CYBERWISER.eu: Innovative Cyber Range Platform for Cybersecurity Training in Industrial Systems
Information technologies are nowadays part of industrial systems. Employees in charge of managing thesesystems typically have little or very little knowledge of cybersecurity. In this work we initially explore the challenges related to cybersecurity training in industrial systems and then we propose an approach based on CYBERWISER.eu cyber range platform. A cyber rangeprovides a multipurpose virtual environment in which organisations can test critical capabilities and reveal how effectively they integrate people, processes, and technology to protect their strategic information, services, and assets. By facilitating high-fidelity simulations, a cyber range can associate the cybersecurity training phase with a personalized security testing, together with a unit testing, on different kind of systems, including SCADA.
1114-3388-1-PB.pdf (567.65 KB)Cybersecurity hub keeping businesses safer online
With the cost of cybercrime in Europe rising to an average of €50,000 per incident – up from €10,000 the previous year – an attack can be very expensive for small to medium-sized businesses with limited resources. However, thanks to a digital hub creating a highly-skilled cyber workforce through the first-ever Cybersecurity Professional Register, staff based in universities and SMEs across the world have learned how to protect themselves against sophisticated online attacks with its new cybersecurity training programme – free of charge.
Press Release CYBERWISER.eu Final Event and Offering.pdf (191.57 KB)CYBERWISER.eu INTERMEDIATE: A new personalised cyber-risk training course with cyber range scenarios
CYBERWISER.eu INTERMEDIATE takes employees up a gear with detailed and specific training, just right in the new normal of remote working and growing use of personal devices and networks. CYBERWISER.eu INTERMEDIATE is for IT-reliant organisations that need the right skills to protect their data and assets, as well as faster response times to new vulnerabilities, which malicious hackers and cybercriminals are all too keen to exploit.
Press Release CYBERWISER.eu Intermediate Offering Level.pdf (166.27 KB)Developing Cyber-risk Centric Courses and Training Material for Cyber Ranges: A Systematic Approach
The use of cyber ranges to train and develop cybersecurity skills and awareness is attracting more attention, both in public and private organizations. However, cyber ranges typically focus mainly on hands-on exercises and do not consider aspects such as courses, learning goals and learning objectives, specific skills to train and develop, etc. We address this gap by proposing a method for developing courses and training material based on identified roles and skills to be trained in cyber ranges. Our method has been used by people with different background grouped in academia, critical infrastructure, research, and service providers who have developed 22 courses including hands-on exercises. The developed courses have been tried out in pilot studies by SMEs. Our assessment shows that the method is feasible and that it considers learning and educational aspects by facilitating the development of courses and training material for specific cybersecurity roles and skills.
ICISSP_2021.pdf (715.31 KB)
An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models
There is an urgent need for highly skilled cybersecurity professionals, and at the same time there is an awareness gap and lack of integrated training modules on cybersecurity related aspects on all school levels. In order to address this need and bridge the awareness gap, we propose a method to train and evaluate the cybersecurity skills of participants in cyber ranges based on cyber-risk models. Our method consists of five steps: create cyber-risk model, identify risk treatments, setup training scenario, run training scenario, and evaluate the performance of participants. The target users of our method are the White Team and Green Team who typically design and execute training scenarios in cyber ranges. The output of our method, however, is an evaluation report for the Blue Team and Red Team participants being trained in the cyber range. We have applied our method in three large scale pilots from academia, transport, and energy. Our initial results indicate that the method is easy to use and comprehensible for training scenario developers (White/Green Team), develops cyber-risk models that facilitate real-time evaluation of participants in training scenarios, and produces useful feedback to the participants (Blue/Red Team) in terms of strengths and weaknesses regarding cybersecurity skills.
ICSOFT2020.pdf (2.27 MB)CYBERWISER.eu Second Open Pilots Workshop
The second Open Pilots Workshop took place last January 2020 in Lille - France.
Four organisations from France and Hamburg attended the session, in order to test the platform and present their individual training needs to the members of the consortium, including Trust-IT, RHEA and the representatives of the European Competence Centre Pilot Projects.
This document contains the full event report.
2nd_Open_Pilots_Workshop_report.docx_.pdf (165.1 KB)Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps
There is a serious lack of support for trustworthy smart IoT systems within DevOps. Security and privacy are often overlooked in DevOps cultures and almost absent in the context of IoT. In this paper, we focus on the planning stage of DevOps and propose a tool-supported method for risk-driven planning considering security and privacy risks. Our method consists of five steps: establish context, analyse dataflow, model privacy and security risk, develop risk assessment algorithm based on risk model, and execute risk assessment algorithm. Our tool supports this method in the first and the last step and facilitates dynamic risk assessment based on input provided by the user or collected from the monitoring stage into predefined risk models. The output of the tool is a risk assessment which the end users, e.g. developers, can use as decision support to prioritize certain parts of the target under analysis in the next cycle of DevOps. The tool and the method are evaluated in a real-world smart home case. Our initial evaluation indicates that the approach is comprehensible for our intended users, supports the planning stage in terms of security and privacy risk assessment, and feasible for use in the DevOps practice.
ICISSP_2020_1153.pdf (2.27 MB)CYBERWISER.eu Open Pilot Scheme Launches
The CYBERWISER.eu Open Pilot Scheme was launched at a workshop in Pisa early in November 2019 and more than ten organisations from around Europe have signed up for free staff training.
CYBERWISER_Press_Release_20192211.pdf (153.41 KB)The CYBERWISER.eu Cyber Range Platform and Training Environment – where IT specialists become highly-skilled, multi-disciplined cyber security professionals
The world is more digitally connected than ever. Technology is changing and improving our lives. But we face new challenges. Cybercrime is a major obstacle in our path to a networked society with huge costs to the economy and society.
Studies on cyber risk costs point to increasing impacts to all kinds of organisations, especially where gains for hackers are high, not just in terms of financial gains but also intellectual property and sensitive data. Kaspersky[1] has shown that the monetary impact of cyber breaches can increase by as much as a factor of five when left undetected for seven days, compared to the cost of being detected instantly.
CYBERWISER.eu will help reduce cyber risks and their negative impacts, while building cyber capacity and boosting career opportunities in a digital economy where the demand for highly-qualified professionals in risk assessment and cyber-attack response is continuously growing in the light of the existing cyber threat landscape.
CYBERWISER_Press_Release_20181108.pdf (924.69 KB)CyberWISER Essential & CyberWISER Plus PR - FR
Internet et les services numériques jouent un rôle croissant dans nos offres et ont un impact croissant sur notre vie quotidienne. Cependant, les services numériques et le cyberespace évoluent, tout comme les risques informations auxquelles les organisations sont exposées.
Toutes les entreprises sont à risque, qu’elles soient une société du Fortune 500, une entreprise familiale, une entreprise de services publics ou une start-up. Pourtant, 80 % des entreprises dans le monde entier reconnaissent qu’elles sont insuffisamment préparées pour contrer les cyberattaques. Sans une bonne gestion des risques, elles s’exposent à des impact économique direct, à l'interruption d’activité et la perte de données clients ou sensibles, mais également à des effets indirects tels que des impacts négatifs sur la marque et une la capacité réduite de conquérir de nouveaux clients.
Press Release_Launch of CWE and CWP_FR.pdf (627.74 KB)CyberWISER Essential & CyberWISER Plus PR - NL
Het internet en digitale informatiediensten spelen steeds een belangrijkere rol in onze business portfolio’s, de impact ervan op ons dagelijks leven groeit zienderogen. Helaas groeien samen met de digitale informatiediensten en de evolutie van de cyberspace, ook de risico’s waar uw organisatie zich aan blootstelt.
Alle ondernemingen delen in deze risico’s of het nu gaat om een Fortune 500 company, een familiezaak, een elektriciteitsleverancier of een techno startup. Nochtans erkennen 80% van de bedrijven wereldwijd dat zij onvoldoende voorbereid zijn tegen cyberaanvallen. Zonder afdoend risicomanagement zetten zij enorm veel op het spel.
Press Release_Launch of CWE and CWP_NL.pdf (1020.43 KB)CyberWISER Essential & CyberWISER Plus PR - SL
Internet in digitalne storitve imajo vedno večjo vlogo pri poslovnih dejavnostih in vedno večji vpliv na vsakodnevno življenje. Z večjo vključenostjo v kibernetski prostor pa narašča tudi stopnja izpostavljenosti podjetij kibernetskemu tveganju.
Kibernetskemu tveganju so izpostavljena vsa podjetja, ki ponujajo digitalne storitve ali so kakorkoli drugače vključena v kibernetski prostor – ne glede na to ali gre za manjše družinsko podjetje, podjetje s seznama Fortune 500 ali zagonsko podjetje. 80% podjetij po svetu priznava, da nimajo vzpostavljenih zadostnih obrambnih kibernetskih sposobnosti.
Press Release_Launch of CWE and CWP_SL.pdf (901.11 KB)CyberWISER Essential & CyberWISER Plus PR - NO
Internett og digitale tjenester spiller en stadig viktigere rolle i våre forretningsporteføljer, og har økende påvirkning på vårt dagligliv. Samtidig som at digitale tjenester og cyberspace utvikler seg, øker også cyberrisikoen som organisasjoner eksponeres for.
Alle typer foretak er utsatt for risiko, inkludert store internasjonale selskaper, familiebedrifter, elektrisitetsverk og teknologiske oppstartsbedrifter. Likevel sier hele 80% av selskaper internasjonalt at de ikke har tilstrekkelig evne til å beskytte seg mot cyberangrep. Uten tilstrekkelig risikostyring risikerer vi både direkte økonomiske tap gjennom forretningsavbrudd og tap av kunder eller sensitive data og indirekte skade på merkevare og evne til å vinne nye kunder.
Press Release_Launch of CWE and CWP_NO.pdf (824.87 KB)CyberWISER Essential & CyberWISER Plus PR - ES
Internet y los servicios digitales juegan un papel cada vez más decisivo en el negocio y la actividad diaria de cualquier empresa, y tienen un impacto creciente en nuestro día a día. Sin embargo, conforme los servicios digitales y el ciber espacio evolucionan, igual ocurre con los ciber riesgos a los que las organizaciones están expuestos.
Todos los negocios están en riesgo, independientemente de que se trate de una compañía perteneciente a la lista Fortune 500, un negocio familiar, una start-up tecnológica o una compañía de suministros. Un asombroso 80% de empresas a nivel mundial reconoce no estar suficientemente preparadas para protegerse a sí mismas contra los ciber ataques.
Press Release_Launch of CWE and CWP_ES.pdf (718.2 KB)CyberWISER Essential & CyberWISER Plus PR - IT
Internet e i servizi digitali svolgono un ruolo fondamentale nei processi di business e gestione aziendale. Ma se da una parte l’evoluzione di questi strumenti contribuisce ad accrescere le potenzialità delle aziende, dall’altra le espone sempre più ad elevati rischi informatici.
Come confermano le ultime ricerche in tema di cyber security, tutte le imprese sono a rischio, siano esse grandi imprese, PMI, start-up o micro-aziende a conduzione familiare. Nonostante questo, l’80% di imprese a livello mondiale riconosce di non essere adeguatamente preparato a proteggersi contro gli attacchi informatici, un dato sconcertante.
Press Release_Launch of CWE and CWP_IT.pdf (999.54 KB)CyberWISER Essential & CyberWISER Plus PR - EN
The Internet and digital services play an increasing role in our business portfolios and have a growing impact on our daily lives. However, as digital services and cyberspace evolve, so do the cyber risks that organizations are exposed to.
All businesses are at risk, whether they are a Fortune 500 company, a family-run business, a utility company or a tech start-up. Yet, a staggering 80% of companies worldwide recognise they are insufficiently prepared to protect themselves against cyberattacks. Without proper risk management, they are putting a lot at stake, from direct economic impact such as business interruption and loss of customer or sensitive data to indirect impact such as brand damage and reduced ability to win new customers.
Press Release_Launch of CWE and CWP_EN.pdf (826.58 KB)CyberWiser-Light bookmark
Download the CyberWISER-Light bookmark
Bookmark_Wiser_CWL_October2016.pdf (826.68 KB)WISER Cloudscape Brazil 2016 Position Paper
How WISER project is preparing the ground for cyber security challenges in the Digital Single Market
Authors: Elena González (ATOS), Antonio Álvarez (ATOS), Aljosa Pasic (ATOS)
Focus: The Horizon 2020 WISER project will deliver, in late 2017, a cyber risk management framework that dynamically assesses the cyber risk to which the client ICT infrastructure is exposed. This is done by continuously monitoring the risk associated to the cyber-climate of its ICT operational environment. It encompasses not only the technical side of cyber risk but also incorporates the business side, including socio-economic impact assessment. WISER builds on current state of the art methodologies and tools, leveraging best practices from multiple industries.
WISER_Cloudscape Brazil 2016.pdf (343.27 KB)CyberWISER Light PR - ES
CyberWISER Light Press Release - Spanish language
CyberWISER Light es un nuevo servicio que se presta de forma gratuita y está pensado para ayudar a las empresas a hacerse fuertes frente a los crecientes ciber-riesgos, dentro y fuera de la compañía. CyberWISER Light facilita el acceso a una gestión del ciber-riesgo efectiva, muy orientada a PYMES que no tienen ni los recursos económicos ni humanos para abordar con garantías el reto de la ciber-seguridad.
CyberWISER Light_PR_SPA.pdf (328.65 KB)CyberWISER Light PR - SLO
CyberWISER Light Press Release - Slovenian language
CyberWISER Light je nova brezplačna storitev za učinkovito upravljanje s tveganji v kibernetskem prostoru, ki znižuje vstopne ovire za prevzemanje uspešnih praks, zlasti za mala in srednje velika podjetja, ki ne razpolagajo s sredstvi ali strokovnjaki s področja varnosti v IKT.
Cyber Wiser Light_PR_SLO.pdf (610.95 KB)CyberWISER Light PR - FRA
CyberWISER Light Press Release French language
CyberWISER Light met la gestion du cyber risque au cœur du process de l’entreprise. C’est un outil simple d’utilisation avec des fonctionnalités avancées qui améliore leur résistance aux menaces. Les PME comme les grandes entreprises peuvent avoir une vue générale de haut niveau de leur exposition aux cyber-risques avec un investissement à minima en temps et en ressources.
CyberWISER Light PR - ITA
CyberWISER Light Press Release Italian language
CyberWISER Light nasce specificatamente per aiutare le piccole e medie imprese europee a colmare il divario tra pericolosità degli attacchi cibernetici e risorse disponibili per la protezione da questi. CyberWISER Light è uno strumento semplice, veloce e gratuito, sviluppato per garantire un’efficace gestione dei rischi soprattutto per le PMI che non hanno tempo, denaro o personale IT esperto da dedicare a questa pratica, diventata ormai necessaria.
CyberWISER Light_PR_ITA.pdf (528.28 KB)CyberWISER Light PR - ENG
CyberWISER Light Press Release English language
CyberWISER Light is a free, new service to build resilience against growing cyber risks, within and outside the company. CyberWISER Light significantly lowers the entry barrier to effective risk management especially for the many small firms that don’t have time, money or IT savvy staff.
Cyber Wiser Light_PR_EN.pdf (509.64 KB)WISER Position Paper at Cloudscape 2016
How WISER is paving the ground for cyber security challenges in the DSM - WISER Position Paper at Cloudscape 2016
Authors: Elena González (ATOS), Antonio Álvarez (ATOS), Aljosa Pasic (ATOS)
Cloudscape2016_position paper_WISER.pdf (420.93 KB)
Aon in new European Commission Horizon 2020 initiative to tackle cyber risk
Aon Risk Solutions, the global risk management business of Aon plc (NYSE: AON), announces it is now part of a new initiative to tackle cyber risk funded under the European Commission’s Horizon 2020 programme.
EU WISER Aon release FINAL_24.06.15.pdf (124.84 KB)1st Press Release on Launch of WISER: New Horizon 2020 initiative to help organisations get WISER about cyber security risks
WISER is a new European initiative that puts cyber-risk management at the very heart of good business practice, benefitting multiple industries in particular critical infrastructure and process owners, and ICT-intensive SMEs. Kicking off in June 2015, by 2017 WISER will provide a cyber-risk management framework able to assess, monitor and mitigate the risks in real time.