In the context of the CyberSEAS project, Synelixis SA has developed CVIAT, CyberSEAS Vulnerability Identification and Assessment Tool, aimed at supporting energy operators to identify and assess their vulnerabilities. CVIAT offers, through a web-based platform, a flexible and easy way to define assets, correlate them with vulnerabilities and assess them using the CVSS v4.0, maintaining also the historical evolution of the assessments.
Having stabilised the core functionalities, we have implemented reporting features, employing an intuitive and interactive dashboard. The scoring methodology determines the severity of a vulnerable asset, considering the number of the asset’s vulnerabilities, their severity (through the CVSS score) and their distribution in severity rating scales. An asset qualitative score (Low, Medium, High or Critical) is calculated capturing the exposure of the asset to vulnerabilities.
In summary, the dashboard provides the following insights:
- Overview of the total number of vulnerable assets and how they are distributed in the four asset severity classes.
- Graphical distribution of the vulnerable assets, per asset category and asset qualitative severity rating. The end-user can dynamically interact with this graph, selecting the asset category of interest, for further drill down.
- Graphical representation of the assets, based on asset category and type, the number of their vulnerabilities (per qualitative severity).
Asset and vulnerability network diagram, which provides a visual representation of the network of available assets, together with the identified vulnerabilities, coloured according to the severity of their CVSS score.