CERTIFY | aCtive sEcurity foR connecTed devIces liFecYcles

Summary
Cyber-attacks get more sophisticated every day, thus affecting a large number of IoT-related infrastructures and raising security and privacy concerns of consumers and businesses. Security management of IoT infrastructures encompassing full lifecycle of products and continuous certification are fundamental tools to guarantee a high-level of security, as emphasized by the European Union Agency for Cybersecurity (ENISA) Cybersecurity Act (CSA).
CERTIFY defines a methodological, technological, and organizational approach towards IoT security lifecycle management based on (i) security by design support, (ii) continuous security assessment and monitoring (iii) timely detection, mitigation, and reconfiguration, (iv) secure IoT Over-The-Air (OTA) updating, and (v) continuous security information sharing.
To ensure the security compliance throughout the lifetime of the device, we propose the design and implementation of a cybersecurity lifecycle management framework for IoT devices. The framework is intended to support the device security management by collecting and sharing relevant security information both internally (via monitoring and self-assessment services) and externally, e.g., by interacting with device manufacturers, threat databases, certification authorities, Information Sharing and Analysis Centres (ISACs), and more. The received information is meant to support the local decision making with respect to the security, monitoring, updating and configuration of the device. Moreover, this information sharing will enable a continuous risk assessment, gathering evidence that could agile future certifications.
CERTIFY's provides IoT stakeholders with mechanisms achieving high-level of security. CERTIFY will detect and respond to a wide spectrum of attack, in a collaborative/decentralized fashion. CERTIFY will validate the architecture through cutting-edge use-cases and pave the way towards innovative security in a broad spectrum of IoT environments.
Unfold all
/
Fold all
More information & hyperlinks
Web resources: https://cordis.europa.eu/project/id/101069471
Start date: 01-10-2022
End date: 30-09-2025
Total budget - Public funding: 3 997 897,50 Euro - 3 997 897,00 Euro
Cordis data

Original description

Cyber-attacks get more sophisticated every day, thus affecting a large number of IoT-related infrastructures and raising security and privacy concerns of consumers and businesses. Security management of IoT infrastructures encompassing full lifecycle of products and continuous certification are fundamental tools to guarantee a high-level of security, as emphasized by the European Union Agency for Cybersecurity (ENISA) Cybersecurity Act (CSA).
CERTIFY defines a methodological, technological, and organizational approach towards IoT security lifecycle management based on (i) security by design support, (ii) continuous security assessment and monitoring (iii) timely detection, mitigation, and reconfiguration, (iv) secure IoT Over-The-Air (OTA) updating, and (v) continuous security information sharing.
To ensure the security compliance throughout the lifetime of the device, we propose the design and implementation of a cybersecurity lifecycle management framework for IoT devices. The framework is intended to support the device security management by collecting and sharing relevant security information both internally (via monitoring and self-assessment services) and externally, e.g., by interacting with device manufacturers, threat databases, certification authorities, Information Sharing and Analysis Centres (ISACs), and more. The received information is meant to support the local decision making with respect to the security, monitoring, updating and configuration of the device. Moreover, this information sharing will enable a continuous risk assessment, gathering evidence that could agile future certifications.
CERTIFY's provides IoT stakeholders with mechanisms achieving high-level of security. CERTIFY will detect and respond to a wide spectrum of attack, in a collaborative/decentralized fashion. CERTIFY will validate the architecture through cutting-edge use-cases and pave the way towards innovative security in a broad spectrum of IoT environments.

Status

SIGNED

Call topic

HORIZON-CL3-2021-CS-01-02

Update Date

09-02-2023
Images
No images available.
Geographical location(s)
Structured mapping
Unfold all
/
Fold all
Horizon Europe
HORIZON.2 Global Challenges and European Industrial Competitiveness
HORIZON.2.3 Civil Security for Society
HORIZON.2.3.3 Cybersecurity
HORIZON-CL3-2021-CS-01
HORIZON-CL3-2021-CS-01-02 Improved security in open-source and open-specification hardware for connected devices