DOCUMENTS

  1. Paul, Stéphane, et al. “Systématisation d’une Démarche de Sécurisation par Conformité Ajustée aux Besoins et Enjeux de Sécurité–une Revue Critique.” Proceedings of the 28th C&ESAR (2021): 213.
  2. A. Karteris, et al. “A Methodology for enhancing Emergency Situational Awareness through Social Media“, ARES Conference, 2022
  3. S. Konig and A.M. Shaaban, “Parametrization of Probabilistic Risk Models“, ARES Conference, 2022
  4. S. Schauer, et al. “Application of a Generic Digital Twin for Risk and Resilience Assessment in Critical Infrastructures“, ESRES 22
  5. A.M. Shaaban, et al. “Towards Optimized Security Attributes for IoT Devices in Smart Agriculture Based on the IEC 62443 Security Standard“, Applied Sciences, 2022
  6. C Schmittner, et al. “ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443“, ICPS22
  7. A. Karteris, et al. “Detection of Cyber Security Threats through Social Media Platforms
  8. I. Cindrić, et al. “An analysis of IEC 62351 implementations for securing IEC 60870-5-104 communication”, PowerTech23
  9. F. Piekert, et al. “Mitigation of Operational Impacts on Airports by early Awareness of malicious Events impacting linked Critical Infrastructures”, ATRS2023
  10. Tim H. Stelkens-Kobsch, et al. “A Concept-Based Validation Approach to Validate Security Systems for Protection of Interconnected Critical Infrastructures”, ARES2023
  11. S. Schauer, et al. “Detecting a Complex Attack Scenario in an Airport: The PRAETORIAN Framework”, ARES2023
  12. L. Papadopoulos, et al. “PRAETORIAN: A Framework for the Protection of Critical Infrastructures from advanced Combined Cyber and Physical Threats”, ARES2023
  13. S. König, et al. “Identification and Evaluation of Cyber-Physical Threats on Interdependent Critical Infrastructures”, ARES2023
  14. M.A. Lozano, et al. “A Machine Learning-Driven Threat Hunting Architecture for Protecting Critical Infrastructures“, DRCN2023
  15. M.A. Lozano, et al. “Threat Hunting Architecture Using a Machine Learning Approach for Critical Infrastructures Protection“, Big data and cognitive computing, 2023
  16. M.A. Lozano, et al. “Threat Hunting System for Protecting Critical Infrastructures Using a Machine Learning Approach“, Mathematics, 2023
  17. E.M.M Navarro, “PRAETORIAN: From protection to resilience of critical infrastructures“, RISE-SD 2023

Download

Executive Summary

The Quality Assurance Plan describes the roles of the different actors in the project management and gives guidelines for performing the day-to-day project management actions. Together with the Project Management Handbook (deliverable D1.1), the QAP is the tool to ensure that the prescribed management principles and structures are correctly implemented. The internal reviewing procedure is of great importance since it is one of the main tools to guarantee the quality of the results. PRAETORIAN will follow a procedure based on the peer review of the project deliverables which must ensure they are submitted to the EC with the highest quality. Moreover, QA guidelines must be applied for the reporting procedure as well as for dissemination and communication. A key aspect for the project monitoring is the Management Dashboard that has been created to show relevant KPIs for the project progress. This tool, to be maintained and updated periodically during the whole project duration, will allow the consortium partners to have up-to-date information and visualisation about the project status and possible deviations. Finally, the project’s risk management process is envisioned in this report and will be further defined in D1.3 “Risk & Opportunities Register”. A continuous risk assessment will allow that in case of problems, the required corrective actions are initiated in co-operation with the concerned partners.

Download

Executive Summary

Throughout the duration of the PRAETORIAN project, the management process will identify and monitor technical, managerial and financial risks that might affect the project’s progress towards its objectives, in order to carry out mitigation actions as early as possible. While the Work Package (WP) Leaders are responsible for the risk assessment and monitoring within their WPs, the Project Manager (PM) will be ultimately responsible for the oversight of the entire project against milestones and for the risk management effectiveness. Risks can arise from unexpected technical difficulties or scientific findings, poor communication or cooperation between the partners, resource shortage by the partners, objectives not achievable in terms of budget or feasibility, partners leaving the consortium, human operational errors: planning errors, poor quality, etc. Risks need to be identified as early as possible and their probability and impact need to be evaluated in order to assign them a rating. According to the magnitude of the rating, risks will be handled and/or monitored until they are considered low. Risks will be continuously updated and included in the Risk Table that is part of the project’s Management Dashboard. Furthermore, PRAETORIAN also monitor the opportunities that may arise during the implementation of the project. The consortium will propose solutions to properly handle opportunities or actions affecting the expected outcomes of the project positively, in order to take fast actions and wise decisions about them. Actions plans to catch an opportunity will be raised to the Project Management Board for internal decision. The opportunities are monitored through the project’s Opportunities Register.

Executive Summary

This document elaborates the Data Management Plan (DMP) of PRAETORIAN. It is a first version at a very early stage of the project and will subsequently be updated during the course of the project, with an update in M14 and a final version will be provided in D1.5 in M24.

Executive Summary

This document is the Updated Data Management Plan (D1.4) of PRAETORIAN. This updated version builds on previous DMPs, the Data Management Plan (D1.3) submitted in M3 and the Data Management Plan (D1.4v2) prepared to close the first reporting period (M16). This version improves the previous DMPs with partners’ latest input on their data management life cycle.and a final version will be provided in D1.5 in M24.

Download

Executive Summary

The Project Management Handbook is a document that establishes the foundation for the project cooperation processes and defines all the aspects that must be considered to assure an efficient and coherent management of activities. This includes: a brief description of the project, its objectives and the work plan; information about all partners involved in the project and the coordinator details; guidelines and recommendations regarding the internal communication in PRAETORIAN, guidelines for the documentation, deliverables, reports and presentations produced within the project; and a short overview about the dissemination activities in the project. The Project Management Handbook gives guidelines for performing the day-to-day project management actions and has to be read jointly with the Quality Assurance Plan (deliverable D1.2) which describes the roles of the different actors in the project management and describes the main tools to guarantee the quality of the results. Moreover, another important document is the Dissemination and Communication Plan, reported in D10.2, which focuses on the procedures to achieve a successful dissemination and communication of the project results, also presented in this document as part of the overall view for successful project management.

Executive Summary

The present document is focused on providing a baseline to build upon and help at successfully conducting and delivering the PRAETORIAN project. The in-depth analysis of previous projects will be the foundation for pushing design, development and implementation of the PRAETORIAN technology, procedures and processes beyond the state-of-the-art. The document comprises of analysis for no less than 22 projects, each project presenting an overview and providing details about its results as well as “lessons learned” carefully selected to benefit directly the PRAETORIAN project.
The matter of instantiation of previous project results was not limited to just presenting the facts about each project. It took its mission even further and clustered the identified good practices relevant for PRAETORIAN based on specific criteria. Such criteria were the increase of efficiency related to project work or to cluster according a resilience life cycle with three categories (Prevention, Detection, Mitigation) and five sub-categories (Identification, Protection, Detection, Response and Recovery). The document concludes with a reflection on the previous project results input, projected from an industry-based perspective.
This document shall be used in close connection to other deliverables within PRAETORIAN. One deliverable for which this document is of high importance is the deliverable D2.4 – PRAETORIAN Toolset Architecture Design which will set the architectural framework of the PRAETORIAN Solution.

Executive Summary

This document provides an overview of the standards and requirements currently in effect in the PRAETORIAN CI operators and an analysis of similarities and differences among them. General and CI specific standards and requirements dealing with cyber and physical security are identified. The gathered information is analyzed with the goal to recognize the strengths and weaknesses of the current PRAETORIAN landscape. Finally, some recommendations are made on how to improve the current framework landscape.

Executive Summary

This deliverable D2.6 “PRAETORIAN toolset architecture adaptation to each targeted sector” is the output of the efforts done in the scope of the task T2.6“PRAETORIAN toolset architecture adaptation to each targeted sector”. The result is the high-level adaptation of the generic architecture presented in T2.4 to the pilot scenarios defined in T2.3 according to the specific Critical Infrastructures (CIs) requirements gathered in T2.5. A set of PRAETORIAN toolset use cases entailing the CIs involved at each pilot site is also provided reflecting the key role of each of the systems and modules proposed in the project to adequately face the cyber and physical protection of the EU CIs. The outcome will be the basis for the four PRAETORIAN main components development, which will be carried out in WP3, WP4, WP5 and WP6.

Download

Executive Summary

This report addresses the transfer of the static risk management results (at design-time) to the dynamic risk management (at runtime) to maintain the system or organisation in secure conditions during its complete lifecycle. Current risk management practices already implemented by PRAETORIAN Critical Infrastructures (CIs) and First Responders (FRs) are investigated with a series of interviews, with both static risk modelling teams and the dynamic risk modelling teams. Results of the interviews are used to generate a synthesis of the transitioning practices at interviewed CIs and FRs. Finally, a short-list of the best practices is presented and analysed. This report also provides general conclusions about the methodology used and the lessons learnt while conducting the research.

Executive Summary

This deliverable describes the rational and principle of the Cyber Forecaster Engine. It presents the purpose of such engine that aims at pointing possible objectives of a stealth cyber-attack, linked to a prior risk analysis of the infrastructure under surveillance. It explains how the Cyber Forecaster Engine establishes connections between the low-level logs and the feared events, thanks to a prior knowledge about the infrastructure and a generic model of attack plans based on the MITRE ATT&CK knowledge base.

Executive Summary

The purpose of the Cybersecurity Digital Twins (CDTs) in the PRAETORIAN project is to mimic
the main Information Technologies (IT) and Operational Technologies (OT) building blocks of
a Critical Infrastructure (CI) to guarantee the most accurate and relevant representation of
the industrial systems and its data. It will mainly serve during the demonstrations, since
combined cyber and physical attacks will be run to address the risk scenarios.

Download

Executive Summary

This deliverable presents the Human-Machine Interface (HMI) solution developed as part of the Cyber Situation Awareness (CSA) component of PRAETORIAN’s project, its architecture and functioning. It details the different advanced visualization techniques implemented in the application. It describes the information validation functions provided by the tool to the CSA operator.

Executive Summary

The Decision Support System (DSS) constitutes the core of the entire Coordination Response (CR) which integrates the Physical Situation Awareness (PSA), the Cyber Situation Awareness (CSA) and the Hybrid Situation Awareness (HSA) systems with the Emergency Population Warning System (EPWS), the Drone Neutralization (DN) module, the First Responders’ (FR) Information Sharing Technologies (ISC-FR) and the exploitation of social media channels developed under a common umbrella.

Executive Summary

This report presents the description of the design, features, specifications, and implementation of the Emergency Population Warning System (EPWS) developed on PRAETORIAN, which provides several mechanisms to coordinate the reliable broadcasting and proper routing of public warning messages to the population in a certain area in real-time. The EPWS is a module within the Coordination Response (CR) system of PRAETORIAN, and as such, it will be validated by the end-users as part of the demonstration activities, with a relevant interest for the emergencies bodies operating in the area.

Executive Summary

This deliverable describes the design and development of the “Information sharing with FRs and rescue teams” component of the PRAETORIAN system. It is responsible for providing useful information to the FRs and rescue teams through proper communication channels and avoiding dispatching non-relevant information, to enable efficient use of communication resources.

Download

Executive Summary

This deliverable describes the design and development of the “Integration with Social Media” component of the PRAETORIAN platform. The component is responsible (i) for detecting social media posts related to security threats, (ii) for providing useful information from social media posts to security officers during incidents and (iii) for recommending relevant posts to social media to guide the public during incidents

Executive Summary

This report describes the plan and timeline of the activities to integrate the PRAETORIAN systems (Cyber Situation Awareness -CSA- system, Physical Situation Awareness -PSA- system, Hybrid Situation Awareness -HSA- and Coordinated Response -CR- system) and verify the integrated platform. The result is a Gantt chart in which the different partners add the time needed to simulate, integrate and verify their modules.

Executive Summary

This deliverable presents the Validation Plan and is part of “T7.1 – Integration, Verification and Validation Plan”. The Validation Plan is the basis for “T7.3 – PRAETORIAN Integrated System Validation”. The validation will be carried out as Human-in-the-loop simulations in which end-users will test the system remotely in simulated attack scenarios. Detailed descriptions of the four scenarios and their planned implementation in the validation are given. Furthermore, this deliverable comprises the validation objectives and the metrics that will be used to assess them while also the validation set-up and exercise procedure are described.

Executive Summary

All the devices and systems developed in PRAETORIAN have been integrated and configured together to build the system prototype, which has been tested under laboratory conditions according to the “D7.1 Integration and Verification plan” to prove that the different modules work properly as a unified system. Therefore, all the modules developed in WP3-6, must ensure that they are interoperable among themselves and that all the data and services correlations work properly, as defined in the PRAETORIAN architecture of T2.4. The successful completion is a pre-requisite for the final pre-demonstration validation in T7.3.

Executive Summary

This deliverable presents the validation report and is part of “T7.3 – PRAETORIAN Integrated System Validation”. It reports about the laboratory validation and the results of the integrated PRAETORIAN system to validate that the system meets the operational requirements. The validation was carried out as Human-in-the-loop simulations in which end-users tested the system remotely in simulated attack scenarios. Detailed descriptions of the four scenarios and their planned implementation in the validation are given in “D7.2 – Validation Plan”. This deliverable reports on the fulfilment of the validation objectives and on the metrics that were used to assess them.

Executive Summary

This deliverable presents the deployment and demonstration plan, which contains the specific activities that will be carried out to ensure that the relevant PRAETORIAN solutions are deployed and executed in the real demonstration environments with the interaction and collaboration of the required stakeholders.

Executive Summary

This deliverable describes the activities carried out during the PRAETORIAN scenario demonstrations that took place in 4 large-scale sites located in Croatia/Austria, France and Spain to show the operation of the complete and integrated PRAETORIAN solution in real environments.

Download

Executive Summary

Deliverable D9.1 –Research Ethics and Privacy Management-provides a general overview of the legal and ethical requirements to be respected throughout the entire duration of the PRAETORIAN project (M1-M24). Notably, this deliverable focuses on the ethics-related aspects of the project and, specifically, on the ethical issues stemming from the involvement of human participants in PRAETORIAN, which most notably consist of the possible processing of personal data, including special categories of personal data. The ethics issues herein discussed are complemented by a set of proposed measures to mitigate the risks associated with such issues. The main aim of this deliverable is to guide the development of an ethically and legally compliant PRAETORIAN technology. Although this deliverable provides a comprehensive legal and ethical framework, it will be further complemented by deliverable D9.2 –Legal and Ethical Frameworks and Requirements-that will produce the PRAETORIAN project’s specific ethical and legal requirements.

Download

Executive Summary

This deliverable describes the dissemination and communication strategy of PRAETORIAN, which are key elements in project’s measurements so to maximize its impact and ensure its sustainability. The strategy is developed during the starting phase of the project thought the definition of objectives, target groups, key messages to be delivered and tools to support the implementation. However, it adapts and evolves during the course of the project based on the extent by which the communicationand dissemination- related KPIs are reached. The deliverable describes the communication and dissemination objectives, identifies relevant stakeholders, including Law Enforcement Agencies (LEAs), First Respondents (FRs), Critical Infrastructure (CI) operators, industry, and policymakers, and defines the communication channels that are most appropriate for reaching out and for maximizing impact (project website, newsletters, social media, events, etc.). Finally, it defines the management of the communication and the associated rules and procedures.

Download

Executive Summary

The present deliverable contains update of the Communication Strategy and Dissemination plan of the PRAETORIAN Project for the 2 nd year of its running life, aiming to define the purpose of communication results, news, and other relevant information, alongside with the different dissemination channels identified under the scope of PRAETORIAN.

Executive Summary

This deliverable is part of WP11 – Ethics requirements, which is aimed at ensuring compliance with the Ethics requirements set out by the European Commission. This specific deliverable has the objective of describing the procedures and criteria that will be used to identify/recruit research participants as well as to provide the informed consent procedures including personal data processing that will be implemented for the participation of humans.

Executive Summary

This deliverable is part of WP11 – Ethics requirements, which is aimed at ensuring compliance with the Ethics requirements set out by the European Commission. This specific deliverable has the objective of defining the procedure for providing copies of opinions/approvals by ethics committees and/or competent authorities for the research with humans.

Executive Summary

This deliverable is part of WP11 – Ethics requirements, which is aimed at ensuring compliance with the Ethics requirements set out by the European Commission. This deliverable presents a description of the concept of ‘personal data’ and subsequently provides an overview of the relevant EU and international frameworks that apply to the processing of personal data, such as the fundamental right to data protection and the General Data Protection Regulation. In addition, it has the objective of providing details on key aspects relating to the processing of personal data, such as the data minimization approach and accompanying technical, organizational, and security measures in the context of the research activities of PRAETORIAN, in accordance with POPD – Requirement No. 3. This document provides a first preliminary overview of information that will be further updated in upcoming Ethics deliverables as well as the PRAETORIAN data protection policy, to be published in M14 together with the update of the Data Management Plan (D1.4).

Executive Summary

This deliverable aims to provide details on potential dual-use implications and risk-management strategies of the project, in accordance with DU – Requirement No. 4. Since several technologies will be used and developed during the PRAETORIAN project, it is important to identify the relevant categories of dual-use items and accompanying risks at an early time. This deliverable gives an overview of the international (Wassenaar Arrangement) and EU (Regulation (EU) 2021/821) frameworks applicable to dual-use items in order to describe the relevant dual-use concepts, definitions, and related responsibilities. It informs PRAETORIAN partners about potential ‘exports’, which can occur inadvertently through Intangible Technology Transfers, and their qualification as ‘exporters’. In order to comply with the dual-use controls regime, it is important that PRAETORIAN partners obtain the appropriate authorisation prior to any exports. This is accompanied by an obligation to exercise due diligence regarding potential dual-use risks and implications of the used and developed technologies. In order to properly address any dual-use risks and implications, a dual-use risk monitoring & management strategy will be developed and kept up-to-date.

Executive Summary

This deliverable is part of WP11 – Ethics requirements, which is aimed at ensuring compliance with the Ethics requirements set out by the European Commission. This specific deliverable has the objective of providing details on the risks and measures to prevent the potential misuse of research findings, in accordance with M – Requirement No. 5. The concept of misuse of research findings can involve any research that could be misused for unethical purposes. There are, however, some research areas that are more vulnerable than others. In PRAETORIAN, some research findings could potentially be misused by malicious actors, such as the vulnerability and risk assessments which could be used for criminal, terrorist, or unethical military purposes. Another vulnerable aspect is the development of video analytics for physical intrusion detection and threat identification, which could be employed for surveillance purposes to curtain human rights and civil liberties. In order to address these risks, it is important to define and implement appropriate preventive, mitigating, and corrective measures, such as the appointment of a SAB, PSO, and Ethics Board. Other effective measures include the confidential and EU restricted nature of certain deliverables and the use of dummy data during research to mitigate potential risks of misuse

Executive Summary

This deliverable has the objective of describing the composition, role, and relevance of the Ethics Board in the PRAETORIAN project, in accordance with GEN – Requirement No. 6. The PRAETORIAN Ethics Board will address any potential ethics issues related to the research activities of the PRAETORIAN project, particularly regarding the Ethics and Data Protection Impact Assessment and ethics compliance of the final tools. The board will include members from different PRAETORIAN partners, as well as two members from the IAB with relevant independent expertise. The conclusions of the Ethics Board will be published in two reports as deliverables, namely D11.7: GEN – Requirement No. 7 in M12 and D11.8: GEN – Requirement No. 8 in M24.

Executive Summary

This deliverable is part of WP11 – Ethics requirements, which is aimed at ensuring compliance with the Ethics requirements set out by the European Commission. This specific deliverable is the report covering the activities and opinions of the Ethics Board, composed by independent members with relevant experience in the field, which aims at monitoring ethics issues in the project and how they are handled.

Executive Summary

This deliverable is part of WP11 – Ethics requirements, which is aimed at ensuring compliance with the Ethics requirements set out by the European Commission. This specific deliverable is the final report covering the activities and opinions of the Ethics Board, composed by independent members with relevant experience in the field, which aims at monitoring ethics issues in the project and how they are handled.

  1. Months 1-6 (December 2021)
  2. Months 7-12 (June 2022)
  3. Months 13-18 (December 2022)
  4. Months 19-28 (October 2023)