Released initial version of IRIS platform and reference architecture
The initial version of IRIS platform and reference architecture has been released in M9 of the project (May 2022), achieving in this way milestone MS4 of the project (“Platform architecture and specifications ready”). It sets up the basis for the integration of the different developments that will be carried out in the project and later deployed in the three existing Smart City environments (Barcelona, Tallin and Helsinki) to combat cyber-threats in IoT and AI-driven ICT systems.
In the design of the IRIS architecture, we have followed a methodology composed of seven phases, starting first with the identification and classification of the main stakeholders and continuing secondly with the identification of the different modules and components of the IRIS platform (as defined in the project Grant Agreement). These modules and components have been next mapped with the end-user, technical, legal and ethical requirements elicited from the work done in tasks 2.2 and 2.3 (reported in deliverables D2.2 and D2.3). Then, detailed description of the tools provided by the partners to IRIS platform, including their inputs and outputs and their relationships with other tools or modules, has been also collected and tools have been grouped into IRIS modules based on their characteristics. Finally, an initial version of the architecture containing high level information of all its components and their interactions among them with the main data flows has been sketched.
IRIS platform has been envisaged as a federated threat intelligence architecture for automated threat analytics, detection, response and recovery that will support and enhance the capabilities of CERT and CSIRT networks. The initial version of the architecture presents a platform composed by the following blocks:
- Automated Threat Analytics (ATA) module, integrated by a set of tools for IoT and AI analysis and responsible of the detection and reaction capabilities interacting with the infrastructure.
- Collaborative Threat Intelligence (CTI) module, the core of the IRIS architecture responsible of the threat intelligence orchestration, sharing and storage capabilities.
- Data Protection and Accountability (DPA) module, responsible of providing the privacy and accountability framework for CERTs/CSIRTs and other stakeholders interacting with the platform.
- IRIS Enhanced MeliCERTes ecosystem (EME), an open-source solution with a unified dashboard for CTI information sharing providing secure online communication and collaboration and enhanced role-based access control among all relevant stakeholders offering services or owners of CIs and CERTs/CSIRTs,
- Cloud-based Virtual Cyber Range (VCR), responsible of providing a simulated training environments running IoT infrastructure elements and the own IRIS platform components to enhance CERTs/CSIRTs analysts and other cyber-security professionals capabilities.
This version of the architecture is expected to be updated, refined and improved during next months as the components are developed and integrated. Once validated by all IRIS partners, a final version of the architecture will be released in M18 (February 2023) including additional and more detailed information about the components and their interfaces.