CloudCERT

CloudCERT

Financing, work program and call

CloudCERT is co-funded by the European Union (EU) following the specific program named Prevention, Preparedness and Consequence Management of Terrorism and other Security-related risks, located within the "Security and Safeguarding Liberties" program.

This specific program is developed via annual work programmes. Project CloudCERT is the answer to one of the calls for proposal issued by the EU in 2010.

The Spanish National Institute of Cybersecurity (INCIBE), along with other beneficiaries, obtained the acceptance and co-financing from the EU for implementation.

Duration

The Project started off at the beginning of 2012 with an estimated duration of 2 years, and has ended on December 31, 2013.

Motivation and justification

The security and economy of the European Union as well as the well-being of its citizens depends on certain infrastructure and the services they provide. The destruction or disruption of infrastructure providing key services could entail the loss of lives, the loss of property, a collapse of public confidence and moral in the EU.

In order to counteract these potential vulnerabilities the European Council requested in 2004 the development of a European Programme for Critical Infrastructure Protection.

Since then, a comprehensive preparatory work was undertaken, which included the organisation of relevant seminars, the publication of a Green Paper, discussions with both public and private stakeholders and the financing of a pilot project.

With this in mind, on 12 December 2006, the Commission adopted the communication on a European Programme for Critical Infrastructure Protection (EPCIP), which set out an overall horizontal framework for critical infrastructure protection activities at EU level.

As stated in EPCIP, stakeholders must share information on Critical Infrastructure Protection (CIP), particularly on measures concerning the security of critical infrastructure and protected systems, interdependency studies and CIP related vulnerability, threat and risk assessments. At the same time, there must be assurance that shared information of a proprietary, sensitive or personal nature is not publicly disclosed and that any personnel handling classified information will have an appropriate level of security vetting by their Member State.

To solve this real need, CloudCERT project aims at providing this secure information sharing testbed framework in order to exercise unified coordination using same communication protocol standards for improving visibility of common threat awareness, vulnerabilities, advisories and alerts specific to CIP.

In order to achieve this goal, an important work must be carried out based conceptual CSIRT communication modelling and architecture; definition of secure information sharing; information standards and protocol definition; design of the testbed platform and implementation; and finally pilot reality check based on user cases.

Aims

The main objectives are:

  • To supply a testbed framework approach to integrate mechanisms for coordinating partnerships and stakeholder efforts to effectively exchange information related to CIP and their security aspects.
  • To secure EU infrastructure improving understanding of the relationships among its elements and the link between risk management and infrastructure protection.
  • To provide the capability needed to eliminate potential vulnerabilities in the critical infrastructure by sharing vulnerability information.
  • To manage security as a whole using an unified process of information exchange to determine the risk and decide upon and implementing actions to reduce risk to a defined and acceptable level, at an acceptable cost.
  • To obtain value derived from its information exchange by exercise implementation, measured in the effectiveness of preventing, deterring, and responding to cyber attacks on control systems within critical infrastructure.
  • A common reporting and information exchanging on the six phases of the CIP life cycle in order to create a comprehensive solution.

Consortium

The CloudCERT Project has a consortium formed by:

Spanish National Cybersecurity Institute (INCIBE)

(Coordinator)

Spanish National Cybersecurity Institute - INCIBE

It is an organization dependent on the Spanish Ministry of Economy and Business through the Secretary of State for Digital Progress and consolidated as a reference entity for the development of cybersecurity and digital trust for the citizens, academic and research network, professionals, companies and especially for strategic sectors.

With an activity based on research, the provision of services and coordination with the agents with competences in the field, INCIBE contributes to build cybersecurity at a national and international level.

Concerning the CloudCERT project, INCIBE assumes the role of coordinator and works actively on the analysis, design, development, testing and dissemination of the technological solution.

CNPIC

(Beneficiary)

Centro Nacional de Protección de Infraestructuras Críticas

CNPIC is the National Centre for Critical Infrastructure Protection in Spain, being the national coordinating authority and the international Point of Contact in the matter. CNPIC is in charge of assessing the criticality of strategic infrastructures, fostering information exchange among public and private stakeholders and putting forward all the measures needed to ensure confidentiality and to improve critical infrastructure protection.

Concerning the project CloudCERT, EFB assumes the role in dissemination and communication activities.

Europe for business

(Beneficiary)

Europe for business - EFB

EFB is a European consulting company specialised in the identification of relevant EU grant opportunities for public and private organisations. Based in London with a branch office in Brussels we are member of Research Innovation Business Network (RIBN) and European Projects Association (EPA) and work with partners in Europe, Latin America, Western Balkans. Our main activities are Consulting services, Training and coaching activities as well as Communication and dissemination activities.

Concerning the project CloudCERT, EFB assumes the role in dissemination and communication activities.

Fondazione ICSA

(Beneficiary)

Fondazione ICSA, Intelligence Culture and Strategic Analysis

The I.C.S.A Foundation (Intelligence Culture and Strategic Analysis), a non-governmental body, is a centre of analysis and of cultural processing that intends to deal in innovative ways with security, defence and intelligence issues. Its mission is to analyse the main aspects of national and foreign security issues, of the evolution of military defence models with respect to external threats, of the increasing criminal and illegal phenomena in Italy and abroad, including cyber and technological security of the State and its individual citizens, especially in light of the intervening economic, financial and legal globalization.

Concerning the project CloudCERT, I.C.S.A. leads the secure framework definition.

INDRA SIstemas, S.A.

(Beneficiary)

INDRA Systems, Inc.

Indra is a global technology, innovation and talent company. It is on the cutting edge of high value-added solutions and services for the Transport and Traffic, Energy and Industry, Public Administration and Healthcare, Financial Services, Security and Defense and Telecom and Media sectors. The company operates in more than 110 countries and has more than 36,000 employees worldwide, focusing on developing innovative solutions that meet the needs of the most demanding clients. Indra ranks second in Europe by R & D spend, investing close to €500m during the last three years.

Concerning the project CloudCERT, Indra leads and executes the design and development task, as well the testing states of the project’s technological solution.

Zanasi & Partners

(Beneficiario)

Zanasi & Partners

Founded in 2006, limited liability company since 2007. ZANASI Alessandro SrL (aka: "Zanasi & Partners") is a research and advisory company, incorporated in Italy and active internationally. It serves the security research market focusing on technological applications to security/intelligence issues. Main skills: cybersecurity, data/text mining and information retrieval/analysis. Main clients include leading technology companies, national and international public institutions. Its professionals and partners have generally a twofold background: security (and/or intelligence) and advanced technological skills. The company was appointed ESRIF Plenary member in summer 2007 after the appointment of its founder to ESRAB in 2005.

Concerning the project CloudCERT, Zanasi & Partners provides requirements for the system concept, and definition of the security framework.

Benefits

The short term impact has been to provide CIP bodies with a testbed platform designed to support the Member States' CIP information exchange, coordination and supervision.

In the midterm Cloud-CERT will enhance the cooperation through the platform implementation in a real production environment and it will contribute to the minimization of cooperation obstacles for CIP operators and protection authorities in different countries in Europe.

In the long term, it is expected to contribute to the establishment of an European Homeland Security environment for the protection of European CIs.

Target groups

The main target groups and beneficiaries of this project are:

  • Member States through the authorities of Critical Infrastructure Protection.
  • CERTs or CSIRTS competent in CIP.
  • Operators or Owners of the Critical Infrastructure (CI).

Significance and innovation

CloudCERT project has a remarked innovative nature. The technological solution developed make use of the more advanced techniques and tools in the following fields:

  • Information sharing: CloudCERT testbed ensure easy, simple information sharing for cooperation joint exercises, as well as a rapid and risk-free implementation in a real operational and collaborative environment.
  • Security: Appropriate security mechanisms ensure: the system data exchange, identification, authentication, authorisation, confidentiality, integrity, accountability, and dissociation.
  • Interoperability and scalability: Its structure of individual software components are interoperable and may allow the connection to the main CIP tools in use in the EU.

Results

CloudCERT Dossier summarizes in a very convenient and easy-to-read document, the background, motivation and objectives, as well as activities performed, deliverables produced and results generated. Therefore project dossier is the official document for dissemination.

CloudCERT Dossier EN ES DE FR IT PT

With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Justice, Freedom and Security