Discover Resilmesh

That “complexity is the enemy of security” is a well-accepted maxim . This is especially true for the computing and communications digital infrastructures and services that support our everyday social and economic activities. The dramatic growth of these systems has created major challenges for security teams:

1. Digital infrastructure attack surfaces have increased. These systems are complex– they contain multiple infrastructure layers with many types of components (edge, cloud, IoT etc.). This creates dependencies between organisation business processes (missions) and the hardware and software assets that support them, which in turn facilitates multiple attack entry points (vectors). Digital infrastructures are heterogeneous i.e., composed of many different technologies (e.g., due to the blurring of Information and Operational Technology (IT/OT) boundaries. This further increases the range of potential attack vectors. Digital infrastructures are dispersed over wide geographical areas (cloud/edge/endpoint) making traditional perimeter-based security approaches increasingly ineffective and creating yet more attack vectors.

2. Digital infrastructure attacks have become more complex and sophisticated. Advanced persistent threats (APT’s) with a focus on specific targets over an extended time period are particularly sinister. They typically seek to exfiltrate information or impede critical aspects of a mission or organization. They are increasingly based on multi attack vector approaches including, for example, cyber, physical, and deception vectors. They are often carried out by nation state adversarial actors.

3. Organisations are slow to adapt their security systems to the changes in their security architectures, practices, and infrastructure. This requires adopting techniques such as Zero Trust (ZT)/Secure Systems Edge (SSE) to deal with distribution and complexity. However, almost 80 percent of critical infrastructure organizations don’t yet adopt access control approaches based on zero-trust strategies e.g., a lack of ZT-based network isolation techniques in the Irish health system presented ransomware attackers seamless access to almost 10000 IT hosts running dozens of software systems. OT systems especially are slow to adopt ZT.

Resilmesh will help organisations achieve higher levels of security and resilience by providing them with methods and tools to better

• manage the complexity of their digital infrastructures and services,

• combat advanced persistent threats (APT’S).

The project has identified three digital infrastructure domains that will act as early adopters and amplifiers of Resilmesh solutions: (i) renewable energy (ii) civic regional infrastructure and (iii) flexible manufacturing. Digital infrastructure domains include a wide range of civil and critical infrastructures that have very varying technologies, topologies, and application requirements. Topologies can be widely dispersed (water and energy infrastructures), concentrated in a few locations (manufacturing, health) or widespread (communications infrastructure). Digital infrastructure resources are a combination of constrained (IoT/edge) and powerful (cloud) computing devices and maybe a single technology (IT or OT) or a mix of both. Resilmesh use case pilots have thus been carefully chosen to demonstrate the applicability of the Resilmesh approach across these different digital infrastructure S domains and are also designed to validate the full complement of platform features over the three use cases. Two use-case pilots will be conducted; the first will to introduce the platform to the end-users and to iron out any teething problems and the second will to evaluate the platform performance under TRL7 conditions. Moreover, the platform provides baked-in extensibility ‘hot-spots’/hooks to facilitate the easy addition of new platform functions as well use of the platform in new domains. Resilmesh will specify two competitive open calls for third parties to augment the scope and range of the platform. The first call will be open to cybersecurity application and software developers to provide new platform components e.g. new anomaly detection or correlation algorithms, while the second call will be reserved for use-cases which will be selected to ensure use of the platform in new critical infrastructure domains. Resilmesh will follow a work plan designed to maximise impact, where the development and evaluation are based on an iterative and human-centred co-design approach. The iterative approach and involvement of relevant stakeholders from the start of the project will support and facilitate an iterative technical development process, in which user feedback is provided and integrated in the whole development cycle. The Resilmesh consortium is comprised of 11 leading partners in the area of cybersecurity defence and AI (7 academic institutions and 4 industrial partners) and 3 critical infrastructure operators. Through its specific dissemination, communication, and exploitation actions, Resilmesh will contribute to key resilience improvements identified by NIS2.0 and the Recommendation to strengthen the resilience of critical infrastructure, including improved situational awareness, CTI sharing, risk assessment and capacity building.

Author: Brian Lee, TUS

—————————

(i) https://www.schneier.com/news/archives/2012/12/complexity_the_worst.html

(ii) digital-strategy.ec.europa.eu/en/policies/media-and-audiovisual-action-plan