WP 3: Technologies, applications, and services
Technologies, applications, and services
WP3 aims at defining and executing research, development, and innovation with respect to the next generation of cybersecurity technologies, applications, and services. It will provide a selection of horizontal cybersecurity technologies and solutions applicable to a range of Critical Sectors. The provision shall extend the state-of-the-art, enabling innovative systems, mechanisms, and services.
Tasks for the first 48 months of the center have been planned; these are listed below. These may be extended in time and/or new tasks will be established according to the input received from WP1, WP2, and WP4. WP3 utilizes fundamental results from WP2 and will provide the research support for WP4 to connect the research and innovation with the demonstration cases and industrial sectors to be covered.
Tasks within Work Package 3
The 5G networks, both the access and the core part are considered to become the uniform service providing infrastructure of the future – also for critical infrastructure sectors like power provisioning, manufacturing, health, smart cities, etc. Hence it will become a critical hub for all critical sectors. Each service (or sub service) should be handled by their own slice, including VNF based service chains, to meet the security and dependability requirements. The 5G technology to provide this is still immature. Nevertheless, work has started on the generations beyond, and in the perspective of NORCICS, these developments should be considered.
Objectives:
Develop competence, i.e., extend the state of art, in using 5G and beyond technologies to build secure, resilient, and survivable critical infrastructures and provide critical services. Focus will be on interdependencies, slicing, and multi-tenant and multi-operator challenges, where solutions are immature and innovation potential largest
Contact:
Task Leader T3.1, Poul E. Heegaard
Integrated PhD, Trond Vatten
Partners involved:
- NTNU
- SINTEF Digital
- SINTEF Energi
- SINTEF Manufacturing
- Norsk Hydro
- Mnemonic
- Yara
- Equinor
- Helgeland Kraft
- Siemens
- NC-Spectrum
- Kongsberg
- Sykehuset Innlandet
- Oslo Politidistrikt
The notion of cyber resilience signifies an extended ambition of cyber security in Critical Sectors (CrSec). The rationale for employing the concept of resilience is not confined to recovery from disruption, but to maintain integrity and functioning when being exposed to both expected and unexpected disturbance and variability, including genuine surprise. This challenge is not only technological, but also human and organizational. Dealing with complexity, irregular and surprising events demands a different mindset and different skills than anticipating their occurrence. The notion of resilience has gathered many meanings through recent years but is inextricably linked to the challenge of combining and bridging these mindsets in a holistic manner. CrSec will always include a mix of old (legacies) and new technologies and paradigms. Operating this mix implies sociotechnical drift, which is driven by successful adaptation as much as recovering from failure. Rudimentary resilience exists because practitioners need to create practical solutions under varying conditions, in which successful adaptation to a large extent is an emergent property that cannot be achieved solely by technical or planned means. A CrSec secured without paying attention to practical drift, operated solely on the basis of past failures and successes, is at risk of becoming "robust yet fragile". Such a "resilience as imagined" will inherently increase risk rather than mitigate it. A living digital ecosystem is necessary for both recognizing complex, emerging threat landscapes, as well as facilitating a polycentric resilience landscape of diverse, but reciprocally collaborating entities. A digital ecosystem comprises technologies, actors (vendors/integrators/asset owners/operators), management processes and governance/regulatory structures associated with the IT/OT systems constituting CrSec at the cyber-physical and service level. This ecosystem creates or inhibits the premises for cyber resilience to emerge/manifest. Their joint understanding, interactions and reciprocity in strategizing and decision-making is crucial
Objective:
- Develop a joint framework for understanding and describing cyber resilience in CrSec, combining enhanced preparedness and risk management processes, sociotechnical interaction in complex systems combining IT and OT, management and governance processes, and societal/community framings of the consequences of lack of cyber resilience in CrSec.
- Establish a community of practitioners that can represent key actors of a digital ecosystem for electricity supply through collaboration with T4.1.
- Develop a framework for a digital ecosystem enabling polycentric cyber resilience in electricity supply and smart cities.
- Identify target aspects for influence and corresponding success criteria based on case studies.
- Establish discursive frameworks for resolving conflicting objectives on the path towards resilience 6. Specify key procedures (and tools) for analysis, planning and orchestration of security management, in reciprocity with the polycentric resilience enabled by the digital ecosystem.
- Identify good/best practices for maintaining focus on cyber resilience in the digital ecosystem, in the evolution (all life cycle phases) of CrSec.
Contact:
Task Leader T3.2, Tor Olav Grøtan (tor.o.grotan@sintef.no)
Partners:
- SINTEF Digital
- SINTEF Energi
- NTNU
- ELVIA
- Aiba
- Mnemonic
Cyber Physical Systems (CPS) constitute the core of Critical Infrastructure (CI), yet their architectural and operational characteristics are not thoroughly captured by contemporary cyber ranges, which are commonly narrow in scope or purposefully aligned with subsections of specific target systems. The anticipated use of the physical reference environments investigated, modelled, and integrated is twofold, namely as demonstrators for education and dissemination, but also as testbeds for activities related to research and training.
Objectives:
Establish a configurable and expandable cyber-physical range that uses real, simulated and emulated components of CI CPS, integrating both IT and OT infrastructure, along with the development of suitable educational and training material.
Contact:
Task Leader T3.3, Vasileios Gkioulos
PhD, Vyron Kampourakis
Partners involved:
- NTNU
- SINTEF Energi
- NR
- SINTEF Manufacturing
- Norsk Hydro
- NC- Spectrum
- Sykehuset Innlandet
- Lyse Elnett
- Helgeland Kraft
- Siemens
- Elvia AS
- Kongsberg Gruppen
- EQUINOR AS
Analyzing vast, diverse data sources and gathering data widely distributed in critical infrastructures and the Internet poses enormous challenges for digital security and investigations. It holds for a proactive perspective of securing critical infrastructure and a reactive view when first responders and investigators need to identify the cause and effects of an incident. The challenge is increased by the fact that data sources are ultra-large and mostly unstructured. Computational methods are required to reliably analyze data and information from the digital (cyber-) and the physical domain. Of course, the demand is based on the increased ubiquity of digital services in everyday operations of critical infrastructures that led to a convergence of the digital and the physical world. Extracting relevant information from vast data sources and correlating this information with other sources are non-trivial tasks. Current tools used in practical applications are unsuitable for large and diverse data processing tasks. This NORCICS task 3.4 addresses the existing gaps by using sophisticated (data-driven) online learning and data-fusion methods that are also enabling human interaction and the injection of human expert knowledge. Novel computing infrastructures and legal framework are needed to be taken into consideration to provide sustainable approaches that NORCICS industry partners can adopt.
Objective:
- Improvement in (computational) intelligence capabilities for a range of areas, e.g.:
o Prevent, interrupt, and explain incidents or malicious activities.
o Increase situational awareness in cyber-physical systems. - Provide relevant research data sets, and anonymized real-world data sets for evaluation.
- Study algorithms and methods for machine-assisted (human) intelligence.
- Design algorithms for behavior monitoring and event detection.
- Conduct data fusion and correlation of data in rest and motion from critical infrastructures in the digital and the physical domain.
Contact:
Task Leader T3.4, Christian Walter Peter Omlin
PhD, Touseef Sadiq UiA Touseef Sadiq
Partners:
- NTNU CCIS
- Mnemonic
- Universitetet i Agder
- Sykehuset Innlandet HF
- Aiba
- Oslo Politidistrikt
The biggest obstacle for the big visions and promises by 5G (and beyond) networks, about telepresence, holographic transmissions, telemedicine and remote operations are the network latencies in the control layer, that so far cannot go below 1ms even within the most controlled experimental environments. 5G control layer use codes that need to be short (with codewords from 40 up to 128 bits), and their encoding and decoding times need to be short in order to reduce the network response latency. While 4G has latency in the range of 50ms, 5G is expected to have latency of around 10ms (up to 5 times faster than 4G). New efforts (by Nokia and other companies) push the latency further down to 1ms – 2ms. But for further developments, and wireless networks beyond 5G (6G for example), there is an open problem to invent new and even faster codes than Polar codes with sub-millisecond latencies. In a recent 6G symposium, an AT&T executive said that “6G networks will require 100-times the data throughput of 5G, adding edge cloud deployments will need to expand to cover ‘hundreds of thousands of millions of access points ‘basically everywhere’. Such a shift is necessary to enable sub-millisecond latency for future use cases and allow compute, storage and AI capabilities to keep pace with user requirements.” This scenario for the future 6G wireless networks includes two research areas:
1. Coding theory, with short codes that can offer better (shorter) latencies than the current standard used in 5G – the Polar codes.
2. Coding theory that addresses the challenges of the edge computing, with design of locally reparable codes; where the proposed team of researchers have a proven record of research, publications, innovations and patents.
Objectives:
- To develop, fine tune, implement, and test short error correcting codes that have better performances than Polar codes, and reduce latency in sub-millisecond ranges.
- To develop, fine tune, implement, and test locally reparable codes suitable for the edgecomputing environments that will contribute for the increase of the data throughput and will reduce the latency in sub-millisecond ranges.
Contact:
Task Leader T3.5, Danilo Gligoroski
PhD, Sahana Sridhar
Partners involved:
- NTNU.
- SINTEF Manufacturing.
- Norsk Hydro.
- Mnemonic.
- Yara.
- Equinor.
- Siemens.
- NC-Spectrum.
- Kongsberg.
- Sykehuset Innlandet.
- Oslo Politidistrikt
Network softwarization changed the way networks are build, managed, and operated. Carefully crafted solutions, being developed, tested, and refined over years have been replaced by softwaredriven solutions being deployed on standard network and server hardware. Such solutions more and more follow the cloud-native paradigm to enable highly scalable, resilient, and manageable applications. This paradigm embraces incorrect operations, bugs and failures, and focuses on robust automation to enable updates and changes frequently and predicably without further disturbances. Due to the inherent dependability of networking application on fast packet I/O, different realization paths to address this requirement have emerged. Techniques like hardware offloading and protocol independent packet processing leverage novel, programmable network cards and switching devices. As alternative to such dedicated hardware, fast packet processing frameworks like DPDK/VPP or kernel-specific solutions, i.e., uni-kernels have recently emerged. Besides, in-network computing has evolved aiming to provide computation on the data path. These different alternatives, while preserving easier implementation of solutions, result in an increased complexity of the underlying system and the need to consider those differences during design and operation. While abstractions may enable interoperability between the mentioned frameworks, they will not reduce complexity and the risk for failures. Hence, we need to tackle this complexity and provide mechanisms assuring a secure and reliable operation of the underlying system.
Objectives:
Develop competence, i.e., extend the state of art, for network softwarization. Focus will be on mechanisms allowing to improve DevOps-like network management and identify inconsistencies between intended system configuration and actual system configuration, e.g., slicing configuration, resource allocation or degree of isolation, where solutions are immature and innovation potential largest.
Contact:
Task leader T3.10, Thomas Zinner
Integrated PhD, Sebastian Gilje Grøsvik
Partners involved:
- NTNU
- SINTEF Energi
- SINTEF Manufacturing
- Norsk Hydro
- Mnemonic
- Yara
- Equinor
- Helgeland Kraft
- Siemens
- NC-Spectrum
- Kongsberg
- Sykehuset Innlandet
- Oslo Politidistrikt
In the IPN project “Semi-automated cyber threat intelligence”1 funded by the Research Council of Norway mnemonic created an open-source Cyber Threat Intelligence platform with a graph database with granular access control as the back end2. This graph database was used as input to the SOCCRATES project3 funded through the Horizon 2020 program where mnemonic used it for modelling infrastructure4. We now see the possibility to use this back end for two new use cases: asset modelling and extended infrastructure modelling. These two use cases are related as assets are part of an infrastructure. Both use cases give a user the opportunity to do analysis on the context of alerted security events, enabling automation and effectiveness of analyst operations.
Objectives:
- Automatic population of an infrastructure model for both normal office environments, cloud environments and ICS environments based on available data in security monitoring solutions.
- Automatic population of a model of all relevant data on and around an asset/server/host in an environment. Examples of information which would be relevant are IP, OS, applications, users(s), organization(s), known vulnerabilities (with EPSS5 and relevant CVSS6 from different sources), connections in/out and placement in infrastructure.
- Predefined analysis capabilities for security analysts
- Automation of knowledge extraction from the graphs
- Master student(s)
- Identification of related research challenges and application for new research projects with partners in NORCICS
Contact:
Task leader T3.11, Siri Bromander
Partners involved:
- Mnemonic
- UiO
- NTNU
As industrial systems become increasingly network-connected, the energy industry is waking up to the emerging cyber threat. Long supply chains with components from different manufacturers require a new approach and methods to ensure the necessary security in critical infrastructure. ENISA defines Supply Chain as the ecosystem of processes, people, organizations, and distributors creating and delivering a final solution or product. The security of the supply chain is an area of increasing concern. If a malicious actor can introduce spyware or a backdoor into the supply chain, then every customer downstream is at risk. There is growing evidence that service providers such as accountancy firms, legal firms, cloud providers, outsourced IT providers, and security and SOC providers, among others, are at equal risk of being used by bad actors to gain a foothold into the grid and deliver exploits that can turn out the lights and do severe damage to our economy. Despite the growing concern and the acknowledgement that addressing cybersecurity risks in the digital supply chain is a complex problem, few research works have handled it. This is even more so when managing supply chain cybersecurity risks in digitally transformed industrial settings, particularly critical infrastructures. Resilience is the ability to recover from or easily adjust to shocks and stresses. Resilience refers to a system’s ability to heal or regenerate its performance after an unexpected impact produces a degradation. Resilience is “the ability to withstand and reduce the magnitude and duration of disruptive events, which includes the capability to anticipate, absorb, adapt to, and rapidly recover from such an event.” Importantly, we regard this “ability” as technical, organizational, and human properties and resources. A resilient digital infrastructure is necessary to support the platforms of a digital economy and society. The digital infrastructure is the physical hardware and related software that enables end-to-end information and communications systems to operate. At the same time, critical infrastructures are becoming digitalized and made “smart” through the rollout of the smart grid, smart city, and intelligent transportation system projects, which further increase our reliance on resilient digital infrastructure. At the organizational level, organizations need to invest sufficiently in cybersecurity and cybersecurity plans, build a security culture among employees, and adopt securityby- design and privacy-by-design principles. The human factor is critical in preventing and addressing incidents, with people at the core of adequate OT cyber security. Tighter regulation is on the way, with the EU NIS2 directive, for example, introducing numerous mandates related to behavioral aspects, including cyber security training. Capacity building on Education and Training will help critical infrastructures meet regulatory and compliance requirements, empower teams to safeguard organizations from harm and support compliance efforts by ensuring a consistently high level of OT security awareness. Risk awareness initiatives and training are among the most cited countermeasures in the literature to foster the employees' capabilities and prepare them for the new challenges of cyber-physical supply chains. The rationale is to ensure all stakeholders in the digital supply chain in critical infrastructures understand the importance of protecting Cyber-Physical Systems and OT environments and how they can play an active role in preventing incidents.
Objectives:
- Seek to understand the impact of the NIS2 regulation on CPS and OT systems and create new knowledge to improve our understanding of the dynamics in the regulation and consequences for critical infrastructure in Norway.
- Develop, test, validate, and demonstrate novel, advanced, innovative methods according to NIS2 for preventing supply-chain-induced cyberattacks against industrial control systems in Critical Sectors.
- Develop methods and tools for training and awareness improvement on the security of the digital supply chain.
- Transfer the knowledge created within NORCICS among its user partners, other Norwegian businesses, and stakeholders.
Contact:
Task leader T3.12, Arne Roar Nygård
Partners involved:
- Elvia
- NTNU
Efforts to strengthen cybersecurity and resilience of critical sectors such as healthcare, smart districts, or manufacturing go hand in hand with technological innovations, novel approaches and measures. For instance, the advanced use of artificial intelligence (AI) and big data analytics can foster increased situational awareness and intelligence capabilities in the context of smart districts (e.g., for videobased or digital traces-based surveillance, remote monitoring). Further, technologies enabling remote presence like Extended Reality (XR), encompassing the whole spectrum of immersive technologies, are seen as a key enabler allowing to reduce physical human involvement, for instance in dangerous or life-threatening environments. XR is also expected to support new ways of professional collaboration and communication or to create new opportunities for training and education, e.g., increase preparedness through virtual reality trainings to a much larger extent than is the case today. While the abovementioned innovations and technologies (e.g., AI, XR, …) create new opportunities in the context of a secure and sustainable digitalization within critical sectors, they also often have an invisible flip side: their ethical implications, e.g., related to trust, agency, privacy, digital inequality, or bias are often under-addressed and still poorly understood due to fragmented approaches and lacking incentives to tackle them more holistically, among other things. Further, there is a lack of concrete tools and methodologies to have these ethical concerns continuously on the agenda, despite a growing policy focus on their importance. In the context of XR, as one particular focus area in this task, the huge potential to transform existing practices and enable new ones, goes hand in hand with arising ethical challenges and potential vulnerabilities, for example linked to the protection and (mis)use of personal information and digital identities. These vulnerabilities, as well as solutions to address them, are to date still poorly understood and at risk of being insufficiently accounted for in real-world scenarios and to be considered only ex post. To drive forward the potential and adoption of secure, ethical and humancentered XR experiences in the broader context of critical services, these experiences need to be wellaligned with the expectations of diverse human users and need to incorporate human capabilities, human behavior and ethical considerations in a meaningful way. This requires a thorough understanding of needs and requirements in different use cases, but also a critical framework to capture, anticipate and evaluate potential unintended consequences and ethical implications as an integral part of a human-centered process.
Objectives:
- To identify, classify and perform an in-depth study of key ethical concerns and implications linked to technological innovations and novel approaches used to strengthen the resilience and cybersecurity of critical services and sectors. This will be done by means of a critical analysis of the state of the art and a series of empirical case studies, which will result in the design of an integrated and holistic ethical framework that can be used in practice, seeking to integrate ethical considerations systematically into human-centered design and evaluation.
- To study the most salient privacy concerns and security vulnerabilities in this context and to investigate how they influence user experience and user practices, in order to map and model potential security – privacy – user experience trade-offs and derive best practices for reconciling them.
- To raise more awareness around existing barriers and challenges in the context of secure, ethical and human-centered technology experiences in critical sectors and to provide concrete tools and approaches to consider these more systematically in practice, and in various use cases.
Task leader T3.13, Katrien De Moor
Ph.D. Camille Sivelle
Partners involved:
NTNU
This task is the extension of T3.6 (Task 3.6: Autonomous Adaptive Security for 5G-enabled IoT). In this task, adaptive cybersecurity solutions for 5G-IoT in critical sectors will be developed to reduce security threats and risks. 5G-IoT has several applications, including remote surgery, industry 4.0, smart energy, smart city etc. [1]. In a 5G-IoT communication environment, devices and users communicate through the Internet which faces different dynamic cybersecurity issues, including DDoS, malware, man-in-the-middle, etc. Consequently, adaptive cybersecurity solutions need to be developed for 5G-IoT applications to protect them against evolving cyber-attacks [2]. Several innovative adaptive cybersecurity security solutions for securing 5G-IoT communication are required [3], such as intrusion detection, root cause analysis, device /user authentication, access control, etc. Although there exist several anomaly detection techniques [4] and security assurance [5], but they do not consider varying and dynamic nature of 5G-IoT for improving adaptive anomaly detection and prediction, and dynamic security assurance.
[1] Jiang, Chengzhi, Hao Xu, Chuanfeng Huang, and Qiwei Huang. "An adaptive information security system for 5G-enabled smart grid based on artificial neural network and case-based learning algorithms." Frontiers in Computational Neuroscience 16 (2022): 872978.
[2] Wazid, Mohammad, et al. "Security in 5G-enabled internet of things communication: issues, challenges, and future research roadmap." IEEE Access 9 (2020): 4466- 4489
[3] Kalaivaani, P. T., Raja Krishnamoorthy, A. Srinivasula Reddy, and Anand Deva Durai Chelladurai. "Adaptive Multimode Decision Tree Classification Model Using Effective System Analysis in IDS for 5G and IoT Security Issues." Secure Communication for 5G and IoT Networks (2022): 141-158.
[4] Jan Vávra, Martin Hromada, Luděk Lukáš, Jacek Dworzecki, Adaptive anomaly detection system based on machine learning algorithms in an industrial control environment, International Journal of Critical Infrastructure Protection, Volume 34, 2021, 100446, ISSN 1874-5482, https://doi.org/10.1016/j.ijcip.2021.100446
[5] Bena, Nicola, Ruslan Bondaruc, and Antongiacomo Polimeno. "Security Assurance in Modern IoT Systems." In 2022 IEEE 95th Vehicular Technology Conference:(VTC2022-Spring), pp. 1-5. IEEE, 2022.
Objectives:
- Enhance the security of 5G-IoT systems.
Sub objectives:
- Develop adaptive anomaly/intrusion detection and prediction techniques for 5G-IoT solutions using closed feedback loop.
- Perform validation in the defined Cybersecurity for 5G-IoT Smart Grids use case with the two scenarios from T4.1 a) detection of radio access network Denial of Service attack against the 5G Gateway terminal, and b) detection and prediction of SYNC flooding attacks in 5G enabled Smart Grid.
- Build fuzzy based dynamic security assurance methodology for 5G-IoT
Task leader T3.14, Habtamu Abie, Sandeep Pirbhulal
Partners involved:
- NR
- SINTEF Digital
- Norsk Hydro
- Siemens
- Kongsberg
- Sykehuset Innlandet
This task is the extension of T3.7 (Task 3.7 Reverse Engineering Lab)
Hardware components are crucial for ensuring the security, integrity, and reliability of computing systems, especially in the context of Internet of Things (IoT) devices. These IoT devices play a pivotal role in daily life and critical infrastructures, transmitting vital information for decision-making processes. To enhance security at the hardware level, it's essential to understand device vulnerabilities and potential attack vectors. Hardware reverse engineering (HRE) is a method used to gain insights into the inner workings of man-made devices. However, there's a noticeable gap in educational resources related to hardware security and HRE, including courses, labs, and best practices. The reverse engineering lab at NTNU Gjovik is being established under NORCICS to address future hardware security challenges through developing innovative methods, tools, and techniques in collaboration with industries, government and international research institutions. The lab is equipped with essential testing tools and is in the process of creating a master-level course on hardware security for embedded systems, set to launch in Autumn 2024. Currently, two master projects are underway focusing on different hardware security topics. The lab has been actively exploring hardware security vulnerabilities within intelligent electronic devices (IEDs) utilized in smart grids and will engage PhD/Postdoc to continue these activities.
Objectives:
The objective is to establish a reverse engineering lab at NTNU as a national arena for knowledge development, research, innovation and education. This will contribute towards improving the cybersecurity and resilience of the entire value chain in our digital society. The Reverse Engineering lab will serve as a hub and will in collaboration with partners and national/international experts to facilitate activities such as:
- Establishing Test Bench for Carrying out Research and Experimental work on hardware security under Reverse Engineering Laboratory
- Develop Test Case Scenarios for Carrying out hardware security research in Coordination with Industry Partners
- Proposal development for establishing hardware reverse engineering lab in cooperation with industry partners
Task leader T3.15, Arvind Sharma
Partners involved:
- NTNU
- SINTEF Manufacturing
- Norsk Hydro
- Mnemonic
- Yara
- Equinor
- Helgeland Kraft
- Siemens
- NCSpectrum
- Kongsberg
- Sykehuset Innlandet
- Oslo Politidistrikt
This task is the extension of T3.8 (Task 3.8 Secure broadcasting in wireless in critical systems)
The increasing use of wireless digital devices is clearly seen by the extensive use of smart phones, IoTbased devices, smart meters, medical devices, monitoring devices, and other kinds of so-called smart devices that are connected to the Internet or local area networks. Society has become increasingly depended on such devices, which consequently incudes critical sectors. In most wireless and broadcast-oriented settings, including IoT, 5G, and advanced metering systems (AMS), communication is peer-to-peer-based (or server-to-peer-based), despite aspects including group communication and collaboration, and various forms of content protection systems. Security properties that will be considered in this task include confidentiality and integrity protection, and also untraceable communication.
Objectives:
The objectives of this task are four-fold of which three objectives pertain to Kongsberg and Elvia, contributing to data transmission security in proprietary wireless critical systems:
- Innovate cybersecurity and protection mechanisms for preventing configuration leakage and data leakage for equipment testing in a novel cyber range test facility.
- Examine existing and/or innovate new cryptographic protocols, methods, and a prototype for secure industrial data communication networks (wifi, mobile, hybrid, and other) that can be used for classified information.
- Conduct a security analysis of the cryptographic design that realises end-to-end encryption between head-end system, concentrators, and smart meters. This includes evaluating cryptographic protocols and key management.
- Conduct research into new and efficient methods for secure untraceable wireless communication.
Task leader T3.16, Sigurd Eskeland
Partners involved:
- Elvia
- Kongsberg Gruppen
This task is the extension of T3.9 (Task 3.9 Assurance aware ontology-based scenario management framework for cyber range)
System security has evolved into a critical line of defense for our socioeconomic web in today's digital age. Because cybersecurity is a dynamic and multifaceted field, System Security Assurance (SSA) faces a bewildering array of challenges. Large Language Models (LLM), a powerful tool with capabilities such as anomaly detection, predictive analytics, and adaptive learning, provide a sophisticated technique for assessing and combating the rapidly evolving complex system environment. Despite LLMs' enormous promise in the field of cybersecurity, it is clear that more study has to be done before these models can be tailored and optimized for certain real-world cybersecurity applications. There are several obstacles that must be addressed and overcome on the way to successfully integrating Large Language Models (LLM) into SSA. These include issues with model interpretability, adversarial robustness, model validation and reliability, scalability and efficiency, and real-time response and analysis.
Objectives:
With the purpose of applying Large Language Models (LLM) in studying system security, this project seeks to develop a framework that properly combines LLM's analytical and adaptive capabilities into the SAA evaluation process. The defined sub-objectives to realize this aim are:
- AI Model Selection and Training: Identify and refine a LLM model, ensuring it aligns with and enhances existing security assurance techniques.
- AI-Driven Methodology Development: Craft a comprehensive LLM embedded methodology capable of quantitatively evaluating the security of IT/OT systems.
- Testing and Validation: Apply and validate the developed methodology through use cases relevant to NORCICS partners, ensuring practical applicability and efficacy.
Task leader T3.17, Basel Katt
Partners involved:
- NTNU
- Hydro
5G technology has been promoted as a solution for many diverse use-cases and application scenarios. Technologies like slicing, softwarization, multi-edge computing, massive MIMO and 5G new radio allow to tailor the technical system to support the requirements of various use-cases over a single platform. While we have been working for more than 10 years on this technology, there is still limited access to real-world 5G deployments. Accordingly, there exists a lot of unclearness about the prospects and capabilities of 5G technology, the different releases, and available commercial and non-commercial implementations.
At the same time there is a strong push to help industrial partners to use 5G technology in industrial settings, (Norwegian 5G Industry Forum, or the Norwegian public safety network (DSB)), and potential adopters ask a couple of key questions regarding 5G. These include but are not limited to i) how to securely integrate application scenarios into a 5G network and ii) if non-functional 5G properties like performance or dependability of 5G satisfy the application requirements.
Relevant Norwegian stakeholders and Norcics partners currently face a couple of challenges hindering them to address the outlined questions. They i) do not have the resources to setup and operate different 5G solution to integrate application scenarios, rigorously test them, and identify the appropriate solutions and ii) have to design, build and validate a sophisticated benchmarking infrastructure due to the lack of established benchmarking frameworks.
The proposed tasks shall act as incubator for NORCICS partners to work together on the key questions and challenges outlined above.
Objectives:
- Explore different 5G solutions, vendor-provided and open-source, and identify their applicability for industrial integration scenarios and the public safety network.
- Investigate secure integration of application scenarios.
- Define a benchmarking solution to validate the requirements of different application scenarios.
Task leader T3.18, Thomas Zinner, Stanislav Lange
Partners involved:
- NTNU
- SINTEF Digital
- SINTEF Energi
- Equinor
- NR
- Oslo Politidistrikt