Project Details

Description

In the digital era, Critical Infrastructures (CIs) are operating undHacker stealing data from computerer the premise of robust and reliable ICT components, complex ICT infrastructures and emerging technologies and are transforming into Critical Information Infrastructures (CIIs) that can offer a high degree of flexibility, scalability, and efficiency in the communication and coordination of advanced services and processes.

The increased usage of information technology in modern CIIs means that they are becoming more vulnerable to the activities of hackers and other perpetrators of cyber-related crime (cyber criminals). Several recent studies have shown that the landscape of cyber threats is changing continuously and the nature of attacks of this sort are evolving, involving a great degree of persistence and (technical) sophistication.

In addition toA close-up of a lock key on a keyboard this, barriers to entry for would-be cyber criminals are falling rapidly, and nowadays, the attackers have a range of (technical) capabilities and substantial resources at their disposal, since malware and malware-as-a service become more easily and cheaply available through various means and sources (such as Dark Web, Deep Web).

Thus, a variety of advanced techniques and tools (e.g. social engineering techniques and zero-day exploits programs) are available and can be used by the cyber criminals to initiate advanced targeted attacks. These threats employ multiple technologies and malware, deployed in multiple stages, to bypass traditional secuInternet Security Systemrity mechanisms in order to penetrate an organization’s defenses. The attack vectors vary significantly including Application-Layer, Social Engineering Unauthorized Access, Malicious Code, and Reconnaissance and Networking-based service attacks that target applications, host and client operating systems, and even networking equipment. In this vein, the attackers use these techniques to get valuable data assets, such as financial transaction information, user credentials, insider information etc.

Europe’s critical information infrastructure (CII) are those interconnected information and communication infrastructures essential for the maintenance of vital societal functions (health, safety, security, economic or social well-being of people). Any disruption or destruction would have serious consequences. In today’s digital era, the increased usage of information technology in modern CIIs makes them vulnerable to cyber-related crime. The EU-funded CyberSANE project will enhance their security and resilience by providing a dynamic collaborative warning and response system. This will support and guide security officers to recognise, identify, dynamically analyse, forecast, treat and respond to advanced persistent threats and handle their daily cyber incidents utilising and combining both structured data and unstructured data coming from social networks and the dark web.

The University of Brighton contribution is through the Centre for Secure, Intelligent and Usable Systems (CSIUS). The CSIUS team brings to the consortium significant expertise and experience in security and privacy enabling technologies. We will utilise that expertise to lead the development of a novel modelling language and methods for cyber incident handling, which will enable security officers to reason about conflicts and trade-offs between cyber incident handling requirements and security, privacy, and forensic requirements.

The wider partnership includes academic and industry collaborators:
Projecto Desenvolvimento Manutenção Formação e Consultadoria (PDM), Portugal
Atos, Spain
Consiglio Nazionale delle Ricerche, Italy.
S2 Grupo de Innovación en Procesos Organizativos, S.L.
Institut National de Recherche En informatique Et Automatique (INRIA), France
Maggioli, Italy
UbiTech, Cyprus
Jožef Stefan Institute, Slovenia
Foundation for Research and Technology – Hellas (FORTH), Greece
SPHYNX Technology Solutions AG (STS), Switzerland
SIDROCO Holdings Ltd, Cyprus
University of Brighton, UK
Valenciaport Foundation, Spain
Lightsource Labs Limited, Ireland
Klinikum Nuremberg, Germany

Layman's description

The university’s Centre for Secure, Intelligent and Usable Systems (CSIUS), is one of 16 partners involved in a European Commission-funded effort to improve the detection and analysis of cyber attacks and threats.

The project runs until 2022 and the Centre’s role is to develop a modelling language and methods for cyber incident handling.

The ‘Cyber Security Incident Handling, Warning and Response System for the European Critical Infrastructures (CyberSANE)’ project is funded under the EC’s Horizon 2020 Programme.

CyberSANE aims to improve the detection and analysis of cyber-attacks and threats to Critical Information Infrastructures (CIIs) or data, database, network, communications infrastructures.

It also aims to increase the knowledge on the current cyber threat landscape and it will help operators such as Incident response professionals to dynamically increase preparedness – it will improve cooperation amongst CIIs operators who can adopt appropriate steps to manage security risks, report and handle security incidents.

Professor Haris Mouratidis, Director of CSIUS and the university’s principal investigator on CyberSANE said: “CIIs offer a high degree of flexibility, scalability, and efficiency in the communication and coordination of advanced services and processes.
Professor Haris Mouratidis
Professor Haris Mouratidis
“The increased usage of information technology in modern CIIs means that they are becoming more vulnerable to the activities of hackers and other perpetrators of cyber-related crime.

“CyberSANE brings together a strong team across Europe to deliver a novel platform that addresses both technical and cognitive challenges related to identification, prevention and protection against attacks.

“The CSIUS team brings to the consortium significant expertise and experience in security and privacy enabling technologies. We will utilise that expertise to lead the development of a novel modelling language and methods for cyber incident handling, which will enable security officers to reason about conflicts and trade-offs between cyber incident handling requirements and security, privacy, and forensic requirements.”
AcronymCyberSANE
StatusActive
Effective start/end date1/09/1931/10/22

Funding

  • H2020