As existing and emerging smart cities continue to expand their IoT and AI-enabled platforms, novel and complex dimensions to the threat intelligence landscape are introduced. These, are linked with identifying, responding and sharing data related to attack vectors, based on emerging IoT and AI technologies, whose architecture and behaviour are not currently well understood by security practitioners, such as CERTs and CSIRTs. This lack of experience as well as of tools, for detecting and reporting IoT & AI attack vectors is further aggravated by potentially greater safety risks caused by such attacks. 

The H2020 IRIS project aims to deliver a framework that will support European CERT and CSIRT networks detecting, sharing, responding and recovering from cybersecurity threats and vulnerabilities of IoT and AI-driven ICT systems, in order to minimize the impact of cybersecurity and privacy risks. The IRIS platform will be made available, free of charge, to the European CERT and CSIRTs, by the end of the project.

IRIS concept is proposed as a federated threat intelligence architecture that instates three core technological and human-centric components into the threat intelligence ecosystem:

• The Collaborative Threat Intelligence module: forms the nexus of the IRIS framework and core component of the architecture enhancing the capabilities of the existing MeliCERTes platform by introducing Analytics Orchestration, an Open Threat Intelligence interface and an intuitive Threat Intelligence Companion. All these supported by a Data Protection and Accountability module;
• The Automated Threat Analytics module: collects and supply key threat and vulnerability assessment telemetry and respond to received intelligence, initiating autonomous response and self-recovery procedures:
• The Cloud-based Virtual Cyber Range: delivers an immersive virtual environment for collaborative CERT/CSIRT training exercises based on real-world environment platforms (and Digital Twin Honeypots), providing representative adversarial IoT & AI threat intelligence scenarios and hands-on training.

The IRIS platform will be demonstrated and validated in three carefully selected pilots resembling real world environments with the engagement of three smart cities (Helsinki, Tallinn and Barcelona) along with the involvement of national CERTs, CSIRTs and cybersecurity authorities.

“IRIS is uniquely positioned to provide a high impact solution to support the operations of European CERTs and CSIRTs for coordinated response to large-scale cross-border cybersecurity incidents and crises,” mentions Mr Nelson Escravana from INOV, the Project Coordination Team.

The IRIS consortium comprises of public organizations, SMEs with cutting-edge cyber technologies, large industries as service providers as well as research and academic partners with significant achievements to cybersecurity and privacy technologies.

For its part, the UPC, specifically the cybersecurity group esCERT, will contribute to the project in several key areas. Initially the main responsibility will be the definition of the different environments and their technical requirements in which the IRIS platform will be validated. This involves coordinating and deciding which use cases are most relevant to the project within the three pilots that will be conducted. These pilots have a European reach, involving the city of Helsinki with a Smart Grid and Smart Vehicles platform, the city of Tallinn with its Autonomous Transportation Systems platform, and finally the city of Helsinki. Barcelona with its Urban platform of Superblocks and Smart Services (Tram, traffic analysis,…). The ultimate goal of this task will be to define the methodology for securing the different pilots through the platform developed in the project.

With these pilots, the goal will be the creation of a dynamic knowledge base and the development of the necessary technology to implement a repository of threats in the area of ​​cybersecurity, considering the dynamism and evolution of these threats. This common knowledge base will then be used to provide a framework for dynamic policies and mechanisms for the sharing of intelligence on cyber threats between the different CERTs in Europe.

In order to complement the use cases and the knowledge base, the project will also provide a set of open interfaces (OpenAPI) that will allow the integration of advanced threat analysis solutions in IoT environments with intelligent infrastructures

Finally, in the project environment, esCERT will provide the key indicators that will validate that the IRIS platform has met expectations as a platform to ensure the security of the infrastructure. These indicators will be validated with the creation of a demonstrator in the city of Barcelona that will allow to finish formulating the standardized methodology for assessing the safety of infrastructure.