Improving supply chain resilience for a secure industry

September 7, 2023 - Words by Joao Pita Costa

September 7, 2023
Words by Joao Pita Costa

Continuing a successful line of contributions towards the security of European industry, the XLAB Research team has closed yet another chapter in its excellent portfolio of innovative solutions for enhancing the security and resilience of European infrastructure. 12 partners came together to pursue a common goal of developing a coordinated framework for cyber resilient supply chain systems across complex ICT infrastructures. XLAB played an important role in research and development, leading threat management in the context of supply chain security and coordinating overall innovation and impact generation within the project.

Addressing the cyber security and resilience of supply chains today and in the future

Companies and institutions worldwide are quickly realizing the importance of keeping their systems secure as digital transformation affects workflows across industries. However, their approach should extend beyond protecting themselves from cyber attack; it should also encompass proactive measures for preparation, defense, damage mitigation, and recovery. We’re talking about cyber resilience.

Collaborating with our consortium partners, each bringing their unique skills to the table, we’ve truly made a significant difference in this field through the FISHY project, addressing the security and resilience of supply chains and focusing on vulnerability management, risk/integrity assessment, security assurance and certification management, and intrusion and detection or cloud-native networking.

We’ve successfully built a coordinated framework for cyber resilience provisioning that guarantees the trustworthiness of ICT system supply chains and is built upon distributed, dynamic, and often fundamentally insecure and heterogeneous ICT infrastructures. The FISHY framework looks at all parts of the supply chain, from the IoT ecosystem to the connecting infrastructure. It addresses security and privacy concerns related to vulnerability management, accountability, mitigation strategies, security metrics, and evidence-based security assurance. Learn more about this innovative approach that is leading the discussion on a more secure industry in Europe.

Wazuh-based security rule-matching technology as implemented by XLAB in FISHY.

Wazuh-based security rule-matching technology as implemented by XLAB in FISHY.

Changing the security landscape

Over the past three years, XLAB has addressed key supply chain security challenges by contributing to the research and development of the Fishy platform and leading the development of TIM, the Trust and Incidence Manager, a vital FISHY component, responsible for analyzing the metrics gathered by the platform’s monitoring components. TIM is responsible for determining the vulnerabilities, detecting attacks and incidents and generating mitigation actions for the purporse of hardening the cyber security level of a monitored infrastructure.

What sets FISHY platform apart from other innovators is its holistic approach to cyber security. Unlike traditional solutions, it offers an all-in-one tool combining monitoring security, and resilience enforcement. Users can set up custom scans either with their own scripts or integrated vulnerability scanners, providing real-time alerts for newly discovered vulnerabilities. Moreover, FISHY’s innovative Intent-Based Resilience Orchestration technology translates high-level intentions into actionable policies, using advanced AI techniques. It also encompasses a Security Assurance and Certification Manager tailored to regulatory requirements, a Security & Privacy Dataspace Infrastructure for comprehensive security event analysis, and a Secure Infrastructure Abstraction with standardized APIs for network infrastructure.

AI-based dynamic approach to anomaly detection from logs as implemented by XLAB in FISHY.

AI-based dynamic approach to anomaly detection from logs as implemented by XLAB in FISHY.

Alignment between robust cyber security and an open source strategy

Open source software and its associated communities play a crucial role in European research and development. Aligning with XLAB’s open source vision and commitment, and the European Commission’s Open Source Software Strategy, FISHY is part of this initiative, enhancing Europe’s digital infrastructure, especially in supply chain security and resilience.

The FISHY Platform empowers industry organizations to detect early threats and vulnerabilities across their systems, fostering trust and assurance for their clients. Early adopters, such as the food industry, connected cars sector, and smart factories, have already seen tangible benefits. By reducing downtime, enhancing safety, and automating the identification of rogue IoT devices, FISHY technology is making significant strides in supply chain cyber security and resiliency.

The FISHY consortium was composed of experts from different technical areas, with special focus in cyber security and supply chain including: Atos, Synelixis, Politecnico di Torino, Telefonica, Universitat Politècnica de Catalunya, Technische Universität Braunschweig, Entersoft, Sonae Arauco, Capgemini Engineering, Sphynx Technology Solutions, Universidade do Minho. The collective achievement we’ve reached and drives innovation, collaboration, and resilience in European research and industry, was only made possible through the great collaboration of each partner.

It was a pleasure collaborating with all of you and we eagerly look forward to future opportunities!

Social media

Keep up with what we do on our social media.