Start Date: 24/06/2023
End date: 23/06/2026
VULCANO
The aim of this project is the experimental development of an integrated solution for asset management, vulnerability management and threat detection operating in a Cybersecurity Operations Centers of the electricity distribution business sector.
The VULCANO project seeks to create an innovative cybersecurity solution that offers a competitive advantage based on its adaptation to the differential characteristics of the electricity sector. These include: Geographic fragmentation; lack of standardization with proprietary assets; absence of global monitoring solutions that take into account, not only the whole typology of assets and specific types of assets and protocols used in the electricity sector, but also the entire value chain.
Features
VULCANO’s features can be grouped into five distinct blocks. Each of which show how innovative the project is, taking into account the highly competitive and segmented nature of the electrical sector´s cybersecurity market. VULCANO offers:
- Integrated solutions that allow for a correlation between the IT/OT world for the protection and control of electrical distribution infrastructures. Dynamic modeling is used to study the behavior of the assets. Based on an asset auto-discovery system, an intelligent system is established on dynamic models of relative behavior for the devices available in the network, in order to spotlight other similar devices throughout the network.
- Active and passive security threats detection and vulnerabilities of critical assets. Addressing intrinsic vulnerabilities by model and firmware version. Impact factors by position of the asset in the network topology, asset health status and events picked up in assets of the same model or hierarchical level. Deep Learning techniques will be applied in order to identify new risk levels, based on the statistics collected in other sections of the network.
- Advanced analysis of network behavior in the management and correlation of events. Behavior aggregation algorithms by similarity are used in an automatic and systematic way to analyze anomalies in network traffic.
- Security services based on container management (defined as a Docker Hypervisor to analyze IP traffic). This system will allow cost reduction in systems in tens of thousands of sites, reducing and simplifying firewall configurations, and allowing protocol breakouts between the central system and different sites.
- Management of electrical protocols and physical vulnerability management georeferenced to ensure cybersecurity of geographically dispersed assets and correlation between the virtual and physical.
Project Partners
CIC is the project leader. We are supported by Vicomtech Technology Center and COSMIKAL a local SME.
The project´s implementation is based on two end-users of reference in the electricity distribution sector: E-REDES (electricity distributor for the EDP Group) and GASELEC (Compañía Melillense de Gas y Electricidad).
Financing
This project receives funding from the National Institute of Cybersecurity of Spain (INCIBE), through the Pre-Commercial Public Procurement Instrument CPP2-2022 – R&D&I services in the field of cybersecurity.
