CyberSEAS project identified a rich set of more than 250 cyber, physical and human / organizational vulnerabilities, considering standards (NESCOR, NIST CVE and ISO/IEC 27005:2018), pilots’ experience and the results of actual penetration tests.
The energy sector pilots in Croatia, Estonia, Finland, Italy, Romania and Slovenia have dynamically participated in vulnerability assessment using the CVSS (Common Vulnerability Scoring System) scoring mechanism.
The responsiveness of the pilots and the usefulness of the results have inspired the evolution of the spreadsheet-based CVIAT prototype into a fully-fledged, trustworthy, web-based platform by Synelixis SA (https://synelixis.com/). It offers a personalized, role-based environment per customer. The solution exploits a RESTful API, while the UI is designed to support the full chain: selection of assets, association and scoring of vulnerabilities.
In parallel, the intelligence, based on the scored vulnerabilities, has already paved the way for the inception and design of a proactive security monitoring mechanism. It employs advanced machine learning techniques, which identify aspects related to the vulnerabilities in data-streams coming from the deepnet and / or the darkweb. It also associates deepnet ‘trend’ areas with vulnerabilities of interest and keywords related to the pilot entities and their activities to proactively identify security concerns.