SlideShare a Scribd company logo

IEEE_CSR_PHOENI2X_Presentation.pdf

V
Vasileios Mavroeidis

As digital technologies become more pervasive in society and the economy, cybersecurity incidents become more frequent and impactful. According to the NIS and NIS2 Directives, EU Member States and their Operators of Essential Services must establish a minimum baseline set of cybersecurity capabilities and engage in cross-border coordination and cooperation. However, this is only a small step towards European cyber resilience. In this landscape, preparedness, shared situational awareness, and coordinated incident response are essential for effective cyber crisis management and resilience. Motivated by the above, this paper presents PHOENI2X, an EU-funded project aiming to design, develop, and deliver a Cyber Resilience Framework providing Artificial-Intelligence-assisted orchestration, automation and response capabilities for business continuity and recovery, incident response, and information exchange, tailored to the needs of Operators of Essential Services and the EU Member State authorities entrusted with cybersecurity.

Presentations & Public Speaking
1 of 22
Download to read offline
This project has received funding from the Horizon Europe Research and Innovation programme under Grant Agreement No101070586 PHOENI2X - A European Cyber Resilience Framework With Artificial-Intelligence-Assisted Orchestration, Automation and Response Capabilities for Business Continuity and Recovery, Incident Response, and Information Exchange Konstantinos Fysarakis, Alexios Lekidis, Vasileios Mavroeidis, Konstantinos Lampropoulos et al. 31/7/2023 1
Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 2 IEEE CSR
Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 3 IEEE CSR
PHOENI2X framework overview • PHOENI2X aims to design, develop, and deliver a Cyber Resilience Framework providing Artificial Intelligence (AI) - assisted orchestration, automation & response capabilities for business continuity and recovery, incident response, and information exchange • Tailored to the needs of Operators of Essential Services (OES) and of the EU Member State (MS) National Authorities entrusted with cybersecurity. • Aligned with the pertinent EU initiatives, such as the recommendations provided in the European Commission Recommendation on Coordinated Response to Large Scale Cybersecurity Incidents and Crises (“Cyber Blueprint”) & supporting the newly launched Cyber Crisis Liaison Organization Network (CyCLONe). 4 IEEE CSR PHOENI2X will assist operators of critical sectors achieve cyber resilience & also support EU MS authorities in enhancing national cybersecurity capabilities, cross-border collaboration, and national supervision of their critical sectors, per the NIS Directive’s requirements.
Key approach objectives 5 IEEE CSR • Through PHOENI2X Cyber Resilience Centres (PHOENI2X CRCs), OES will gain: 1) Enhanced Situational Awareness with AI-assisted Prediction, Prevention, Detection & Response capabilities, and business risk impact assessment-based prioritisation 2) Proactive & reactive Resilience Automation, Orchestration, and Response (ROAR) mechanisms, providing Business Continuity, Recovery and Cyber & Physical Incident Response 3) Increased Preparedness through relevant Serious Games and realistic Resilience Cyber Range (RCR) Assessment & Training 4) Timely and actionable Information Exchange between OES, National Authorities and EU actors, leveraging interoperable and standardised alerting and reporting mechanisms and processes
PHOENI2X conceptual architecture 6 IEEE CSR
Baseline prevention, detection and response toolset • Dynamic and static vulnerability testing • Security Information and Event Management • CTI management and sharing • Endpoint Detection and Response • Network Detection and Response • Deception tools • Forensics tools 7 IEEE CSR
Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 8 IEEE CSR
Preparedness through Cyber Range & Serious Games • Realistic scenario assessment and training capabilities through the integration of an Resilience Cyber Range (RCR) and Serious Games 1) Assessment of defined Resilience Playbooks (e.g., to find gaps or inefficiencies, adapting them as needed) 2) Hands-on training to OES staff in the business continuity, recovery and IR procedures encoded in the RPs • Serious Games will support the RCR, focusing on the Training and Awareness of employees on different cyber attacks, threat elicitation, and improving organizational defenses that depend critically on human factors (e.g., social engineering and phishing attacks) 9 IEEE CSR
AI-assisted Situational Awareness, Prediction & Response • User & Entity Behaviour Analytics, relying on an AutoML system to minimise overhead for data scientists and facilitate model selection. • CTI Discovery, Analytics & Threat Hunting, leveraging AI (NLP, Sentiment Analysis, Heuristic Analytics) for the discovery, extraction, ingestion, correlation, and contextualization of CTI indicators. • Attack Prediction, Response Recommendation & Adaptation, supporting attack categorization , attack prediction , and attack response and adaptation • Risk Impact Assessment & Prioritisation, evaluating in near real-time the risk faced by an organisation qualitatively & quantitatively 10 IEEE CSR
Automation through aspect-oriented playbooks • Adaptable and contextualizable (e.g., by inputs from the AI-assisted Situational Awareness capabilities of PHOENI2X and post-incident analyses) • Customisable to intrinsic requirements of every OES • Shareable across organisation boundaries at machine-speed • Supporting what-if analyses, with the specification of orchestrations involving components and capabilities that are not (yet) present in the organisation, and • Translatable to support assessment and training in a realistic, simulated/emulated cyber range environment 11 IEEE CSR
Resilience Orchestration, Automation & Response (ROAR) 12 • Resilience Playbooks (RP): structured, machine-processable encoding of a sequence of actions comprising the organization's business continuity, recovery, and IR processes • PHOENI2X adopts and extends the recently released OASIS Collaborative Automated Course of Action Operations (CACAO) specification IEEE CSR
Predictive Maintenance (PMEM) • Strong need for efficient predictive analytics-based approaches that utilize AI strategies to detect and predict known attacks along with ever- emerging zero-day exploits which can happen in the network • PMEM uses supervised and unsupervised learning approaches to predict intrusions and propose specific actions as proactive actions to prevent the attack or as a response to the attack 13 IEEE CSR
Alerting, reporting and information exchange • Information exchange platform to address the need for standardized and coordinated cyber- security notifications as: 1) Technical-level indicators from the Baseline Prevention, Detection and Response toolset 2) AI-generated insights, early-warning alerts, contextualized information - CTI, models, and other shareable information from the AI- assisted Situational Awareness, Prediction and Response enablers 3) RPs from the ROAR subsystem 4) Training programs from the RCR • Goal lies in linking all the EU-level relevant parties at the strategic and political level, as well as cyber-security IR actors (CSIRTs network, ENISA, NIS CG, CyCLONe) 14 IEEE CSR
Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 15 IEEE CSR
Use-case overview 1. Energy use case, based in Greece, directly involving an OES (Public Power Corporation) as well a supporting telecom provider and the National Authority (NCSA) overseeing the OES 2. Transport use case, based in Spain, directly involving an OES 3. Healthcare use case, based in Cyprus, involving an essential solution and infrastructure provider of an OES (the General Healthcare System of Cyprus), to highlight the importance of supply chain aspects, and the National Authority (DSA) overseeing the OES 16 IEEE CSR
Use-case 1: Cascading effects of cyber attacks against advanced metering infrastructure 17 IEEE CSR
Use-case 2: Cyber and physical attacks and risk management service for the railway management system IEEE CSR 18
Use-case 3: cyber attacks aiming to cripple the public healthcare system 19 IEEE CSR
Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 20 IEEE CSR
Summary and ongoing work • AI-enhanced Cyber Resilience Framework, providing orchestration, automation and response capabilities for business continuity and recovery, IR, and information exchange • Individual components comprising PHOENI2X will be developed and integrated • Deployment and testing of tools against both known and zero-day threats and attacks in the Energy, Transport, Health sectors • Validation, reporting and information exchange from National cyber-security Authorities • Holistic assessment of PHOENI2X and its vision, collecting concrete evidence of its applicability, along with valuable feedback and pointers for its further refinement 21 IEEE CSR
This project has received funding from the Horizon Europe Research and Innovation programme under Grant Agreement No101070586 Thank you for your attention!! Questions? fysarakis@sphynx.ch, a.lekidis@dei.gr 22

Recommended

SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
BigData_Europe
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Leonardo ENERGY
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Sebastiano Panichella
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
GoogleNewsSubmit
 
Cyber physical systems and robotics
Cyber physical systems and roboticsCyber physical systems and robotics
Cyber physical systems and robotics
trinhanhtuan247
 
Pervasive Computing Reference Architecture from a Software Engineering Perspe...
Pervasive Computing Reference Architecture from a Software Engineering Perspe...Pervasive Computing Reference Architecture from a Software Engineering Perspe...
Pervasive Computing Reference Architecture from a Software Engineering Perspe...
Osama M. Khaled
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
 

Recommended

SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
BigData_Europe
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Leonardo ENERGY
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Sebastiano Panichella
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
GoogleNewsSubmit
 
Cyber physical systems and robotics
Cyber physical systems and roboticsCyber physical systems and robotics
Cyber physical systems and robotics
trinhanhtuan247
 
Pervasive Computing Reference Architecture from a Software Engineering Perspe...
Pervasive Computing Reference Architecture from a Software Engineering Perspe...Pervasive Computing Reference Architecture from a Software Engineering Perspe...
Pervasive Computing Reference Architecture from a Software Engineering Perspe...
Osama M. Khaled
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
Dr Dev Kambhampati
 
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
Power System Operation
 
Cps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iranCps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iran
Ahmadreza Ghaznavi
 
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
KTN
 
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
EOSC-hub project
 
RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) MeetingRECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP Project
 
Artificial intelligence and machine learning in dynamic cyber risk analytics ...
Artificial intelligence and machine learning in dynamic cyber risk analytics ...Artificial intelligence and machine learning in dynamic cyber risk analytics ...
Artificial intelligence and machine learning in dynamic cyber risk analytics ...
Petar Radanliev
 
Artss@itms2020
Artss@itms2020Artss@itms2020
Artss@itms2020
Jānis Grabis
 
Ruaraka police management system [Autosaved].pptx
Ruaraka police management system [Autosaved].pptxRuaraka police management system [Autosaved].pptx
Ruaraka police management system [Autosaved].pptx
rolllings3
 
I3CON Newsletter #2
I3CON Newsletter #2I3CON Newsletter #2
I3CON Newsletter #2
lk314
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
Digital Security by Design: ISCF Digital Security by Design Research Projects...
Digital Security by Design: ISCF Digital Security by Design Research Projects...Digital Security by Design: ISCF Digital Security by Design Research Projects...
Digital Security by Design: ISCF Digital Security by Design Research Projects...
KTN
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
Norbi Hegedus
 
Img s sumary-paper_for_march19_meeting
Img s sumary-paper_for_march19_meetingImg s sumary-paper_for_march19_meeting
Img s sumary-paper_for_march19_meeting
Marco Manso
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
Luxembourg Institute of Science and Technology
 
S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
Brian Proctor - GICSP, CISSP, CRISC
 
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
EnergyTech2015
 
Profile tulasi digital_health
Profile tulasi digital_healthProfile tulasi digital_health
Profile tulasi digital_health
Sivanesan Tulasidas
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
Cohesive Networks
 
2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx
nitishjain2015
 
"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR
Megan Campos
 

More Related Content

Similar to IEEE_CSR_PHOENI2X_Presentation.pdf

RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) MeetingRECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP Project
 
Artificial intelligence and machine learning in dynamic cyber risk analytics ...
Artificial intelligence and machine learning in dynamic cyber risk analytics ...Artificial intelligence and machine learning in dynamic cyber risk analytics ...
Artificial intelligence and machine learning in dynamic cyber risk analytics ...
Petar Radanliev
 
Ruaraka police management system [Autosaved].pptx
Ruaraka police management system [Autosaved].pptxRuaraka police management system [Autosaved].pptx
Ruaraka police management system [Autosaved].pptx
rolllings3
 
I3CON Newsletter #2
I3CON Newsletter #2I3CON Newsletter #2
I3CON Newsletter #2
lk314
 
Digital Security by Design: ISCF Digital Security by Design Research Projects...
Digital Security by Design: ISCF Digital Security by Design Research Projects...Digital Security by Design: ISCF Digital Security by Design Research Projects...
Digital Security by Design: ISCF Digital Security by Design Research Projects...
KTN
 
Img s sumary-paper_for_march19_meeting
Img s sumary-paper_for_march19_meetingImg s sumary-paper_for_march19_meeting
Img s sumary-paper_for_march19_meeting
Marco Manso
 
S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
Brian Proctor - GICSP, CISSP, CRISC
 
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
EnergyTech2015
 
Profile tulasi digital_health
Profile tulasi digital_healthProfile tulasi digital_health
Profile tulasi digital_health
Sivanesan Tulasidas
 

Similar to IEEE_CSR_PHOENI2X_Presentation.pdf (20)

Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
 
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
FRAMEWORK FOR EPU OPERATORS TO MANAGE THE RESPONSE TO A CYBER-INITIATED THREA...
 
Cps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iranCps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iran
 
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
 
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
Prompting an EOSC in Practice, Isabel Campos, CSIC & Member of the High Level...
 
RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) MeetingRECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
 
Artificial intelligence and machine learning in dynamic cyber risk analytics ...
Artificial intelligence and machine learning in dynamic cyber risk analytics ...Artificial intelligence and machine learning in dynamic cyber risk analytics ...
Artificial intelligence and machine learning in dynamic cyber risk analytics ...
 
Artss@itms2020
Artss@itms2020Artss@itms2020
Artss@itms2020
 
Ruaraka police management system [Autosaved].pptx
Ruaraka police management system [Autosaved].pptxRuaraka police management system [Autosaved].pptx
Ruaraka police management system [Autosaved].pptx
 
I3CON Newsletter #2
I3CON Newsletter #2I3CON Newsletter #2
I3CON Newsletter #2
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Digital Security by Design: ISCF Digital Security by Design Research Projects...
Digital Security by Design: ISCF Digital Security by Design Research Projects...Digital Security by Design: ISCF Digital Security by Design Research Projects...
Digital Security by Design: ISCF Digital Security by Design Research Projects...
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
Img s sumary-paper_for_march19_meeting
Img s sumary-paper_for_march19_meetingImg s sumary-paper_for_march19_meeting
Img s sumary-paper_for_march19_meeting
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
 
S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
 
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
Mark Minnucci: Deployment of MBSE and the Emergence of a Systems-Thinking Cul...
 
Profile tulasi digital_health
Profile tulasi digital_healthProfile tulasi digital_health
Profile tulasi digital_health
 
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 

Recently uploaded

"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR
Megan Campos
 
The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...
Kayode Fayemi
 

Recently uploaded (14)

2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx
 
"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR
 
Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...
Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...
Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...
 
2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf
 
Modernizing The Transport System:Dhaka Metro Rail
Modernizing The Transport System:Dhaka Metro RailModernizing The Transport System:Dhaka Metro Rail
Modernizing The Transport System:Dhaka Metro Rail
 
Databricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfDatabricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdf
 
SaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of GuruSaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of Guru
 
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
 
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINESBIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
 
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINESBIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
 
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptxTSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
 
Using AI to boost productivity for developers
Using AI to boost productivity for developersUsing AI to boost productivity for developers
Using AI to boost productivity for developers
 
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdfMicrosoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
 
The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...
 

IEEE_CSR_PHOENI2X_Presentation.pdf

  • 1. This project has received funding from the Horizon Europe Research and Innovation programme under Grant Agreement No101070586 PHOENI2X - A European Cyber Resilience Framework With Artificial-Intelligence-Assisted Orchestration, Automation and Response Capabilities for Business Continuity and Recovery, Incident Response, and Information Exchange Konstantinos Fysarakis, Alexios Lekidis, Vasileios Mavroeidis, Konstantinos Lampropoulos et al. 31/7/2023 1
  • 2. Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 2 IEEE CSR
  • 3. Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 3 IEEE CSR
  • 4. PHOENI2X framework overview • PHOENI2X aims to design, develop, and deliver a Cyber Resilience Framework providing Artificial Intelligence (AI) - assisted orchestration, automation & response capabilities for business continuity and recovery, incident response, and information exchange • Tailored to the needs of Operators of Essential Services (OES) and of the EU Member State (MS) National Authorities entrusted with cybersecurity. • Aligned with the pertinent EU initiatives, such as the recommendations provided in the European Commission Recommendation on Coordinated Response to Large Scale Cybersecurity Incidents and Crises (“Cyber Blueprint”) & supporting the newly launched Cyber Crisis Liaison Organization Network (CyCLONe). 4 IEEE CSR PHOENI2X will assist operators of critical sectors achieve cyber resilience & also support EU MS authorities in enhancing national cybersecurity capabilities, cross-border collaboration, and national supervision of their critical sectors, per the NIS Directive’s requirements.
  • 5. Key approach objectives 5 IEEE CSR • Through PHOENI2X Cyber Resilience Centres (PHOENI2X CRCs), OES will gain: 1) Enhanced Situational Awareness with AI-assisted Prediction, Prevention, Detection & Response capabilities, and business risk impact assessment-based prioritisation 2) Proactive & reactive Resilience Automation, Orchestration, and Response (ROAR) mechanisms, providing Business Continuity, Recovery and Cyber & Physical Incident Response 3) Increased Preparedness through relevant Serious Games and realistic Resilience Cyber Range (RCR) Assessment & Training 4) Timely and actionable Information Exchange between OES, National Authorities and EU actors, leveraging interoperable and standardised alerting and reporting mechanisms and processes
  • 7. Baseline prevention, detection and response toolset • Dynamic and static vulnerability testing • Security Information and Event Management • CTI management and sharing • Endpoint Detection and Response • Network Detection and Response • Deception tools • Forensics tools 7 IEEE CSR
  • 8. Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 8 IEEE CSR
  • 9. Preparedness through Cyber Range & Serious Games • Realistic scenario assessment and training capabilities through the integration of an Resilience Cyber Range (RCR) and Serious Games 1) Assessment of defined Resilience Playbooks (e.g., to find gaps or inefficiencies, adapting them as needed) 2) Hands-on training to OES staff in the business continuity, recovery and IR procedures encoded in the RPs • Serious Games will support the RCR, focusing on the Training and Awareness of employees on different cyber attacks, threat elicitation, and improving organizational defenses that depend critically on human factors (e.g., social engineering and phishing attacks) 9 IEEE CSR
  • 10. AI-assisted Situational Awareness, Prediction & Response • User & Entity Behaviour Analytics, relying on an AutoML system to minimise overhead for data scientists and facilitate model selection. • CTI Discovery, Analytics & Threat Hunting, leveraging AI (NLP, Sentiment Analysis, Heuristic Analytics) for the discovery, extraction, ingestion, correlation, and contextualization of CTI indicators. • Attack Prediction, Response Recommendation & Adaptation, supporting attack categorization , attack prediction , and attack response and adaptation • Risk Impact Assessment & Prioritisation, evaluating in near real-time the risk faced by an organisation qualitatively & quantitatively 10 IEEE CSR
  • 11. Automation through aspect-oriented playbooks • Adaptable and contextualizable (e.g., by inputs from the AI-assisted Situational Awareness capabilities of PHOENI2X and post-incident analyses) • Customisable to intrinsic requirements of every OES • Shareable across organisation boundaries at machine-speed • Supporting what-if analyses, with the specification of orchestrations involving components and capabilities that are not (yet) present in the organisation, and • Translatable to support assessment and training in a realistic, simulated/emulated cyber range environment 11 IEEE CSR
  • 12. Resilience Orchestration, Automation & Response (ROAR) 12 • Resilience Playbooks (RP): structured, machine-processable encoding of a sequence of actions comprising the organization's business continuity, recovery, and IR processes • PHOENI2X adopts and extends the recently released OASIS Collaborative Automated Course of Action Operations (CACAO) specification IEEE CSR
  • 13. Predictive Maintenance (PMEM) • Strong need for efficient predictive analytics-based approaches that utilize AI strategies to detect and predict known attacks along with ever- emerging zero-day exploits which can happen in the network • PMEM uses supervised and unsupervised learning approaches to predict intrusions and propose specific actions as proactive actions to prevent the attack or as a response to the attack 13 IEEE CSR
  • 14. Alerting, reporting and information exchange • Information exchange platform to address the need for standardized and coordinated cyber- security notifications as: 1) Technical-level indicators from the Baseline Prevention, Detection and Response toolset 2) AI-generated insights, early-warning alerts, contextualized information - CTI, models, and other shareable information from the AI- assisted Situational Awareness, Prediction and Response enablers 3) RPs from the ROAR subsystem 4) Training programs from the RCR • Goal lies in linking all the EU-level relevant parties at the strategic and political level, as well as cyber-security IR actors (CSIRTs network, ENISA, NIS CG, CyCLONe) 14 IEEE CSR
  • 15. Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 15 IEEE CSR
  • 16. Use-case overview 1. Energy use case, based in Greece, directly involving an OES (Public Power Corporation) as well a supporting telecom provider and the National Authority (NCSA) overseeing the OES 2. Transport use case, based in Spain, directly involving an OES 3. Healthcare use case, based in Cyprus, involving an essential solution and infrastructure provider of an OES (the General Healthcare System of Cyprus), to highlight the importance of supply chain aspects, and the National Authority (DSA) overseeing the OES 16 IEEE CSR
  • 17. Use-case 1: Cascading effects of cyber attacks against advanced metering infrastructure 17 IEEE CSR
  • 18. Use-case 2: Cyber and physical attacks and risk management service for the railway management system IEEE CSR 18
  • 19. Use-case 3: cyber attacks aiming to cripple the public healthcare system 19 IEEE CSR
  • 20. Outline • Introduction to the PHOENI2X framework • Main innovation directions • Use-cases and threat scenarios • Summary and next steps 20 IEEE CSR
  • 21. Summary and ongoing work • AI-enhanced Cyber Resilience Framework, providing orchestration, automation and response capabilities for business continuity and recovery, IR, and information exchange • Individual components comprising PHOENI2X will be developed and integrated • Deployment and testing of tools against both known and zero-day threats and attacks in the Energy, Transport, Health sectors • Validation, reporting and information exchange from National cyber-security Authorities • Holistic assessment of PHOENI2X and its vision, collecting concrete evidence of its applicability, along with valuable feedback and pointers for its further refinement 21 IEEE CSR
  • 22. This project has received funding from the Horizon Europe Research and Innovation programme under Grant Agreement No101070586 Thank you for your attention!! Questions? fysarakis@sphynx.ch, a.lekidis@dei.gr 22