A new EU project to protect ICT systems providing collaborative-first approach and state-of-the-art technology. The IRIS EU project consisted of 19 partners from 12 European countries, and was officially launched with the organisation of the consortium virtual kick-off meeting in September 2021.
Objective
As existing and emerging smart cities continue to expand their IoT and AI-enabled platforms, novel and complex dimensions to the threat intelligence landscape are introduced. These are linked with identifying, responding and sharing data related to attack vectors, based on emerging IoT and AI technologies, whose architecture and behaviour are not currently well understood by security practitioners, such as CERTs and CSIRTs. This lack of experience as well as of tools, for detecting and reporting IoT & AI attack vectors is further aggravated by potentially greater safety risks caused by such attacks.
The H2020 IRIS project aimed to deliver a framework that will support European CERT and CSIRT networks detecting, sharing, responding and recovering from cybersecurity threats and vulnerabilities of IoT and AI-driven ICT systems, in order to minimise the impact of cybersecurity and privacy risks. The IRIS platform was made available, free of charge, to the European CERT and CSIRTs, by the end of the project.
IRIS concept was proposed as a federated threat intelligence architecture that instates three core technological and human-centric components into the threat intelligence ecosystem:
- The Collaborative Threat Intelligence module: forms the nexus of the IRIS framework and core component of the architecture enhancing the capabilities of the existing MeliCERTes platform by introducing Analytics Orchestration, an Open Threat Intelligence interface and an intuitive Threat Intelligence Companion. All these supported by a Data Protection and Accountability module
- The Automated Threat Analytics module: collects and supply key threat and vulnerability assessment telemetry and respond to received intelligence, initiating autonomous response and self-recovery procedures:
- The Cloud-based Virtual Cyber Range: delivers an immersive virtual environment for collaborative CERT/CSIRT training exercises based on real-world environment platforms (and Digital Twin Honeypots), providing representative adversarial IoT & AI threat intelligence scenarios and hands-on training.
The IRIS platform demonstrated and validated in three carefully selected pilots resembling real world environments with the engagement of three smart cities (Helsinki, Tallinn and Barcelona) along with the involvement of national CERTs, CSIRTs and cybersecurity authorities.
“IRIS is uniquely positioned to provide a high impact solution to support the operations of European CERTs and CSIRTs for coordinated response to large-scale cross-border cybersecurity incidents and crises,” mentions Mr Nelson Escravana from INOV, the Project Coordination Team.
The IRIS consortium comprised of public organisations, SMEs with cutting-edge cyber technologies, large industries as service providers as well as research and academic partners with significant achievements to cybersecurity and privacy technologies.
Duration, partners and funding
The project ran from 1st September 2021 until 31st August 2024.
The partners of the project were:
- INOV – Instituto de Engenharia de Sistemas e Computadores, Inovacão, (INOV), Portugal
- European Cyber Security Organisation (ECSO), Belgium
- Centrul National De Raspuns La Incidente De Securitate Cibernetica, (CERT-RO), Romania
- Intrasoft International SA (INTRA), Luxembourg
- Thales Six Gts France SAS (THALES), France
- Atos It Solutions And Services Iberia SL (ATOS), Spain
- Cisco Systems Spain S.L (CISCO SPAIN), Spain
- Exalens (CLS), Netherlands
- Sidroco Holdings Limited (SID), Cyprus
- Cyberethics Lab SRLS (CEL), Italy
- Commissariat A L Energie Atomique Et Aux Energies Alternatives (CEA), France
- Ethniko Kentro Erevnas Kai Technologikis Anaptyxis, (CERTH), Greece
- Institute Of Communication And Computer Systems (ICCS), Greece
- Technische Universiteit Delft (TU Delft), Netherlands
- Tallinna Tehnikaülikool (TalTech), Estonia
- Universitat Politecnica De Catalunya (UPC), Spain
- Kentro Meleton Asfaleias (KEMEA), Greece
- Institut Municipal D’informatica De Barcelona (IMI BCN), Spain
- Forum Virium Helsinki OY (FVH), Finland
IRIS project received funding from from the European Union’s Horizon 2020 research and innovation programme under grant agreement no 101021727. The overall budget was €5,678,075, while European Union contribution is €4,918,790. Forum Virium Helsinki share was €150,000.
The role of Forum Virium
Forum Virium Helsinki was responsible for Task 7.4, Demonstration of PUC3 on cross-border smart grid.
In this task the use case focused on protecting the customer facing components of the smart grid against threats to control functions defined for the demand control. The pilot used two smart grid APIs, the Smart Grid API from Kalasatama, and the smart grid APIs from the city of Tallinn. The pilot stressed test the APIs and the public interface of the smart grid.
The stress testing scenario fed malformed data to the public interfaces and APIs to confuse the operators and the automated systems of the smart grid. IRIS was able to detect the malicious information to mitigate the attack. The attack scenario was deployed as a cross-border crisis management exercise on the Virtual Cyber Range (VCR), with Digital Twins of the target smart grid systems, as well as Digital Twin honeypots.
Benefits for Helsinki
With continued and increasing uptake of IoT and AI-driven ICT systems across the public, and private sector, citizens depend heavily on the building of trust that these systems and the connectivity, interactions and convergence between them, can withstand attacks on their cybersecurity and privacy.
IRIS’s vision was to integrate and demonstrate a single platform addressed to CERTs/CSIRTs (such as national and governmental CSIRT in Finland) for assessing, detecting, responding to and sharing information regarding threats & vulnerabilities of IoT and AI-driven ICT systems. To achieve this, IRIS brought together experts in cybersecurity, IoT, AI explainability, automated threat detection, response, and recovery.
IRIS aimed to help European CERTs/CSIRTs minimise the impact of cybersecurity and privacy risks as well as threats introduced by cyber-physical vulnerabilities in IoT platforms and adversarial attacks on AI-provisions and their learning/decision-making algorithms.
More information: iris-h2020.eu
This project received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no 101021727.
Content reflects only the authors’ view and European Commission is not responsible for any use that may be made of the information it contains.
Article photo: Akitada31, Pixbay