Raising the roof on cybersecurity for emerging cyber threats in smart cities
Critical Infrastructures (CI) and essential services (ES) such as smart buildings, energy and transport are increasingly interconnected and dependent on advanced computing to deliver results. However, digital services and infrastructures are vulnerable to cyber threats and attacks. Stakeholders including critical infrastructure operators, operators of essential services (OESs), governments, computer security incident response teams (CSIRTs) and computer emergency response teams (CERTs) must timely and effectively collaborate among themselves to protect critical infrastructures and essential services. The result is to effectively respond to emerging threats and attacks, especially from AI and IoT-enabled digital services in smart cities. The EU-funded IRIS project released an extensive set of advanced cybersecurity tools to monitor and detect vulnerabilities and cyberattacks, and a distributed ecosystem to enable information sharing, early awareness and timely collaboration among all involved stakeholders to effectively respond to such attacks. IRIS further adopted an iterative approach to test its advanced cybersecurity tools and distributed ecosystem in three European smart cities.
Collaboration between CERTs and end users
Alongside researchers and academic partners, the IRIS consortium also includes public organisations, SMEs specialising in cyber technology and large industries acting as service providers. An additional five CERTs acted as associate partners. According to project coordinator Nelson Escravana, “the project engaged with several national CERTs on their cybersecurity concerns and was able to demonstrate 22 key exploitable results in realistic operational environments,” he explains. The tools developed by IRIS helped to release an AI threat reporting and incident response system. Deliverables included an automated threat analytics framework, a collaborative threat intelligence and information sharing ecosystem and a virtual cyber range platform for training cybersecurity professionals. IRIS capitalised on, integrated and extended existing widely used cybersecurity tools to deliver results. It’s all-in-one integrated and distributed cybersecurity ecosystem includes automated threat detection, timely information sharing, semi-automated attack response and enhanced online collaboration. As project partner, Sofia Tsekeridou from Netcompany-Intrasoft highlights: “A significant achievement of the project was the release of its distributed cybersecurity ecosystem, the Enhanced-MeliCERTes-Ecosystem, a key exploitable result of IRIS, targeted to both OESs and CERTs/CSIRTs and easily accessible to stakeholders.”
Targeting transport and energy critical infrastructures
The pilot studies addressed possible threats to energy and transport infrastructures in Helsinki, Tallinn and Barcelona. Conducting two rounds of each pilot over a 6-month period was a significant challenge, but the iterative approach was crucial to incorporating feedback from end users. The Barcelona pilot focused on securing the IoT and control system infrastructure in a tramway station. In this environment, trams, bicycles and pedestrians must coexist safely. The pilot aimed to reduce accidents and mitigate risks associated with cyberattacks, by exploiting the detection, response and collaboration offered capabilities among infrastructure operators and cybersecurity authorities. The Tallinn pilot focused on protecting the AI infrastructure of automated transport systems, prioritising the protection of an autonomous vehicle shuttle and remote operation centre. The study addressed threat identification, self-recovery from attack, and timely sharing information about the incident with cybersecurity authorities and infrastructure operators for optimal incident management and response. The third pilot, which engaged participants from Tallinn and Helsinki, focused on safeguarding smart grids from cross-border cyberattacks. The goal was to protect energy infrastructures and inform decision-making for response activities by energy infrastructure operators and cybersecurity authorities.
A collaborative approach
IRIS brought together a diverse team of professionals to tackle this multifaceted problem. The project’s collaborative approach was intentional. As Escravana says: “Incident management and threat intelligence activities are essentially collaborative endeavours. CERTs/CSIRTs and CI operators need to work collaboratively to protect critical infrastructures and systems against AI and IoT threats, building capability, capacity, and trust over time. To this end, a collaborative-first approach should address all the stakeholders of the collaborative processes.”
Keywords
IRIS, cybersecurity, IoT, AI, transport, energy, enhanced MeliCERTes ecosystem, smart city
