01/01/2016 to 31/12/2018

Detecting advanced multi-stage attacks is difficult in IT systems, but approaches towards detection and response for ICS (Industrial Control Systems) are comparatively less mature. Moreover, attacks discovered in the wild continue to evolve in sophistication. Stopping such attacks demands continual monitoring of the infrastructure and it is difficult to provide operators with targeted security status information in the face of advanced multi-stage ICS threats.
This research aims to develop and test an approach that enhances real-time cyber-security monitoring capabilities for networked ICS environments. The objective is to present information to an operator that is more closely correlated to advanced multi-stage threats, rather than individual alerts, thereby improving the ability of the operator to gauge the current security status of the system.
A threat measurement based approach will be used to investigate how the real-time cyber-security status of an ICS network environment can be measured in terms of an observable threat presence. It is hypothesised that such a status can be appraised by using suitable metrics, which may be derived by analysing, decomposing and modelling known advanced multistage threats. The analysis will target the development of threat models based on a combination of reported ICS attacks and an investigation of future potential advanced threats based on emerging trends in crimeware. A proposed solution will be implemented and tested in a test-bed environment based on a realistic factory automation environment.

Friday, 1 January, 2016 to Monday, 31 December, 2018

Project type:


Outcomes and key themes from ICT 2018 Session on Cybersecurity as key for a Digital Economy and Society

On 5 December 2018, the Digital Single Market of the European Commission sponsored a session on the topic of “Cybersecurity as key for a Digital Economy and Society”. The highly-popular session (over 90 attendees) took place on 5 December 2018 within the flagship ICT2018 Conference in Vienna, Austria.

Khalil Rouhana, Deputy Director General, EC – DG CNECT, kicked off the session with an overview of some of the most pressing issues of the day in cybersecurity:


Reinforcing Cyber Security in the EU: Building Coordinated Security, Confidence and Capability in the Cyber Domain

With 315 million Europeans using the internet each day, the provision of critical services and the functioning of a modern economy are now entirely dependent upon the robustness and safety of cyberspace and its infrastructure. Cyber security attacks are a growing source of threat and concern, while also representing a growing economic opportunity for Europe, with the market predicted to be worth over $100 Billion by 2018 (European Commission). Moreover, cyber attacks in the EU are constantly growing in both their frequency (quintuplicate between 2013 and 2017) and sophistication.