WP6 – Risk Analysis and Mitigation Strategies
This work package researches and develops a methodology for continuous risk assessment process on the ICT supply chain, such that the system is continuously analyzed for potential weaknesses, and corresponding mitigation strategies can be enacted using BIECO solutions.
This WP has the following concrete objectives:
- To identify in an automated fashion main threats, including those that could also derive in a physical hazard in a cyber-physical system.
- To compute the severity of the consequences of threats and hazards.
- To make the link between systems’ internal security causes and their possible safety hazards explicit, e.g. in failure logic models such as Component Fault Trees.
- To define mitigation strategies.
- Out of both design time risk assessment models and mitigation strategies, runtime risk management models shall be synthesized systematically that are suitable to support runtime resilience mechanisms defined in WP4.
- Design and develop security, privacy and accountability measures for all the entities involved in the supply chain.
Envisioned mitigations range from process-based to architecture-based as well as related to the introduction of new patches and error detectors. The WP will ultimately produce a methodology and supporting tools for the systematic and automated i) analysis of risks, and ii) identification of mitigations that shall be equipped in the BIECO framework.
- D6.1 Blockly4SoS model and simulator WP6 (7 – RESILTECH) Report Public M10
- D6.2 Blockly4SoS user guide WP6 (7 – RESILTECH) Report Public M12
- D6.3 Risk Assessment and additional requirements WP6 (10 – 7BULLS) Report Public M24
- D6.4 Mitigations identification and their design WP6 (2 – Fraunhofer) Report Public M16
DRAFT AGENDA: Thursday 28th September 2023 13.00 – 17.00 CET AGENDA Overview 13:00 - 13:10Project Overview13:10 - 13:25BIECO Tools13:25 - 14:35BIECO Use Cases,including Demos14:35:15:05WP3 & WP4 Presentations15:05 - 15:15BREAK15:15 - 16:15WP5 - WP8...
BIECO Integrated Platform will integrate the tools in a loosely coupled way.
Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.
Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.
Vulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.