As our collegues from ATOS explained in the Blog Article #5, the initial version of IRIS platform and reference architecture has been released in M9 of the project (May 2022). This architecture will later be validated in 3 Smart City environments (Barcelona, Tallin and Helsinki) to combat cyber-threats in IoT and AI-driven ICT systems. In this blog we will focus on the PUC1 – Barcelona use case for the IRIS Project.


As you all know, Cisco is helping cities manage and deliver connected urban services, buildding smarter cities and communities to expand equitable access, build secure resillient infrastructure and power remote work and trusted workplaces. However, this rapid change is also creating a long-term challenge: managing the cybersecurity risks of IoT devices in our cities. Cisco is making cybersecurity as part of the Smart city process.


As explained in the IRIS workplan, in the context of PUC1, the IRIS Platform will be deployed in the Barcelona City Council’s IoT testbed network, and connected to the ATA module described in previous blog as shown in the following diagram:

More specifically, the pilot will leverage Cisco Cybervision to monitor an IA computer vision system at the edge and and the IoT infrastructure deployed at the tramway station taking advantage of  the work done in the Pledger and Elastic projects, both of which are also Horizon 2020 funded projects.


CyberVision analyzes the different protocols of the traffic transiting on the network. When something important occurs, it emits events containing all the information in order to be able to trace what happened on the network. In the CyberVision interface, all these events are available in the timeline and on a specific view of the map. The IRIS ATA module will leverage the CyberVision APIs, to get the events ocurred in the Network with a complete set of filters (by time, by severity, by category, etc.).


More specifically CyberVision will provide the following information to the ATA module:


  • Security Insights: Security Insights is a view that provides statistics for DNS requests, HTTP requests, SMB

Tree names. For each category, Cyber Vision provides the most frequent and rarest requests, and the list of all these requests.


  • Assets: Cyber Vision provides Asset management, to identify and make an inventory of all assets associated with OT systems and IT components. ( i.e A new component which has been connected to the network will trigger an event)


  • Flow: A Flow is a communication between two Components. It has several attributes such as tags and properties that the Cisco Cyber Vision has identified during its network analyze. (A new flow will trigger an event)


  • IDS: SNORT engine embedded in IC-3000 to analyze traffic by using SNORT rules. Cyber Vision Center stores the rules and configuration files but also intercepts Snort alerts and display them as events.



Malicious attacks of the city infrastructure is becoming a major concern for the city. Adding IRIS into this infrastructure will allow the city to ensure continuity, resilience, and safety of the system that will ultimately guarantee safety of vulnerable road users.


As cyber-threats evolve alongside cities and communities, it’s clear; security can no longer be an afterthought or an add-on, instead, cybersecurity must be an integral part of the smart city process.