Context & Issues

Water, Food, Health, Energy, Transport, Telecommunications, etc. are all essential activities for a well-functioning society and the welfare of the people. The safety of the infrastructures on which they are based is of course a priority for countries.

At the European level, many texts exist – especially the European Program for Critical Infrastructures Protection – and demonstrate the transnational dimension of the issue. The growing interdependence between European Critical Infrastructures – the ones of which the stopping or destruction would have an impact on several States – requires, de facto, a cooperative approach between governments and between Operators of Vital Importance beyond their frontiers.

ECOSSIAN – European Control System Security Incident Analysis Network, a project supported by the European Commission (FP7) fits precisely this perspective. Launched in June 2014, it aimed to develop a collaborative knowledge base and alert system to improve the detection and management of cybersecurity incidents and attacks on critical infrastructure within the EU. After three years of experimentation, the prototype of a pan-European Security Operation Center (SOC), capable of centralizing and processing information from the various centers, was born.

Solution

In ECOSSIAN project, the critical infrastructures (CIs) and the SOCs (private and public ones) are interconnected across UE and converge towards a pan-European SOC. The aim is to enable real-time exchange of information on vulnerabilities, threats and incidents affecting CIs. The reactivity in the implementation of the preventive measures depend on the rapidity of the alerts given to CIs that are of a same sector or interdependent.

The extreme sensitivity of the data thus transmitted calls for maximum security of interconnections between SOCs, which must themselves be protected. To answer this question, Bertin IT (leader in defining the architecture of ECOSSIAN and its security functions) has lend its expertise in isolation of classified information and management of sensitive data exchanges between networks and / or areas of different levels.

The solution developed is based on its secure data gateway, CrossinG®. With bidirectional filtering and separation mechanisms, it succeeded in ensuring not only the safety of exchanges by blocking all malicious files but also their integrity, to avoid, for example, the injection of false information liable to mask an event or create false positives; as well as their confidentiality, by preventing leakage of information and in particular the disclosure of vulnerabilities.

« Through ECOSSIAN, we have been able to test the efficiency of our gateway on complex needs and this, in concrete terms, through the participation of end users such as the Portuguese rail networks or the Italian post office. We were also asked to deal with new aspects such as the anonymization of exchanges and the management of the submission of documents by the administrators, as well as the support of new formats of description of incidents. At the end of this project, we are strengthened by a richer vision of the potential of our product.»

Erwan Le Disez, R&D / Product Manager at Bertin IT

ECOSSIAN mobilized nearly twenty stakeholders, each offering different, but complementary expertise. The consortium was indeed made up of cyber security specialists (Bertin IT, Airbus, Espion, …), Essential Operators (Portuguese railways, Irish water and gas suppliers, …), public authorities (Portuguese criminal investigation department), universities (Leuven, Bologna) and research institutes (Fraunhofer, AIT, …).