cisco Cisco Security Auditor 1.0 enables to audit their network infrastructure against corporate security policies and industry best practices. Key product features include:

An extensive built-in library of security policies based on guidelines from the National Security Agency (NSA), SAFE Blueprints from Cisco, and the Center for Internet Security (CIS)

Ability to import device list from various sources (for example, RME, DCR, local directory, CSV, XML, other Network Management platforms) on an on-demand or scheduled basis

Ability to group devices into static/dynamic device groups based on device attributes

Ability to assign a weight to a security policy to reflect its importance; both raw and weighted results reflected in audit reports

Ability to define which specific policies to check or not check for a defined group of devices; for those policies checked, the ability to customize the policy parameters

Ability to conduct audits online on a live network or offline using locally stored or remotely accessible configuration files

Ability to conduct audits on demand or

Automated probes and Scans Advanced Persistent Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users


automatically according to a defined schedule

A wide variety of standard reports from executive-summary graphical reports down to specific policy pass/fail results with recommended corrective actions

Bottom 10 device report to quickly identify the devices with the poorest security policy compliance

Bottom 10 policy report to quickly identify the security policies with the poorest compliance

Trending reports to visualize compliance of the network over time

HP HP Security Assessment Tool this tool provides a methodology to evaluate the effectiveness of the information security. It cover five critical areas:

Fundamental services management

Strategy management

Infrastructure management

Issue management

Compliance management



4.12. System Integrity Solutions

It is considered that the system integrity is completely assured when under all conditions an IT

system is based on:

Data integrity

The logical completeness of the hardware and software

The logical correctness and reliability of the operating system

The technologies required have to cover a wide range in order to audit the system integrity in a

complex business environment. To mention some: data bases, non-sql database, big-data, business

logic, operative systems, servers, network devices, storage appliances, load balancers, etc.




Cimcor Inc CimTrak is a security, integrity and compliance application that is easy to deploy and scales to the largest of global networks.

Automated detection process

Flexible response options

Auditing capabilities

Compliance, information assurance.



Assuria Assuria Auditor provides automated vulnerability assessment and configuration assurance for servers and endpoints through a blend of Resident Agent

Automated probes and Scans Advanced Persistent


4.13. Anti-malware Solutions (anti-spam, anti-virus, anti-phishing, secure browsing)

In the current global world of internet where software can be acquired everywhere, there is a big risk

that malware could be introduced in the organisations information systems, either intentionally or

unintentionally. This software potentially can be used to disrupt services, gather sensitive

information or any unauthorised use of the resources of the information systems.




Sophos Sophos Endpoint Antivirus for computers and servers plus web filtering. Effective and efficient protection with minimal impact Block web-borne threats before they’re download Antivirus, HIPS, device control, application control and DLP.

Malware Viruses Spyware Rootkits Trojans Adware PUAs DLP


Symantec Symantec Endpoint Protection for servers provides strong host-based intrusion capabilities. SEP provides a EPP solution, including:

anti-malware protection

device control

Sonar engine for behavioral heuristics.

Encryption capabilities

DLP

A plug-in to the SPC provides IT analytics capabilities and offers data cubes for the analysis of SEP data.

Symantec has MDM capabilities

Symantec Power Eraser is a tool for scrubbing hard-to-remove infections and provides a free alternative to Malwarebytes.

Malware Viruses Spyware Rootkits Trojans Adware PUAs DLP


Kaspersky lab Kaspersky Anti-Virus product to keep PC and data secure against malware.

Advanced Antivirus

Real time protection

Instant Safety Check

Virus infections Cybercriminals Malware


McAfee McAfee Total Protection provides protection :

Anti-virus

Anti-spyware

Anti-spam

Anti-phishing

Two-way Firewall

Malware Viruses Spyware Rootkits Trojans Adware


and Remote Agentless scanning approaches:

Server hardening

Vulnerability Assessment

Compliance Assessment

Change detection

Inventory reporting

Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users

Website Safety Ratings

Parental Controls

Online Backup

PUAs

BAE Systems Detica

Detica CyberReveal® is the multi-threat

monitoring, analytics, investigation and

response product. It enables security analysts

to identify and manage cyber threats quickly

and efficiently. It provides big data correlation,

security analytics, contextual information

linking and threat intelligence all

Features include:

CyberReveal Platform™ enables security analysts to rapidly query and analyse huge volumes of data. This scalable platform is built to meet the needs of the enterprise without the linear expense of ‘Big Data’ solutions.

CyberReveal Analytics™ represents of BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.

CyberReveal Investigator™ gives insight through a single unified view across the whole security estate. It enables security analysts to make appropriate decisions quickly, without the need for specialist technical skills while supporting collaboration across the security organisation.

Malware Viruses Spyware Rootkits Trojans Adware PUAs

BAE Systems Detica

EnterpriseProtect: EnterpriseProtect is a commercial-grade gateway product securing interaction between an organisations network and the internet. It allows businesses to segregate or “sandbox” applications that require open access to the Internet from those that do not. It breaks attackers’ infiltration and exfiltration paths to high-value commercial environments, defeating threats such as phishing, drive-by downloads, zero-day and unpatched vulnerabilities and data exfiltration via encrypted command and control channels, website upload and webmail. Additional benefits include simplification of the IT estate, increased user awareness and accountability, enhanced business agility, and improved insights into user behaviour.


Selex FireEye is a threat protection solution focused on combating advanced malware, zero-day and targeted APT attacks. The FireEye solution supplements security defences such as next generation and traditional firewalls, IPS, AV and Web gateways, which can’t stop advanced malware. These technologies leave significant security holes in the majority of corporate networks. FireEye’s Malware Protection Systems feature both inbound and outbound protection and a signature-less analysis engine that utilizes the most sophisticated


Cross Sector

virtual execution engine in the world to stop advanced threats that attack over Web and e-mail.

4.14. Audit and Monitoring Solutions

Audit and monitoring are different activities but both with the same goal, security assessment of the

information system. The processes are not the same, continuous auditing performs activities on a

frequent repeated basis, to provide ongoing assurance and more timely insight into risk and control

issues. Continuous monitoring key business process transactions and controls are constantly

assessed. This permits ongoing insight into the effectiveness of control and immediate response to

cyber-attacks or threats.

In both cases it is required a process of measure specific metrics with different scope if required

regarding the activity, audit or monitoring, and reporting tools that provide the required information

to the security management.




Oracle Oracle Audit Vault and Database Firewall monitors database traffic to detect and block threats, as well as improves compliance reporting by consolidating audit data from databases, operating systems, directories and other sources

DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users


CXL ltd. AZScan is a tool for auditing the security of mid-range systems:

Review and report systems

Reporting for non-experts of problems, risks and recommended solutions

Creation of actionable business plans

DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user


BAE Systems Detica





and efficiently. It provides big data

correlation, security analytics, contextual

information linking and threat intelligence all

Features include:


CyberReveal Analytics™ represents of



BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.


BAE Systems Detica Protective Monitoring monitors network

security systems in real time 24/7 and raises

fully qualified and prioritised security

incidents at the point action is required

Our clear, concise security advice is backed up

by decades of experience in information

security and our UK government certified

incident response service.

Leveraging an organisations existing security

technologies they can extract maximum value

from existing investment. And our near-zero

false positive rate ensures an organisations IT

team’s efforts are focussed on the most

important threats.

Protective Monitoring helps an organisation

to achieve cost-effective security hygiene to

reduce the business impact of high-frequency,

low-grade attacks.



BAE Systems Detica

Advanced Threat Detection monitors a

network for sophisticated attacks hiding in

legitimate activity to breach perimeter

defences.

Our Detica CyberReveal platform analyses

the behaviour of devices on a network and

their connections with the Internet to pick

out attacks from within legitimate network

traffic. Skilled security analysts investigate

suspicious activity and raise security

incidents when action needs to be taken.

Our Threat Intelligence function monitors key

attack groups, ensuring that the latest

techniques can be detected.

Advanced Threat Detection helps to stop

sophisticated attacks with the potential for

serious impact to a business before the

damage is done.



BAE Systems Detica Security Device Management takes away the

DLP Industrial espionage

problem of constantly maintaining security

systems, providing full lifecycle management

of the devices on a network. This includes

configuration, backups, software upgrades

and patching. 24/7 monitoring for availability

and performance is also included.

We pro-actively update devices in response to

security incidents or known threats, updating

proxy white or black lists or deploying IPS

signatures for example.

We take full advantage of our Threat

Intelligence function and intelligence gleaned

from attacks across our client base to ensure

that an organisations perimeter security is as

effective as it can be in blocking known

threats.

Analysis of vulnerability Distributed attack tools Targeting of specific user

4.15. IP Traffic Surveillance & Monitoring Solutions

The virus threat cannot be 100% avoided with anti-virus protection, especially from Trojan horses

and malicious spyware programs. There are many threats that only can be detected analysing the IP

traffic, other way they remain hidden. Specific devices must be devoted to this task to avoid network

overhead, and to provide useful information that could prevent and detect any menace to the

security and integrity of the organisation’s network and system.



Specific Application Sector

Wireshark Cascade Shark VE:

WLAN packet capture and transmission

Full 802.11 a/b/g/n support

View management, control and data frames

Multi-channel aggregation

Packets analysis Reporting

Network sniffers Packet spoofing Automated probes and scan Wide scale Trojan distribution and worms


Paessler PRTG Network Monitor is a IP traffic monitor:

Packet sniffing

Netflow monitor

Bandwidth usage

Availability monitoring

Wireless network troubleshooting

Network sniffers Packet spoofing Automated probes and scan Wide scale Trojan distribution and worms


BAE Systems Detica






and efficiently. It provides big data correlation,

security analytics, contextual information

linking and threat intelligence all

Features include:


CyberReveal Analytics™ represents of BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.


4.16. Personal and Equipment Tracking Solutions

The number of items, devices and personnel that compose the value chain of any product or service

is huge, and today the mobility of all of them is increasing day by day. Therefore it is critical for

organisations locating the components of the value chain to avoid attacks, thefts and to protect the

items, persons and the business. The technologies employed must be the less intrusive possible and

must allow the localization of the subjects of interest at any time. Although it can be considered

physical security, the protection of some key assets helps to prevent many cyber-attacks because

they can provide access to the information systems of the organisation, for example mobile devices.



Application Sector

SILENT PARTNER RFID equipment tracking solutions, Accurate Asset inventory:

Fixed Asset financial reporting

Equipment maintenance scheduling

Efficient asset utilization, redeployment and retirement

Capture accurate equipment locations

Social engineering attacks Advanced persistent Threat


Pocketfinder GPS Trakers for personnel, and equipment location. Allocation in maps.

Social engineering attacks Advanced persistent Threat


4.17. Security Incident Management Solutions

The sophistication of the cyber-attacks is increasing as the same rhythm that security measures are

improving, therefore security breaches will occur in our system. These security incidents must be

detected through continuous monitoring of security events and the subsequent execution of the

proper response by the security management.

After the security incident is solved, it is required an incident investigation, required to improve the

responses and to learn more about the strengths and weaknesses of the organisation’s system.



Application Sector

TIBCO

Tibco Loglogic security event manager enables better identification of even the most sophisticated threats to IT infrastructure and assets:

Actionable security intelligence within seconds

Sophisticated incident management and trouble ticketing integration

Instant real time protection

Malware DLP Advanced Persistent threat


GoToAssist GoToAssist Service Desk is a tool that supports people for manage, track and resolve issues.

Manage incidents to resolve issues

Routing service desk records and assign appropriate priorities

Track infrastructure changes and releases

Malware DLP Advanced Persistent threat


4.18. SIEM Products

The Security Information and Event Management (SIEM) is a software system devoted to provide

real-time analysis of security alerts generated by network devices or organisation’s applications.

The SIEM product can be composed by software, devices and services as well as reporting tools and

dashboard services. Herein a list of the required capabilities:

Data aggregation

Correlation

Alerting

Dashboards

Compliance

Retention

Forensic Analysis.

All these capabilities help security management in the tasks of manage service privileges, log auditing

and generate incident response.



Specific Application Sector

HP HP ArcSight platform analyses and correlates every event that occurs across the organisation-login, logoff, file access, database query, etc.- in order to deliver accurate prioritization of security risks and compliance violations.

Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software


Splunk Splunk Enterprise is a platform for real-time operational intelligence. It analyses and visualizes the massive streams of machine data generated by IT systems and technology infrastructure- physical, virtual and in the cloud.



NetIQ NetIQ Sentinel it is a Security Information and Event Management solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers “actionable intelligence” required to quickly understand their threat posture and prioritize response.

Collect, retain and report against log data.

Detect out-of-the box threats

Monitoring of user activities

Collection, storage, analysis and management of IT infrastructure event and security logs.



Tripwire Tripwire Log Center is a product that provides log intelligence with advanced correlation, visualization, and trend analysis of log data for early indicators of potentially unauthorised activity.



Logpoint Logpoint enables the correlation of events and reporting on critical business operation in real-time, allowing enterprises to gather insight and understand the context of billions of events generated daily by both core business applications as well as the infrastructure supporting and enabling the business. LogPoint provides a rich analysis platform and out-of-the-box dashboarding and reporting



for infrastructure and critical business applications, enabling effective management and measurements of the enterprise security.

Perform analysis of security events a APTs

Automate and optimize the time spent meeting compliance and regulatory guidelines.

Articulate and define the efficiency potential within the enterprise.

Obtain data needed for business-process reengineering.

Identify misconfiguration and errors within the infrastructure. Gain substantial time-reduction when conducting root-cause analysis.

AlienVault

AlienVault Open Source Security Information Management, OSSIM is an open source SIEM system, providing the essential security capabilities built into a unified platform by integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention. The software is distributed freely under the GNU General Public License. Unlike the individual components which may be installed onto an existing system, OSSIM is distributed as an installable ISO image designed to be deployed to a physical or virtual host as the core operating system of the host. OSSIM is built using Debian GNU/Linux distribution as its underlying operating system .



4.19. Denial of Service Protection Solutions

Denial of Service or Distributed Denial of Service is a cyber-attack technique which aim is to make a

resource unavailable interrupting the service it provides. These kinds of attacks can be sent by one

attacker or more attackers, the attacker can be physical persons, systems or bots. The technologies

employed to prevent and to handle the DoS attack cover many hardware and software solutions:

Firewalls

Switches

Routers

IPS based detection

Application front en hardware


Provider Name of solution and Description


Radware Radware’s family of security solutions provide integrated application and network security.

Denial of Service attack Cross Sector Application

The Attack Mitigation Systems (AMS) protects application infrastructure in real time against network and application downtime, application vulnerability exploitation, malware spread, Denial of Service attack and Distributed Denial of Service attacks

CISCO Cisco IOS integrated services, Cisco embeds network security into the hardware, routers, switches, etc. providing additional protection against Denial of Service attacks among other threats.


BAE Systems Detica

Digital Forensics: If a network is

breached or other malicious activity is detected, a detailed forensic investigation may be required. Our team of forensic experts follow industry best practice to ensure that the integrity of original evidence is maintained from initial response to court proceedings if required. We follow a well-documented, repeatable process across all digital platforms including computers, mobile phones, storage and other ICT systems. We carry out successful operations into highly sensitive issues on behalf of government agencies and commercial organisations at our ISO 17025 accredited lab.


BAE Systems Detica

Malware analysis and reverse engineering: When an organisation

identifies an unknown threat in its environment, our specialist team uses dynamic threat analysis and reverse engineering to interpret the threat. We then present the results in an appropriate manner for both technical and business audiences.


4.20. Forensic Investigation Solutions

After a security incident has occurred and solved, it is required to analyse the chain of events to

gather the information required to provide legal evidence for further actions against the hacker or

cyber-terrorist that have perpetrated the illegal action on the organisation’s information system.

The forensic investigation is associated with a wide variety of techniques for data recovery with the

goal of creating a legal audit trail.

The investigations are performed on static data and some of the required techniques are:

Cross-drive analysis

Live analysis

Physical analysis of deleted files.

Analysis of volatile data



Application Sector

Guidance EnCase Forensic solution enables:

Rapid acquisition of data from the widest variety of devices

Unearth potential evidence with disk-level forensic analysis

Produce comprehensive reports on findings

Maintain the integrity of evidence in a format the courts have come to trust.

Malware Executable code attacks Automated widespread attacks Industrial espionage Anti-forensic techniques


AccessData Forensic Toolkit is an integrated computer forensics solution:

Create images, process a wide range of data types from forensic images to email archives analyse the registry, conduct an investigation, decrypt files, crack passwords, and build a report.

Recover of passwords

KFF has library

Advanced, automated analysis without the scripting.

Malware Executable code attacks Automated widespread attacks Industrial espionage Anti-forensic techniques


5. Available Research Results

5.1. Existing Research Results

This section looks at existing results from the European research arena, and the areas of cyber

security they address. In order to compile this section, CYSPA undertook a study of 53 European

research projects in an attempt to provide a concise view of their results. The full list of these

projects can be found in annex I of this document. In addition, we attempted to map European

Research projects (in collaboration with Seccord project WP5 and WP3 activity www.seccord.eu ) to

the cyber security topics they address. This mapping can be seen in annex II of this document. The EU

driven research landscape was found to be very diverse with a leading role played by security

projects funded by the EU commission, but national member states also have a number of

cybersecurity focus research funding activities. In order to focus our activity and directly collect

information from within the projects themselves, CYSPA decided to continue to partner with another

EU initiative (SecCord project, www.seccord.eu). The following sections of this chapter focus on some

of the completed projects, or projects whereby the results and tools are now available, in high level

detail. A comprehensive account of upcoming project results can be found in CYSPA deliverable 3.2

“Upcoming results from research initiatives”



5.1.1. AVANTSSAR

Acronym AVANTSSAR

Project Automated VAlidatioN of Trust and Security of Service-oriented ARchitectures

Website http://www.avantssar.eu Classification Trustworthy Service Infrastructures

Objectives of the Project

Driven by rapidly changing requirements and business needs, IT systems and applications are

undergoing a paradigm shift: components are replaced by services, distributed over the network, and

composed and reconfigured dynamically in a demand-driven way into service-oriented architectures.

Exposing services in future network infrastructures entails a wide range of trust and security issues.

Therefore there is a need for validation of both the service components and their composition into

secure service architectures.

AVANTSSAR has proposed a rigorous technology for the formal specification and automated

validation of trust and security of service-oriented architectures. This technology was automated into

an integrated toolset, the AVANTSSAR validation platform, tuned on relevant industrial case studies.

Innovation targets

The project has developed:

- ASLan++ - a formal language for specifying trust and security properties of services, their

associated policies, and their composition into service architectures.

- Automated techniques to reason about dynamic composite services, and their associated

security policies.

- The AVANTSSAR validation platform - an automated toolset for validating trust and security

aspects of service-oriented architectures.

- A library of validated composed services and service architectures, proving that our

technology scales to envisaged applications.

Impact

Migrating project results to industrial development environments and standardization organisations

may speed up the development of new network and service infrastructures, enhance their security

and robustness, and increase the public acceptance of emerging IT systems and applications based

on them. The project has included Industry Migration to facilitate exploitation of the AVANTSSAR

results; experiences and lessons learned during the AVANTSSAR technology migration are presented

in the deliverables of this work package.

CYSPA Interest

CYSPA could look to explore or learn from project activity which has tried to transfer project results

to standards organisations and industry. This may form part of CYSPA activity in developing cyber

security standards for organisations as referred to in CYSPA D4.1.2 “Detailed Table of Contents of the

European Strategy to Protect Cyberspace”

5.1.2. CONSEQUENCE

Acronym CONSEQUENCE

Project Context-aware data-centric information sharing Website http://www.consequence-project.eu Classification Trustworthy Service Infrastructures, Technology & Tools

http://www.avantssar.eu/

http://www.consequence-project.eu/

Objectives

The CONSEQUENCE project has worked on a data-centric information protection framework based

on data-sharing agreements. While data exchange is vital for the society today it is often hindered by

privacy and confidentiality threats associated with unauthorised data sharing. The CONSEQUENCE

project devised its framework for data sharing taking into account not only technological, but also

economical and social aspects of data exchange.

Innovation targets:

CONSEQUENCE has achieved:

- A scalable, secure, context-aware and resilient architecture for data sharing that enables

dynamic policy management and enforcement, and end-do-end data protection across

multiple organisations.

- A technique for organisation-neutral data sharing agreements (including models, algorithms

and tools).

- A proof-of-concept implementation of the CONSEQUENCE data-sharing framework.

Impact

The project has especially focused on data sharing in emergency situations. One of the test cases

used in the project for validation was a critical management testbed provided by BAE systems.

Evaluation of the CONSEQUENCE system on this testbed is reported in D5.4 of the project. The

project’s results may prove useful in the emergency situations context, as well as in the context of

sensitive data sharing across multiple companies.

CYSPA Interest

CYSPA could explore the project results further as part of its potential activity in

enhancing/developing Standards for sharing cyber incident and threat information as highlighted in

CYSPA D4.1.2 “Detailed Table of Contents of the European Strategy to Protect Cyberspace”

5.1.3. MASTER

Acronym MASTER

Project Managing assurance, security and trust for services Website Website is not maintained

http://www.master-fp7.eu Classification Trustworthy Service Infrastructures

Objectives The MASTER project aimed at developing a system for ensuring compliance with regulations, internal

policies and contractual obligations by an organisation. Today organisations may have quite complex

and unpredictable business processes, while accountability and regulatory compliance have widely

become mandatory. Therefore a structured and possibly automated approach to governance, risk

and compliance (GRC) is a goal for many companies. MASTER has fulfilled this demand by delivering a

system that assists compliance management in many aspects: by monitoring organisational

performance, enforcing policies and assessing the compliance level.

Innovation targets

MASTER has delivered the following key results:

- The MASTER methodology that describes how an organisation can derive specific activities to

be done and control objectives from high level regulations and policies (delivered in work

package 8.2)

- The MASTER design workbench – a tool to translate high-level regulations and policies into

low-level policies that control management process in an organisation. The tool was

delivered in work package 8.3

Impact

The MASTER approach can increase security in organisations and ensure compliance with the EU

regulations and industry standards. Some parts of the MASTER methodology can be used as an input

to a compliance assessment process standard. The project has validated its results on two case

studies – in an insurance company and in a hospital.

CYSPA Interest

As the project has a specific use case in insurance, which forms part of the Financial Services Sector

within CYSPA, CYSPA could look to leverage the learnings from this project as part of its potential

activities in aiding uptake of sector specific solutions which contribute to reducing cyber disruption.

Another aspect to explore could be whether the project results can also contribute to potential

CYSPA activity in working with insurance companies to improve cyber risk management as

highlighted in CYSPA D4.1.2 “Detailed Table of Contents of the European Strategy to Protect

Cyberspace”

http://www.master-fp7.eu/

5.1.4. MICIE

Acronym MICIE

Project Tool for systemic risk analysis and secure mediation of data exchanged across linked CI information infrastructures

Website http://www.micie.eu Classification Critical Information Infrastructure Protection

Objectives

The MICIE consortium was contributing to the Critical Infrastructure (CI) protection. Critical

Infrastructures can be damaged by malicious activities or natural disasters. Disruptions in the CI

facilities can be a serious threat to the society. It is therefore crucial to ensure security and reliability

of CIs as well as to be able to have disaster notification and recovery services in place. The MICIE

project has developed an alerting system to identify in real time the level of possible threats induced

on a particular CI or on other interdepended critical facilities, and notify the authorities providing

them a real risk level.

Innovation targets

MICIE has produced the alerting system including the following innovative components:

- The off-line design of critical infrastructure models that are able to detect dominant

dynamics from a series of occurring undesired events.

- The MICIE secure mediation gateways responsible for collection of undesired events,

translation of these events into a common meta-data model and exchange of the meta-data.

- The MICIE on-line risk prediction tool that is able to predict the risk levels in real time from

the CI models and the meta-data received.

Impact

The MICIE project results are directly in line with the EU initiative to establish a Critical Infrastructure

Warning Information Network (CIWIN), contributing to safety of the EU society.

The energy distribution domain was chosen as an application for validation of the project results. The

project has evaluated whether the MICIE tool could increase the quality of service in this domain.

After analysing the communication fault events and their influence on the quality of service of the

electric energy supply in presence of the MICIE tool and without it, the consortium has concluded

that the MICIE technology can increase the quality of service by assisting the operator in identifying

faults and countermeasures.

CYSPA Interest

There is a clear potential for CYSPA to leverage work in this project to explore aiding uptake of sector

specific solutions which contribute to reducing cyber disruption (energy sector). Also results can be

considered for delivery of the following strategic options as highlighted in CYSPA D4.1.2 “Detailed

Table of Contents of the European Strategy to Protect Cyberspace”

“Collaborating with critical infrastructure operators through CIWIN”

http://www.micie.eu/

5.1.5. PICOS

Acronym PICOS

Project Privacy and identity management for community services Website http://www.picos-project.eu Classification Privacy Management

Objectives The main goal of the PICOS project was to advance the state-of-the-art in technologies providing

privacy-enhanced identity and trust management features within complex services such as online

communities managed by mobile communication service providers. PICOS aimed at building and

trying out with real users of a privacy-respecting identity management platform that supports

provision of online community services and a client application for this platform.

Innovation targets

PICOS has delivered the following innovative technologies:

- The Partial Identity concept that allows users to reveal only selected personal information as

their identity (e.g. a position at a company or a social role).

- The Privacy Advisor tool to guide the users in aspects of their privacy and identity

management, for example to raise early warnings before the user discloses personal

information in an unsecure context.

- A privacy-friendly targeted advertising technology.

- The PICOS platform that combines the aforementioned technologies and an accompanying

mobile phone client to serve as a user interface.

Impact

The PICOS results can support developments in the EU policy and regulations for privacy protection

and protection of minors on the Internet. The project has run pilots with real end-users from an

online gaming community and an angler community and has gained a lot of insights of the society

requirements on privacy.

http://www.picos-project.eu/

5.1.6. UAN

Acronym UAN

Project Underwater acoustic network Website http://www.ua-net.eu Classification Critical Information Infrastructure Protection

Objectives

UAN was developing a wireless sensor network for protection of off-shore and coastline critical

infrastructures (CI). The acoustic network developed by UAN includes underwater, land and air-based

sensors in order to gather environmental information for surveillance, monitoring and deterrence.

Innovation targets

UAN has produced the next key innovative results:

- The UAN acoustic modems, gateway access point, a ground station and accompanying

software.

- The full UAN network demonstrator.

Impact

The UAN acoustic framework was the first one of its kind with fixed and mobile nodes that was

seamlessly integrated in a land communication network. The project has demonstrated with two real

seal experiments that the UAN network is fully operational. Potential beneficiaries of the UAN

network deployments are search and rescue operation bodies, port authorities, oil and gas

exploration entities, marine scientists and military units.

CYSPA Interest

The project results are interesting for CYSPA activities aimed towards protecting critical

infrastructure.

5.1.7. VIKING

Acronym VIKING

Project Vital infrastructure, networks, information and control systems management

Website http://www.vikingproject.eu Classification Critical Information Infrastructure Protection

Objectives The VIKING project investigated cyber threats on SCADA systems that control electricity supply and

proposed mitigation against exploits of these threats. Society is highly dependent on electricity grids,

which are large-scale and complex systems that need to be always reliable, available and cost-

effective. VIKING worked towards a holistic framework for identification and assessment of

vulnerabilities in SCADA systems and for estimation of societal consequences from power

breakdowns.

Innovation targets

VIKING has developed the next key innovations:

- A system to run model-based risk assessment for SCADA systems.

- A set of quantitative metrics for cybersecurity for different control system solutions.

- Estimation of vulnerabilities in higher order applications like State Estimators and Automatic

Generation Control and suggestions for mitigations to these threats

http://www.ua-net.eu/

http://www.vikingproject.eu/

- Secure communication solutions

- The ViCiSi simulator of a virtual society used for calculation of economical and non-

economical consequences from electrical blackouts

- A test bed that can be used to simulate and demonstrate cyber-attacks on SCADA systems.

Impact

The results of the VIKING project are of high importance for the EU society and governments. The

experiments with the VIKING simulator can be used to estimate the impact of potential attacks on

national welfare. The industrial partners plan to use parts of the findings in their commercial

offerings and in the operation of their power networks.

CYSPA Interest

There is a compelling case within this project for CYSPA to explore in efforts to facilitate increasing

cyber resilience within the energy sector.

5.1.8. ANIKETOS

Acronym ANIKETOS

Project Secure and Trustworthy Composite Services Website http://www.aniketos.eu Classification Trustworthy Service Infrastructures

Objectives

Users of service mashups typically have low assurance of what service they are actually using and

whether it is secure and reliable. Future Internet will likely worsen this situation, with more services

offered for dynamic consumption and composition based on service availability, quality, price and

security attributes. Applications will be composed of multiple services from many different providers,

and the end user may have little guarantee that a particular service will actually deliver the security

claimed (if any). The ANIKETOS project aims to establish and maintain trustworthiness and secure

behaviour of services in a constantly changing environment.

Innovation Achievements

ANIKETOS works on the following innovative artefacts:

- A language to express security and trustworthiness requirements on socio-technical systems:

the Socio-Technical Security Modelling Language (STS-ml) and the accompanying tool (STS-

tool).

- The security-by-contract paradigm for services that enables services to express their security

and trust requirements in their machine-readable contracts.

- The ANIKETOS platform and accompanying tools to support service designers in building

composite services that meet security requirements, and system administrators to monitor

execution of composite services and react in case of violations.

Impact

Adoption of the ANIKETOS framework will bring assurance of trustworthiness to service consumers,

which are not only individual end-users, but also composite service designers and providers. The

ANIKETOS approach adoption will facilitate the European service marketplace.

CYSPA Interest

This project has demonstrated applications within two of CYSPA´s target sectors, eGov and Telecom

Services.

http://www.aniketos.eu/

European Cyber Security Protection Alliance

Page 50 / 99

5.1.9. ASSERT4SOA

Acronym ASSERT4SOA

Project Advanced Security Service cERTificate for SOA Website http://www.assert4soa.eu Classification Trustworthy Service Infrastructures

Objectives ASSERT4SOA focuses on security certification for service-based applications. Today the Service-

Oriented Architecture (SOA) paradigm has become a de-facto architectural standard for deployment

of dynamic large-scale infrastructures and applications consisting of independent modules – services.

The benefits of this paradigm include flexibility, cost-effectiveness and ease of modules replacement.

Yet deployment of SOA-based solutions in the domain of sensitive and critical applications is limited

due to absence of guarantees that composite third-party services are secure. In the conventional

software domain security certification is used for guaranteeing security and trustworthiness of a

software component. ASSERT4SOA aims to produce security certification standards for services,

taking into account the dynamic nature of services and tackling assurance for service compositions.

Innovation achievements

Certification for services is a very new topic with few existing proposals. The project has delivered the

following key artifacts:

- The machine-readable description language called ASSERT for service security certificates.

- The ASSERT architecture that enables an ontology-based format for certificates and supports

linking of security properties to evidence supporting them. The architecture allows run-time

certificate-aware service selection based on a target assurance level for composite

applications.

- The ASSERT4SOA integrated prototype that implements an ASSERT-enabled service

marketplace.

Impact

Certification for SOA enables more trustworthy services and composite service-based applications.

The ASSERT framework also aligns well with the upcoming EU Data Protection Regulation where

certification is mentioned explicitly.

CYSPA Interest

CYSPA could look to explore findings within this project to understand if they can facilitate CYSPA

efforts to advise the EC on cyber policy and legislative landscape. (As highlighted in CYSPA D4.1.2

“Detailed Table of Contents of the European Strategy to Protect Cyberspace”)

http://www.assert4soa.eu/


Page 51 / 99

5.1.10. MASSIF

Acronym MASSIF

Project MAnagement of Security information and events in Service InFrastructures Website http://www.massif-project.eu Classification Trustworthy Service Infrastructures

Objectives MASSIF works on advancements in security information and event management systems (SIEM) that

deal with real-time analysis of events and security alerts. Standard SIEM systems typically are

deployed at a platform layer and they do not take into account data from higher layers, such as the

business process view. Being usually deployed on a single node responsible for processing all event

correlation rules, they are not scalable. Moreover, existing systems are not able to react to detected

attacks.


The MASSIF SIEM framework supports scalable multi-level event processing and predictive security

monitoring. The key innovative artefacts are:

- Advanced attack detection methods.

- Cross-layer security event correlation and decision support for analysis of possible impacts an

attack may have on the system.

- Predictive security monitoring that detects potential future critical states in the monitored

process.

- Attack response mechanisms that propose countermeasures based on security ontologies.

- The MASSIF SIEM architecture that integrates the components above in a secure and reliable

way.

Impact

MASSIF provides two open source implementations of SIEM solutions called OSSIM and Prelude,

which can be further used by the community. The MASSIF approach can make total cost of ownership

of a SIEM system affordable for SMEs due to the open specifications and open source components

available.

The project contributes to the ETSI Information Security Indicators group that aims at measuring

security levels of organisations with deployed SIEM systems.

Deployment of SIEM systems in critical infrastructures has a huge potential, especially in the light of

the Directive on Critical Infrastructures Protection.

5.1.11. POSECCO

Acronym PoSecCo

Project Policy and Security Configuration Management Website http://www.posecco.eu Classification Technology&Tools

Objectives Internet service providers now have to manually resolve the inter-dependencies between high-level

requirements and policies and low-level configurations. In this setting errors are inevitable due to

high complexity of the systems and constant changes in requirements, policies regulations, and

http://www.massif-project.eu/

http://www.posecco.eu/


Page 52 / 99

configurations. The PoSecCo project deals with this complexity by enabling traceable and sustainable

link between requirements and configuration settings in the system.

Innovation Achievements

The traceability link enabled by PoSecCo includes two key artifacts:

- The PoSecCo models representing functional elements of IT systems and corresponding

models of security-relevant information for each of these elements. The PoSecCo model

repository can be further extended with new models suitable for different kinds of policies.

- The PoSecCo integrated prototype that smoothly consolidates different prototypes

developed in the project. The integrated prototype includes the central model repository

(the MoVE tool), a collaborative system for eliciting security requirements and high-level

policies monitoring (the CoSeRMaS system), a tool for policies specification and conflict

resolution (the IT Policy tool), a decision support system for security (SDSS), and tools for

audit support and configuration validation.

Impact

The PoSecCo approach allows organisations to manage consistently their high-level requirements and

low-level software system configuration and to ensure compliance with existing laws and regulations.


Page 53 / 99

5.1.12. TAMPRES

Acronym TAMPRES

Project TAMper Resistant Sensor node Website http://www.tampres.eu/ Classification Trustworthy Network Infrastructure, Future Internet

Objectives

TAMPRES works on security mechanisms for microcontrollers hardware that will be used in various

devices in the Internet of Things (IoT). IoT envisions integration of computing devices and physical

world into a seamless global communication network. Specific focus of TAMPRES is on wireless

sensor nodes that are likely to become the most vulnerable part in the chain of trust. The nodes

therefore need to be protected at the physical level against attacks on their security mechanisms; yet

the novel protection mechanisms have to be low cost.


The TAMPRES methodology follows an attack-driven approach. Starting from identifying attacks on

existing commercial microcontrollers the project develops hardware mechanisms for protection

against these attacks, while taking into account the device constraints, such as energy. The key novel

contributions by the project are:

- Secure development process for microcontrollers that enable resistance to physical attacks,

fault injection and side-channel attacks.

- A number of security engines, such as cryptographic engines and hashing engines.

- Secure wireless interface for microcontrollers.

- Secure memory mechanism to run attested code.

- The attack-resistant TAMPRES architecture that integrates securely all developed

components, including protected interfaces for testing and debugging, a secure

bootstrapping capability and lightweight memory protection.

Impact

TAMPRES secures microcontroller chips for wireless sensor networks in a holistic way yet taking into

account cost-effectiveness. The technology can be immediately accepted by end-consumers.

http://www.tampres.eu/


Page 54 / 99

5.1.13. UTRUSTIT

Acronym uTRUSTit

Project Usable TRUST in the Internet of Things Website http://utrustit.cure.at Classification Mobile Devices and Smartphones, Technology&Tools

Objectives

The UTRUSTIT project focuses on understanding trust in the Internet of Things formed by a variety of

interconnected devices that are becoming integrated into everyday objects like washing machines,

fridges, medical cabinets and even lamps. The Internet of Things collects a large number of

communication and information devices, and with this network it is becoming difficult for the user to

keep track of the personal information she shares with those devices and control how this

information is propagated across the Internet of Things. UTRUSTIT has aimed at putting the user back

in control of these personal data sharing and at providing transparency of what information is being

sent, while ensuring usability and compliance with the EU Regulations.


UTRUSTIT delivers the following key results:

- 6 Personas: 6 archetypical users representing the diverse target groups of the project ranging

from early adopters to technology reacting users as well as elderly users and users with

disabilities.

- The Trust Feedback Toolkit (TFT) that enables the user to administer the relevant devices and

to get an understanding of their potential to transmit private information.

- A Virtual Environment implementation comprising various devices where users can navigate

and interact with the devices. The Virtual Environment is used for evaluation of the project

TFT prototype (based on the UTRUSTIT methods for simulation, assessment and evaluation of

secure, trustworthy and trusted design).

- An investigation of legal and ethical constraints for the Internet of Things and the TFT.

Impact

Availability of the UTRUSTIT TFT framework in the Internet of Things will enable more trustworthy

and secure infrastructure for all end-users. The results of the validation activities conducted by

UTRUSTIT with real end-users and the body of knowledge regarding legal, ethical and usability

requirements compliance in the Internet of Things can be used by policy makers, enterprises and

research organisations active in the area.

5.2. Individual Research Organisations

This section gives an overview of individual research organisations active in Europe or globally with

potential overlap with CYSPA interests. We include this section here due to its relevance to the

potential audience of this document, however this work was carried out in detail within CYSPA

deliverable D4.2.1 “Contributing Roles of Stakeholders” and the following paragraphs are based on

this work.

The Cyber Security Research Institute (CSRI)

http://utrustit.cure.at/


Page 55 / 99

The Cyber Security Research Institute is a research centre specialising in studying the vulnerabilities

in the world of technology and the impact that these have on a world now completely dependent on

computer technology. CSRI uses the services of top academics, leading industry figures and opinion

formers to create research produced by journalists and film makers that provides essential

information to politicians, decision makers, and industry as a whole. This is underlined with topical

events and webinars to ensure a constant dialogue between members of the CSRI, innovators, the

authorities and the media.

MAIN ACTIVITIES:

Providing concise and timely information on issues ranging from cyber sabotage and cyber

espionage to data awareness and computer crime

Raising awareness on the latest threats and weaknesses in technology

OVERLAP WITH CYSPA ACTIVITIES:

Dissemination of cyber security materials

Awareness-raising

Support to governments

Support to industry

Conferences / roundtables

Information exchange / best practices

Clustering activities

Cyber Security Research Alliance (CSRA)

CSRA is a non-profit consortium founded by industry stakeholders as a forum to develop R&D

strategies to address grand challenges in cyber security, and to facilitate public-private partnerships

that define a more focused, coordinated, and concerted approach to cyber security research and

development. This effort was established in response to the growing need for increased public-

private collaboration to address R&D issues in cyber security. The founding members of the CSRA are

Advanced Micro Devices, Inc. (AMD), Honeywell International, Inc., Intel Corporation, Lockheed

Martin Corporation, and RSA, the Security Division of EMC.

MAIN ACTIVITIES:

Addressing challenges in cyber security by facilitating the development of R&D strategies for

protecting digital content and information technology networks and systems

Tracking cyber security R&D activities by enhancing models for public-private information

sharing and collaboration to address current and emerging cyber security threats to national

security

Transferring technology by enhancing collaboration in cyber security R&D to accelerate

innovation and time to market for new technologies


Public-private partnership

R&D

Providing recommendations on cyber security

Accelerating innovation and time to market

Identifying and / or driving new solutions and technologies


Page 56 / 99

Security Research in Italy (SERIT)

SERIT is a joint initiative launched by CNR and Finmeccanica. It brings together Italian industries (both

large industries and SMEs), academia, research centres and end-users, in order to promote and

develop a National Research Agenda to drive the future technological developments, while

responding to identified National Security needs. SERIT aims to reinforce the networking among

national researchers, industries, end-users and institution’s representatives, allowing them to

cooperate on common interest projects, to activate public-private partnerships and to strengthen

national and international participation to research programs (including national research/national

cluster activities and Horizon 2020).

MAIN ACTIVITIES:

Researching various topics, such as ICT security, security of generation, supply and

distribution of electricity, and built infrastructure protection

Defining a technology roadmap for defined capabilities

Focus on 7 technology areas: surveillance & situation awareness; communication; detection

& identification systems; technologies for crisis management; information processing &

management; CBRNE; standardisation, certification, and testing

Networking among the most qualified national research centres, industries and institutions

or operators on agreed projects

Enabling public-private partnership, also including the SME sector


Public-private partnership

R&D

Identifying gaps and challenges in cyber security


Critical Infrastructures Protection

Methodologies for risk analysis and action planning

Dissemination of cyber security materials

Standardisation of methods and procedures

Clustering activities

Cyber Security Center (CSC)

The Cyber Security Centre has been established to bring together experts from a number of

disciplines in Oxford and the wider world to address the cyber security challenges of the 21st

century. The Cyber Security Centre (UK) embraces challenges in technical difficulty and in new and

potentially disruptive ideas, welcomes new contributors to the domain, and will facilitate creativity.

The centre will drive major developments in the theory and practice of cyber security, and aims to

help in the creation of a safe, secure and prosperous cyberspace through internationally leading

research and educational programs.

MAIN ACTIVITIES:

Supporting the ability to anticipate, deter, detect, resist and tolerate attacks, understand and

predict cyber risks, and respond and recover effectively at all levels, whether individual,

enterprise, national or across international markets.


Page 57 / 99

Supporting new understanding, governance, regulation, partnerships, skills, and tools related

to cyber security to meet the demands of the future.


Risk assessment / management

Responding to cyber threats / disruptions

Identifying gaps and challenges in cyber security


Improving resilience against cyber-attacks / disruptions

Identifying and / or driving new solutions and technologies

Support to governments

Support to industry

Information exchange / best practices

Studying cyber vulnerabilities

6. Cyber Security Related Training and Education.

These sections address the human factor in cyber security and will be used as a basis to inform CYSPA

strategic Option 7.15 “Education and awareness raising on cyber security threats and mitigation” as

documented in CYSPA D4.1.2. It is widely recognised that human capital makes a difference both in

preparation for and in reaction to cyber incidents. Currently, there is thought to be a significant

deficit in the availability of skilled human capital to staff the information security requirements of

organisations. The work package 2 CYSPA studies into impact of cyber disruption into Financial

Services and eGovernment organisations specifically highlighted the deficit of skilled resources as a

current risk to cyber resilience. In addition, according to an IBM study1, nearly 1 out of 2 industrial

organisations recognise having too few staff working to ensure cyber security. Efforts to alleviate this

situation drive education and training in the area of cyber security.

With this in mind, there are three areas to cover on the topic:

Formal (theoretical) education

Practical training

in the field experience, that may be initially achieved by means of [real] exercises

A related issue is the accreditation of persons. There are initial steps to identify the topics that must

be in curricula for cyber security, mostly driven by the United States of America. And once the

curriculum is determined, there is a need for personal accreditations so that it is feasible to request

and allocate the right people to the needed positions.

These sections present the current situation, mostly focussed on Europe, but not forgetting the USA

who currently are drivers in this area.

From The 2013 (ISC)2 Global Information Security Workforce Study

The information security profession, in addition to being a large and growing field, is a barometer of

economic health and the changing nature of how business is being conducted. Information security

professionals are critical guardians in the protection of networked operations and informational

1 http://www-03.ibm.com/press/us/en/pressrelease/42479.wss


Page 58 / 99

assets. Growth in this profession is a testament to the need for their expertise and also a signal that

global economic activity is advancing. Furthermore, changes in information technology (IT) and

evolving IT norms on how, when, and where business operations occur—such as BYOD, cloud

computing, and social media—remind us that information security professionals must be highly

adaptable in learning and applying new skills, technologies, and procedures in order to manage a

dynamic range of risks. Not to be overlooked, hackers, attackers, and other threatening entities are

also advancing and evolving. Change and complexity in IT and IT norms represent new opportunities

for them to succeed in their nefarious pursuits. Consequently, information security professionals have

no downtime; there are always new risk management challenges to address.

The reasons for an inability to bridge the need for additional information security workers are fuelled

by three factors: business conditions, executives not fully understanding the need, and an inability to

locate appropriate information security professionals.

When asked which job title experienced the greatest workforce shortage, security analyst (chosen by

47 percent of respondents) topped the list, followed by security engineering-planning and design (32

percent), and security auditor (31 percent).

In the path to solve the current security workforce shortage, one important aspect to take into

account is the need for a significant increase of practical training and exercising activities. That

would contribute to a better preparation for the security incidents that, unavoidably, will continue to

happen and with increasing frequency and risk.

As the current situation is that most (all) countries are significantly behind the estimated needs of

cybersecurity professionals, there is a need for the different countries and the European institutions to

give a real high priority to the necessary training activities, increasing significantly their scale and

making sure that much more emphasis is made in practical collaborative cyber-exercises at the

national, European and international levels.

6.1. Cybersecurity strategies

Most of the national strategies on cybersecurity address topic on education, training and readiness

excises. Currently, most of the strategies are not yet implemented, but the will is clear, and the aim

to allocate appropriate resources is starting to be transformed into actual investment in the area.

From ENISA, “National Cyber Security Strategies”

Common themes

To develop or improve preparedness, response and recovery plans and measures for

protecting such CIIs (e.g. national contingency plans, cyber exercises, and situation

awareness). The Lithuanian strategy states that “To ensure cyberspace security it is necessary

to establish a continuous and properly managed system covering all phases of incident

management, such as early warning, prevention, detection, elimination and investigation.”.

This also includes defining integrated organisational structures that develop, implement and

test these preparedness, response and recovery plans and measures. This may also mean an

integration of existing structures (e.g. national/governmental CERTs).


Page 59 / 99

To define the needs for new curricula with emphasis on cyber security for IT and security

professionals and specialists; and also training programs that allow the improvement of skills

of users. For example, the UK strategy aims to improve training and education for information

security specialists to create a strong cyber security profession

6.2. Education & Training Programmes

On education and training, the path is signalled by US DoD directive 8570 that identifies areas of

knowledge, and points to some current certifications. In Europe, all national strategies plan to work

on this area, but an observation can be made that the UK is moving forward concretely with action.

Here we highlight some of the professional bodies currently accessible providing training in the area

of Cyber Security.

6.2.1. (UK) CESG – Awareness & Training

http://www.cesg.gov.uk/awarenesstraining/Pages/index.aspx

CESG the UK Government's National Technical Authority for Information Assurance (IA). Their core

customers are the UK's central government departments and agencies, and the Armed Forces, but

they also work with UK's Critical National Infrastructure, including power and water and the wider

public sector. CESG works to increase awareness of Information Assurance in the UK engaging

partnerships with academia, and certifying professionals working in the Information Assurance and

Cyber Security areas both in government and industry.

6.2.2. (UK) Cyber Security Challenge

https://cybersecuritychallenge.org.uk/about.php

Cyber Security Challenge UK Ltd. aims to bring more talented people into the Cyber Security

Profession.

Whether it’s Key Stage 4 or degree level, the Cyber Security Challenge UK helps education institutions

introduce the concepts behind cyber security. It offers an innovative way to ensure students are

accurately prepared for a career as a cyber security professional.

6.2.3. (US) SANS – Cyber Defense Foundations

http://cyber-defense.sans.org/

SANS (SysAdmin, Audit, Network, Security) Institute is a cooperative research and education

organisation and one of the most trusted and largest source for information security training and

security certification in the US. It develops, maintains and makes available to the wider public a large

collection of research documents about various aspects of information security and operates the

Internet Storm Centre, the Internet’s early warning system.

It offers three GIAC (Global Information Assurance Certification) certifications to prepare security

professionals.

http://www.cesg.gov.uk/awarenesstraining/Pages/index.aspx

https://cybersecuritychallenge.org.uk/about.php

http://cyber-defense.sans.org/


Page 60 / 99

6.2.4. (US) INL - National SCADA Test Bed Program

http://www.inl.gov/scada/training/

INL (Idaho National Laboratory) is a science-based, applied engineering national laboratory dedicated

to supporting the U.S. Department of Energy's missions in nuclear and energy research, science, and

national defence. INL is a significant contributor to the US National SCADA (Supervisory Control and

Data Acquisition) Test Bed program, a research initiative to help private utilities improve the

resilience of control systems associated with energy critical infrastructure. Therefore one of their

main missions is to provide Control System Security training programmes designed to increase Cyber

Security Awareness and Defensive Capabilities for IT/Control System managers, IT/Control System

security personnel and personnel related to control system cyber security.

6.2.5. (US) NICCS – National Initiative for Cybersecurity Careers and Studies

http://niccs.us-cert.gov/

NICCS is part of The National Initiative for Cybersecurity Education (NICE) promoted by the

Department of Homeland Security and aims to be a national resource for cybersecurity awareness,

education, careers and training. They provide a robust listing of all the cybersecurity or cybersecurity-

related education and training courses offered in the US submitted by Federal and industry training

and education providers as well as a list of professional certifications.

6.2.6. (US) NICE – National Initiative for Cybersecurity Education

http://csrc.nist.gov/nice/

NICE is a national governmental campaign designed to improve the cyber behaviour, skills and

knowledge of every segment of the population. Their aim is to bolster formal cybersecurity education

programs encompassing kindergarten through to higher education and vocational programs with a

focus on the science, technology, engineering and math disciplines to provide a pipeline of skilled

workers for the private sector and government.

6.3. Exercises

This section focuses on another aspect of cyber security that is the training of personnel in response

to cyber incidents.

Cyber exercises provide expertise in the creation, collaboration and execution of table top and live

action exercises which are entirely cyber-specific or which have cyber components. The coverage

ranges from physical security and surveillance to industrial facilities, smart grid, transportation

agents, information security and many other areas.

Most usually, exercises are run by multidisciplinary teams of persons, either working on Sometimes,

exercises are executed on models, sometimes on real platforms.

Participants learn:

to identify cyber incidents

to qualify and report cyber incidents

to communicate and cooperate

http://www.inl.gov/scada/training/

http://niccs.us-cert.gov/

http://csrc.nist.gov/nice/


Page 61 / 99

to apply remedies, either reactive, corrective, or recovery, and

to evaluate the effectiveness and weaknesses of preventive controls

There are many exercises in European countries. Most are nation-wide. ENISA presents a summary of

reported exercises.

Cyber exercises in Europe for the period 2002–2012 (numbers indicate exercises per country)

Source: ENISA - On National and International Cyber Security Exercises

6.3.1. (EU) Cyber Europe

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-

europe

Cyber Europe 2010 – was the first ever pan European Cyber Exercise with the objective to

trigger communication and collaboration between countries to respond to large-scale cyber-

attacks. Over 70 Experts from participating public bodies worked together to counter +300

simulated hacking attacks aimed at paralysing the Internet and critical online services across

Europe. During the exercise, a simulated loss of Internet connectivity between the countries

took place, requiring cross border cooperation to avoid a (simulated) total network crash.

Cyber Europe 2012 – second pan European Cyber Exercise more extensive and sophisticated

than the first with three main objectives: test the effectiveness and scalability of

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-europe

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-europe


Page 62 / 99

mechanisms, procedures and information flow for public authorities’ cooperation in Europe,

explore cooperation between public and private stakeholders and identify gaps and

challenges on improving effectiveness.

These exercises underlined a need for increased collaboration between the Member States in order

to find the relevant points of contact within organisations, the importance of the private sector in

ensuring security, explore deeper the inter-sectorial dependencies and focus on specific

communities, enhance the training of stakeholders on the use of security procedures.

6.3.2. (EU-US) Cyber Atlantic

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-

atlantic

A EU-US Working Group on Cybersecurity and Cyber Crime (EU-US WG) was established in the

context of the EU-US summit of 20 November 2010 held in Lisbon. The purpose of the EU-US WG is

to address a number of specific priority areas and report progress on these within a year. The EU-US

WG is composed of the following subgroups:

Cyber Incident Management

Public-Private Partnerships

Awareness Raising

Cybercrime.

In the area of Cyber Incident Management (CIM), the WG intention was to deliver a cooperation

programme providing for synchronized and coordinated cyber exercises in the EU and US,

culminating in a joint cyber exercise in 2013. In order to determine in which areas the EU and the US

could cooperate regarding CIM, it was decided to organise a table top exercise, CYBER ATLANTIC, in

November 2011. The referred exercise was planned by a joint EU-US planners group facilitated by the

European Network and Information Security Agency (ENISA) and Department of Homeland Security

(DHS). The specific objectives of Cyber Atlantic 2011 were:

Explore and improve the way in which EU Member states would engage the US during cyber

crisis management activities, notably using operating procedures for cooperation during

cyber-crises;

Explore and identify issues in order to improve the way in which the US would engage the EU

Member states during their cyber crisis management activities, using the appropriate US

procedures;

Exchange good practices on the respective approaches to international cooperation in the

event of cyber crises, as a first step towards effective collaboration.

6.3.3. (US) Cybersecurity Training & Exercises

http://www.dhs.gov/cybersecurity-training-exercises

Department of Homeland Security

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-atlantic

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-atlantic

http://www.dhs.gov/cybersecurity-training-exercises


Page 63 / 99

Cyber Storm: Securing Cyber Space

Cyber Storm, the Department of Homeland Security’s biennial exercise series, provides the

framework for the most extensive government-sponsored cybersecurity exercise of its kind.

Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public

and private sectors. Securing cyber space is the Office of Cybersecurity and Communication’s top

priority.

Cyber Storm participants perform the following activities:

Examine organisations’ capability to prepare for, protect from, and respond to cyber attacks’

potential effects;

Exercise strategic decision making and interagency coordination of incident response(s) in

accordance with national level policy and procedures;

Validate information sharing relationships and communications paths for collecting and

disseminating cyber incident situational awareness, response and recovery information; and

Examine means and processes through which to share sensitive information across boundaries

and sectors without compromising proprietary or national security interests.

Each Cyber Storm builds on lessons learned from previous real world incidents, ensuring that

participants face more sophisticated and challenging exercises every two years.

Cyber Storm IV (2011-2012)

Cyber Storm III (September 2010)

CyberStorm II (March 2008)

CyberStorm I (February 2006)

6.4. Security-related Certifications

This section covers the current situation related to personal certifications. Most of the activity is

carried on in the USA, and the US Government currently prefers to depend on private initiatives,

setting the goals (curricula) and accepting the accreditations. It is also true that most of the private

companies are US-based.

Activity in Europe is rare beyond the branches of the American companies, and so far there is no

formal recognition of accreditations by governments, though they are accepted as de-facto

accreditations.

The following sections are alphabetically ordered, but it is suggested to start with US DoD 8570 for a

landscape view of the different components.

The CESG (UK) accreditation is the most advanced one in Europe.

It is worth mentioning as well some manufacturers. Many manufacturers provide certification

programs to cover their own products. The certificates accredit the competence to configure and

administer their products. These certifications are important to the extent that the products are


Page 64 / 99

deployed in networked organisations, since they are a critical part of the attack surface for cyber

attacks.

It is worth mentioning

CISCO

o CCNA - Cisco Certified Network Associate Security Certification

Check Point

o CCSA – Check Point Certified Security Administrator

6.4.1. CSIH – Computer Security Incident Handler

The CERT®-Certified Computer Security Incident Handler (CSIH) certification program has been

created for incident handling professionals, computer security incident response team (CSIRT)

technical staff, system and network administrators with incident handling experience, incident

handling trainers and educators, and individuals with some technical training who want to enter the

incident handling field. It is recommended for those computer security professionals with three or

more years of experience in incident handling and/or equivalent security-related experience.

6.4.2. CESG - Communications-Electronics Security Group (UK)

http://www.cesg.gov.uk/

The Government Communications Headquarters (GCHQ) is a British intelligence agency responsible

for providing signals intelligence (SIGINT) and information assurance to the UK government and

armed forces. Based in Cheltenham, it operates under the guidance of the Joint Intelligence

Committee.

CESG (originally Communications-Electronics Security Group) is the branch of GCHQ which works to

secure the communications and information systems of the government and critical parts of UK

national infrastructure.

6.4.3. CCP - CESG Certified Professional

CESG has developed a framework for certifying IA professionals who meet competency and skill

requirements for specified IA roles.

The CESG Certified Professional (CCP) scheme recognises the expertise of those working in the

Information Assurance and Cyber Security arenas in both government and industry. It sets the

standard for IA professionals working in this sector and provides a rigorous and independent

assessment of the competence of IA professionals. CCP status is an endorsement of IA expertise and

confirms that information risk in support of a business is managed in a balanced and pragmatic way.

The purpose of certification is to improve the matching between public sector requirements for IA

expertise and the competence of those recruited or contracted to provide that expertise.

The scheme allows one to gain certification in one or more of the following roles:-

IA Accreditor

IA Architect

IA Auditor

http://www.cesg.gov.uk/


Page 65 / 99

Communications Security Officer

Information System Security Officer / Information Security System Manager / IT Security

Officer

Security and Information Risk Advisor (SIRA)

There are three levels of certification for each of the roles:-

Practitioner

Senior Practitioner

Lead Practitioner

6.4.4. CompTIA – Computing Technology Industry Association

The Computing Technology Industry Association (CompTIA), a non-profit trade association, was

created in 1982 as the Association of Better Computer Dealers, Inc. (ABCD) by representatives of five

microcomputer dealerships. Over the course of a decade, ABCD laid the groundwork for many of

CompTIA’s initiatives and member benefits.

ABCD later changed its name to the Computing Technology Industry Association to reflect the

association's evolving role in the computer industry and in the U.S. business landscape at large. The

1990s was a period of growth as the association broadened the scope of its activities to address the

needs of the expanding computer industry. Its initiatives increased to include networking, UNIX,

imaging, mobile computing, and multimedia arenas. In an effort to monitor and take positions on

public policy issues, the association added a full-time Director of Public Policy position. In 2010,

CompTIA added a new executive director for a newly named "Creating IT Futures" Foundation, a

philanthropic arm that focuses on training and certifying low-income students and adults in IT, as

well as returning veterans—and helping connect them with potential employers.

6.4.5. A+

The CompTIA A+ certification is the starting point for a career in IT. The exams cover maintenance of

PCs, mobile devices, laptops, operating systems and printers.

The A+ certification demonstrates competency as a computer technician. Officially, CompTIA A+

certification is a vendor neutral certification that covers numerous technologies and operating

systems from such vendors as Microsoft, Apple Inc., Novell and some of the Linux distributions.

6.4.6. Security+

Even though the Security+ is more of an entry-level certification than others, it’s still a valuable

certification in its own right. Another benefit of the Security+ is that it’s vendor-neutral, instead

choosing to focus on security topics and technologies in general, without limiting its focus to any one

vendor and their approach.


Page 66 / 99

6.4.7. CASP - CompTIA Advanced Security Practitioner

CompTIA offers a more advanced certification, the CompTIA Advanced Security Practitioner (CASP),

providing a progressive certification path for those who want to continue their security career and

studies. Like the Security+, the CASP covers security knowledge across a number of knowledge

domains, but the depth and complexity of the questions asked on the CASP exam exceed those of the

Security+.

6.4.8. EC-Council – International Council of Electronic Commerce Consultants

The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported

professional organisation. The EC-Council is headquartered in Albuquerque, New Mexico.

The EC-Council is known primarily as a professional certification body. Its best-known certification is

the Certified Ethical Hacker.

6.4.9. CEH – Certified Ethical Hacker

Certified Ethical Hacker, CEH for short, is a computer certification that indicates proficiency in

network security, especially in thwarting malicious hacker attacks through pre-emptive

countermeasures.

6.4.10. CHFI - Computer Hacking Forensic Investigator

CHFI v8 Program certifies individuals in the specific security discipline of computer forensics from a

vendor-neutral perspective. The C|HFI certification will fortify the application knowledge of law

enforcement personnel, system administrators, security officers, defense and military personal, legal

professionals, bankers, security professionals, and anyone who is concerned about the integrity of

the network infrastructure.

A CHFI is a skilled professional trained in the application of computer investigation and analysis

techniques in the interests of determining potential legal evidence. CHFI certified professionals are

aware of legally sound detailed methodological approach to computer forensics and evidence

analysis.

6.4.11. ECIH - EC-Council Certified Incident Handler

The EC-Council Certified Incident Handler certification is designed to provide the fundamental skills

to handle and respond to computer security incidents in an information system. A Certified Incident

Handler is a skilled professional who is able to handle various types of incidents, risk assessment

methodologies, and various laws and policies related to incident handling.


Page 67 / 99

6.4.12. ENSA – Network Security Administrator

A CHFI is a skilled professional trained in the application of computer investigation and analysis

techniques in the interests of determining potential legal evidence. CHFI certified professionals are

aware of legally sound detailed methodological approach to computer forensics and evidence

analysis.

6.4.13. ECSP – EC-Council Certified Secure Programmer

ECSP certification verifies advanced programming skills of all application developers and

development organisations in producing applications with greater stability and posing lesser security

risks to the consumer. The ECSP certification standardizes the knowledge base for application

development by incorporating the best practices followed by experienced experts in the various

domains.

6.4.14. ECSA – EC-Council Certified Security Analyst

The ECSA is an advanced security certification that complements the Certified Ethical Hacker (CEH)

certification by validating the analytical phase of ethical hacking. An ECSA is a step ahead of a CEH by

being able to analyse the outcome of hacking tools and technologies.

6.4.15. DoD Directive 8570.01 Information Assurance Training, Certification and

Workforce Management (US)

As an extension of Appendix 3 to the DoD 8570.01-Manual, the following certifications have been

approved as IA baseline certifications for the IA Workforce. Personnel performing IA functions must

obtain one of the certifications required for their position category or specialty and level. Refer to

Appendix 3 of 8570.01-M for further implementation guidance.


Page 68 / 99

6.4.16. GIAC – Global Information Assurance Certification

Global Information Assurance Certification, GIAC, is an information security certification entity that

specialises in technical and practical certification as well as new research in the form of its GIAC Gold

program. SANS Institute founded the certification entity in 1999 and the term GIAC is trademarked

by The ESCAL Institute of Advanced Technologies.

GIAC provides a set of vendor-neutral computer security certifications linked to the training courses

provided by the SANS. GIAC is specific to the leading edge technological advancement of IT security in

order to keep ahead of "black hat" techniques. Papers written by individuals pursuing GIAC

certifications are presented at the SANS Reading Room on GIAC's website.

Initially all SANS GIAC certifications required a written paper or "practical" on a specific area of the

certification in order to achieve the certification. In April 2005, the SANS organisation changed the

format of the certification by breaking it into two separate levels. The "silver" level certification

requires two multiple-choice tests, whereas the "gold" level certification has both the multiple-choice

tests requirement as well as a practical.

6.4.17. GCIA – GIAC Certified Intrusion Analyst

GIAC Certified Intrusion Analysts (GCIAs) have the knowledge, skills, and abilities to configure and

monitor intrusion detection systems, and to read, interpret, and analyse network traffic and related

log files. The target of this certification are individuals responsible for network and host monitoring,

traffic analysis, and intrusion detection.


Page 69 / 99

6.4.18. GCIH – GIAC Certified Incident Handler

Incident handlers manage security incidents by understanding common attack techniques, vectors

and tools as well as defending against and/or responding to such attacks when they occur. The GCIH

certification focuses on detecting, responding, and resolving computer security incidents and covers

the following security techniques:

The steps of the incident handling process

Detecting malicious applications and network activity

Common attack techniques that compromise hosts

Detecting and analysing system and network vulnerabilities

Continuous process improvement by discovering the root causes of incidents

6.4.19. GSEC – GIAC Security Essentials Certification

The target for this certification are security professionals that want to demonstrate they are qualified

for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate

an understanding of information security beyond simple terminology and concepts.

6.4.20. GSLC – GIAC Security Leadership Certificate

The target for this certification are security professionals with managerial or supervisory

responsibility for information security staff.

6.4.21. GSNA – GIAC Systems and Network Auditor

GIAC Systems and Network Auditors (GSNAs) have the knowledge, skills and abilities to apply basic

risk analysis techniques and to conduct a technical audit of essential information systems. The target

for this certification are technical staff responsible for securing and auditing information systems;

auditors who wish to demonstrate technical knowledge of the systems they are responsible for

auditing.

6.4.22. CISA - Certified Information Systems Auditor

Certified Information Systems Auditor (CISA) is a globally recognised certification in the field

of audit, control and security of information systems.

6.4.23. CISM . Certified Information Security Manager

Certified Information Security Manager (CISM) is a certification for information security

managers awarded by ISACA.


Page 70 / 99

6.4.24. CGEIT - Certified in the Governance of Enterprise IT.

Certified in the Governance of Enterprise IT. The CGEIT is designed for professionals who have

management, advisory, and/or assurance responsibilities relating to the governance of IT.

6.4.25. CISRC - Certified in Risk and Information Systems Control

Certified in Risk and Information Systems Control (CRISC) is a certification for information technology

professionals with expenrience in managing IT risks, awarded by ISACA.

6.4.26. (ISC)2 - International Information Systems Security Certification Consortium

The International Information Systems Security Certification Consortium, (ISC)², is a non-profit

organisation which specializes in information security education and certifications. It has been

described as "world's largest IT security organisation". The most widely known certification offered

by (ISC)² is a Certified Information Systems Security Professional (CISSP) certification.

6.4.27. CISSP - Certified Information Systems Security Professional

Certified Information Systems Security Professional (CISSP) is an independent information

security certification governed by ISC, focussing on cyber security.

6.4.28. CAP – Certification Authorisation Professional

Today’s utilisation of technology does not ensure the safety of information assets for tomorrow.

Instead, technology must be dutifully monitored and validated against changing security

requirements triggered by emerging threats. Because of this, the objective of this certification is to

ensure an employer that the security professionals possess the necessary knowledge, skills, and

abilities and experience to effectively monitor and evaluate a company’s security risks and

requirements today and for the future.

The CAP domains are:

Risk management framework

Categorisation of information systems

Selection of security controls

Security control implementation

Security control assessment

Information system authorisation

Monitoring of security controls

6.4.29. ISSAP – Information Systems Security Architecture Professional

CISSP-ISSAP requires a candidate to demonstrate two years of professional experience in the area of

architecture and is an appropriate credential for Chief Security Architects and Analysts who may

typically work as independent consultants or in similar capacities. The architect plays a key role


Page 71 / 99

within the information security department with responsibilities that functionally fit between the C-

suite and upper managerial level and the implementation of the security program. He/she would

generally develop, design, or analyse the overall security plan.

The six domains of the CISSP-ISSAP CBK® are:

Access Control Systems and Methodology

Communications & Network Security

Cryptography

Security Architecture Analysis

Technology Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Physical Security Considerations

6.4.30. ISSEP – Information Systems Security Engineering Professional

CISSP-ISSEP is the guide for incorporating security into projects, applications, business processes, and

all information systems.

The four domains of CISSP-ISSEP are:

Systems Security Engineering

Certification and Accreditation (C&A) / Risk Management Framework (RMF)

Technical Management

U.S. Government Information Assurance Related Policies and Issuances

6.4.31. ISSMP – Information Systems Security Management Professional

CISSP-ISSMP establishes, presents and governs information security programs demonstrating

management and leadership skills. Typically the CISSP-ISSMP certification holder or candidate will be

responsible for constructing the framework of the information security department and define the

means of supporting the group internally.

The five domains of CISSP-ISSMP are:

Security Leadership and Management

Security Lifecycle Management

Security Compliance Management

Contingency Management

Law, Ethics and Incident Management

6.4.32. SSCP – System Security Certified Practitioner

SSCP is open to all candidates with as little as one year experience, making it an ideal starting point

for a new career in information security or to add that layer of security needed in an organisations

current IT staffing.

The related domains are:

Access Controls

Cryptography

Malicious Code and Activity

Monitoring and Analysis


Page 72 / 99

Networks and Communications

Risk, Response and Recovery

Security Operations and Administration

6.4.33. OSCP - OSCE

Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive

Security - a training spin off of the BackTrack Penetration Testing distribution.

The OSCP challenges the students to prove they have a clear practical understanding of the

penetration testing process and lifecycle through an arduous twenty four (24)

hour certification exam. The OSCP exam consists of a dedicated vulnerable network, which is

designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is

completed with the examinee submitting an in-depth penetration test report of the OSCP

examination network and PWK labs. The coveted OSCP certification is awarded to students who

successfully gain administrative access to systems on the vulnerable network.

As we can see from the sections above, many cyber security training and educational initiatives are

driven by the US and this makes a compelling case for CYSPA to further analyse Strategic option 7.15

“Education and awareness raising on cyber security threats and mitigation” (as documented in CYSPA

deliverable D4.1.2) when making the creating the initial European Strategy to Protect Cyber Space

(CYSPA Deliverable D4.3.1)

7. Conclusions and Next Steps

According to the CYSPA timeline and strategy, the work presented in this document is part of the

analysis of current and planned state of the European cyber security landscape (as is the situation).

This document has assembled a first look at the portfolio of cyber security solutions, an analysis of

the solution provider landscape and market behaviours which will be built upon to form the basis of

the technology and solutions observatory. The technology and solutions observatory (CYSPA

deliverable 3.6) will be an online tool which will be accessible to members of the CYSPA Alliance and

aims to provide a comprehensive body of knowledge about technology and solutions available which

target specific threats relevant to the sectors CYSPA explores. We explored a broad variety of

solutions from a number of different providers and the catalogue in this document will be refreshed

until the technology and solutions observatory is live.

European research initiatives were explored in collaboration with the SecCord Project and a number

of project results have come to light which may be able to facilitate delivery of the final CYSPA

strategy, to be taken into consideration when assembling CYSPA European Strategy to Protect Cyber

Space (Deliverable D4.3.2)

An analysis of existing education and training programmes highlighted a compelling gap in EU driven

cyber security education programmes, with only the United Kingdom showing a serious level of

concrete action in better equipping the market with the required level of skilled human capital.


Page 73 / 99

In conclusion, there are several outcomes from this document which will feed into the production of

upcoming CYSPA deliverables, and in turn inform the final CYSPA European Strategy to Protect Cyber

Space.

8. References

[1] EU Research for a Secure Society July 2012. ec.europa.eu/enterprise/.

[2] ENISA National Cyber Security StrategiesMay 2012

[3] ENISA

National Cyber Security Strategies

Practical Guide on Development and Execution

December 2012

[4] ENISA

On National and International Cyber Security Exercises

Survey, Analysis and Recommendations

October 2012

[5] The 2013 (ISC)2 Global Information Security Workforce Study

https://www.isc2cares.org/

[6] CORDIS EUROPA. http://cordis.europa.eu/fp7/ict/security/projects_en.html#TSI

[7] SECCORD Deliverable 3.1 Research and Innovation Yearbook 2013, and Deliverable 5.3 Year

one Catalogue 2013 deliverables available at http://www.seccord.eu/

[8] http://www.gartner.com/technology/research/methodologies/magicQuadrants.jsp

[9] Oracle Security solutions catalogue at

http://www.oracle.com/us/technologies/security/overview/index.html.

[10] Cisco Security Solutions catalogue

http://www.cisco.com/c/en/us/products/security/solution-listing.html

[11] Juniper Networks Security solutions http://www.juniper.net/us/en/solutions/service-

provider/network-security/

[12] 1 HP ArcSight SIEM http://www8.hp.com/us/en/software-

solutions/software.html?compURI=1340712


http://www.gartner.com/technology/research/methodologies/magicQuadrants.jsp

http://www.cisco.com/c/en/us/products/security/solution-listing.html

http://www.juniper.net/us/en/solutions/service-provider/network-security/

http://www.juniper.net/us/en/solutions/service-provider/network-security/


Page 74 / 99

9. Annex I: list of European projects considered for analysis

Annex I gives the descriptions of all the EU research projects explored for evaluation to include within this document


Page 75 / 99

ACTIBIO.- Unobtrusive authentication using activity related and soft

biometrics.

ACTIBIO will develop the innovative concept of extraction off multi-

modal biometric signatures based on the response of the user to specific

stimuli, while performing specific but natural work-related activities.

Fusing information from various sensors capturing either the dynamic

behavior profile of the user or the physiological response of the user to

events will also research the use of unobtrusive sensors.

ACTOR.- ACcelerate Trust in digital life Organisation and Relations.

On November 2008, Phillips, Microsoft, Nokia and Gemalto took the

initiative to establish the Trust in Digital Life Partnertship.

The coordination action ACTOR supports the TDL Partnership raising

awareness of research and its results of trustworthy ICT.

ACTOR supports the partnership in establishing a network by involving

additional members for the definition of a SRA and implementation

through research projects.

The objectives of the proposed CA project ACTOR are focused on:

- Establishing a multidisciplinary partnership

- Broad support to the TDL research roadmaps for longer-term

research in the field of trustworthy ICT

- Bundling and coordinating the effort of the Partnership members to

develop a promising and ambitious SRA and Work

- Identification of a balanced portfolio with concrete project ideas for

public funded research and innovation projects.

ASSERT4SOA.- Advanced Security Service cERTificate for SOA

ASSERT4SOA will produce novel techniques and tools fully integrated

within the SOA lifecycle for expressing, assessing and certifying security

properties for complex service-oriented applications, composed of

distributed software services that may dynamically be selected,

assembled replaced and running within complex and continuously

evolving software ecosystems.

AVANTSSAR.- Automated validation of trust and security of service-oriented

architectures

AVANTSSAR proposes a rigorous technology for the formal specification

and automated validation of Trust and Security of Service-Oriented

Architectures. This technology will be automated into an integrated

toolset, the AVANTSSAR Validation Platform, tuned on relevant industrial

case studies.

The project will develop:

- ASLAN, the first formal language for specifying trust and security

properties of services, their associated policies, and their

composition into service architectures.


Page 76 / 99

- Automated techniques to reason about services and their associated

security policies into secure service architecture.

- An automated toolset for validating trust and security aspects of SOA

architectures.

CACE.- Computer Aided Cryptography Engineering.

CACE goal is to design, develop and deploy a toolbox that will support the

specific domain of cryptographic software engineering. Security and trust

is mission critical and modern application processing sensitive data

typically require the deployment of sophisticated cryptographic

techniques. The toolbox will allow non-experts to develop high-level

cryptographic applications and business models by means of

cryptography-aware high level programming languages and compilers.

The description of such applications in this way will allow automatic

analysis and transformation of cryptographic software to detect security

critical implementation failures.

DITSEF.- Digital & innovative technologies for security & efficiency of first

responder operations

One of the main problems of First Responders (FR) (fire fighters, police, etc.)

in the case of a crisis occurring at critical infrastructures is the availability of

relevant information for the First Responder itself and for the local manager.

The loss of communication and location, the lack of information concerning

the environment (temperature, hazardous gases, etc.) and the poor

efficiency of the Human Machine Interface (HMI) on the FR side are the main

current drawbacks. Therefore, during the intervention there is a gap

between the First Responders’ situation (positioning, health, etc.) and the

overall overview at their mobile headquarters.

DITSEF aims at increasing the effectiveness and safety of First Responders

through optimal information gathering and sharing with their higher

command levels.

The DITSEF project will provide solutions in four areas:

- Communication;

- Indoor localization;

- Sensors;

- Human Machine Interface.

The aim of the project is to propose to integrate these technologies into a

system through scenarios validated by the end users.

These new technologies must respond to the end user’s needs.

ECRYPT II.- European network of excellence in cryptology - Phase II

Its main objective is to ensure a durable integration of European research

in both academia and industry and to maintain and strengthen the

European excellence in these areas. In order to reach this goal, 11 leading

players propose to integrate their research capabilities within three

virtual labs focusing on symmetric key algorithms, public key algorithms

and protocols, and hardware and software implementation. They will be

joined by more than 20 adjoint members to the network who will closely


Page 77 / 99

collaborate with the core partners. ECRYPT II plans to build on an expand

the integration activities developed within ECRYPT that include joint

workshops, exchange of researchers and students, development of

common tools and benchmarks and a website and forum which will be a

focal point for the network and the wider cryptographic community.

Spreading activities will include a training program, a substantial

contribution towards standardization, bodies and an active publication

policy. The project team has the critical mass and breadth to address the

key questions in these areas.

EFFECTS+.-European Framework for Future Internet Compliance, Trust,

Security and Privacy through effective clustering

EFFECTS+ provides a coordination service for R&D for Trust, Security,

Privacy and Compliance (TSPC) in the Information Society and the Future

Internet (FI). It has three parallel, related goals:

(1) coordination of project contribution to the development of Future

Internet;

(2) coordination of project activities through Project Clustering;

(3) coordination and integration of the results and findings from (1)

and (2), feeding them into an ongoing roadmap that contributes to the

agenda for future European research, development, and practice. To

date, there has been no overall co-ordination of Future Internet

Assembly (FIA) work with early T&S project clustering.

ESCORTS.- European network for the security of control and real-time

systems

ESCoRTS was a joint endeavor among EU process industries, utilities, leading

manufacturers of control equipment and research institutes, to foster

progress towards cyber security of control and communication equipment in

Europe. This coordination action addressed the need for standardization in

this area (where Europe lags behind other world actors), indicating R&D

directions by means of a dedicated roadmap.

ESCoRTS aimed at the dissemination of best practices on Supervisory Control

And Data Acquisition (SCADA) security implementation, thus ensuring

convergence and hastening the standardization process worldwide, and

paving the way to establishing cyber security testing facilities in Europe.

Networked computers reside at the heart of critical infrastructures

and systems on which people rely, such as the power grid, the oil & gas

infrastructure, water supply networks etc. Today these systems are

vulnerable to cyber-attacks that can inhibit their operation, corrupt valuable

data, or expose private information.

Attacks compromising security of monitoring and control systems may also

have negative impact on the safety of personnel, the public and the

environment by causing severe accidents like blackouts, oil spills, release of

pollutants in the air, water and soil.


Page 78 / 99

Pressure to ensure cyber security of control and communication systems is

strong in the US, where industry sectors - electricity, oil, gas etc. are issuing

guidelines and have set up a common platform, the Process Control Systems

Forum. There national facilities where to test the security of control and

communication components are available. In the EU, the importance of the

issue starts to be recognised as well: vendors and many users are trying to

accommodate what emerges as best practice security.

Nevertheless, a common strategy towards standardization is lacking; the

efforts are scattered across industrial sectors and companies. In addition,

due to the lack of testing facilities in the EU, manufacturers and operators

currently need to resort to US cyber security facilities to verify their products

and services.

ESC . European Security Challenge.

Other regions of the world, particularly the US, use competitive incentives

such as awards and prizes to encourage innovation in security research, but

Europe has lagged in this area. The focus of this one-year project was to

examine how such a model could be used to Europe’s advantage. ESC’s

three-member consortium, consisting of Global Security Challenge LLP (UK),

Jožef Stefan Institute (Slovenia) and PR agency 3D Communications (France),

was tasked to design prize competitions that encourage innovators (from

industry, academia, etc.) to deliver innovation solutions in European security

– and to provide ideas and guidelines to the European Commission for doing

so.

A parallel objective was to examine how competitions could visibly involve

EU citizens in the innovation process.

The ESC team conferred with experts, policymakers, companies and other

stakeholders to shape its work, surveying 523 SMEs and interviewing 24

international innovation decision-makers from both public and private

sectors, for example.

This led to the definition of three competition packages as options for the

Commission to use in the future. The three are:

- the “UAV Crisis Response Challenge”, designed to advance unmanned aerial

systems (UAS) technology for emergency response to disasters.

- The “Citizens’ Frontline Emergency Management Competition” to create

open source software applications for emergency management, based on

use of social media and modern communications technology.

- The “Cloud Castle Challenge” to encourage the creation of an open source

software repository, or ‘toolbox’, for cyber security and the protection of

cloud computing.

ESC’s final report will allow European policy-makers to assess the potential

for using prize competitions to boost innovation in security.

“Our analysis has shown that both applicants/innovators and prize

promoters/sponsors can benefit from prizes,” says the team. It adds that

contest applicants and winners profit from wide media coverage and easier

access to funding for the commercialization of their research, while contest


Page 79 / 99

promoters and sponsors pull in participants from non-conventional fields

that traditional methods fail to reach. Indeed, other methods for attracting

innovation such as research grants or patents are discussed in the report and

compared to prize competitions.

The report ends with a suggestion to integrate prize competitions in the EU’s

existing funding schemes.

ETCETERA.- Evaluation of critical and emerging technologies for the

elaboration of a security research agenda.

The ETCETERA project is a contribution to effective and efficient security

research planning on a European level.

Its aim is three-fold :

- to develop novel methodologies for future strategic research planning

- to identify risks and potential benefits associated with Critical Dependencies

and Emerging Technologies with security implications.

- to recommend a research agenda to deal with these risks and potential

benefits.

INSPIRE.- Increasing security and protection through infrastructure resilience

The INSPIRE goal is enhancing the European potential in the field of

security by assuring the protection of critical information infrastructures

through the identification of their vulnerabilities and the development of

innovative techniques for securing networked process control systems.

To increase the resilience of such systems INSPIRE will develop traffic

engineering algorithms, self-reconfigurable architectures and diagnosis and

recovery techniques. Therefore, the core idea of the INSPIRE proposal is to

protect critical information infrastructures by appropriately configuring,

managing, and securing the communication network which interconnect the

distributed control systems.

A working prototype will be implemented to be used as final

demonstrator of specific scenarios. Involved experts will support project

partners in the validation and demonstration activities, thus enhancing the

effectiveness of such multidisciplinary consortium. INSPIRE will also

contribute to standardization process in order to foster multi-operator

interoperability and coordinated strategies for securing lifeline systems.

In order to achieve its objectives, INSPIRE has identified the following

areas of work:

- Analysis and modelling of vulnerabilities of networked process control

systems.

- Design and implementation of techniques and architectures for

increasing security and resilience of networked controls systems.

- Verification, validation and integration of the developed tools.

- Exploitation, dissemination and standardization.


Page 80 / 99

INSPIRE-INTERNATIONAL.- INcreasing Security and Protection through

Infrastructure REsilience-International cooperation aspects

Critical Infrastructures (CI) are increasingly interconnected and consequently

opposed to multiple new threats such as cyber and terroristic attacks.

Therefore, Critical Infrastructure Protection (CIP) is getting more and more

important. Supervisory, Control and Data Acquisition (SCADA) systems are

widely deployed in CIs and should be therefore well protected.

The INSPIRE project aims at systematically understanding SCADA threats and

accordingly developing mitigation and prevention techniques. Power grid is a

SCADA-based wide area highly interconnected CI. The high level of

interconnectivity can be easily concluded from the low number of power

grids in Europe. To the best of our knowledge there is no real data from the

European power grids that can be used for evaluating power grid protection

techniques such as those developed in INSPIRE.

INSPIRE is developing a P2P-based middleware that aims at increasing the

protection level of SCADA systems, which can be easily adopted for power

grid infrastructures. A cooperation between INSPIRE and GridStat will allow

to compare both approaches and derive best practices as well as directions

towards an integrative/adaptive approach.

MASSIF1.MAnagement of Security information and events in Service

Infrastructures, Secure information management system.

MASSIF will provide innovation techniques in order to enable the

detection of upcoming security threats and trigger remediation actions

even before the occurrence of possible security incidences. Thus, MASSIF

will develop a new generation SIEM framework for service

infrastructures supporting intelligent, scalable, and multi-level/multi-

domain security event processing and predictive security monitoring. It

provides cross-layer correlation of security events from various sources,

enabling protection of the service infrastructure, as well as predictive

security analysis, proactively preventing further attacks by taking

appropriate countermeasures. Highly scalable processing techniques

used will provide means to handle large volumes of security events,

while elastic scalable event processing offers an adaptive environment to

suit computing resources.

MASTER.- Managing assurance, security and trust for services

MASTER aims at providing methodologies and infrastructures that

facilitate the monitoring, enforcement, and audit of quantifiable

indicators on the security of a business process, and that provide

manageable assurance of the security levels, trust levels and regulatory

1 http://www.massif-project.eu/


Page 81 / 99

compliance of highly dynamic service- oriented architecture in

centralized, distributed (multi-domain), and outsourcing contexts.

To this extents MASTER will identify new innovation components in

terms of key assurance indicators, key security indicators, protection and

regulatory models and security model transformations coupled with the

methodological and verification tools for the analysis and assessment of

business processes. It will further define an overall infrastructure for the

monitoring, enforcement, reaction, diagnosis and assessment of these

indicators centralized, distributed (multi-domain), and outsourcing

contexts. It will show a proof-of-concept implementation in the

challenging realms of Banking/Insurance and in the e-Health IT systems.

MASTER will thus deliver a strategic component of the security and trust

pillar of the European Technology Platform NESSI which makes it a NESSI

strategic project.

PARSIFAL.- Protection and trust in financial infrastructures

PARSIFAL proposal is targeting the ambitious objective concerning how

to better protect FCI and information infrastructure that link FCI with

other Critical Infrastrucutre in Europe.

PARSIFAL has the following objectives:

1) Bringing together CFI and TSD research stakeholders;

2) Contributing to the understanding of CFI challenges;

3) Developing longer term visions, research roadmaps, CFI scenarios and

best practice guides;

4) Co-ordinating the relevant research work, knowledge and experiences.

The need to create forums at EU level is specifically mentioned in order

to facilitate exchanges of views on general and sector specific CIP issues.

PARSIFAL is aiming to bring together all financial critical infrastructure

stakeholders in the public and private sphere which would provide the

MS, Commission and the industry with an important platform through

which to communicate on whichever new CIP issue arise. Furthermore,

PARSIFAL Forum would asses a possibility of the creation of EU FCI

related industry/business associations. The success of PARSIFAL will be

largely based on its ability to build a large consensus in the financial,

security industrial and scientific community. This will require the ability

to contact and involve a large number of SME's that are working in this

field, as well as Academia and Research Organisation all over Europe and

bring them together with all the relevant national or regional CIP and

Financial sector actors.

PASSIVE.- Policy-Assessed system-level Security of Sensitive Information

processing in Virtualized Environments

The PASSIVE project proposes an improved model of security for

virtualized systems to ensure that:


Page 82 / 99

- Adequate separation of concerns (e.g. policing, judiciary) can be

achieved even in large scale deployments.

- Threats from co-hosted operating systems are detected and dealt

with.

- Public trust in application providers is maintained even in a

hosting environment where the underlying infrastructure is highly

dynamic.

To achieve these aims, the consortium proposes:

- A policy-based Security architecture, to allow security provisions to

be easily specified, and efficiently addressed.

- Fully virtualized resource access, with fine-grained control over

device access, running on an ultra-lightweight Virtual Machine

Manager.

- A lightweight, dynamic system for authentication of hosts and

applications in a virtualized environment. In so doing, PASSIVE will

lower the barriers to adoption of virtualized hosting by government

users, so that they may achieve the considerable gains in energy

efficiency, reduced capital expenditure and flexibility offered by

virtualization.

POSECCO.- Policy and Security Configuration Management.

PoSecCo establish a traceable and sustainable link between high-level

requirements and low-level configuration settings. Operations will be

supported by self-managed features and decision support systems.

Substantial improvements are expected in the areas of policy modeling

and conflict detection across architectural layers, decision support for

policy refinement processes, policy and configuration change

management including validation, remediation and audit support, and

security management processes in FI application scenarios. PoSecCo

addresses the economic viability of the chosen approach by assessing

cost and organisational benefits of an improved policy and configuration

management.

PoSecCo continues other EC projects, especially DESEREC, POSITIF, and

MASTER, and adopts existing industry-standards for change management

and audit to ensure its impact.

PRIMELIFE.- Privacy and identity management in Europe for life.

PrimeLife will resolve the core privacy and trust issues; its long-term

vision is to counter the trend to life-long personal data trails data without

compromising on functionality. The project will build upon and expand

the sound foundation of the FP6 project PRIME that has shown how

privacy technologies can enable citizens to execute their legal rights to

control personal information in on-line transactions. Resolving these

issues requires substantial progress in many underlying technologies.

PrimeLife will substantially advance the state of the art in the areas of

human computer interfaces, configurable policy languages, web service

federations, infrastructures and privacy-enhancing cryptography.


Page 83 / 99

PrimeLife will ensure that the community at large adopts privacy

technologies. To this effect PrimeLife will work with the relevant Open

Source communities and standardisation bodies, and partner projects. It

will further organise workshops with interested parties such as partner

projects to transfer technologies and concepts. This will also validate the

project's results on a large scale. European industry will be strengthened

by providing building blocks for trustworthy treatment of customers'

data.

RADICAL.- Road mapping technology for enhancing security to protect

medical and genetic data.

RADICAL coordination action aims at approaching coherently, studying in

depth and revealing scientifically, the beyond the state-of the art

research and policy roadmap for security and privacy enhancement in

Virtual Physiological Human, taking into consideration technology

advancements, business and societal needs, ethics and challenges that

should be addressed and answered.

RADICAL objectives are:

- Benchmarking existing security and privacy technologies. There will be a

special focus on Privacy Enhancing Technologies, which assist in

designing information and communication systems and services in a way

that minimizes the collection and use of personal data and facilitate

compliance with data protection rules.

- Identify the required technology developments and implementation

challenges in order to define the gap between the present (as is

situation) and the future desired status.

- Identify the societal needs and challenges that should be addressed in

order to protect health patient records and regulate their usage. Analyse

the implications of health data usage, with special focus to the genetic

data usage.

- Capitalize on existing knowledge acquired by EC funded projects under

6th Framework, using their Provide a Policy Paper Roadmap for the

Future Agenda in Medical and Genetic Data.

- Develop a Good Practice Guide, presenting the best practices that should

be adopted by different stakeholders.

- Creating a network of stakeholders

SAFECITY.- Future Internet Applied to Public Safety in Smart Cities

Safecity deals with smart Public safety and security in cities. The main

objective is to enhance the role of Future Internet in ensuring people feel

safe in their surroundings at time that their surroundings are protected.

Safecity is the result of the elaboration of a vertical Use Case Scenario

based on Public Safety in European cities. The main goal of this project is

to collect specific requirements driven by relevant users on the Future of

Internet versus to the generic ones that will be collected through other

objectives.


Page 84 / 99

SECURECHANGE.- Security engineering for lifelong evolvable systems.

The project will develop processes and tools that support design

techniques for evolution, testing, verification, re-configuration and local

analysis of evolving software. Our focus is on mobile devices and homes,

which offer both great research challenges and long-term business

opportunities.

Concrete achievements will include:

- Architectural blueprint and integrated security process for lifelong

adaptable systems

- Methodology for evolutionary requirements with tools for incremental

requirements models evaluation and transformation

- Security modelling notation for adaptive security with formally founded

automated security analysis tools.

- IT security risk assessment with tool-support for lifelong adaptable

systems

- Techniques and tools to verify adaptive security while loading on-device

- Model-based testing approach for evolution

The results are continuously validated jointly with key industry players.

SHIELDS.- Detecting known security vulnerabilities from within design and

development tools

The main objective of SHIELDS is to increase software security by bridging

the gap between security experts and software practitioners and by

providing the software developers with the means to effectively prevent

occurrences of known vulnerabilities when building software.

Development of novel formalisms for representing security information, such

as known vulnerabilities, in a form directly usable by development tools, and

accessible to software developers. This information will be stored in an

internet-based Security Vulnerabilities Repository Service (SVRS) that

facilitates fast dissemination of vulnerability information from security

experts to software developers. We will also present a new breed of security

methods and tools (some open source, some commercial) that are constantly

kept up-to-date by using the information stored in the SVRS.

In addition to the SVRS, and new security tools, we will create a SHIELDS

Compliant certification for tools and a SHIELDS Verified logo program for

software developers that will offer an affordable and yet technically effective

evaluation and certification method in the fight against common security

vulnerabilities. Commercial exploitation will be through these programs, the

tools, and through subscriptions to the repository (parts will be free).

SPIKE.- Secure process-oriented integrative service infrastructure for

networked enterprises.


Page 85 / 99

SPIKE will develop a software platform for the easy and fast setup of business

alliances. The project targets two main organisational objectives: first,

outsourcing parts of the value chain to business partners; second, enabling

collaboration between members of participating organisations. SPIKE will

enable collaboration and cooperation between the networked enterprises.

The user partners will demonstrate the potential of SPIKE at the case of pilot

deployments and use cases, i.e. a collaborative business alliance and two

services ready for use in the networked enterprise. Because of its focus, the

project will have an impact on organisations of all sizes that want to

collaborate with each other.

This way, SPIKE will have a special impact on SMEs. It will enable them to

offer their services to potential new customers in a cost-saving and timely

manner.

VIRTUOSO.- Versatile information toolkit for end-users oriented open

sources exploitation.

The VIRTUOSO Project aims to provide an integrated open source

information exploitation (OSINF) toolbox to European authorities working in

border security. This toolbox will extend the “security distance” of Europe’s

borders by allowing EU agencies and member states to anticipate, identify

and respond to strategic risks and threats in a timely manner. In short, the

project aims to :

- Improve the situational awareness of those organisations and individuals

charged with securing Europe’s borders.

- Help anticipate risks such as terrorism, illegal migration and the trafficking of

goods and people using OSINF-

- Create the kernel of a pan-European technological platform for the

collection, analysis and dissemination of open source information, thus

ensuring greater interoperability among European actors involved in

border security.

- Provide the tools for crisis management response if anticipation fails or in

the event of a rupture scenario.

This seamless OSINF platform will aggregate, in real time, content from the

internet, leading subscription providers, and broadcast media. This content

will be filtered and analysed using text mining and other decision support

technologies to improve situational awareness and provide early warning to

end-users.

The project’s deliverables include a demonstrator of the VIRTUOSO toolkit

(one that integrates various information services and intelligence

applications) and full documentation on the platform itself.

The core platform will be freely available as open source software at the end

of the project.


Page 86 / 99

ANIKETOS1 .Secure Development of Trustworthy Composite Services.

The Main objective is to provide service developers and providers with a secure service development, improving tools, methods, and languages for handling security issues. This includes the evolution of agreements and requirements for users of services, who want to obtain certification for composed services. Aniketos offers a way of expressing different aspects of trustworthiness and provide design-time and runtime modules for evaluating and monitoring the trust level between service providers/components

ARENA.- Architecture for the Recognition of threats to mobile assets using

networks of multiple affordable sensors.

The objective of ARENA is to develop methods for automatic detection

and recognition of threats, based on multisensory data analysis:

- Robustly and autonomously detect threats to critical mobile assets in

large unpredictable environments.

- To reduce the number and impact of false alarms and work towards

optimized decision making.

- To demonstrate automatic threat detection for the land case.

- To assess automated threat detection for the land case and the

maritime case.

- To evaluate detection performance and contribute to standards.

- To respect and respond to social, legal and ethical issues arising from

the design, implementation and deployment.

The expected result is a system consisting of low cost sensors which are

easy to deploy. The system will be adaptable to various platforms and

increase the situation awareness.

ASPIRE.- Advanced Software Protection: Integration, Research and

Exploitation

ASPIRE will research and provide a radical change in the current RFID

deployment paradigm through innovative, programmable, royalty-free

and privacy friendly middleware. This new middleware paradigm will be

particular beneficial to European SME, which are nowadays experiencing

significant cost-barriers to RFID deployment. ASPIRE will significantly

lower SME entry costs for RFID technology, through developing and

providing a lightweight, royalty-free, innovative, programmable, privacy

friendly, middleware platform that will facilitate low-cost development

and deployment of innovative RFID solutions. This platform will act as a

main vehicle for realizing the proposed swift in the current RFID

deployment paradigm.

BEAT.- Biometrics Evaluation and Testing

The goal of BEAT is to propose a framework of standard operational

evaluations for biometric technologies.

The BEAT project will provide standardized criteria (and metrics) to evaluate

biometric systems for both academic and commercial entities. This

standardization is currently lacking and would likely lead to : an improved 1 http://www.aniketos.eu/project


Page 87 / 99

communication between academic and commercial entities in the field of

biometrics by providing a common basis for comparison, and an

improvement in the state-of-the-art for biometric systems by providing a fair

and centralized method to evaluate systems.

The standardization would include methods to evaluate :

- The performance (accuracy) of a biometric system.

- The vulnerability of a biometric system to direct attacks (spoofing) or

indirect attacks (hill-climbing attacks).

- The performance of privacy preservation techniques.

There will be three outcomes of this project. The first is that the reliability of

biometric systems will be measurable and thus should lead to a meaningful

increase in performance. The second is that technology transfer from

research to companies will be much easier as there will be an interoperable

framework. Finally, decision-makers and authorities will be informed about

the progress that is made in biometrics as the results will have an impact on

standards. Given these outcomes we expect that BEAT will significantly

contribute to the development of a European Identification Certification

System.

BIC.- Building International Cooperation for Trustworthy ICT: Security,

Privacy and Trust in Global Networks & Services.

The BIC project responds to FP7 Call 5 Objective ICT-2009.1.4

Trustworthy ICT, specifically d) Networking, Coordination and Support of

networking, road-mapping, coordination and awareness raising of

research and its results in trustworthy ICT with priority towards (vii)

International co-operation in fields where global action will create added

value.

With this Coordination Action, successful models developed by the

project partners will be used to engender co-operation of EU researchers

and program management in Trustworthy ICT with their peers in

countries who have already signed Science and Technology (ST)

agreements, namely Brazil, India and South Africa.

The objectives of the work performed by the proposed BIC project will

be:

1. Chart landscape and Initial EU alignment;

2. Prioritisation of the EU influenced vision and research directions

amongst the new countries (Brazil, India and South Africa), including

alignment of work programmes;

3. Global alignment, consensus and outreach of the visions and

challenges of all countries;

4. Definition of Tangible International Activities including success metrics

and setting up global projects.

BUTLER.- uBiquitous, secUre inTernet-of-things with Location and contExt-

awaReness


Page 88 / 99

BUTLER will be the first European project to emphasise pervasiveness,

context-awareness and security for IoT. Through a consortium of leading

Industrial, Corporate R&D and Academic partners with extensive and

complementary know-how, BUTLER will integrate current and develop new

technologies to form a bundle of applications, platform features and services

that will bring IoT to life. For this purpose, BUTLER will focus on:

- Improving/creating enabling technologies to implement a well-

defined vision of secure, pervasive and context-aware IoT, where

links are inherently secure (from PHY to APP layers) applications cut

across different scenarios (Home, Office, Transportation, Health,

etc.), and the network reactions to users are adjusted to their needs

(learned and monitored in real time).

- Integrating/developing a new flexible smartDevice-centric network

architecture where platforms (devices) function according to three

well-defined categories: smartObject (sensors, actuators, gateways),

smartMobile (users personal device) and smartServers (providers of

contents and services), interconnected over IPv6.

- Building a series of field trials, which progressively integrate and

enhance state-of-the-art technologies to showcase BUTLERs secure,

pervasive and context-aware vision of IoT. In addition to these R&D

innovations, BUTLER and its External Members Group will also

aggregate and lead the European effort in the standardisation and

exploitation of IoT technologies.

C-DAX.- Cyber-secure Data and Control Cloud for Power Grids

C-DAX exploits the properties of novel, information-centric networking (ICN)

architectures that are by design more secure, resilient, scalable, and flexible

than conventional information systems. C-DAX will be tailored to the specific

needs of smart grids for efficient support of massive integration of

renewables and a heterogeneous set of co-existing smart grid applications.

Realistic and pertinent use cases from different domains (low-voltage,

medium-voltage, and trading) will be used to guide the design and provide

validation criteria. Further, C-DAX will provide added value to current

protocols and data models used within the power systems domain for

monitoring and control purposes. C-DAX concepts will be proposed for

standardization and industry interest groups.

CAPITAL.- Cyber security research Agenda for PrIvacy and Technology

chALlenges

CAPITAL has been built around two pillars: coordinate European R&D efforts

in the cyber security domain and jointly address research and innovation

within an Integrated Research & Innovation Agenda. The project will

therefore cover two sub-bullets of the call objective.

CAPITAL is proposed by a strong consortium gathering nine representatives

from leading Industries and Research Organisations, well positioned -in

terms of networking, expertise and market outreach - in the cyber security

domain. CAPITAL complements the CYSPA project started on October 2012,


Page 89 / 99

also coordinated by EOS which aims at defining an overall strategy and

creating a community of solution providers, Researchers and end-users to

enhance the industrial community to protect itself from cyber-disruptions

and support the European elaboration of regulations to enhance the overall

protection level.

CIRRUS.- Certification, InteRnationalisation and standaRdization in cloUd

Security.

Certification, InteRnationalisation and standaRdization in cloUd Security

(CIRRUS) aims to bring together representatives of industry organisations,

law enforcement agencies, cloud services providers, standard and

certification services organisations, cloud consumers, auditors, data

protection authorities, policy makers, software component industry etc. with

diverse interests in security and privacy issues in cloud computing.

CIRRUS project aims to provide "high-level, high-impact" support and

coordination for European ICT security research projects. Project activities

target joint standardization, certification schemes, link research projects with

EU policy and strategy, internationalization, as well as industry best practices

and public private cooperation initiatives.

CUMULUS.- Certification infrastrUcture for MUlti-Layer cloUd Services

CUMULUS will address the limitations of Cloud technologies by developing

an integrated framework of models, processes and tools supporting the

certification of security properties of infrastructure (IaaS), platform (PaaS)

and software application layer (SaaS) services in cloud. CUMULUS framework

will bring service users, service providers and cloud suppliers to work

together with certification authorities in order to ensure security certificate

validity in the ever-changing cloud environment.

CUMULUS will rely on multiple types of evidence regarding security,

including service testing and monitoring data and trusted computing proofs,

and based on models for hybrid, incremental and multi-layer security

certification. Whenever possible, evidence gathering will build upon existing

standards and practices (e.g., interaction protocols, representation schemes

etc.) regarding the provision of information for the assessment of security in

clouds.

To ensure large-scale industrial applicability, the CUMULUS framework will

be evaluated in reference to cloud application scenarios in some key

industrial domains, namely Smart Cities and eHealth services and

applications.

CUMULUS is aligned with the recommendations of a recent industrial

consultation to the European Commission which identified cloud certification

as an enabling technology for building trust for end users through the

deployment of standards and certification schemes relevant to cloud

solutions, and included it in the ten key recommendations and actions for a

cloud strategy in Europe.


Page 90 / 99

COCKPITCI.- Cybersecurity on SCADA: risk prediction, analysis and reaction

tools for Critical Infrastructures.

The CockpitCI project aims on one hand to continue the work done in MICIE by refining and updating the on-line Risk Predictor deployed in the SCADA centre, on the other hand to provide some kind of intelligence to field equipment, allowing them to perform local decisions in order to self-identify and self-react to abnormal situations induced by cyber attacks.

The main expected result is the demonstration that the convergence among physical security, cyber security and business continuity is possible with positive fallouts for all the involved players. Benefits will arise from the security point of view thanks to the availability of a larger amount of field data, while, from the business point of view, a better real-time risk evaluation will allow a tailored definition of service level agreement and the avoidance of large domino effects.

DISASTER.- Data Interoperability Solution At Stakeholders Emergency

Reaction.

Design of a reference architecture to solve interoperability problems in data

exchange in SOA-based Emergency Management Systems (EMS), addressing

interdisciplinary environments at a European level.

- Designing and developing an integrative and modular interoperable data

model. This objective may be split into two sub-objectives :

• The core framework data model, common to every stakeholder

involved in emergency management.

• Complementary transversal (spatial and temporal) & vertical (domain-

specific) modules.

- Designing and developing mediation techniques, a set of bridges, enabling a

transparent integration of the data model within already-existing SOA-based

EMSs.

- Developing and executing a validation pilot phase in an actual environment,

based on a representative scenario, in order to get feedback from end-users,

and evaluating the project’s outcomes and their benefits to the European

multicultural domain related to emergency management.

The project’s target outcome is an integrative and modular ontology for

establishing a common knowledge structure between all the first responders

involved in an emergency, but being compliant with legacy international data

formats exchanged in the European Union as long as they are seamlessly

integrated within current SOA-based Emergency Management Systems.

INTER-TRUST.- Interoperable Trust Assurance Infrastructure

The main objective of the INTER-TRUST project is to develop a framework to

support trustworthy applications in heterogeneous networks and devices

based on the enforcement of interoperable and changing security policies.

This framework will allow developers, integrators and operators of systems

to act during the development and operation phases to obtain systems with


Page 91 / 99

components that communicate and share data in a secure trusted manner

dictated by negotiated security policies that we also refer to as dynamic

security Service Level Agreements.

The result will incorporate trustworthiness by integrating legal, social and

economic concerns, allowing applications and devices to negotiate and be

strained by them.

INTER-TRUST intends to validate the results using two different case studies

with complex, highly demanding critical services. The two case studies, E-

voting and Vehicle-to-Vehicle and Vehicle-to-Infrastructure Communications

for Intelligent Transport Systems, involve key European players and will

perfectly illustrate the importance and cross-domain applicability of the

INTER-TRUST's results and offer unique opportunities for their wide-spread

exploitation.

IPACSO.- Innovation Framework for Privacy and Cyber Security Market

Opportunities

Innovation drives new product realization and development. Significant

opportunities exist for innovation in the privacy and cyber security (PACS)

technology space, yet complex market, regulatory, policy, commercial, and

economic considerations create several barriers to transforming research

outputs into market-centric product and service applications. In response,

Innovation Framework for Privacy and Cyber Security Market Opportunities

(IPaCSO) will develop a structured knowledge and decision-support

innovation framework for identifying, assessing and exploiting market

opportunities in the privacy and cyber security technology space. IPaCSO will

support security innovators, policy makers and research spectrum

stakeholders in identifying, assessing and exploiting new ideas and research

assets using innovation and market assessment best-practice and guidelines

IPaCSO will address the following main goals:

- Assess existing innovation processes used in the PACS domain via in-depth

stakeholder engagement.

- Identify a set of innovation framework requirements, interleaving improved

innovation practices and case study scenarios, that support PACs domain

concerns

- Assess existing economic barriers to innovation and identify appropriate

economic incentives needed to increase security product and service

adoption

- Develop an appropriate knowledgebase and decision support approach that

is transferrable to PACS technologies exploiting potential market

opportunities.

- Develop effective training, exploitation and dissemination of the resultant

IPaCSO framework to target stakeholder groups, both during and beyond the

project lifecycle.

MATTHEW.- Multi-entity-security using active Transmission Technology for

improved Handling of Exportable security credentials Without privacy

restrictions.


Page 92 / 99

With the increasing pervasion of our society by mobile devices like smart

phones and tablets and many users running several security relevant

applications on multiple mobile devices at the same time, security and

privacy challenges outranging those on personal computers arise. In the near

future, users are expected to move personal roles and identities between

mobile platforms. Electronic representations of rights associated with such

roles will be mobilised and residing on multiple devices. These devices could

be nanoSIMs used in smartphones or microSDTM cards used in tablets.

The objective of MATTHEW is to develop novel, privacy-preserving security

applications with Anonymity and Attribute Based Credentials (ABC) being

transferable over various mobile platforms like smart phones and tablets

using Near Field Communication (NFC). Introducing active transmission

technology for NFC, MATTHEW will overcome the most blocking obstacle in

scalability of form factors for NFC antennas, thus facilitating integration of

NFC-enabled security components in mobile devices.

MATTHEW directly addresses Security and privacy in mobile systems of the

objective ICT-2013.1.5 Trustworthy ICT and will, based on application

requirements, specify an architecture with focus on multiple entity security

with privacy preservation. Component development will encompass secure

elements with physically uncloneable functions (PUFs) and privacy algorithms

support, active transmission technology and antenna designs as well as

specialized packages for small form factor integration.

MATTHEW results will be demonstrated by a transferable payment

application and a multi-key access control system. An ABC-based

cryptographic API will provide pseudonyms for privacy.

MATTHEW brings together eight highly qualified European partners, world

market leading industries (IFAT, GTO, AMS, IFAG), research oriented SMEs

(IMA, TEC, CRX) as well as a high esteemed university institute for ICT

security (IAIK).

PANOPTESEC.- Dynamic Risk Approaches for Automated Cyber Defense

The PANOPTESEC consortium will deliver a beyond-state-of-the-art prototype

of a cyber-defense decision support system, demonstrating a risk based

approach to automated cyber-defense that accounts for the dynamic nature

of information and communications technologies (ICT) and the constantly

evolving capabilities of cyber attackers. "Panoptes" is an ancient Greek term

meaning 'all eyes' or 'all seeing'. This term has incorporated into the project

name to represent the PANOPTESEC consortium because the overall goal of

the PANOPTESEC project is to deliver a continuous cyber security monitoring

and response capability.

The PANOPTESEC prototype will proactively and reactively evaluating system

weaknesses, identifying potential attack paths, providing a list of prioritized

response actions, and delivering a means to execute these responses; all

supported by automated analysis engines. The resulting PANOPTESEC

prototype will provide a continuous monitoring and response capability to

prevent, detect, manage and react to cyber incidents in real-time. The near


Page 93 / 99

market-ready system will support breach notifications and improve situation

awareness while supporting the decision-making process required by security

personnel. PANOPTESEC will deliver this capability through an integrated and

modular, standards-based integration of technologies that will collectively

deliver the required capabilities.

PCAS.- Personalised Centralized Authentication System

PCAS aims at providing an innovative, trustworthy, handheld device. The

Secured Personal Device (SPD) will allow users to securely store their data, to

share it with trusted applications, and to easily and securely authenticate

him. The SPD will recognise its user using multiple biometric sensors,

including a stress level sensor to detect coercion. Using the same biometric

authentication, the SPD will be able to enforce secure communication with

servers in the cloud, relieving the user from memorizing passwords.

The SPD will take the form of a smartphone add-on that draws power from

the smartphone and uses its communication services. The security and

authentication mechanisms will use software components running on the

SPD, on the smartphone, and in the cloud. These software components will

enable the use of biometric sensors to perform authentication on the

smartphone and on the cloud, authorise access to the stored data on the SPD

and securely transfer data from/to remote devices: USB or NFC connected

computers or remote web services. The project will develop a full

environment composed of programming APIs (needed to develop trusted

applications) and modules that allow the easy integration of PCAS with

existing web services. The benefits of the project will be demonstrated with

two use cases: electronic health and university campus access control.

PRACTICE.- Privacy-Preserving Computation in the Cloud

PRACTICE has assembled the key experts throughout Europe and will provide

privacy and confidentiality for computations in the cloud. PRACTICE will

create a secure cloud framework that allows the realization of advanced and

practical cryptographic technologies providing sophisticated security and

privacy guarantees for all parties in cloud-computing scenarios. With

PRACTICE users no longer need to trust their cloud providers for data

confidentiality and integrity.

PRACTICE will deliver a Secure Platform for Enterprise Applications and

Services (SPEAR) providing application servers and automatic tools enabling

privacy-sensitive applications on the cloud. SPEAR protects user data from

cloud providers and other users, supporting cloud-aided secure

computations by mutually distrusting parties and will support the entire

software product lifecycle.

PRACTICE is strongly industry-driven and will demonstrate its results on two

end-user defined use cases in statistics and collaborative supply chain

management.


Page 94 / 99

PRIPARE.- PReparing Industry to Privacy-by-design by supporting its

Application in Research

The mission of PRIPARE is twofold: facilitate the application of a privacy and

security -by-design methodology that will contribute to the advent of

unhindered usage of Internet against disruptions, censorship and

surveillance, support its practice by the ICT research community to prepare

for industry practice; foster risk management culture through educational

material targeted to a diversity of stakeholders. To this end PRIPARE will

• specify a privacy and security-by-design software and systems engineering

methodology, using the combined expertise of the research community and

taking into account multiple viewpoints (advocacy, legal, engineering,

business),

• prepare best practices material (guidelines, patterns, success stories) for

the development and implementation of products and services of ICT-based

systems and use-cases in the area of cloud computing, mobile services and

the management of cyber incidents,

• provide educational material on approaches for risk management of

privacy and create awareness on the need for risk management culture

among users. Material consistent with PRIPARE methodology will be

structured in a modular way in order to fit to different targets (policy makers,

users, ICT students and professional).

• identify gaps and provide recommendations on privacy and security-by-

design practices, support of unhindered usage of Internet and on the

creation of a risk management culture. A research agenda will be proposed.

RASEN.- Compositional Risk Assessment and Security Testing of Networked

Systems

The European society increasingly depends on ICT systems, in particular ICT

systems within critical infrastructures such as telecommunication services,

public health services, banking services and power supply. At the same time

such systems become increasingly heterogeneous and complex, both with

respect to their underlying technology and infrastructure and with respect to

their social, economic and legal context. Furthermore, heterogeneous

networked service and computing environments cross organisational and

geographical borders, posing security challenges that need to be addressed

from a broad perspective. For organisations, enterprises and service

providers to continuously ensure a sufficient level of protection of complex

networked systems, a thorough understanding of security risks is required.

However, the nature of such systems makes security assessment very

challenging. First, assessing the security of such large, complex networked

systems in their entirety is infeasible. Second, security assessment is usually

performed either at a high-level (e.g. by risk assessment) or at a technical

low-level (e.g. by security testing) with few methods to combine the levels

and make use of them complementary. The RASEN project addresses these

challenges by, on the one hand, developing support for systematic

composition of security assessment results, allowing global security

assessments to be derived from assessments of smaller parts of the system.


Page 95 / 99

On the other hand, RASEN will develop support for systematically combining

high-level security risk assessment with low-level security testing, such that

risk assessment can be used to derive security test cases and security test

results can be used to verify or updating the risk assessment.

The expected result of RASEN is an approach to security assessment that

consists of methods and techniques to support the following. Compositional

security assessment: How the security assessment can be broken down into

smaller parts and systematically composed to obtain the global assessment.

Risk-based security testing: How to derivative security test cases from

security risk assessment results. Test-based security risk assessment: How to

verify and update of the security risk assessment based on security test

results. Legal security risk assessment: How to assess and understand

compliance with legal norms related to information security. Continuous

security assessment: How reuse results from previous security assessments

and to rapidly update the security risk assessment based on passive testing

(also called monitoring). Additionally, RASEN will deliver a toolbox that

integrates the RASEN tool portfolio consisting of a security risk assessment

tool and a security testing tool, as well as tools to make transformations

between the two. All the results will be evaluated and validated in relevant

use cases derived from the domains of healthcare, finance and the IT

industry.

SECCORD.- SECurity and trust COoRDination and enhanced collaboration

SecCord provides coordination and services for the Trust and Security (T&S)

research program and its projects. There are five inter-related threads to its

work plan that correspond to the project objectives.

[1] Build on the current collaborations between the T&S projects, evolving

the clustering activities, development of state-of-the-art ideas and

knowledge, extending membership to other projects and groups with T&S

needs, outreaching to legal, social and economic projects with a trust and

security related interest.

[2] Conducting a detailed analysis of the work of the projects, demonstrate

the dividends outputs and benefits- resulting from the investment in T&S

research, providing evidence of valuable and meaningful results and

potential impact.

[3] Provide greater visibility of T&S research program through a high-profile

annual conference and a T&S research web repository that provides a central

focus and exchange for T&S research information and links; the goal is that

these become a recognisable brand. Visibility and outreach will be extended

by building on an already established community of interests to include

relationships with industry and T&S initiatives of member states.

[4] Leverage the potential and impact of T&S project results by maintaining a

catalogue and showcase of results, and by interpreting and matching them

against use-cases of current and foreseen market needs covering a wide

spectrum of social considerations -legal, economic, and personal.


Page 96 / 99

[5] To provide context for the impact and visibility of the research program,

provide a strategic outlook of the emerging and developing T&S issues,

challenges, requirements, and priorities, with attention given to legal, social,

and economic concerns. Set up an expert Advisory focus group that includes

external members to advise on key strategic issues and priorities. The

Advisory focus group will consist of two sub-groups: academic focus group

and industry oriented focus group.

SECFUNET.- Security for Future Networks

The goal of the SecFuNet project is to design and develop a coherent secure

architecture for virtual networks and cloud accesses. The proposed

architecture will provide solutions allowing the management of the security

of communications for all machines connected to a public cloud using virtual

networks. Hence, we need a coherent and robust identification scheme as

well as a strong authentication system. Algorithms robust to intrusions are

also needed for creating a secure environment. Besides, the proposed

architecture must guarantee security in the virtualized infrastructure,

through isolation of virtual networks and access control for users and

managers. The identification of authorised users, however, must not

compromise their privacy. Moreover, it is necessary to bring an ergonomic

security scheme that is acceptable for all users, even those unknowledgeable

in computer science. And finally, the proposed scheme must take into

account the heterogeneity of equipment (wireless and wired) to preserve

interoperability.

SECURED.- SECURity at the network Edge

The SECURED project proposes an innovative architecture to achieve

protection from Internet threats by offloading execution of security

applications into a programmable device at the edge of the network such as

a home gateway or an enterprise router.

The project targets citizens, network providers, and companies. The latter

will be able to enforce a company-wide security policy not only when the

employee is connected to the corporate network but also when she is on the

move (e.g. home network, 3G connection, airport WiFi).

SECURED will produce concrete results in the form of open specifications and

sample open-source implementations for (A) creation of trusted network

security applications, (B) policy-based security configuration, with support

for hierarchical and multi-source policies, and (C) security marketplace to

trade applications and exchange best-practice policies (useful to encourage

adoption by non-skilled individuals or companies)

In summary, the project will empower mobile users with better Internet

security and enable different business models for network service providers

and security application developers.

SEPIA.- Secure, Embedded Platform with advanced Process Isolation and

Anonymity Capabilities


Page 97 / 99

Mobile and embedded devices are rapidly evolving into powerful, ubiquitous

personal assistants. As such, they will be involved in security-critical

operations like authentication, payment, e-Banking and e-Government

applications. Nevertheless, they have to be open platforms on which

entertainment applications need to find their place. Being part of the

Internet of Things, these platforms become an interesting target to attack

and efficient security mechanisms are required to increase people’s and

companies trust in them. The SEPIA project addresses and considers

trustworthiness, security and protection capabilities of such devices as key

enablers for new businesses and the integration of mobile platforms in the

eEurope initiative.

Establishing trust requires assessments from independent organisations.

However, existing evaluation methodologies do not keep pace with the

rapidly evolving mobile and embedded market.

SEPIA will focus on three topics: Security enhancements of mobile platforms,

cryptography and privacy protecting technologies, delta-evaluation and

certification methodologies. A major objective of SEPIA is to define a next-

generation security-architecture for mobile and embedded systems,

addressing topics such as isolated execution space, virtualization as well as

secure protection of confidential data. Moreover, privacy protecting

mechanisms based on strong cryptography and time- and cost efficient

certification processes reducing the time from design to market will be

researched in the project. In SEPIA, establishing trustworthiness is seen as an

asset that is considered right from the design phase rather than being

addressed as add-on feature. SEPIA will include theoretical and practical

research as well as the development of proof-of-concept prototypes. All

these efforts will result in the SEPIA reference platform which will be

disseminated via demonstrators and as an open platform for further

research and product development.

SPECS.- Secure Provisioning of Cloud Services based on SLA management

SPECS offering:

- Mechanisms to specify Cloud security requirements and assess the

standalone and comparative security features offered by CSPs.

- Ability to integrate desired corporate security services (eg. credential

and access management) into Cloud services.

- Systematic approaches to negotiate, monitor and enforce the

security parameters specified in Service Level Agreements (SLA).

- Approaches to develop and deploy security services that are "Cloud

SLA-aware", implemented as an open-source Platform-as-a-Service

(PaaS).

Providing such comprehensible and enforceable security assurance by CSP's

is a critical factor to deploy trustworthy Cloud ecosystems. Targeting ICT-

2013.1.5 "Trustworthy ICT", SPECS will develop and implement an open


Page 98 / 99

source framework to offer Security-as-a-Service, by relying on the notion of

security parameters specified in Service Level Agreements (SLA) and

providing the techniques to systematically manage their life-cycle.

The SPECS framework addresses both CSP's and users to provide techniques

and tools for:

a) Enabling user-centric negotiation of security parameters in Cloud SLA,

along with a trade-off evaluation process among users and CSPs, in order to

compose Cloud services fulfilling a minimum required security level.

b) Monitoring in real-time the fulfillment of SLAs agreed with CSPs, notifying

both users and CSPs, when a SLAs not being fulfilled.

c) Enforcing agreed SLA in order to keep a sustained Quality of Security

(QoSec) that fulfills the specified security parameters. SPECS' enforcement

framework will also "react and adapt" in real-time to fluctuations in the

QoSec by advising/applying the requisite countermeasures.

Using real case studies SPECS will demonstrate that the contributed

framework and architecture can be integrated "as-a-Service" into real life

Cloud environments, with a particular emphasis on small/medium/federated

CSP and end users.

10. Annex II mapping of European projects to cyber Security topics

Annex II maps European research projects to the cyber security subjects they look to address


Page 99 / 99

-END-

Date post:	25-Mar-2018
Category:	Documents
Upload:	lamtruc
View:	239 times
Download:	19 times