ParticipantsContact Us


WWW This Site

Introduction

Organisations large and small, public, private or commercial have become increasingly dependent on networks and computer systems to support their business operations and services. Unfortunately, as this dependency has grown, so too have the motives and capabilities of cyber adversaries to attack these networks and computer systems. Regardless of their motives, cyber attackers are often able to penetrate networks and computer systems to extract valuable information (theft), tamper with the accuracy of the information (manipulation) and overload or otherwise prevent access to needed services and systems (denial of service). Any of such tactics used by the cyber adversaries can have significant negative impacts on an organisation's business, reputation and liabilities. In the era of open networks and platforms, pioneered by paradigms such as the internet, web services, cloud computing and mobile computing, attacks find more venues to exploit the complexity and scale of use to cause increasingly substantial damages.

According to the Centre for Strategic and International Studies, Continuous Vulnerability Assessment and Remediation as well as having an operational Incident Response Capability are identified as two of the Twenty Critical Security Controls for Effective Cyber Defense. However, despite the need for these capabilities, commercial solutions do not meet the challenging demands of modern networks and systems including:

  1. Accurate identification and capture of the mission or business process dependencies on supporting networks and systems in a repeatable manner;
  2. Automated calculation of the priority systems to defend based on mission or business process priorities and a complete mapping of the supporting networks and systems;
  3. Automated collection and correlation of system configuration, status and events from multiple sources;
  4. Automated collection and correlation of cyber security system data (e.g., vulnerability scanner data, intrusion detection system data) from multiple sources;
  5. Automated assessment of mission or business process risks in response to the dynamic nature of the networks, systems and threats; and
  6. Automated development of prioritized risk response activities (courses of action) including prioritization of proactive mitigation actions in response to known vulnerabilities and reactive mitigation actions in response to identified cyber incidents.

Motivation

The concept of the PANOPTESEC consortium is to deliver a beyond-state-of-the-art prototype of an automated cyber defence decision support system to demonstrate operational use of Dynamic Risk Approaches for Automated Cyber Defence algorithms, architecture and design. PANOPTESEC will deliver this capability through an integrated and modular, standards-based integration of technologies that collectively deliver a beyond-the-state-of-the art capability to address cyber vulnerabilities and incidents in real-time.

PANOPTESEC is an ancient Greek term meaning "all eyes" or "all seeing". This term has been chosen to represent the PANOPTESEC project consortium because the overall goal of the PANOPTESEC project is to deliver a continuous cyber security monitoring and response capability.

Objectives

The objective of the PANOPTESEC consortium is to deliver a beyond-state-of-the-art prototype of an automated cyber defence decision support system that is intentionally designed to meet FP7-ICT-2013-10 Objective ICT-2013.1.5 Trustworthy ICT item (c). That is, the PANOPTESEC consortium will deliver an operational prototype as a means to "prevent, detect, manage and react to cyber incidents in real-time, and to support breach notifications, improving the situational awareness and supporting the decision-making process" required by cyber operators. "It will also develop and demonstrate advanced technologies and tools that will empower users, notably individuals and SMEs, in handling security incidents". The following table provides the clear set of project objectives intended to address the objectives of ICT-2013.1.5 Trustworthy ICT item (c).



In addition to the specific objectives of ICT-2013.1.5, in the context of the FP7-ICT-2013-10 funded Integrating Projects, the PANOPTESEC prototype also demonstrates achievement of most general objectives of the call.

Structure

This project is structured on the design and development of a working operational system that will be demonstrated on an operational network. The project is supported by commercial entities including large companies, qualified small to medium enterprises (SME), and academia in the selection and application of relevant existing research, prototypes and demonstrators to this project's innovative approach. The project is also supported by an operational user agency (ACEA), providing clear insight into operational requirements and challenges to be overcome through innovation, as well as providing access to operational network data for experimentation and operational networks for system-level demonstrations.

This project will be conducted in accordance with the principles of the agile software development methods, tailored to the needs of the project and supported by formal reviews conducted by the participant user agency. These formal reviews will be used as both primary coordination points between participants and opportunities for the user agency to confirm that anticipated project objectives and outcomes will be met.

The PANOPTESEC project will use agile software development methods in what is best described as a Light Agile Develop (LAD) approach. This means that the project will use the iterative and incremental development approach as promoted by more formalized agile methods, but "timeboxes" may be somewhat longer than strict Agile methods (i.e., 1 to 2 months instead of 1 to 4 weeks). Similarly, the "standup" meetings will happen frequencies appropriate to the increments and will take place within smaller teams for component level work packages (i.e., WP4, WP5 and WP6) and only applied to the larger team during integration activities (i.e., WP7) and demonstration setup (i.e., WP8). Distributed development teams will leverage distributed communications (e.g., teleconference) to maintain close communications.

The agile software development methods, combined with formal reviews, are wholly relevant to this kind of project. They provide a means of continuous development in iterative cycles of increasing functionality. This presents a clear opportunity within each work package to leverage iterative cycles during implementation, refinement through ongoing experiments (minor demonstrations to the users) and full system integration cycles. The agile software development methods are established and accepted by the industry as a flexible and efficient means of software delivery.

As such, it is entirely appropriate for the Project Coordinator to have a strong background in the software development and delivery of complex software projects. RHEA's experience in management of software development projects is extensive, as is the experience of the assigned Project Coordinator.

Timeline

The timing of the milestones throughtout the project duration is illustrated in the following figure.