www.eurecat.org

Unit of IT SecurityCapabilities

www.eurecat.org

IT Security – The Unit

• The IT Security Unit of Eurecat is formed by a multidisciplinary team (computer, electronic andtelecommunications engineers, mathematicians and ethical hackers) that carry out both researchand innovation activities in cybersecurity and ethical hacking actions on technological devicesand infrastructures

• IT Security has extensive experience in different sectors such as critical infrastructure,automotive, health, public administration, electronic voting and financial, among the mostrelevant.

www.eurecat.org

IT Security – Areas of knowledge

Eurecat was Involved inwriting ENISA report onrecommendations inelectronic identitysystems authentication

Cibersecurity

Cryptography

DistributedSecurity

Digital Identityand Privacy

Cybercrime (Deep Web), Cyber Threat Intelligence (Prevent, detect and respond to sophisticated cyber threats), Ethical Hacking, Radio Frequency Security (SDR), etc.

Access Control Systems, AdaptiveAuthentication, Implicit Authentication, User-Centric Approaches, Identity & Blockchain, Interoperability, etc.

Distributed Security (Cloud Fog & Edge Computing), Security in Mobile Platforms, Artificial Intelligence (Machine and Deep Learning), Secure SDLC, Post-Quantum Cryptography, Blockchain Technology, etc.

www.eurecat.org

IT Security - Laboratories

www.eurecat.org

IT Security – Application areas

Penetration testing (IoT, PLCs, ECUs, etc.)

Vulnerability Analysis(Industrial networks

and criticalinfraestructures)

AI-basedsolutions

Blockchain-based

solutions

AppliedCryptography

Identity and authentication

systems

DistributedSecurity solutions

Pattern-based

solutions

DetectProtectIdentify

Analysis of vulnerability

impact

Threat Intelligence

CriticalInfraestructures

IT Networks

OT Networks

Industry4.0

IoTCloud

ServicesMobile devices

Social Networks

Call of Interest and capabilities for the topic SU-INFRA-02-2019

“Security for smart and safe cities, including for public spaces”

www.eurecat.org

www.eurecat.org

Full audits

• The automation of productive processes is one of the aspects that has evolved most in the industry

• The integration of classical technologies, such as mechanics and electricity, with more modern ones (electronics, IT, telecommunications, Internet of things, etc.) is creating a series of interdependenciesbetween them, causing the digitization of productive and basic services sectors

• In every digitization and automation process started on an infrastructure, intelligent sensors and actuators must be deployed to support the new productive and service model.

• Other devices (smartphones, tablets, connection points, Wi-Fi, RF, GSM, etc.) are also required, which will send and receive information through the IP protocol, integrating the internal network of the organization through the global network (Internet).

www.eurecat.org

Objectives of a Full Audit

• The main objective is the analysis of risks and evaluation of the security of a critical infrastructure.

• This analysis includes aspects of both logic security (cybersecurity), and physical security (safety), its impact, and the necessary actions to be performed.

• As a summary, the most specific objectives of a complete audit - including pen-testing tasks - are indicated:– Study and understanding of the infrastructure digitalization project,

– Search for public information,

– Analysis of networks and communications,

– Analysis of systems and infrastructure,

– Analysis of applications and databases,

– Analysis of industrial protocols,

– Impact analysis,

– Definition of technical measures,

– Definition of organizational measures,

– Support to the digitization process.

Comprehensive management of critical infrastructure: detection of threats and attacks

Objective: detect unknown and combined attacks and threats

1. Big Data Architecture in the field of security. There are architectures likeApache Metron or OpenSOC.

2. Sensors for collecting information from different sources: IT logs, operations, context, social, intelligence centers, etc.

3. Design, implementation and deployment of solutions based on artificial intelligence for the detection of unknown threats and attacks, such as zero-days and APTs.

4. Intelligence sharing center: interoperability of information from incidents, vulnerabilities, threats and attacks.

Comprehensive management of critical infrastructure: detection of threats and attacks

Integral Segurity: Physical access

1. Detect intruders in delimited areas.

1. No cameras; no privacy vulnerability

2. Detection through walls, furniture… no dead angles

3. Detection without the need of light

4. No additional installation

2. Counting of people in a room.

1. Control of the capacity of the rooms

2. Detect number of people in case of accident

www.eurecat.org

Projects on Cybersecurity

PROJECT H2020: STOP-IT

STOP-IT focuses on the strategic, tactical and operational protection ofcritical water infrastructures against physical and cyber threats

Anomaly detector capable of detecting unknown anomalies in real time usingdifferent sources of information (physical and cyber)

o with automatic learning skills,

o and with the supervision of a specialist that validates the complex threats.

PROJECT RIS3CAT: SECUTIL (leaders)

Security and cybersecurity solutions in Utilities for critical infrastructure protection.

• Anomaly detector

• Securization of IoT infraestructures.