SEGRES: emulating the human immune system to develop industrial cybersecurity
Investigate how the latest trends in decentralised identity models, currently applied to individuals, can be adapted to the context of Industry 4.0. This is the aim of the SEGRES project, in which Izertis participates, which seeks to generate disruptive innovations in the field of industrial cybersecurity, developing an industry that is resilient to complex attacks through research into artificial immune systems - SECURITY and RESILIENCE. The research scope focuses on a new generation of cybersecurity technologies inspired by the functionalities of the human immune system, to protect industries against the complex cyber-attacks they face and thus improve their resilience to them, and consequently their sustainability, competitiveness and efficiency.
The Segres project proposes a series of solutions structured in five differentiated activities
The number of cyber-attacks has grown significantly in recent years in all institutional and business areas. The industrial sector is not exempt from attacks whose materialisation could have a very negative impact on the business, with economic, environmental or reputational consequences: data theft or hijacking, IPR theft, malfunctioning or downtime or damage to machines, modification of set points leading to quality losses in manufactured products, or even situations causing spills into the environment, or data manipulation leading to major errors in the production chain. What is being detected is that cyber-attacks in industry are becoming increasingly sophisticated, through the latest technological advances such as AI, with a greater understanding of industrial processes and a holistic view of companies.
The Segres project proposes a series of solutions structured in five differentiated activities led by the entities with the greatest interest in promoting research in the specific field. These activities are made up of different tasks where the complementarity and synergies of the consortium will ensure the success of the proposed research. The activities identified are:
- Research on the artificial immune system.
- Situational awareness.
- Innate immunity.
- Adaptive immunity.
- Industrial experimentation.
Milestones achieved
It has been a great experience in which we have broadened our knowledge of the cybersecurity domain
Only a highly technological consortium, specialised in cybersecurity and disruptive technologies, is capable of developing this ground-breaking innovation. The challenges facing Izertis were, in addition to the protection of system elements, especially IoT devices, the identification of the risks faced and the protection policies in place, detecting potential attack situations, their impact and the capacity for response and recovery. Also that the system is able to benefit from its own protection experience or from the experience of similar systems.
"It has been a great experience in which we have expanded our knowledge of the cybersecurity domain and answered challenges from a Machine Learning point of view. Working with other members of the consortium, such as S2 and Alias Robotics, has allowed us to grow a lot," says Gema Parreño, Senior Data Scientist at Izertis.
The milestones highlighted by Izertis are as follows:
- Building a database based on cyber-intelligence graphs based on industrial control systems from vulnerabilities to mitigations. The technology consultancy has expanded the MIT Alpha Group's Open Source database to include the MITRE ICS Matrix. This milestone grants "a differential value proposition to the cybersecurity analyst, as it connects the whole mental model of threat modelling with mitigations, offering a broad but also detailed view, from MITRE tactics to the configuration of the affected NIST product, saving time for Blue Team members", explains Parreño.
- The second milestone is focused on the development of a productivity piece of software based on Machine Learning, combining binary classification and multi-class classification models connected to Suricata's intrusion detection system, updating the attack signatures according to the known attacks towards the different devices that make up the system, from the PLCs to the UR3 robotic arm. The main value proposition from the point of view of this piece is the transformation of network .PCAP files into contextual network information for updating attack signatures. In addition, the architecture allows retraining to handle challenges such as data drifting or concept drifting. A curiosity pointed out by Gema Parreño: "This piece is named after Kirby, named after the iconic Nintendo video game character known for devouring obstacles in his path".
Segres Consortium
The SEGRES consortium is led by S2 Grupo, a nationally and internationally recognised company in the field of cybersecurity. The rest of the consortium is made up of two other large companies such as Wellness, a specialist in different areas related to IoT, CPS and Edge Computing, and Izertis, a specialist in DLTs and artificial intelligence. The consortium is complemented by three SMEs: Cryptonics (Blockchain specialist), Alias Robotics (cybersecurity specialist in the field of robotics) and Codesyntax (advanced visualisation specialist).
Three IOs are involved in the consortium as subcontractors: Tecnalia, with its extensive experience in artificial intelligence and Big Data applied to cybersecurity and DLTs; the University of Malaga, expert in the field of cybersecurity applied to the IIoT, CPS and the Digital Twin, and the University of León, specialist in Digital Twins.
This project is subsidised by the Centre for the Development of Industrial Technology (CDTI) and supported by the Ministry of Science, Innovation and Universities within the Science and Innovation Missions programme: (EXP 00131359 / MIG-20201041).