Image

FISHY Blog Post - Exploitation

The pertinence of runtime security is rapidly engaging companies and institutions worldwide, that are becoming more aware of their vulnerabilities and consequences of attacks, in the age of digital transformation affecting workflows across industries. With the different skillsets and expertise of the FISHY Consortium partners, the impact of the novelty developed in this project is already affecting highly relevant domains in the context of supply-chain cybersecurity and resilience, such as vulnerability management and risk/integrity assessment; security assurance & certification management; intrusion and detection or cloud-native networking.

The FISHY framework considers all the supply chain components, from the IoT ecosystem to the infrastructure connecting them, addressing security and privacy functionalities related to risks and vulnerabilities management, accountability, and mitigation strategies as well as security metrics and evidence-based security assurance. FISHY is helping industries in cyber resilience provisioning for supply chains of complex ICT systems, by designing and developping a functional platform addressing trust and security management. FISHY also established an evidence-based security assurance and certification methodology identifying security claims and metrics. Moreover, it has developed a metrology model and system for ICT supply chains leveraging trust among parties relying on distributed interledger technologies as well as forecasting and estimation concepts based on artificial intelligence methods.

FISHY is a platform that is not vendor-specific, with a modular approach to ensuring cybersecurity that offers monitoring, and security and resilience enforcement all-in-one tool (these functionalities are typically separate and vendor-specific). FISHY’s vulnerability forecast and risk estimation toolkit enables users to set up custom scans based on any user-provided script or by using the integrated vulnerability scanners to run the scanning tasks on-demand immediately or set up automatic repeated schedules, being alerted to new vulnerabilities discovered.

The novel Intent-based Resilience Orchestration technology is translating high level intents into configured policies, and interacts with the system response using AI techniques. It is mostly open source, offering AI/ML-based intent-based resilience orchestration responsible for mapping high-level intents given by a user into configured policies that can run by a lower-level system controller. With its Enforcement & Dynamic Configuration engine FISHY, it can focus especially on regulatory obligations and automated configuration of security controls, avoiding configuration errors in modern SDN-based infrastructures, and ensuring the fast implementation of sophisticated remediations to cybersecurity attacks.

To enhance security in supply chains, FISHY includes also (i) a Security Assurance and Certification Manager, focussing especially to regulatory obligations (e.g., GDPR) and violations/compliance of service level agreements, tailored to supply chain needs; and (ii) a Security & Privacy Dataspace Infrastructure able to help helps supply chain managers to analyse security metrics and translate high-level intents into configured policies related to Access Control, providing a common event format to facilitate security event analysis. Moreover, FISHY’s Secure Infrastructure Abstraction is fully open source and its functionality includes standardised API for network infrastructure abstraction supporting a consistent connectivity framework, based on a virtual distributed switch. Read more about the FISHY Key Exploitable Results at the Horizon Results Platform, or at the Cyberwatching.eu Marketplace.

The importance of Open Source Software and of the Communities associated with it highly contributes to the excellence of European research and development, and for the health and prosperity of the European industrial landscape. In line with the European Commission’s Open Source Software Strategy, FISHY contributes to the innovation and autonomy of Europe’s digital infrastructure, particularly in the security and resilience of supply chains. To guide these contributions, we defined the five pillars of open research - (1) a FISHY public repository, (2) component-specific upstreaming, (3) OSS community engagement, (4) contribution to standards and (5) open research - that promotes the collaboration between researchers, the dissemination and reuse of innovation, and the sustainability of the technology developed in this project. To follow the progress of this community engagement, we use several metrics: GitHub contributors to KERs; social media followers of lead partner; and research papers and conferences exposing the KERs.

The FISHY Platform will be a central element for industry organizations that will be able to analyze and identify early threats, vulnerabilities, and the impact of cascading effects in the whole system. Finally, trust and assurance is a key pillar of the project so organizations using FISHY will be able to provide these aspects to their clients, which are also an important aspect of the project. FISHY's early adopters are present in the food industry, the connected cars sector and in the smart factories domain. The Farm-to-Fork use case of SYNELIXIS obtained the reduction in downtime, given that 62% of supply chain attacks exploit the trust of client to their supplier and that 58% of attacks aim at accessing data. The FISHY technology allowed CAPGEMINI for a significant improvement in safety car because logs and certifications monitoring, with 80% achievement FISHY integration on premises and edge. On the other hand, the automated identification of rogue IoT devices in the smart factories of SONAE help reducing cybersecurity effort by detecting unauthorized and potentially malicious devices within the network.