A new Horizon 2020 initiative to help organisations get WISER about cyber security risks
“The level of sophistication of cyber-attacks is increasing with at least three different ways of using the cyber weapon: Cyber sabotage, cyber data theft, and cyber transfer of funds. The latter is new and particularly worrying for financial institutions as attacks will lead to substantial economic losses and loss of trust in the financial sector. A staggering 90% of companies worldwide recognise they are insufficiently prepared to protect themselves against cyber-attacks”, says Giorgio Aprile, Director, Operational Risk and Capital Management, Aon.
WISER is a new European initiative that puts cyber-risk management at the very heart of good business practice, benefitting multiple industries in particular critical infrastructure and process owners, and ICT-intensive SMEs. Kicking off in June 2015, by 2017 WISER will provide a cyber-risk management framework able to assess, monitor and mitigate the risks in real time.
This will be delivered in two ways: a pre-packaged risk management solution for SMEs, and Risk Management Platform as a Service (RMPaaS) mode of operation for critical infrastructures or highly complex cyber systems requiring the implementation of special controls within the ICT system to be monitored.
The multi-faceted nature of cyberspace means that dealing with cyber risks at all levels of an organisation’s structure requires a multi-staged methodology to continuously, consistently and appropriately govern cyber strategy. Pedro Soria-Rodriguez, Atos, says “WISER addresses this very issue. It goes beyond the current state of the art to offer a novel and agile cyber-risk management framework for modern ICT systems. The integrated approach to control mitigating activities will address cyber-security threats and their consequences in critical information infrastructure and empower decision makers in public and private organisations to assess cyber-risk effectively”.
Cybercrime has both direct and indirect implications for organisations. WISER will therefore provide risk managers with the means to understand both economic and sociological impacts of cyber-crime so that both direct and indirect implications are clear. To assess risk, you have to know what you are looking for and quantify the consequences. “WISER will do exactly that,” says Ketil Stølen, Chief Scientist, SINTEF. He adds “We’ll provide a truly dynamic, scalable and flexible monitoring infrastructure based on key modelling languages. Guidelines will capture targets of cybercrime, models for threats and vulnerabilities on which monitoring can be based”.
WISER goes beyond current solutions by giving an end-to-end reliable monitoring approach to security with accurate tamper-proof transference of data from signalling components to the monitoring core. “To achieve this and to cover a wide range of complex target infrastructures, we’ll be testing and evaluating the integration of both traditional signalling components and non-traditional, sector-specific components such as smart meters and mobiles” says Aleš Černivec, XLAB.
As more and more devices are connected, robustness and security become increasingly important. WISER recognises that real-time information is the key for decision makers to manage risks. WISER therefore delivers real-time monitoring and intuitive assessment tools which go beyond the state of the art, to enable agile and near real time management of cyber security risks as a significant step forward beyond current practices in risk management, says Pedro Soria-Rodriguez.
Full-scale pilots and Benefits for SMEs
The WISER Risk Management Platform as a Service (RMPaaS) targets critical infrastructures for highly complex cyber systems which demand real-time and cross-system assessment of vulnerabilities and threats. WISER will carry out three full-scale pilots allowing organisations managing critical infrastructures to not only anticipate threats in real-time, but also comply with new EU regulations for reporting serious attacks.
“WISER tools are an important enabler for SMEs whose very existence could be under threat due to poor security strategies. WISER can make cyber-risk management an integral part of good business practice for SMEs”, says Silvana Muscella, Trust-IT Services.
“The comprehensive risk management that WISER delivers will improve our situational awareness to cyber risk exposure in terms of real-time performance including data from non-traditional networks of devices such as smart energy products and mobile devices”, Roberto Mannella, Chief Information Security Officer, Rexel Group.
For Domotecnica s.r.l., “WISER RPaaS will be applied to the entire value-chain from monitoring to assessment to mitigation for cross-border infrastructures. We’ll be able to detect, measure the impact and adapt to new threats and vulnerabilities to the energy sector”.
“WISER’s real-time risk assessment will quickly identify risk factors. This will drastically reduce events that are high impact to business in the financial sector” says Giorgio Aprile, Aon. “WISER will let us move towards preventative measures to deal with cyber-crime”. WISER’s analytical tools will be simple and easy to use, facilitating security managers in understanding such complex systems. Both private and public organisations will benefit from assessing potential loss and tolerance range in a specific business context.
A lean but strong consortium lies behind WISER: Atos (Spain), Trust-IT Services (UK), Stiftelsen SINTEF (Norway), XLAB (Slovenia), Aon (UK), REXEL Development (France), Domotecnica (Italy)