WP6 – Risk Analysis and Mitigation Strategies

Objective

This work package researches and develops a methodology for continuous risk assessment process on the ICT supply chain, such that the system is continuously analyzed for potential weaknesses, and corresponding mitigation strategies can be enacted using BIECO solutions.

This WP has the following concrete objectives:

1. To identify in an automated fashion main threats, including those that could also derive in a physical hazard in a cyber-physical system.
2. To compute the severity of the consequences of threats and hazards.
3. To make the link between systems’ internal security causes and their possible safety hazards explicit, e.g. in failure logic models such as Component Fault Trees.
4. To define mitigation strategies.
5. Out of both design time risk assessment models and mitigation strategies, runtime risk management models shall be synthesized systematically that are suitable to support runtime resilience mechanisms defined in WP4.
6. Design and develop security, privacy and accountability measures for all the entities involved in the supply chain.

Envisioned mitigations range from process-based to architecture-based as well as related to the introduction of new patches and error detectors. The WP will ultimately produce a methodology and supporting tools for the systematic and automated i) analysis of risks, and ii) identification of mitigations that shall be equipped in the BIECO framework.

Deliverables

• D6.1 Blockly4SoS model and simulator WP6 (7 – RESILTECH) Report Public M10
• D6.2 Blockly4SoS user guide WP6 (7 – RESILTECH) Report Public M12
• D6.3 Risk Assessment and additional requirements WP6 (10 – 7BULLS) Report Public M24
• D6.4 Mitigations identification and their design WP6 (2 – Fraunhofer) Report Public M16