Cyber attacks against critical infrastructures can have significant impact and cause material and financial losses. For example, such an attack against an electricity network, made in December 2016 in Ukraine, caused a major blackout, a type of event with an estimated average cost of €20 million per hour. The Innovation Activity of EIT Digital works for developing a cloud based Security Operations Centre for detecting and responding to attacks made against critical infrastructures.
The EIT Digital “Security Operations Centre for Critical Infrastructures” Innovation Activity focuses on protecting critical infrastructures against so called advanced persistent threats. These threats are executed over a long period of time by skilled attackers with significant resources at their disposal.
Dr. György Dán, associate professor at the Swedish KTH Royal Institute of Technology and the leader of this EIT Digital Innovation Activity commented, “Our mission is to provide improved resilience for critical infrastructures and for society in general against cyber-attacks. This can be achieved through developing a cloud-based security operations centre – SOC – as a service and a corresponding business model for selling it.
“The SOC’s customers are operators of various critical infrastructures, such as, communications, energy, heat, water and gas. The service will be integrated in the existing operations and offerings of the EIT Digital partners participating in this innovation activity.”
Typically, the attackers try to execute their attacks in a way that the true cause of the infrastructure malfunction cannot be detected. The Security Operations Centre helps to reveal an attack before it reaches its goal, and will inform the client within 30 minutes after detecting the attack.
Dr. Dán continued, “The SOC will improve the detection capability by collecting in real-time log data from legacy devices, analysing streaming data and making security sensors more resilient against attacks. The response capability is further improved as the Security Operations Centre personnel is able to collect log data on demand for the root cause analysis and forensics after the attack is detected.”
Provided as a service, the infrastructure operator gets access to the state-of-the-art threat intelligence, latest computing technologies and the expertise of a team of cyber security experts for continuous threat protection.