From Elliot Cloud, through the eMAPA 4.0 projectwe are committed to the digitisation and the application of new technological solutions to collaborate with and support the Business and Innovation Clusters (BICs) and OnTech (Southern European Technology and Biotechnology Cluster) for the improving the competitiveness of SMEs. In collaboration with , the University of Malaga, MNEMO and San MobileWe have carried out a project in which we have developed a prototype of a platform for the automation of pentesting tasks in order to reduce the cyber-risk of manufacturing companies in an advanced state of digitalisation.
- Call for applications: Support programme for Business and Innovation Clusters (BICs) 2022b.
- Duration: 9 months (August 2022 - April 2023).
- Project budget: 561,960.42 euros.
Aim of the eMAPA 4.0 project
Starting from an approach from the point of view of the defender - the owner of the infrastructure - what is now being pursued is to develop a technological platform, based on massive data processing, that incorporates the know-how previous relating to pentesting activities , and proceed to automate it in an effective and efficient way.The specific features of the manufacturing enterprises in the Industry 4.0.
The purpose of this platform is the discovery and confirmation of vulnerabilities in the infrastructure that can be exploited by hostile internal and/or external actors for different purposes. Detailed knowledge of vulnerabilities will help to implement securitisation activities that minimise risks.
Taking into account that current enterprise IT architectures organise their assets in different areas (cloud, on-premise, edge), the proposed platform will focus on the area of cloud devices (devices in the cloud) and edge devices (those devices closest to where the information is generated or from where it is received), as these are particularly important in the manufacturing industry as they are all the hardware and software necessary to control industrial equipment: control systems (ICS) such as programmable logic controllers (PLC), distributed control systems (DCS) and supervisory control and data acquisition systems (SCADA). These devices would constitute the productive core of a manufacturing industry.
From the technical point of viewThe eMAPA 4.0 project, the eMAPA 4.0 project, proposes to develop a a platform that enables the automation of pentesting tasks on a specific area of an organisation's infrastructure (cloud-centric, edge). Prior to the execution of the pentesting, there will be a set of equally automated activities for the discovery of assets and possible security breaches that may exist on them. The information obtained from the pentesting can be exploited individually by an organisation or grouped for a set of organisations with some kind of relationship, such as belonging to the same value chain.
In order to achieve this, the incorporation of massive data processing technologies (Big Data) and the application of advanced machine learning and/or artificial intelligence algorithms are required. Advanced data visualisation technologies will be applied in order to enhance the value of the results obtained.
The system to be implemented will be based on the search for methods and technological approaches that allow for the building a scalable, distributed architecture and building software that provide the following technological capabilities:
- DiscoveryThe connection and exploitation of internal and/or external information sources of a heterogeneous nature in terms of their content and structure. We can talk about log files, external APIs or process results.
- Intensive processing and analysis of the information collected through the eMAPA 4.0 project, for its appropriate integration and homogenisation in order to facilitate its subsequent use. Generation of new information through the application of deduction rules.
- Integration of the CALDERA framework based on MITRE that allows the incorporation of different Red Team type tools to execute different types and activities of pentesting.
- Configuration of discovery activities - scope of action - and of pentesting activities - typology of tests -.
- Monitoring of the status of the different tasks in progress or completed.
- Visualisation system of data obtained either by discovery processes or by pentesting processes. Mechanisms for grouping, comparison over time and between organisations, evolution over time of the information collected, generated and obtained.
- Reporting systemThe Commission's work is based on evidence of the assets and gaps identified.
- Definition of different user profiles on the basis of which different process execution and/or information access policies can be established.
- Establishing security solutions robust access and transfer of information between components and organisations (both in their different modules and between their operating systems and corporate servers). Horizontal and vertical information security based on profiles.
Initiative financed by the Ministry of Industry, Trade and Tourism within the programme of support to the AEIs to contribute to the improvement of the competitiveness of Spanish industry, and with the support of the European Union through the Recovery, Transformation and Resilience Plan.