An end-to-end integrated industrial cybersecurity framework
C4IIOT introduces a new comprehensive framework that aims to enable cybersecurity assurance in IIoT systems, referred to as the C4IIoT Cybersecurity 4.0 framework. Specifically, it bridges cyber assurance and protection, IoT machine (deep) learning, edge/cloud computing, blockchain and Big Data technologies, to offer security and privacy in an end-to-end industrial IoT environment. The fourth work package (WP4) is related to the implementation and deployment of an end-to-end integrated industrial IoT cybersecurity framework. The framework provides a holistic and disruptive security-enabling solution for minimizing attack surface in IIoT systems. Thus, there is a close interrelation between tasks performed for WP2 “Edge computing cybersecurity technologies” and WP3 “Cyber assurance and protection in an industrial cloud infrastructure”.
The objectives of this work package are:
- the implementation and integration of an identity management solution
- the implementation of a visualization and monitoring toolkit for C4IIoT data and analytics
- the implementation and deployment of the integrated C4IIoT framework that realizes the technology convergence
- the support of commercialization activities for C4IIoT
The C4IIoT Minimal Viable Product (MVP) is an initial integrated version of the C4IIoT system, aiming to demonstrate the potential capabilities of the framework, based on two basic scenarios, Logistics and Smart Factory. The figure below illustrates a high-level overview of our MVP architecture and the components within each one of the three layers of our system: Edge, Field Gateway (FG), and Cloud.
The architecture is divided into three logical layers, from those closer to the production and the machines (i.e., the edge), continuing through the field gateway layer, up to the highest-level modules that reside in the cloud. These technologies will provide a viable scheme for enabling security and accountability, maintaining privacy, enabling reliability, and providing trustworthiness within IIoT applications.
The data is being fed through the edge node layer. BACS (Behavioural Analysis and Cognitive Security) is a collection of software modules realizing anomaly detection in IIoT sensory data and network traffic flows based on machine and deep learning algorithms. Software components derived from BACS modules are present at all three layers of the C4IIoT architecture. MEDICI tool is responsible for deciding which of the low confidence decisions of the edge BACS anomaly detection module, should be further offloaded to another BACS module, either at the Field Gateway or at the Cloud. The Traffic Analysis module will run on the Factory FG simulator inspecting all the network traffic which goes through it containing attacks from IoT environments, like worms and more general attacks. In the current implementation, the secure transfer of data between FG and Cloud components and the permanent storage is ensured by data fusion bus. Its main component is Apache Kafka which is used to transfer streams of data and offer higher fault tolerance in comparison to traditional message brokers. It is thus capable of handling great amounts of data and deliver them in real time to the components that require them. Finally, the Cloud layer is where advanced anomaly detection takes place using data aggregated and offloaded from the Field Gateways. The data streams and the detected anomalies will be saved in the storage and then used by the advanced visualization toolkit (AVT), the user interface of the C4IIoT framework, which connects to Cloud Kafka to retrieve-real time data showing the IIoT devices functional data and events from the anomaly detection procedure.
The effective integration of C4IIoT components is the basis for further developments and will drive the implementation towards the release of complete prototypes. MVP release acts as proof of concept demonstrator and additionally will be used to approach C4IIoT stakeholders and validate fundamental business hypothesis.