The CitySCAPE project has defined and developed a set of tools to monitor and maintain the security properties of multimodal transport information systems.
These systems are characterized by their large size, complexity, multidomain nature, and being cyber-physical safety-critical systems. They combine all the most challenging characteristics of cybersecurity management due to their combination of high complexity and sensitivity.
During the first two years of the CitySCAPE project, the specification and development of a dedicated framework have been performed. This framework is an advanced combination of sensors, supervisions, and risk management tools that provide system owners and technical managers with very powerful capabilities. However, the technical framework is not the only result provided by the project. A complementary assurance methodology has been defined to go along with this technical framework.
However, even with carefully defined processes and tools, we have been able to experience and assess the need to tailor their deployment in the demonstrations.
It is often expected (since IT systems are technical systems) that IT security can be technically and automatically protected, e.g., one firewall to protect them all, one anti-virus to find all malware, and one IDS to stop everything else. But cybersecurity is not that simple, or rather, let’s say that it’s not universal. Security in IT systems is a property that is fully dependent on each system’s specific architecture, technologies, purposes, and environment. This is something that we have clearly been able to understand while deploying the CitySCAPE framework in the two use cases provided by the cities of Tallinn and Genoa.
Specific protection deployments: Each demo demonstrated (very) different setup challenges and difficulties, such as connection limitations or security countermeasures blocking traffic between security elements in one case and not the other, default IDS rules efficient in the first context but needing adaptation in the second to suit specific configurations.
Specific threat analysis: DoS attacks are not relevant in all scenarios, and there are different architectures with different types of technologies and elements to protect (mobile applications, vehicle IVN, back-up servers, etc.) present in one case and not the other.
Specific supervision capabilities: Based on the two previous points, we have also been able to identify that security alerts required and obtained to supervise potential threats applicable to the two different systems were also very different (in quantity, clarity, or verbosity depending on the context, etc.)
Security is something that is almost never obtained by magic. If technical tools need to be gathered to protect a system, methodologies and expertise to deploy and supervise their results are as mandatory as their deployment to face each system’s security specificities. The two different deployments of the CitySCAPE solution demonstrated how CitySCAPE greatly contributes to this challenge by not only providing technical tools to protect systems (IDS/IPS, SIEM, etc.), but also by providing the global tool-assisted procedure to define their deployment goals and provide the required expertise to exploit the system results in each specific environment thanks to dedicated training activities.