Periodic Reporting for period 2 - IRIS (artificial Intelligence threat Reporting and Incident response System)
Período documentado: 2023-03-01 hasta 2024-08-31
Uptake of IoT and AI driven ICT systems in Europe is crucial for our common future, but it is dependent on our strategic ability to protect these systems from cyber threats and attacks on their privacy.
IRIS addresses this challenge with a collaborative-first approach centered around CERTs/CSIRTs. From a technological perspective, it deploys:
(i) autonomous detection of IoT and AI threats, enriched with
(ii) privacy-aware intelligence sharing and collaboration, and
(iii) advanced data protection and accountability. Crucially, IRIS introduces (iv) the first dedicated online training and cyber exercises to prepare CERTs/CSIRTs to collaboratively protect critical infrastructures and systems against cross-border AI and IoT threats.
Regarding societal importance, IRIS contributes towards a European strategic autonomy in IoT and AI cybersecurity.
It considers the complete range of cybersecurity and privacy risks associated with IoT and AI-enabled ICT systems and their associated technical and human factors threat intelligence challenges. IRIS addresses the confidentiality, integrity and availability of the data collected, analysed, shared and generated during IoT and AI operations in an ICT system.
It also assesses the reputability of the data collection process and the data processed in relation to its impact on an ICT system’s performance and behaviour to achieve and maintain cyber resilience.
In addition, it equips CERTs/CSIRTs with a state-of-the-art incident response toolkit to mitigate large-scale cybersecurity incidents.
The overall objectives of IRIS are:
1) To identify the user, technical and business requirements and design the architecture of an AI threat reporting and incident response system to support the operations of CERTs/CSIRTs towards minimizing the impact caused by cybersecurity and privacy risks in IoT platforms and AI-provisions.
2) To analyse the relevant ethics principles and legal framework on privacy concerns, as well as to understand relevant stakeholders’ behaviour to identify the main legal, ethics and social enablers for the IRIS solution.
3) To design and implement an automated threat analytics framework capable of detecting and responding to cyber threats targeting IoT and AI-driven ICT systems, while exhibiting advanced recovery capabilities.
4) To develop a collaborative threat intelligence and information sharing toolkit that allows ICT stakeholders and European CERTs/CSIRTs to create and seamlessly share context-rich information about cyber threats targeting IoT and AI-driven ICT systems.
5) To design and implement a data protection and accountability module to establish trust and enable the protection of data necessary for the successful operation of IoT and AI-enabled ICT systems
6) To design and implement a virtual cyber range platform for training cybersecurity professionals to fight against adversarial AI and machine learning attack
7) To demonstrate and validate the integrated IRIS platform across three realistic pilot demonstrators in three smart cities
8) To ensure wide communication and scientific dissemination of the IRIS results to the research, academic, and CERT/CSIRT community, efficient exploitation and business planning of the IRIS concepts and solutions to the market, and contribution of specific project results to relevant standardisation bodies
IRIS addresses this challenge with a collaborative-first approach centered around CERTs/CSIRTs. From a technological perspective, it deploys:
(i) autonomous detection of IoT and AI threats, enriched with
(ii) privacy-aware intelligence sharing and collaboration, and
(iii) advanced data protection and accountability. Crucially, IRIS introduces (iv) the first dedicated online training and cyber exercises to prepare CERTs/CSIRTs to collaboratively protect critical infrastructures and systems against cross-border AI and IoT threats.
Regarding societal importance, IRIS contributes towards a European strategic autonomy in IoT and AI cybersecurity.
It considers the complete range of cybersecurity and privacy risks associated with IoT and AI-enabled ICT systems and their associated technical and human factors threat intelligence challenges. IRIS addresses the confidentiality, integrity and availability of the data collected, analysed, shared and generated during IoT and AI operations in an ICT system.
It also assesses the reputability of the data collection process and the data processed in relation to its impact on an ICT system’s performance and behaviour to achieve and maintain cyber resilience.
In addition, it equips CERTs/CSIRTs with a state-of-the-art incident response toolkit to mitigate large-scale cybersecurity incidents.
The overall objectives of IRIS are:
1) To identify the user, technical and business requirements and design the architecture of an AI threat reporting and incident response system to support the operations of CERTs/CSIRTs towards minimizing the impact caused by cybersecurity and privacy risks in IoT platforms and AI-provisions.
2) To analyse the relevant ethics principles and legal framework on privacy concerns, as well as to understand relevant stakeholders’ behaviour to identify the main legal, ethics and social enablers for the IRIS solution.
3) To design and implement an automated threat analytics framework capable of detecting and responding to cyber threats targeting IoT and AI-driven ICT systems, while exhibiting advanced recovery capabilities.
4) To develop a collaborative threat intelligence and information sharing toolkit that allows ICT stakeholders and European CERTs/CSIRTs to create and seamlessly share context-rich information about cyber threats targeting IoT and AI-driven ICT systems.
5) To design and implement a data protection and accountability module to establish trust and enable the protection of data necessary for the successful operation of IoT and AI-enabled ICT systems
6) To design and implement a virtual cyber range platform for training cybersecurity professionals to fight against adversarial AI and machine learning attack
7) To demonstrate and validate the integrated IRIS platform across three realistic pilot demonstrators in three smart cities
8) To ensure wide communication and scientific dissemination of the IRIS results to the research, academic, and CERT/CSIRT community, efficient exploitation and business planning of the IRIS concepts and solutions to the market, and contribution of specific project results to relevant standardisation bodies
The IRIS Project achieved all of its objectives and milestones. Overall, project activities were executed as planned and all project deliverables were submitted.
Three IRIS pilots were conducted to demonstrate and evaluate the efficacy of IRIS tools and methodologies, consisting of three realistic use cases featuring 3 smart cities in 3 European countries: Barcelona, Tallinn, and Helsinki.
The IRIS team thus completed the software development, integration, demonstration, and evaluation of all IRIS tools, including:
1) Automated Threat Analytics Module (ATA);
2) Collaborative Threat Intelligence (CTI) Module;
3) Data Protection and Accountability (DPA) Module;
4) Enhanced MeliCERTes Ecosystem (EME) Module;
5) Virtual Cyber Range (VCR) Module.
These tools provide the capability to collect data from IoT sensors, enable threat detection, orchestrate incident response and facilitate information sharing. The innovative end-to-end integration of these capabilities is expected to bring a significant impact to the CERT/CSIRT networks.
Dissemination and communication activities progressed well with most targets met or exceeded, through high impact initiatives:
- The IRIS project built strong synergies with other similar H2020 projects, namely ARCADIAN, SECANT, SENTINEL, IDUNN, ELECTRON, TRUST aWARE, SPATIAL, and ERATOSTHENES.
- Also, IRIS has been a member of the European Cluster of Securing Critical Infrastructure (ECSCI) and participated in two workshops organized by the cluster.
- Through the IRIS partner ECSO, a Community of Chief Information Security Officers (CISOs) was leveraged for dissemination and communication purposes. The CISO Community served as a cornerstone for the IRIS project, fulfilling two major functions. It acted as a catalyst for leveraging project outcomes and provided critical validation for IRIS Solutions. This collaborative engagement ensured that the IRIS solutions remained grounded in real-world cybersecurity needs. The CISO Community has grown into a formidable network, now comprising 500 CISOs (or equivalent positions) from 29 European countries. This makes it one of the largest cross-sector and cross-border community of cybersecurity executives in Europe.
- The consortium organized three Stakeholders & Industrial Workshops, as well as a Final Exploitation Workshop, to set the conditions for stakeholder engagement during the project and for future exploitation of the project outcomes.
Three IRIS pilots were conducted to demonstrate and evaluate the efficacy of IRIS tools and methodologies, consisting of three realistic use cases featuring 3 smart cities in 3 European countries: Barcelona, Tallinn, and Helsinki.
The IRIS team thus completed the software development, integration, demonstration, and evaluation of all IRIS tools, including:
1) Automated Threat Analytics Module (ATA);
2) Collaborative Threat Intelligence (CTI) Module;
3) Data Protection and Accountability (DPA) Module;
4) Enhanced MeliCERTes Ecosystem (EME) Module;
5) Virtual Cyber Range (VCR) Module.
These tools provide the capability to collect data from IoT sensors, enable threat detection, orchestrate incident response and facilitate information sharing. The innovative end-to-end integration of these capabilities is expected to bring a significant impact to the CERT/CSIRT networks.
Dissemination and communication activities progressed well with most targets met or exceeded, through high impact initiatives:
- The IRIS project built strong synergies with other similar H2020 projects, namely ARCADIAN, SECANT, SENTINEL, IDUNN, ELECTRON, TRUST aWARE, SPATIAL, and ERATOSTHENES.
- Also, IRIS has been a member of the European Cluster of Securing Critical Infrastructure (ECSCI) and participated in two workshops organized by the cluster.
- Through the IRIS partner ECSO, a Community of Chief Information Security Officers (CISOs) was leveraged for dissemination and communication purposes. The CISO Community served as a cornerstone for the IRIS project, fulfilling two major functions. It acted as a catalyst for leveraging project outcomes and provided critical validation for IRIS Solutions. This collaborative engagement ensured that the IRIS solutions remained grounded in real-world cybersecurity needs. The CISO Community has grown into a formidable network, now comprising 500 CISOs (or equivalent positions) from 29 European countries. This makes it one of the largest cross-sector and cross-border community of cybersecurity executives in Europe.
- The consortium organized three Stakeholders & Industrial Workshops, as well as a Final Exploitation Workshop, to set the conditions for stakeholder engagement during the project and for future exploitation of the project outcomes.
The IRIS project has developed an innovative cybersecurity platform aimed at enhancing the capabilities of CERTs (Computer Emergency Response Teams) and CSIRTs (Computer Security Incident Response Teams), as well as their seamless and timely collaboration among themselves and with Critical Infrastructure Operators towards addressing cyber-threats and attacks to smart city infrastructures and their IoT and AI-driven components across Europe.
To this end, the IRIS project delivered the following key exploitable results (KER):
KER #1: Social acceptance framework
KER #2: Risk and vulnerability assessment module
KER #3: AI threat analytics and detection engine
KER #4: Risk-based response and self-recovery
KER #5: Digital twin honeypot detection models
KER #6: IRIS-enhanced MeliCERTes platform
KER #7: APIs for advanced threat intelligence orchestrator
KER #8: Collaborative threat intelligence sharing and storage
KER #9: DLT-based control services for accountability, traceability, and auditing
KER #10: IRIS secure crypto functions for data management
KER #11: IRIS cybersecurity exercises and training scenarios
KER #12: IRIS lab pods
KER #13: IRIS cyber range environment platform
KER #14: IRIS smart city IoT and control system pilot
KER #15: IRIS smart city autonomous transport system pilot
KER #16: IRIS cross-border smart grid pilot
KER #17: Integrated IRIS Platform
KER #18: Autonomous Threat Analytics (ATA) Service Bundle
KER #19: Enhanced MeliCERTes Ecosystem (EME) Service Bundle
KER #20: Virtual Cyber Range training (VCR) Service Bundle
KER #21: Add-ons Services Service Bundle
To this end, the IRIS project delivered the following key exploitable results (KER):
KER #1: Social acceptance framework
KER #2: Risk and vulnerability assessment module
KER #3: AI threat analytics and detection engine
KER #4: Risk-based response and self-recovery
KER #5: Digital twin honeypot detection models
KER #6: IRIS-enhanced MeliCERTes platform
KER #7: APIs for advanced threat intelligence orchestrator
KER #8: Collaborative threat intelligence sharing and storage
KER #9: DLT-based control services for accountability, traceability, and auditing
KER #10: IRIS secure crypto functions for data management
KER #11: IRIS cybersecurity exercises and training scenarios
KER #12: IRIS lab pods
KER #13: IRIS cyber range environment platform
KER #14: IRIS smart city IoT and control system pilot
KER #15: IRIS smart city autonomous transport system pilot
KER #16: IRIS cross-border smart grid pilot
KER #17: Integrated IRIS Platform
KER #18: Autonomous Threat Analytics (ATA) Service Bundle
KER #19: Enhanced MeliCERTes Ecosystem (EME) Service Bundle
KER #20: Virtual Cyber Range training (VCR) Service Bundle
KER #21: Add-ons Services Service Bundle