Home   /   Portfolio   /  CSCE

CSCE

- Cyber Security Centre of Excellence and supporting technologies

Competitiveness & Growth Core Competitiveness
STATUS | Completed
STATUS DATE | 14/08/2020
ACTIVITY CODE | 6-.025

PAGE CONTENTS

Objectives

The objective of the project was to establish the CSCE as the enabler for collaborative cyber information sharing and analysis for the space and critical infrastructure sectors, developing enabling technologies supporting knowledge enhancement and information exchange specific to cyber-security with multiple aims:

  • Study, share, understand and raise awareness about cyber issues;
  • Train, test, exercise and further develop cyber-security professionals;
  • Establish a cyber-security technology test bed to develop, integrate and test advanced cyber-security technologies; and
  • Collaborate and coordinate cyber-incident response measures.

In order to develop the envisioned cyber-security services, three technology enablers have been developed within the CSCE project:

  • Collaborative coordination of Incident Response Platform (CIRP). CIRP provides a secure and near real-time environment for security operations personnel to coordinate and share cyber-incident information in order to assess impacts, identify and evaluate mitigation actions and prioritize response measures.
  • Cyber-security Integration, Test and Evaluation Framework (CITEF). CITEF provides an environment for cyber-security test and evaluation of space systems and architectures, commercial-off-the-shelf (COTS) solutions and advanced prototype technologies in emulated operational virtual environments. CITEF also enables realistic hands-on training and hosting of operational exercises through advanced end-to-end simulations.
  • Security Aware Concurrent Design Platform (SACDP). SACDP provides an integrated and multi-disciplinary engineering environment for system and software feasibility analyses supported by a cyber-security threat and risk assessment module and a secure system and software engineering requirements database.

Challenges

The project faced multiple challenges, related to the three technological platform to be developed:

  • CIRP: The CIRP platform has been designed in order to scale up to hundreds of tenants and hundreds of thousands of cyber-security tickets per year to be handled, with serious scalability challenges to be faced.
  • CITEF: The main challenge for the CITEF platform was related to ensuring a proper user experience on activities such as the design of very complex virtual environments for emulation, testing, cyber range. The construction of the virtual networks leveraging the environments, in particular, is extremely complex.
  • SACDP: The main challenge for the SACDP platform was related to the complexity of embedding multiple risk assessment methodologies on a single software platform, encompassing different levels of precision for the risk assessments outputs, depending on the system engineering phase when the risk assessment is performed

System Architecture

CIRP and SACDP leverage on a multi-tier software architecture, composed by a data tier, a back-end tier, a front-end tier and a client tier.

For CIRP, the required scalability is achieved with the usage of a micro services architecture based on Docker, allowing the platform to be deployed on multiple hardware appliances.

CITEF leverages a more complex architecture, since it is composed by a custom software layer (a multi-tier application leveraging the creation and organization of the virtual environments) and an infrastructure-as-a-service layer based on COTS software, managing the instantiation of the desired virtual environments.

The three technological platforms are developed with a combination of Java components on the server-side (mainly leveraging on micro-services) and Angular 8/HTML/Javascript for the client side.

Plan

The project started on August 2017 and concluded at the end of December 2019.

CSCE was mainly divided on two phases, with a set of reviews for each phase and for each technological platform (the three streams had different internal schedule, being CIRP the shortest and CITEF the longest):

  • Technology Phase (CIRP, CITEF and SACDP must reach TRL 6)
    • Kick-off
    • System Requirements Reviews
    • System Architecture Reviews
    • Preliminary Design Reviews
    • Critical Design Reviews
  • Product Phase (CIRP, CITEF and SACDP must reach TRL 9)
    • Test Readiness Reviews
    • Factory Acceptance Reviews

Current Status

The project has successfully concluded, with full acceptance of all the outputs from ESA.

Even if the Artes project has been concluded, the Cyber Security Centre of Excellence is fully active in ESA ESEC (Redu, Belgium) on providing the services enabled by the developed CIRP, CITEF and SACDP technologies:

  • Education and training services
  • Test and evaluation services
  • R&D and security-by-design services
  • Secure Operations Centre services

More information on www.rheagroup.com

 

Companies

RHEA Group
RHEA Group
http://www.rheagroup.com
Belgium