Executive Summary
This report constitutes the deliverable D6.3 Secure and privacy preserving data exchange among operators (v1) of the CyberSEAS Project.
The deliverable D6.3 is focusing on dissemination of Cyber Security Intelligence over the EPES and Energy stakeholders involved in Critical infrastructure operation to increase the awareness to Cyber Security problems focusing specific vulnerabilities and attacks over EPES.
The deliverable is analysing the status of development of Cyber Security intelligence and how this is generated and disseminated over the involved organisations from EU.
To enhance the cybersecurity and resilience of critical infrastructure in EPES and other stakeholders of critical infrastructure, the CyberSEAS project has incorporated Machine Learning techniques. The efficiency of ML algorithms is based depends on the availability of large amounts of significant data to train and validate the ml-based models. It is crucial for all parties to share Cyber Threats Intelligence (CTI) to build better-performing models. The first is the lack of a standardized method to share data among companies, and the second is the need for data anonymization to comply with GDPR and prevent the exposure of sensitive data in the event of a cyber-attack.
The deliverable is also considering the industry standards used in CTI dissemination focusing on STIX and TAXII industry standards.
The deliverable is considering in detail the two industry standards indicated above considering as next step in T6.2 the testing of a local system inside critical infrastructure based on STIX/TAXII for CTI dissemination.
The goal of this task lies into the design and development of an access scheme satisfying the key requirements of data privacy and controlled, authorized access to the EPES CTI data by each stakeholder in a federated topology.
The deliverable is focusing on the CyberSEAS partners as participants to such of dissemination process and also a survey on the tools belonging to CyberSEAS ecosystem and the possible interaction with such a system.
Considering the evolution of the tools development and integration in version 2 of deliverable new chapters were introduced that encapsulates the new advancements. All this are detailed in Chapters 6, 7, and 8, focusing on cybersecurity protocols and federated machine learning (FML) within the context of the CYBERSEAS project.
Chapter 6: MISP Protocol introduces the Malware Information Sharing Platform (MISP), an advanced protocol designed for sharing cybersecurity threat information efficiently. The introduction provides an overview of the MISP’s capabilities, emphasizing its role in enhancing collaborative cybersecurity efforts. Key components such as MISP Taxonomy and MISP Galaxy are introduced, each playing a crucial role in standardizing threat information and enabling synergistic analyses of threat data across different platforms.
Chapter 7: Federated Machine Learning models for Privacy EPES sensitive data : explores the application of Federated Machine Learning (FML) in protecting the sensitive data of Energy Power and Energy Systems (EPES). It lays down the basics of FML architectures, presenting a novel approach for decentralized learning without compromising data privacy. The chapter delves into various data privacy protection mechanisms within FML, including Data Anonymisation, Differential Privacy, Secure Aggregation, and Private Aggregation of Teacher Ensembles (PATE), each ensuring that sensitive information remains confidential while allowing for beneficial data analysis and machine learning outcomes.
Chapter 8: Achievements in CYBERSEAS project in secure and privacy-preserving data exchange among operators : details the achievements of the CYBERSEAS project, emphasizing the secure and privacy-preserving data exchange among operators. It illustrates the deployment of FML algorithms in ALIDA (ENG) and IDS (SYN), highlighting the advancements in proactive notification and workflow optimization in threat detection systems. The chapter also discusses the seamless data interchange through Data Spaces (CINI) and the efficacy of the MISP protocol in the exchange of Cyber Threat Intelligence (CTI) within the CYBERSEAS framework. Further, it describes the integration of the SAPPAN tool with MISP for enhanced threat intelligence and outlines the successful implementation of the CTI data transfer from the CVIAT tool using the STIX format.
In conclusion, these chapters underscore significant developments in cybersecurity practices, particularly the integration of FML for the safeguarding of sensitive data and the implementation of the MISP protocol for comprehensive threat intelligence sharing.
