CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems. The purpose of creating such policies will be to enhance the trustworthiness of cyber systems and provide a sound basis for liability in cases of security and privacy breaches in them. The framework will be supported by a platform of tools enabling an integrated risk cyber system security risk analysis, certification and cyber insurance, based on the analysis of objective evidence during the operation of such systems. CyberSure will develop its cyber insurance platform at TRL-7 by building upon and integrating state of the art tools, methods and techniques. These will include: (1) the state of the art continuous certification infrastructure (tools) for cloud services developed by the EU project CUMULUS; (2) the risk management tool of NIS enhanced by the NESSOS risk management methodology; and (3) insurance management tools of HELLAS. The development of the CyberSure platform will be driven by certification, risk analysis and cyber insurance scenarios for cyber system pilots providing cloud and e-health services. Through these, CyberSure will address the conditions required for offering effective cyber insurance for interoperable service chains cutting across application domains and jurisdictions.
The twenty-first century experiments a digital revolution that simplifies flight and cross-border. Digitalization contributes to leverage information sharing, reduce exploitation costs and improve travel experience, but it also blurs the lines between virtual world and reality with serious security matters. In the meanwhile airports face a daily challenge to ensure business continuity and passengers’ safety. SATIE adopts a holistic approach about threat prevention, detection, response and mitigation in the airports, while guaranteeing the protection of critical systems, sensitive data and passengers. Critical assets are usually protected against individual physical or cyber threats, but not against complex scenarios combining both categories of threats. In order to handle it, SATIE develops an interoperable toolkit which improves cyber-physical correlations, forensics investigations and dynamic impact assessment at airports. Having a shared situational awareness, security practitioners and airport managers collaborate more efficiently to the crisis resolution. Emergency procedures can be triggered simultaneously through an alerting system in order to reschedule airside/landside operations, notify first responders, cybersecurity and maintenance teams towards a fast recovery. Innovative solutions will be integrated on a simulation platform in order to improve their interoperability and to validate their efficiency. Three demonstrations will be conducted at different corners of Europe (Croatia, Italy and Greece) in order to evaluate the solutions in operational conditions (TRL≥7). Results and best practises will be widely disseminated to the scientific community, standardization bodies, security stakeholders and the aeronautic community. Finally, SATIE paves the way to a new generation of Security Operation Centre that will be included in a comprehensive airport security policy.