Design and develop a functional platform for cyber resilience provisioning for supply chains of complex ICT systems, leveraging trust and security management.
The main target of this objective is to design and develop a solution for cyber resiliency provisioning supported by four main pillars, security assurance and certification management, trust management, data and privacy management and the proper orchestration of their related functional components.
The components in FISHY platform are to be designed to facilitate trust guarantees and security assurance through vulnerabilities and risks management, security, privacy and accountability measurement, mitigation strategies, data sharing and the correct orchestration of different functional components building the platform.
The platform is to be built in consideration of the supply chains of heterogeneous and complex ICT systems ranging from the IoT devices, the networks connecting them over to edge and cloud systems responsible for smart decision-making processes, and the infrastructure required to suitably manage the different services to be deployed.
FISHY platform considers the fact that any ICT infrastructure can be inherently insecure and unreliable, yet when embedded into a supply chain is to be managed to provide a benchmarked level of cyber resilience. The strategy towards this end will be based on a mixture of traditional IoT security controls (with the corresponding measurement of trust), gateways (to monitor and reliably report the state of the IoT ecosystem), and virtualized network security functions to provide security-on-demand as need-based
Develop an evidence-based security assurance and certification methodology identifying security claims and metrics.
This objective defines the set of claims to manage security assurance not based on trust but on evidences, and competitively, as it defines the set of metrics to be used to measure the security and the design of the methodology to be followed to manage security certification metrics. Moreover, this objective also targets the design of audit (as much as possible automatic) procedures in ICT systems, by considering all ICT components within the supply chain. This objective must consider the envisioned scenario putting together human actions, diversity of development contexts, multi-vendor security appliances and technology maturity levels, as well as the inherent characteristics of IoT ecosystems, mainly referring to Machine-to-Machine (M2M).
Develop a metrology model and system for ICT supply chains leveraging trust among parties relying on distributed interledger technologies as well as forecasting and estimation concepts based on artificial intelligence methods.
A key component to system resilience is its traceability and metrology in terms of cyber resilience. To this end, FISHY addresses the need for accurately analysing composed ICT systems performance and trust in terms of cyber resilience and privacy effects. This is critical to mitigating the expected negative effects of cyber-attacks. The proposed strategies will leverage concepts from artificial intelligence (AI) and machine learning (ML), particularly applied to vulnerability propagation forecast and risks estimation, to ease proactive actions, as well as the adoption of the proper strategies and solutions to mitigate and thus minimize the effects of any cyber breach on systems performance. At the same time, the system will be designed with user (human) friendly interfaces for configuration of the features monitored, based on intent-based interfaces. Moreover, the implementation of interledger technologies will allow for the seamless connection and data interoperability among the different stakeholders comprising a supply chain, providing indisputable evidence and accountability guarantees
Deploy, validate and demonstrate the FISHY platform in heterogeneous, real-world pilots.
Heterogeneous and complementary pan-European ICT supply chain pilots are critical to proving FISHY platform useful. The pilots will primarily focus on complex ICT systems while integrating various stakeholders. The validation and benchmarking results will be primarily utilized by the European industry and will demonstrate the benefits brought by our platform solution FISHY. The pilots will be provided by the industrial partners within the consortium representing real-world scenarios with real-world problems and will also emphasise the need for coordinated cyber resilience platform solutions.
Accelerate the adoption and maximize the impact of the project.
The project consortium is committed to actively disseminating its vision, innovation and results, promoting its novelty and exploiting its technological advantages and business opportunities. Active and engaging dissemination, communications, technology transfer, standardization activities and outreach to open communities and technical/business liaison activities will be undertaken from the very beginning of the project. Moreover, the real-world pilots led by FISHY industrial partners are the key to proving the wider adoption of FISHY.