Project duration: 1.09.2020 – 31.08.2022.

BIECO will offer a holistic approach for building and validating several technologies and methodologies that are specifically oriented to foster security and trust within ICT ecosystems. The main outcomes and the building blocks of the project are the following:

1. Vulnerability assessment

This asset will focus on improving the detection of vulnerabilities within ICT components and understanding how a certain vulnerability can propagate across the whole supply chain and impact other systems that are not subject to the same vulnerability. In order to do this, an advanced machine learning-based tool for vulnerability detection will be developed, putting a special focus on improving aspects such as the accuracy or usability of the tool. Regarding the propagation of vulnerabilities, methodologies such as ant colony optimization, and other vulnerability propagation analysis techniques will be explored.

2. Resilience mechanisms

As some vulnerabilities might remain undetected, it is necessary to adopt a preventive approach and assume that a cyberattack will happen, exploiting that vulnerability. In the ICT supply chain this is a serious issue, as it can put at risk not only the vulnerable system but also the complete supply chain. Therefore, BIECO will explore new methods to guarantee the resilience of the systems, ensuring recovery in case an attack occurred. This will be done by performing self-checks on the systems, forecasting the failures of the different components and their impact on the supply chain and offering methods to bring systems into a safe-operation state.

3. Auditing processes

Understanding the security guarantees provided by each of the ICT components, as well as their interactions with other elements of the supply chain, is crucial in order to ensure the integrity of the whole ecosystem. For that purpose, simulation models that represent accurately the behaviour of ICT systems and components within a supply chain will be generated. Unknown interactions between components, the integration of new systems within the supply chain, or changes environmental and operational conditions will also be monitored, and behavioural profiles (MUD) will be generated to monitor suspicious behaviours that could represent a possible attack to the system.

4. Risk analysis

BIECO will provide a tool audit complex algorithms and interconnected ICT systems, including the analysis of the interaction between components when they are exploited. The tool will also offer a visual representation of the possible attack paths, as well as support to safety aspects, analyzing the impact of vulnerabilities in a cyber-physical system that could derive into a physical hazard.