The SDN-microSENSE project aims to develop and provide an innovative threat detection and response solution for centralised Electrical Power and Energy Systems (EPES), where “privacy-by-design”, prevention and resilience to cyber borne attacks are core tenets for protecting the integrity and safety of these industrial ecosystems.
As an SME research and development partner pioneering in threat detection for cyber-physical systems, CyberLens (CLS) are charged with delivering advanced AI-enabled detection and response capabilities within the SDN-microSENSE platform. Specifically, CLS’s role includes the following contributions:
- Assisting in the development of a three-layer security architecture by deploying and implementing risk assessment processes, self-healing system capabilities, large-scale distributed detection, and prevention mechanisms, as well as an overlay privacy protection framework.
- Design of SDN-microSENSE’s collaborative risk assessment methodology for the energy value chain.
- The development of EPES honeypots for the detection of Advanced Persistent Threats (APTs).
- The development and configuration of the SDN-microSENSE SIEM (Security Information and Event Management)
- The implementation of the project’s SS-IDPS (SDN-enabled Specification-based Intrusion Detection and Prevention System) via the extensions of CLS’s existing NIGHTWACTH & DISCØVERY cybersecurity tools.
NIGHTWATCH is a prototype cyber-physical intrusion detection tool for advanced and novel threats to autonomous systems, leveraging CLS’s proprietary artificial intelligence technologies for accurately and rapidly determining the likelihood that such a system has been compromised.
DISCØVERY [1] is a graphical security analysis tool for complex networking environments. By supporting domain-specific ontologies, it can be applied in highly complex and heterogeneous environments such as, industrial control networks, 5G systems and distributed Internet of Things platforms.
It leverages powerful state-of-the-art graph-based algorithms that support:
- Detecting network and system threats in complex distributed environments.
- Remotely and automatically identifying hardware, software, and even policy-related vulnerabilities.
- Provision of tailored reports (DISCØVERY’s cyber-insights), which are suggestions based on the unique characteristics of a system.
- Visualising holistically the complete threat landscape, including the people, the systems, the networks, and the associated policies.
SS-IDPS in SDN-microSENSE extends CLS’s NIGHTWATCH capabilities by developing monitoring modules which are trained to detect cybersecurity threats which target the SDN (Software Defined Networking) network, with particular focus on SDN controller’s integrity and availability. In addition, communication interfaces and APIs will be developed to enable collaboration and interoperability between the XL-SIEM and the SS-IDPS. Beyond detecting and preventing cyber threats, SS-IDPS will help provide the SDN-microSENSE XL-SIEM (Cross Layer Security Information and Event Management) platform with greater visibility of the whole energy value chain, which will be monitored in real time, by utilising the flexibility of the SDN infrastructure.
Within the solutions, DISCØVERY will derive key visualisations from big data analytics to support threat discovery and analysis, serving as a human-in-the-loop situational awareness tool where analysts can review suspect connections and communication between systems in the environment. DISCØVERY uses visualisation as a novel tool for security experts to notice abnormal situations in their dashboard.
SDN-microSENSE, is expected to have a significant impact on the security architecture and cyber resilience capabilities for future SDN-enabled cyber-physical systems. For example, Industrial Control Systems in the Energy sector that are undergoing digital transformation and technological modernisation. To this end, its prototype systems, use cases and pilot experiments are designed to produce meaningful real-world results and insights that will enable future exploitation of the technology the project develops and integrates. The project’s solution will introduce multiple new routes to market through end-users in the consortia and indirectly through market analysis and user requirements elicitation that will be conducted within the project, and as a result of pilot experiments.
[1] DiscØvery-CyberLens Software Tool. Available: https://github.com/CyberLens/Discovery Last accessed 2020.