Please introduce yourself and tell us a little about your background….
Manos has received his B.S. (’05) and M.Sc. (’07) degrees in Computer Science from the University of Crete, Greece. His main research interests are in the areas of systems, network and system security, deception technologies, network monitoring and Cyber Ranges. He is currently a Technical Project Manager for FORTH, handling numerous Cybersecurity H2020 projects like SMESEC, SPIDER, CyberSANE, PUZZLE and ASCAPE. He was the Scientific and technical manager of CIPSEC and participated in numerous FP6,FP7 and H2020 projects since 2005.
1. In a nutshell, what is the CyberSANE project and what are its key objectives?
Funded by the European Commission under the Horizon 2020 research programme, CyberSANE Project aims to develop a novel Incident Handling, Warning and Response System to support European Critical Information Infrastructures against any risk, threat, or attack from cybercriminals that could result in a shortage of service, downtime and even physical injuries.
Critical Infrastructures (CIs) rely on complex and robust ICT systems and infrastructures in order to experience flexibility, scalability and operations’ efficiency in the communication and coordination of advance services. The high use and relevance of those systems are transforming these organisations into Critical Information Infrastructures (CIIs) which currently are becoming more vulnerable to the advanced and sophisticated activities of hackers and other perpetrators of cyber-related crime.
In addition, the availability of malware and other types of techniques and tools on multiple sources such as the Dark and Deep Web poses another important challenge that must be tackled to guarantee the correct operation of organisations and the protection of highly sensitive data such as financial transaction information, user credentials, health records, among many others.
To overcome these challenges, advanced systems providing various tools to handle and report during the whole lifecycle of any incident or cyberattack are needed, but current systems fail to address all of these into only one which also promotes collaboration among CIIs in a way to share knowledge and experience to increase preparedness and mitigation steps.
CyberSANE system propose an innovative architecture for a sole system composed by five main components which address specific needs and techniques through multiple tools as it follows:
o LiveNet (Live Security Monitoring and Analysis) component capable of preventing and detecting threats and, in case of a declared attack, capable of mitigating the effects of an infection/intrusion.
o DarkNet (Deep and Dark Web Mining and Intelligence) allows the exploitation and analysis of security, risks and threats related information embedded in the Dark and Deep Web via the analysis of both the textual and meta-data content.
o HybridNet (Data Fusion, Risk Evaluation and Event Management) provides the intelligence needed to perform effective and efficient analysis of a security event based on information derived by other components; and on information and data produced and extracted from the event itself. It consists of three main elements: Anomaly Detection Engine; Incident Analysis & Respond; and Decision-Making, Warning and Notification.
o ShareNet (Intelligence and Information Sharing and Dissemination) provides necessary threat intelligence and information sharing capabilities within the CIIs and with other involved parties, allowing them to determine the trustworthiness of each information sources, and also identify them, as soon as the data is received.
o PrivacyNet (Privacy & Data Protection Orchestrator) manages and orchestrates the application of innovative privacy mechanisms and maximizes achievable levels of confidentiality and data protection towards compliance with the highly demanding provisions in the GDPR in the context of protecting sensitive incident-related information within and outside CIIs.
The CyberSANE system will be tested and validated through a series of large-scale pilots addressing the needs of CIIs such as Maritime Transport, Healthcare and Energy.
2. What are the biggest challenges related to the protection of European critical infrastructures?
Some of the main challenges are:
– The prevention of, and protection against, attacks targeting ICT infrastructures used at CIIs is a difficult task which requires both technical and cognitive capabilities to effectively identify, prevent and adopt protective measures against the attack.
– The diversity of development contexts and of levels of maturity of heterogeneous hardware and software components involved in the operations of CIIs such as networked interactions and exchange of information and data generates highly dynamic behaviours and vulnerable scenarios which cybercriminals leverage to plan and execute an attack.
– The need for new techniques, guaranteeing privacy and confidentiality, for detection of suspicious activities and traffic patterns as well as classification of encrypted flows over the Internet.
– Development of novel Machine Learning and Analytics useful to prevent cyberattacks
– Lack of proper capabilities to support human operators on the assessment of the propagation of an attack and the proper measures to withstand and recover from it.
3. Where do you think cooperation between public and private operators should be strengthened to tackle these threats and protect CIIs against cybercrime?
We need to enhance the security information sharing, including threat analysis and forensics results, create common prevention and mitigation protocols that take into consideration the cascading effects that can stem from or affect CIIs. Moreover, we need to create commonly shared security toolkits that can be mutually beneficial.
4. From your findings, how is the pandemic reshaping threats towards critical infrastructures?
The pandemic has promoted the extensive use of tele- and remote-working. Critical Infrastructures workforce needs to rely on external teleworking, conferencing and file-sharing tools that broadens the attack surface that attackers can exploit. Moreover, this situation, with its varying levels of security, creates “a rich environment” for an adversary. Finally, healthcare sector is under a lot of pressure in all levels and denial of service attacks or ransomware attacks can be proven catastrophic or even life-threatening.
5. What kind of success stories would like to hear about from other asset owners after implementing the CyberSANE system?
1) Early detection of attack attempts or threats against their assets
2) Prevention of attacks and attack surface reduction
3) Privacy protection enhancement
4) Successful exploitation of CyberSANE’s sharing platform
5) Successful exploitation of the Risk Assessment reducing and eliminating risks against the CIIs assets.
6) Successful integration and day-to-day use of CyberSANE’s features.
Interested in learning more about the CyberSANE Project?
Join us at CS4CA Europe Online Summit on 6th & 7th October to hear from Manos alongside our expert line-up of speakers from across the critical infrastructure community.
The 2020 line-up includes:
- Andy Powell, CISO of Maersk
- Stuart Okin, Head of Security Privacy & Resilience at Ofgem
- Cristian Cucu, CIO of Nuclearelectric
- Claudio Bolla, Group Information Security Director of INEOS
- Cesar Ramos, Head of Cyber Security at Iberdola
- Nicola Caramella, CISO, Ansaldo Energia
View the agenda and use the code “SAVEMYSEAT” for complimentary access to all presentations, for up to 30 days here: europe.cs4ca.com/register/
