CYRUS is an industrial research project whose objective is to define and to develop a cybersecurity test platform demonstrator for industrial cyber-physical systems, with a focus on safety-critical systems.
Expertises:
Engineering of complex IT systems ⊕
Domaine: Transport & logistics ⊕
Innovation theme: Cyber Security ⊕
Factsheet:
The project is motivated by the increasing connectivity (5G soon) of these industrial systems, which makes them more vulnerable to the threats of cyber attacks. It will take into account the evolution of the regulatory (European Cybersecurity Act) and normative contexts in cybersecurity. It constitutes the first phase of an ambitious project aiming to develop and set up, in Wallonia, a cybersecurity test laboratory dedicated to this type of system in a wide range of industrial fields.
Cyber-physical systems (CPS), in particular the industrial ones, present specific challenges in terms of cybersecurity in comparison to traditional IT systems, due to their specific characteristics:
Due to these characteristics, cybersecurity testing methods for traditional software cannot be applied as such to CPS and therefore need to be significantly adapted.
The CYRUS project aims, for this type of system, at defining a security test procedure and architecture as well as select, integrate and implement appropriate test tools for this architecture within a demonstrator. It will produce a coherent and productive framework, including tools which enable as much as possible the automation and repeatability of the test activities. The demonstrator will allow the performance of several types of tests: functional security tests, fuzzing tests, penetration tests. It will be validated on three case studies of connected industrial systems supplied by the partners, in different fields of application (see below).
The project will also produce recommendations and a roadmap for the further development and evolution of this test laboratory.
The research will be carried out by GUARDIS, CETIC and UCLouvain on the basis of the needs and case studies provided by ALSTOM (railway sector), AISIN (automotive sector) and ALX Systems (drones sector).
CETIC brings its expertise in software and security engineering, in particular its expertise in software testing, the development of software engineering platforms and its knowledge of cybersecurity standards and the evolving certification context at European level (SPARTA project).
CETIC plays a transversal role in this project: it participates in the drafting of the state of the art, in the development of the platform and the overall test procedure and in the realization of the demonstrator. It is involved in the operational dimension of the tests for the three case studies of the project. It is closely interested in the research questions and the scientific and technical challenges surrounding this project.
CETIC and GUARDIS wish to position themselves as key players for the industrialization of the demonstrator and the eventual creation of the Walloon cybersecurity testing center for CPS.
As explained above, the CYRUS project constitutes the first phase of an ambitious project aiming to develop and set up, in Wallonia, a cybersecurity test laboratory for Cyber-Physical Systems (CPS) which are developed and deployed in all industrial domains.
An Advisory Board has been set up in order to involve in this research other Walloon players concerned by the topic.
This project is also part of the strategy of the CPSET innovation platform dedicated to Cyber-Physical Systems in the fields of Energy conversion and Transport. This platform aims at consolidating and perpetuating a new R&D eco-system in Wallonia centered on cyber-physical systems around several thematic axes of common interest. It was founded in mid-2018 by several large Walloon industrialists (including ALSTOM and AISIN) and 2 research centers (including CETIC). It is open, beyond its founding members, to Walloon players (industrials, research centers, academia) concerned by cyber-physical systems, in particular to SMEs. It aims, among other things, to promote the submission of collaborative research projects involving these different actors.
The forecast exploitation for the results goes beyond Walloon borders. The target market is indeed international and multi-domain: all companies producing or using CPS have growing needs for cybersecurity testing. The main reasons are the increasing connectivity of these systems (soon with 5G), the evolving regulatory and normative contexts on the cybersecurity of these systems (including in terms of certification) and also the demands of the customers of these companies. More and more, the latter formulate security requirements at the level of specifications such as compliance with these new standards, the provision of precise information and evidence on the level of protection and the risk incurred by these systems. They also require cybersecurity testing to be performed by organizations independent of CPS vendors to verify and ensure the level of protection of the proposed CPS.
Agenda
20.10.2022
20.10.2022
External activities
CTIS 2022
En savoir plus
19.05.2022
19.05.2022
CETIC talks
ID2Move invites you to its symposium on Autonomous Systems : “ Where Companies meet Universities " on May 19.
En savoir plus
11.02.2022
11.02.2022
CETIC talks
CETIC participates in the ICISSP 2022 online conference devoted to the security and confidentiality of information systems by presenting lessons...
En savoir plus
Publications
31.05.2022
31.05.2022
Publications scientifiques
Christophe Ponsard, Mounir Touzani, Valery Ramon, Méta-modèle des concepts et processus d’analyse des risques selon les normes de cybersécurité,...
En savoir plus
09.05.2022
09.05.2022
Publications scientifiques
Christophe Ponsard, Valery Ramon, Survey of Automation Practices in Model-Driven Development and Operations, BotSE 4th International Workshop on...
En savoir plus
01.04.2022
01.04.2022
Communication scientifique
Christophe Ponsard, Philippe Massonet, Valéry Ramon : Towards Model-Driven DevSecOps for Cyberattack Prevention, Detection and Recovery. ERCIM...
En savoir plus
09.02.2022
09.02.2022
Publications scientifiques
Christophe Ponsard, Philippe Massonet, Survey and Guidelines about Learning Cyber Security Risk Assessment, 8th International Conference on...
En savoir plus