Attacks against critical infrastructures can have significant impact and cause material and financial losses. An attack against an electricity network, made in December 2016 in Ukraine, caused a major blackout, a type of event with an estimated average cost of 20 million euros per hour. The Innovation Activity of EIT Digital is developing a cloud-based Security Operations Center for detecting and responding to attacks made against critical infrastructures.
The EIT Digital "Security Operations Center for Critical Infrastructures" Innovation Activity focuses on protecting critical infrastructures against so called advanced persistent threats. These threats are executed over a long period of time by skilled attackers with significant resources at their disposal.
Dr. György Dán, associate professor at the Swedish KTH Royal Institute of Technology and the leader of this EIT Digital Innovation Activity said:
"Our mission is to provide improved resilience for critical infrastructures and for society in general against cyber-attacks. This can be achieved through developing a cloud-based security operations center - SOC - as a service and a corresponding business model for selling it. The SOC’s customers are operators of various critical infrastructures, such as, communications, energy, heat, water and gas. The service will be integrated in the existing operations and offerings of the EIT Digital partners participating in this innovation activity."
Typically, the attackers try to execute their attacks in a way that the true cause of the infrastructure malfunction cannot be detected. The Security Operations Center helps to reveal an attack before it reaches its goal, and will inform the client within 30 minutes after detecting the attack.
Dr. Dán continued:
"The SOC will improve the detection capability by collecting in real-time log data from legacy devices, analysing streaming data and making security sensors more resilient against attacks. The response capability is further improved as the Security Operations Center personnel is able to collect log data on demand for the root cause analysis and forensics after the attack is detected."
Provided as a service, the infrastructure operator gets access to the state-of-the-art threat intelligence, latest computing technologies and the expertise of a team of cyber security experts for continuous threat protection.
The Security Operations Center for Critical Infrastructures Innovation Activity is one of the 13 Innovation Activities of the Digital Infrastructure action line of EIT Digital for 2017. The Digital Infrastructure action line focuses on enabling digital transformation by providing secure, robust, responsive, and intelligent communications and computation facilities for the markets.
Swedish KTH Royal Institute of Technology acts as the lead partner in the Security Operations Center for Critical Infrastructures Innovation Activity and focuses on machine learning in its work. From the other partners, Finnish F-Secure contributes via its cloud based security monitoring architecture and acts as a business champion. Italian Engineering Ingeneria Informatica focuses on streaming operators’ processing activities and the Hungarian Budapest University of Technology and Economics on log collection together with fellow-Hungarian EvoPro.