The CyberSANE project has developed an advanced, configurable and adaptable, security and privacy incident handling systems with the aim to improve, intensify and coordinate the overall security efforts for the effective and efficient identification of threats, and the investigation, mitigation and reporting of multi-dimensional attacks. In order to test and verify the developed functionalities in different domains, three pilots have been designed to gather feedback.
The selected and defined use cases run on complex infrastructures that replicate the ones used in real life scenarios in the transport, energy, and heath domains.
Container Cargo Transportation
The container cargo transportation pilot will be focused on a hacking attack to the software application in charge of the Verification of the container Gross Mass in the port of Valencia.
In 2014, the International Maritime Organization (IMO) amended the Convention on the Safety of Life at Sea (SOLAS) to require, as a condition of loading a full container on a ship for export, that the container has a Verified Gross Mass (VGM). This requirement became mandatory worldwide on 1st July 2016. The shipper became responsible for obtaining the verified gross weight of a full container and communicating it to the shipping company.
To comply with this regulation, in 2016 Fundacion Valenciaport developed conPESO, a marketplace platform that facilitates the compliance of SOLAS regulations on weighing containers for the port logistics community. The platform offers users an effective solution to allow containers to arrive at the port with verified gross weight, reducing last minute incidents or delays at container terminals or the appearance of congestion situations. Furthermore, conPESO offers a fast and automated method so that the verified gross weight reaches the shipping line and the terminal and allows the port to be more competitive.
Solar Energy Production, Storage and Distribution
The solar energy pilot focuses on potential threats to an energy management domestic system that allows for the monitoring of historical and real-time energy flows as well as controlling independent loads and energy assets. Monitoring and data collection is performed by devices and meters connected to a local gateway that reports to a private, cloud-based management system.
The pilot is based on the Internet of Things (IoT) platform entitled, ‘Tribe’ that LSE has already deployed in smart home installations as well as its backend system. At its simplest, the platform uses smart plugs to collect energy readings of the connected home devices, and through a local gateway, they exchange information with a private cloud at the backend.
Tribe is a smart energy management system, which monitors and optimises the generation, storage and consumption of electricity in a building to reduce energy bills. The Tribe Hub connects to the distribution board and a wide range of devices in a building. By learning consumption patterns, and checking live tariff and weather information, the Hub ensures all connected devices maximise use of clean, low-cost electricity. The Tribe App provides visibility of generation, storage and consumption of electricity in real time and can also control and schedule devices remotely, and track energy bill savings generated by Tribe.
Cyber-Threat Identification and Communication in Healthcare
The health pilot focuses on the detection and communication of cyber-threats within hospitals. In general, there are numerous medical devices, such as ultrasonic devices, magnetic resonance imaging or computer tomography devices. Those devices produce medical data linked to individual patients during diagnostic processes. The whole system of medical devices and their data is protected with firewalls; nevertheless, medical devices own a relatively large attack potential as the focus during the development of those devices was not on IT security. Medical technology is furthermore increasingly connected to network functionalities: Medical technology used to be built for closed subsystems but nowadays it gets more closely related to the hospitals’ information technology.
In the healthcare pilot, an infected notebook of an external service technician infects local hospital medical device IT. This is a realistic scenario as it is common practice that service technicians provide software updates and software fixes using their own laptops. Therefore, the hospital has no control over the hardware used by service technicians. Malware might spread into the hospital’s medical device software and into the hospital’s IT infrastructure and might also affect critical patient data. In the worst case, a cyber-attack in the health use case can negatively affect the patient care processes in the hospital.
CyberSANE Pilot Events
The scenarios described will be deployed and demonstrated in three public pilot events to validate the CyberSANE components and functionalities. These events will be organised and executed since the beginning of 2022. Stay tuned to our social networks to know the dates.