Centered on the cybersecurity of the systems of the future, the EIC project has just been completed. Its ambitious aim was to develop, in collaboration with the French Agency for Information System Security (ANSSI), a trusted experimental platform to assess the coupling of cybersecurity technologies. It made it possible to remove major technological obstacles linked to the identification of threats and the assessment of the robustness of digital infrastructures.
SystemX has announced the closure of its first cybersecurity R&D project launched in 2015, which was named EIC (Environment for Cybersecurity Interoperability and Integration). This ambitious 5-year project was part of the NFI (New Industrial France) “Cybersecurity” plan. Led in collaboration with ANSSI, it brought together 7 industrial partners (Airbus, Airbus Defense & Space, Bertin IT, Engie, Gemalto, Prove&Run, Thales) and 2 academic partners (CEA and Télécom SudParis / IMT) around the need to develop a leading experimental and human environment, in order to host and test by hybrid simulation the ultra-connected systems of the future under advanced scenarios.
The R&D work carried out as part of the project has brought about several major scientific and technological advances:
- better knowledge and early anticipation of cybersecurity threats;
- a consolidated assessment of the robustness of the countermeasures implemented in realistic use cases;
- a unique response to attack supervision requirements through an integrated operational management;
- and an unprecedented contribution to raising awareness of the risks and training among the teams involved in digital security.
CHESS: platform of trust, certified by ANSSI and CoFIS
The project teams have built a cutting-edge technological platform, in collaboration with ANSSI for a period of 10 years. Labelled by the Committee for industrial security (Comité de la Filière industrielle de sécurité – CoFIS), CHESS (Cybersecurity Hardening Environment for Systems of Systems) offers a complete hardware and software environment for:
- security solution providers: assessment of the level of protection achieved by their innovative component in different contexts of use,
- large users – operators of vital importance, banks, car manufacturers, transport operators – and solution integrators: assessment of their choice of architecture and security solutions, identification of the best alternatives, etc.
Complex scenarios simulated on CHESS
Various use cases in the fields of the factory of the future, connected vehicles, smart grids and the Internet of Things have been studied on the CHESS platform:
- Use of a Blockchain infrastructure to secure updates of connected objects, to correct their vulnerabilities and to protect against hacks, such as on connected vehicles.
- Illustration of the viability of using homomorphic cryptography to significantly strengthen the security of biometric authentication.
- Demonstration of the vulnerability of Smart Grids, particularly in terms of private data.
- Behavioural analysis of an industrial water treatment bay and its dysfunctions..
Training and awareness-raising missions
SystemX organized from 3 to 6 September, in collaboration with the ANSSI, the training of the France Cyber team pre-selected by the ANSSI (free “juniors” candidates – for less than 20 years old – and “seniors” – from 21 to 25 years old-) in order to prepare it for the European Cybersecurity Challenge (ECSC) in Bucharest (October 2019). The following items were planned in the program: sessions on skills-building, development of techniques and methodologies for the. discovery and exploiting of vulnerabilities, and exercises in situational settings that are close to reality, through a game of “ethical hacking” of the CTF type (Capture The Flag). The CHESS experimental platform served as a playground for training the France Cyber team to thwart complex attack scenarios. Building on this first success, SystemX and ANSSI are renewing their collaboration for the 2020 challenge. Sessions for raising awareness and training are also being conducted at the request of companies.
The number of cyber attacks is underestimated
SystemX has investigated for nearly three years with French companies, VSEs and SMEs, victims of successful cyberattacks so as to quantify the real impact of cyber damage in France. This unprecedented study has busted two commonly accepted beliefs: the number of successful cyberattacks, in the range of 2 to 5%, turns out to be much higher than the estimates that are usually made public, while on the other hand, the average cost of cyberattacks turns out to be much lower than assumed and is valued only in thousands of euros. Above all, it has made it possible to promote widespread awareness among small structures of cyber risks and the basic measures to be implemented.
A doctorate thesis dedicated to the simulation of attacks in the field of cyber defence
As part of the EIC project, a thesis on the theme “Simulation of activity and attacks: application to cyber defence” was defended by Pierre-Marie Bajan (IRT SystemX, Telecom SudParis). Its goal: to develop a new network simulation method to create an environment for assessing security products and services. The ambition was to run industrial applications (web browsers, industrial programs, etc.) of which only the data exchanged is necessary for the assessment of these products and services, and thus to limit the consumption of resources. Industrial applications have thus been replaced by a program capable of reproducing their data in the right format and applicable in a lighter network environment.
Assessment of intrusion detection systems
Intrusion detection identifies malicious activity on a host and / or on a network environment. There are a variety of intrusion detection systems and the EIC project focused on defining and testing methodologies, techniques and assessment tools to facilitate the objective comparison of different types of Intrusion Detection Systems (IDS).
EIC opens the door to other perspectives in many industrial sectors
EIC was the first cybersecurity project launched by IRT SystemX, after which other projects quickly emerged from it and in several areas: in the field of connected vehicles: the SCA project launched in 2017 aimed at responding to the “security & privacy” challenges linked to the deployment of autonomous and connected vehicles, and the CTI project whose objective is to bring together, through a common approach, good practices and innovative IT solutions in cybersecurity in the fields of automotive, rail transport and aeronautics.
In the port sector, the project on PFS (Ports of the Future in Security) launched in 2019 relates to the identification of the key functions of maritime ports, the definition of a global security policy and the creation of demonstrators associated with these trades. It builds on CHESS and tests attack scenarios or possible responses. The objective of the project is to study, develop and validate a set of (hardware or software) digital security solutions, necessary for the protection of current and future port infrastructures.