Alongside the S^2 Hack4Energy event, the first energy related hackathon in Greece against energy-related security breaches, that takes place in Thessaloniki, Greece at October 23-24, 2019, UBITECH presents experiences, knowledge and technologies in the Digital Security domain, introducing the concepts and developments of the FutureTPM and SDN-microSense H2020 projects at the audience.
In particular, in SDN-microSense, the goal of UBITECH team is to evaluate the readiness and awareness of energy-related personnel and processes in case of cyber-attack, system failure and data breaches and to develop a risk assessment framework in the face of emerging threats and vulnerabilities. UBITECH’s Entso Veliou (Security Engineer) presents the current state of the project which is analysis of multiple security standards by multiple partners, find which part of each standard can be used and is subject to smart grids and presented the progress of UBITECH, analyzing ISO27001 information security management standard. Furthermore, he introduces the company’s plans to customize and deploy the corporate risk management suite, OLISTIC (olistic.io) to the Smart Grid Energy domain, covering the supply chains of Electrical Power and Energy Systems.
Moreover, in FutureTPM, UBITECH’s goal is to provide a run-time risk assessment and vulnerability analysis; identify threat and vulnerability model and risk assessment methodology for a quantum-resistant TPM-based system; develop a reactive run-time risk assessment and mitigation framework to ensure security of use cases in the face of emerging threats and vulnerabilities; and perform the run-time risk assessment to the use cases and provide evaluation results. UBITECH’s Nikos Mourousias (Ethical Hacker) introduces current developments in the project wherein UBITECH team members have created a script that uses eBPF tracing for TPM2.0 commands, generated a list of Quantum-Safe commands and fed the list to the UBITECH’s OLISTIC cybersecurity risk assessment suite (olistic.io) for low lever risk assessment. Our final approach is to create a mitigation model. This model will create a quantum policies language which during runtime will use control flow graphs to attest command order, using ANTLR Parser and XSD modelling.