Give it a try, and feel free to contribute to the project!

https://github.com/guard2020/guardce

The post GUARD monitoring and detection framework first release: Community Edition appeared first on GUARD.

Co-hosted at 8th IEEE International Conference on Network Softwarization (NetSoft2022), the 4th International Workshop on Cyber-Security in Software-defined and Virtualized Infrastructures (SecSoft) was held from June 27 to July 1, 2022 in Milan, Italy.

IEEE NetSoft is a flagship conference aiming at addressing “Softwarization” of networks and systemic trends concerning the convergence of Cloud Computing, Software-Defined Networking (SDN), and Network Function Virtualization (NFV).

The main purpose of the SecSoft workshop is to integrate the “Security, Safety, Trust and Privacy support in virtualized environments” conference topic. Beyond security mechanisms at the hypervisor or domain level, the softwarization of legacy security appliances, and federation schemes between multiple domains, this Workshop look ahead to more dynamic, agile, and autonomic forms of detection and reaction of advanced threats, including the persistence ones. The specific focus was on secure and trustworthy digital services, including pure virtual services as well as cyber-physical systems. The objective was to stimulate a constructive discussion on overall frameworks and specific aspects that are necessary to build wide situational awareness and to timely counter cyber-attacks: pervasive monitoring and deep inspection, cross-correlation in time and space dimensions and detection, automated control and management of complex orchestratable systems, forensics and legal investigation, trustworthiness and privacy.

The SecSoft workshop is a joint initiative from EU Cyber-Security projects: GUARD, SIMARGL, RAINBOW, PALANTIR, INSPIRE-5Gplus, SIFIS-Home, ELECTRON and SDN-microSENSE. It is based on the proven formula of mixing research papers, keynote speeches, and presentations of EU projects, being an invaluable opportunity to share thoughts, ideas, results among research communities.

GUARD at SecSoft 2022

Matteo Repetto, GUARD Technical Coordinator provided a final overview of the Project, introducing the main concepts and achievements after 3 years of research and development activities. The GUARD framework is pioneering the usage of standard interfaces to security functions to discover the topology of multi-domain digital service chains and automate the deployment and operation of detection and analytics tasks. The presentation also showed clips of the GUARD demo on detection and mitigation of Denial-of-Service attacks, a joint collaboration of CNR, CNIT, NASK and 8BELLS.

Full presentation and demos available in GUARD Youtube channel and GUARD video section.

The post GUARD overview and demo at SecSoft 2022. Secure and trustworthy digital services. appeared first on GUARD.

In the event, we will present our Smart Mobility Use Case that consists of a fleet management and end-user presentation service for private companies or municipalities that manages routes around the city, schedules maintenance times, routes, vehicle status (both for general use and maintenance). The service consists of devices installed in the vehicles and cloud applications.

The application developed by JIG and WobCom has been implemented in Wolfsburg’s bus fleet. The devices installed in the vehicles of the public transport service fleet collect location data, bus occupancy level, etc., which are sent in real time to the developed software services that ingest, clean and clearly present the status of each vehicle to the end user, providing detailed information on the status of the public transport service. The services required for the application have been deployed in Wobcom’s infrastructure with a microservices-oriented structure. This allows to deploy in a controlled way all the services necessary for the processing and presentation of the data.

The application shows all the information of the bus services, as well as the bus stops, active buses, bus status, etc., to offer the end user the possibility to plan his trip and also to give real time information about the status of the available buses. All the information collected by the devices is available to the user, who can view it by selecting the desired bus on the map. This displays information such as: the next stop, the bus occupancy level, the services offered, and the arrival time.

As a public application, it is exposed to attacks that can compromise the availability of the service, as well as the data handled by the application. The use of GUARD platform agents provides a layer of security at different levels to ensure availability, robustness, trust, and confidence. The cloud applications will be hosted on Wolfsburg City infrastructure. The Internet bridge connects to the IBIS bus of the buses to collect positioning information, operating data from on-board sensors and commands and queries from the integrated or portable user interfaces. The data will be collected and processed by the system using FIWARE services.

For more information on the use case that will be presented at the IoTSWC read our blogpost and watch the video!!!

The post GUARD at the IoT Solutions World Congress – Smart Mobility Use Case appeared first on GUARD.

Secondly, even if there is specific legislation on protection against cyber-risks, a question exists concerning how detailed that legislation must be? There are strong arguments that strict regulatory efforts can be counter-productive, because this would limit the abilities of businesses to respond adequately to the ever-evolving cyber-risks (2). Prescriptive legislation with clear obligations or even worse precise technological requirements would soon be outdated, as cybercriminals would quickly find ways to breach all prescribed security defences. Alternatively, a regulatory approach based predominantly on guiding principles may be better suited to have a positive influence on cybersecurity (3).

Often after businesses suffer a cyberattack and have their technical infrastructure or client data compromised, regulators may seek to blame that organization for not preventing an attack they deem foreseeable, even in cases where in hindsight the organization could not have reasonably expected it (4). Thus, it seems beneficial for regulators to adopt guidlines on the obligations and due diligence expected from organizations, so they cannot later be blamed when cybercriminals manage to circumvent their security systems.

Lastly, the need for certain regulatory efforts can be supported based on the lack of information and incentives for business, which makes it difficult for them to self-regulate their conduct. Firstly, it may be the case that certain businesses do not have the expertise or experience to adequately consider different cyber-risks (5). Some small businesses may even undermine the risks, believing they would not be targeted based on their size and capacity (6). This however is not a sound judgment, all businesses must have adequate security systems in place. Regulatory requirements would force board members and management to implement the needed security standards and to prioritize compliance with cybersecurity requirements (7). It may be argued that businesses are motivated on their own to prioritize their security, but this additional push would ensure that in situations where heads of businesses have to decide between additional profit and stricter security measures, they would choose the latter (8).

The regulatory efforts in the EU are of a high standard. Firstly, the EU Cybersecurity Act implemented a unified cybersecurity certification scheme, which was a beneficial development of harmonizing cybersecurity standards between Member States. Secondly, the Directive(EU) 2016/1148 on security of network and information systems (“NIS Directive”)(9) also created new requirements for Мember States that overall raised the level of protection from cyber-risks:

• EU States had to reach certain cybersecurity capabilities, this included bettering their systems, carrying out cyber exercises
• EU Member States had to enable cross-border cooperation
• EU Member States were obliged to look over critical sectors and their cybersecurity

Currently, the amended NIS II Directive(10) is underway. Time will show whether the envisioned developments will be beneficial to the overall level of cybersecurity in the EU. As established, while a regulatory guideline would be extremely helpful for businesses, organizations should still be granted enough flexibility to be able to adequately respond to the ever-changing cyber-risks.

1.- Crisanto J., Prenio J., ‘Regulatory approaches to enhance banks cyber-security frameworks’, (2017), FSI Insights on policy implementation Nº 2
2.- Cristiano, Prenio n(1)
3.- Cristiano, Prenio n(1)
4.- Archie J., Leitner L., Stout A., ‘Cybersecurity regulation and best practice in the US and UK’, LexisNexis
5.- HM Government, report on ‘Cyber Security Regulation and Incentives Review’, December 2016
6.- HM Government
7.- Cristiano, Prenio n(1)
8.- Cristiano, Prenio n(1)
9.- Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, OJ L 194, 19.7.2016, p. 1–30
10.- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148, COM/2020/823 final

This article has been produced by Law and Internet Foundation.

The contents of this publication elaborated under the GUARD project are the sole responsibility of the authors and can in no way be taken to reflect the views of the European Commission. GUARD has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 833456.

The post Can regulation limit cyber-risks? appeared first on GUARD.

We expect the book to be interesting for the broad group of researchers, engineers, and professionals working in computer science and IT business units using intelligent modelling to support their interdisciplinary projects and applications in distributed cloud systems and data-intensive computing domains. We believe they can find a valuable survey of the recent modelling technologies and compelling use cases.

Table of Contents
1.- A Reference Architecture for Management of Security Operations in Digital Service Chains
Alessandro Carrega, Giovanni Grieco, Domenico Striccoli, Manos Papoutsakis, Tomas Lima, José Ignacio Carretero et al. Link Springer
2.- Monitoring Network Flows in Containerized Environments
Matteo Repetto, Alessandro Carrega – Link Springer
3.- Intelligent Transportation Systems – Models, Challenges, Security Aspects
Joanna Kołodziej, Cornelio Hopmann, Giovanni Coppa, Daniel Grzonka, Adrian Widłak – Link Springer
4.- NAD: Machine Learning Based Component for Unknown Attack Detection in Network Traffic
Mateusz Krzysztoń, Marcin Lew, Michał Marks – Link Springer
5.- Detecting Unknown Cyber Security Attacks Through System Behavior Analysis
Florian Skopik, Markus Wurzenberger, Max Landauer – Link Springer
6.- Signature-Based Detection of Botnet DDoS Attacks
Paweł Szynkiewicz – Link Springer
7.-Automatic Attack Pattern Mining for Generating Actionable CTI Applying Alert Aggregation
Markus Wurzenberger, Max Landauer, Agron Bajraktari, Florian Skopik – Link Springer
8.- Blockchain-Based Task and Information Management in Computational Cloud Systems
Andrzej Wilczyński, Joanna Kołodziej – Link Springer
9.- Ethics in Cybersecurity. What Are the Challenges We Need to Be Aware of and How to Handle Them?
Denitsa Kozhuharova, Atanas Kirov, Zhanin Al-Shargabi – Link Springer
10.- A Discussion on Ethical Cybersecurity Issues in Digital Service Chains
Frédéric Tronnier, Sebastian Pape, Sascha Löbner, Kai Rannenberg – Link Springer

This book belongs to the series Lecture Notes in Computer Science (LNCS), including its subseries Lecture Notes in Artificial Intelligence (LNAI) and Lecture Notes in Bioinformatics (LNBI), has established itself as a medium for the publication of new developments in computer science and information technology research, teaching, and education.

DOI https://doi.org/10.1007/978-3-031-04036-8
Publisher: Springer Cham

The post Springer Book: Cybersecurity of Digital Service Chains Challenges, Methodologies, and Tools appeared first on GUARD.

The session “Building Detection and Analytics Pipelines for Digital Service Chains” hosted by the IoT Solutions World Congress and Industrial IoT Consortium on April 5th 2022, provided a brief overview of this evolutionary process, by reviewing different interfaces and models for cyber-security models for cyber-security capabilities and by describing how GUARD builds on this concept to assist security operators in the creation and management of analytics pipelines for digital service chains.

In the second part, a use case for the GUARD framework was presented in the smart mobility domain. The use case considers a fleet management service built for the city of Wolfsburg in Germany made of multiple digital services: an application, a cloud infrastructure, a backbone network, a LoRaWAN network, IoT and devices. The Use Case will show how security agents can be embedded in different digital services (cloud, LoRaWAN gateways, Kakfa brokers) and how their capabilities are orchestrated by the GUARD platform to define custom analytics pipelines at run-time to collect relevant data, events, and measurements from heterogeneous domains and infrastructures.

Enjoy it!

The post Building Detection and Analytics Pipelines for Digital Service Chains appeared first on GUARD.

Organised by the CyberSANE project, and supported by the FIWARE Foundation, the workshop aims at gathering the projects from the SU-ICT-01-2018 H2020 call, C4IIoT, CARAMEL, GUARD, SAPPAN, SIMARGL, and SOCCRATES, to share the main progress of the projects, create synergies and set a common ground for standardisation activities.

Moreover, experts representing each project will discuss the different approaches to the common problem of attack detection and situational awareness in different environments.

Download pdf for more information! SU-ICT01_Joint_Workshop

Registration and Agenda here.

The post 2nd Joint Workshop Dynamic Countering of Cyber-Attacks appeared first on GUARD.

More than ever before, companies are fast speeding their digital transformation, with data at the center of it. Through the introduction of new architectures and patterns in many sectors, the ICT industry is delivering more agility in the creation and management of new services and products, based on the provisioning of basic digital services that can be easily combined together to create more complex and extended business chains. With multiple services moving online and ICT infrastructures that are growing in complexity and acquiring a multi domain nature, cybersecurity has become crucial to the digital world.

Having said that, tactics and ongoing EU projects are lending a helping hand with regards to safeguarding organizations and individuals’ data, with several use cases already underway to support robust, transversal and scalable ICT infrastructures resilient to cyber-attacks.

Within this context, we’ve had a talk with Paolo Secondo Crosta – Head of Innovation LAB & Research Programs at Italtel S.p.A., to discuss how open, holistic and end-to-end approaches are tackling the dynamicity and unpredictability of such complex environments where critical infrastructures and large chains are involved.

Guard has developed an open and extensible platform for advanced protection of trustworthy and reliable business chains, spanning multiple domains and heterogeneous infrastructures. The project is currently demonstrating the platform applicability, security and privacy features in Smart Mobility and e-Health domains, to mention but a few.

Tune in and learn what the project is all about, the many other industrial domains that can benefit from it and how Itatel is using its expertise in designing 5G, IoT, Cybersecurity solutions to benefit as well as contribute to the advancement of the Guard platform.

The post Managing security of digital services in the emerging ICT market sectors appeared first on GUARD.

Guard project partners from Law and Internet Foundation have contributed to the ECSM with the following publication “GUARDing the cybersecurity of your enterprise”. Enjoy it!

In view of the 2030 digital compass strategy for digitalization of Europe and the COVID-19 pandemic the need to enhance the EU’s digital sovereignty becomes one of the main EU policies. The cyber threats rapidly developed as the social, economic, and political relations in the European community changed and this addressed the need for citizens and businesses to take additional cybersecurity measures to ensure their assets and personal information.

Due to the physical restrictions, the implemented COVID-19 measures, and the continuous and strict lockdowns, the behavior of both people and business entities has changed. The fight with the COVID-19 pandemic situation forced many businesses to shift their work online using digital platforms to communicate remotely. People, on the other hand, moved to their home offices and thus changed their shopping and spending habits. They started to purchase from online grocery shops, order their food through apps and look for sources of entertainment in applications that require the submission of sensitive personal and payment details. All these changes led to new opportunities for cyber attackers whose target group increased, and potential benefits grew.

The pandemic affected negatively the lifeblood of the European community – the small and medium European businesses. Those who survived managed to quickly and successfully adapt and rapidly transformed their business environment and services to the shifted online demand. However, most of their employees were moved to work from home and thus had to access the company’s sensitive business data remotely which led to vulnerability and increased threats to the cyber security of the inexperienced business entities.

In this article, we are going to discuss the most common forms of cyber threats, and recommendations of how small and medium businesses can implement good practices for preventing cyberattacks and protecting their sensitive business data. At the same time, if you are an employee, you can learn some useful tips for keeping good cyber hygiene.

In recent years ransomware is named in the EUROPOL’s Internet Organized Crime Threat Assessment reports number one cyber threat to legal entities both in Europe and in the world in general. Ransomware is software designed by criminals to prevent computer users from getting access to their own computer system or files unless they pay money. It is a type of malware that locks or encrypts data and the victim should pay a certain amount of money to regain access to the encrypted information. It could have a severe and long-lasting impact on a single person and even shut down a whole business if appropriate measures are not taken and suspicious websites are entered without caution.

Ransomware infection can occur in numerous ways such as email attachments, malicious URLs, Remote desktop protocol, Malvertising (an attack in which perpetrators inject malicious code into legitimate online advertising networks) or through pirated software, USB drives and portable computers. Companies should spread awareness over the issue among their employees and ensure that adequate prevention measures such as ensuring that their electronic devices are secured with the latest up-to-date version of a credible antivirus and anti-malware software who is updated regularly. You need to make sure that your server scans and filters suspicious emails and attachments. Always look at the subject of the mail and before helping to your newly acquainted Nigerian prince friend and give your payment details think about the maxim “If something is too good to be true in appearance, it probably is too good to be true in reality.” Your system must be backed up periodically and those backups stored in various places both online and offline. Strong password is an essential when it comes down to cybersecurity. For this purpose, you can use cloud storage and external hard drive storage. Another useful tip is to use a trustworthy Virtual Private Network (VPN) when accessing those tempting free Wi-Fi hotspots. Lastly do not pay the offenders in any case as this will only encourage them to continue, you would rather contact the authorities and try the free decrypting tools available online thanks to Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police, Kaspersky and McAfee who have project called “No more Ransom” which aims to help victims of ransomware to get their information back without having to pay to the criminals.

As a legal precaution, if you rely on other firms to provide your services to your customers, you may include a clause in the contract stating who is liable in case of a data theft resulting from a cyberattack. In this light is the Travelex cyber ransomware case where after infecting the company’s database with ransomware malicious software the hackers sought $6 million in exchange for restoring the stolen personal data.

The difference between ransomware and malware is that ransomware is a type of malware but the opposite is not always true. Malware is usually a malicious act such as virus, worm, trojan horse, spyware, rootkits, spambots or cryptojacking that seeks to damage data, steal data, or disrupt digital life in general. Unlike ransomware, malware can be removed relatively easy by antivirus software. It will not destroy your business, but it can reduce the performance of your software, take control over your data and resources which will cause you a lot of trouble and you can lose a lot of money.

Marcher android banking malware is one of the most dangerous types. It is a phishing malware that targets Google play users and steals credit card credentials by tricking people to enter them on a fake window screen. Marcher evolved over the years, and it can also be found on the PayPal platform, and other samples were reported to target a broad range of banks across various countries. The malware lures users into logging into their accounts by spoofing notifications from the apps. Once they log into the app their credentials are stolen.

The best way to avoid getting infected with malware is a good mix of prevention and reliable antivirus software. No matter which browser do you use, the first thing you should do is to set a plugin that removes unwanted ads, messages, pop-ups and restricts malware. The next thing you should do is to be careful when you install free software because even if the software itself is okay sometimes it is accompanied with a redirecting software or hacking tools which will put your device and system in danger. Always read carefully to what do you agree while installing a new software. Additionally, you should not take your mobile phone security for granted. While mobile phones are generally safer devices, especially the IOS system-based devices, nowadays we shop and pay our bills using our mobile phones and our digital wallets. You should install an antivirus application and run it regularly as well as not storing your credit/debit card credentials because the time saved can cost you a lot. And finally, if a person who you barely know sends a suspicious link on a chat application followed by a short message such as “it is you” try to resist your natural born curiosity and ignore the message or follow up with the person before clicking on the link.

The list will be incomplete without mentioning the phishing emails which usually contain links to a website infected with malware or state that your bank needs your personal information, security or pin codes or directly ask you for money transfers. Companies should raise staff awareness about the risks of teleworking and the serious damages that cyber threats could cause. If they want to limit the risk of negligent behavior, they should provide secure remote access by establishing specific rules and guidelines for safe usage of the corporate database, secure the teleworking equipment, secure the corporate communications in the firm, increase the security monitoring, and keep device operating systems and apps updated. Employees should sign explicit declarations stating that they will comply with the requirements for safty and security as well as that they will refrain from using the company’s devices for personal use.

After we reviewed the most common cyber threats and their negative impact on the business and individuals, we would like to review the impact of cyber threats on one of the most sensitive and vulnerable public sector – the healthcare.
Healthcare facilities hold some of the most sensitive and vulnerable information about us. The patient’s record contains not only valuable financial information but more importantly, it contains information about our physical and mental health conditions which are considered as special category of personal data according to art. 9 of the GDPR. With the development of the modern and globalized world, arises the need for electronic health records and information which needs to be stored and transferred easily between local health institutions or even worldwide. While this need increases every year, patients are concerned about the vulnerability of their personal data and the risks all their medical history being stored online.

During the year 2020 the cyber-attacks hit the frontline COVID – 19 fighters dealing with the situation including hospitals, pharmaceutical companies, and biotechnology labs.

Cybercriminals are targeting the healthcare sector for three main reasons. First of all, it is the financial gain. As mentioned above, the health records contain very sensitive and valuable information. The healthcare providers typically pay off the ransomware attacks even if they can recover those sensitive patient records even if they can recover them from their backup system because they must put life and death urgency in the highest priority. The healthcare industry lags as it comes down to cybersecurity digital literacy among its personnel combined with insufficient enforcement of the regulations and outdated software, making it easy malicious cyber target. According to the 2020 Unit 42 IoT Threat report of Palo Alto Networks, Inc 83% of the medical imaging devices run on unsupported operating system. Hacking the system of a hospital can be also an entry point for a national security threat as it can shut down the medical facilities of a whole city.

Compliance with the current European and national legislation is critical when managing patients’ records. Zero trust security approach should be implied meaning enterprise businesses should not automatically trust any information either from inside or outside its perimeters. All business sectors should verify the credential of everything that is trying to connect to their systems before granting access.

The second architectural approach which should be implemented is the network ring. This method limits the damage hackers can do even if they can get into the network as they will be trapped within that ring. Healthcare facilities must start prioritizing efforts to secure their data. They should stay aware of the cyber threats targeting the industry. Keeping an IT staff up to date with the threat indicators and discovering the vulnerabilities in the network structure. Older versions of Windows are not kept up to date with the current threats. Penetration tests must be conducted at least twice a year as part of the prevention policy. Improving the security hygiene can prevent catastrophic ransomware attacks and data breaches.

Similar are the challenges in front of the GUARD project who is funded by the European commission. The purpose of the project is to increase the information base for analysis and detection, while preserving privacy, to improve the detection capability by data correlation between domains and sources, The distinctive approach of GUARD will be the architectural separation between analysis and data sources, mediated by proper abstraction. This paradigm will result in an open, modular, pluggable, extendable, and scalable security framework. This holistic solution will blend security-by-design with enhanced inspection and detection techniques, raising situational awareness at different levels of the companies’ structure by tailored informative contents, so to enable quick and effective reaction to cyber-threats.

This article has been produced by Law and Internet Foundation.

The contents of this publication elaborated under the GUARD project are the sole responsibility of the authors and can in no way be taken to reflect the views of the European Commission. GUARD has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 833456.

The post GUARDing the cybersecurity of your enterprise appeared first on GUARD.

Unlike other blockchain-based solutions, the proposed model uses Proof of Stake, which does not have high requirements for computing power. A series of conducted experiments confirmed the high efficiency of the proposed model.

Read the full paper here!

The post Security aspects in blockchain-based scheduling in mobile multi-cloud computing appeared first on GUARD.