Duration of the project:
September, 2021 –
August, 2024
Funded by
Project Manager
inLab FIB Team:
  • INOV – Instituto de Engenharia de Sistemas e Computadores, Inovacão, (INOV), Portugal
  • European Cyber Security Organisation (ECSO), Belgium
  • Centrul National De Raspuns La Incidente De Securitate Cibernetica, (CERT-RO), Romania
  • Intrasoft International SA (INTRA), Luxembourg
  • Thales Six Gts France SAS (THALES), France
  • Atos It Solutions And Services Iberia SL (ATOS), Spain
  • Cisco Systems Spain S.L (CISCO SPAIN), Spain
  • Exalens (CLS), Netherlands
  • Sidroco Holdings Limited (SID), Cyprus
  • Cyberethics Lab SRLS (CEL), Italy
  • Commissariat A L Energie Atomique Et Aux Energies Alternatives (CEA), France
  • Ethniko Kentro Erevnas Kai Technologikis Anaptyxis, (CERTH), Greece
  • Institute Of Communication And Computer Systems (ICCS), Greece
  • Technische Universiteit Delft (TU Delft), Netherlands
  • Tallinna Tehnikaülikool (TalTech), Estonia
  • Universitat Politecnica De Catalunya (UPC), Spain
  • Kentro Meleton Asfaleias (KEMEA), Greece
  • Institut Municipal D’informatica De Barcelona (IMI BCN), Spain
  • Forum Virium Helsinki OY (FVH), Finland
Areas of expertise involved in the project


The new EU project that has come to protect IoT systems by providing a first-class collaborative approach and state-of-the-art technology.

As existing and emerging smart cities continue to expand their IoT and AI-enabled platforms, new and complex dimensions are introduced to the threat intelligence landscape. These are linked to the identification, response and sharing of data related to attack vectors. These vectors, based on emerging IoT and AI technologies, are comprised of architecture and behavior that are currently not well understood by security professionals such as CERTs and CSIRTs.

This lack of expertise, as well as tools, to detect and report IoT and AI attack vectors is further compounded by the potentially greater security risks posed by them.

The H2020 IRIS project aims to provide a framework to support European CERT and CSIRT networks detecting, sharing, responding to and recovering from cyber security threats and vulnerabilities of IoT and AI driven ICT systems, in order to minimize the impact of cyber security and privacy risks. The IRIS platform will be available, free of charge, to European CERTs and CSIRTs at the end of the project.

The IRIS concept is proposed as a federated threat intelligence architecture that establishes three technological and human-centric components of the threat intelligence ecosystem:

  • The Collaborative Threat Intelligence module: forms the nexus of the IRIS framework and the central component of the architecture enhancing the capabilities of the existing MeliCERTes platform by introducing Analytics Orchestration, an Open Threat Intelligence interface and an intuitive Threat Intelligence Companion. All this with the support of a proactive Data Protection and Liability module.
  • The Automated Threat Analytics module: collects and delivers key threat and vulnerability assessment telemetry and responds to received intelligence, initiating autonomous response and self-healing procedures.
  • The cloud-based virtual cyber range: provides an immersive virtual environment for collaborative CERT/CSIRT training exercises based on real-world environmental platforms (and by digital twins), providing representative intelligence scenarios IoT and AI threats and hands-on training.

The IRIS platform will be demonstrated and validated in three carefully selected pilots that resemble real-world environments with the commitment of three smart cities (Helsinki, Tallinn and Barcelona) together with the involvement of national CERTs, CSIRTs and authorities of cyber security.

“IRIS is uniquely positioned to provide a high-impact solution to support the operations of European CERTs and CSIRTs for a coordinated response to large-scale cross-border incidents and crises,” says INOV’s Nelson Escravana , the Project Coordination Team.

The IRIS consortium is made up of public organizations, SMEs with cutting-edge cyber technologies, large industries as service providers, as well as research and academics with significant achievements in cyber security and privacy technologies.

For its part, the UPC, specifically the cyber security group esCERT, will contribute to the project in several key areas. Initially the main responsibility will be the definition of the different environments and their technical requirements in which the IRIS platform will be validated. This involves coordinating and deciding which use cases are most relevant to the project within the three pilots that will be carried out. These pilots have a European scope, where the city of Helsinki is involved with a Smart Grid and Smart Vehicles platform, the city of Tallinn with its platform of autonomous transport vehicles (Autonomous Transportation Systems), and finally the city of Barcelona with its Superilles Urbanistics platform and Smart Services (Tram, traffic analysis, …). The final objective of this task will be the definition of the methodology for securing the different pilots through the platform developed in the project.

With these pilots, the objective will be the creation of a dynamic knowledge base and the development of the necessary technology to be able to implement a repository of threats in the area of cyber security, considering the dynamism and evolution of these threats This common knowledge base will then be used to provide a dynamic policy framework and mechanisms for sharing intelligence on cyber threats between the different CERTs in Europe.

In order to complement the use cases and knowledge base, a set of open interfaces (OpenAPI) will also be provided during the project that will enable the integration of advanced threat analysis solutions in IoT environments with intelligent infrastructures. clever

Finally, in the project environment, esCERT will provide the key indicators that will validate that the IRIS platform has met expectations as a platform to guarantee infrastructure security. These indicators will be validated with the creation of a demonstrator in the city of Barcelona that will allow to finish formulating the standardized methodology for evaluating the safety of the infrastructure.