Artificial Intelligence Threat Reporting & Incidence report system
The European-funded project IRIS, which consists of 19 partners from 12 European countries, officially launched its activities with the organisation of the virtual consortium kick-off meeting held in September 2021.
As existing and emerging smart cities continue to expand their IoT and AI-enabled platforms, novel and complex dimensions to the threat intelligence landscape are introduced. These are linked with identifying, responding and sharing data related to attack vectors, based on emerging IoT and AI technologies, whose architecture and behaviour are not currently well understood by security practitioners, such as CERTs and CSIRTs. This lack of experience, as well as of tools for detecting and reporting IoT and AI attack vectors is further aggravated by potentially greater safety risks caused by such attacks.
The H2020 IRIS project aims to deliver a framework that will support European CERT and CSIRT networks detecting, sharing, responding and recovering from cybersecurity threats and vulnerabilities of IoT and AI-driven ICT systems, in order to minimise the impact of cybersecurity and privacy risks. The IRIS platform will be made available, free of charge, to the European CERT and CSIRTs, by the end of the project.
IRIS’ concept is proposed as a federated threat intelligence architecture that instates three core technological and human-centric components into the threat intelligence ecosystem:
• The Collaborative Threat Intelligence module: it forms the nexus of the IRIS framework and core component of the architecture enhancing the capabilities of the existing MeliCERTes platform by introducing Analytics Orchestration, an Open Threat Intelligence interface and an intuitive Threat Intelligence Companion. All these are supported by a Data Protection and Accountability module;
• The Automated Threat Analytics module: it collects and supplies key threat and vulnerability assessment telemetry and responds to received intelligence, initiating autonomous response and self-recovery procedures;
• The Cloud-based Virtual Cyber Range: it delivers an immersive virtual environment for collaborative CERT/CSIRT training exercises based on real-world environment platforms (and Digital Twin Honeypots), providing representative adversarial IoT & AI threat intelligence scenarios and hands-on training.
The IRIS platform will be demonstrated and validated in three carefully selected pilots resembling real world environments with the engagement of three smart cities (Helsinki, Tallinn and Barcelona) along with the involvement of national CERTs, CSIRTs and cybersecurity authorities.
“IRIS is uniquely positioned to provide a high impact solution to support the operations of European CERTs and CSIRTs for coordinated response to large-scale cross-border cybersecurity incidents and crises,” mentions Mr Nelson Escravana from INOV, the Project Coordination Team.
“We are looking forward to contributing to IRIS through our ongoing work on standardisation, sector-specific requirements and CISO community-building. With our Working Group 3 on Cyber Resilience of Economy, Infrastructure and Services, we’ll be able to engage with key stakeholders to validate policy recommendations and facilitate public-private collaboration on information-sharing and cyber threat intelligence that will strengthen IRIS’ collaborative approach centred around CERTs/CSIRTs.”, says ECSO Senior Policy Manager Nina Olesen.
The IRIS consortium comprises of public organisations, SMEs with cutting-edge cyber technologies, large industries as service providers, as well as research and academic partners with significant achievements to cybersecurity and privacy technologies.