The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security interdependencies between their providers, which are challenging to address due to the fragmentation of cybersecurity operations. This requires each provider to improve the security posture of its suppliers. However, existing practice, largely based on human interaction for disclosing vulnerabilities, reporting alerts, and suggesting remediations, demonstrates to be largely ineffective and risky. The MIRANDA project aims at operationalising awareness and remediation controls for service supply chains, by addressing feasibility, acceptance, and compliance issues. To this purpose, MIRANDA develops a Cybersecurity Digital Twin (CDT) to model and capture the security posture of such interconnected systems, which is used to detect, hunt, and remediate threats and attacks. The CDT will feature: i) functional and topological representation of digital services; ii) bidirectional control/monitoring data flow with real systems; iii) modelling and behavioural prediction of individual components and whole systems; iv) opaque representation of suppliers’ assets based on confidentiality and privacy requirements. The framework also encompasses the necessary security controls to safely exchange data and controls between providers. On top of the CDT abstraction, MIRANDA builds adaptive and automated processes for threat hunting, detection of lateral movements, and eradication of the root causes of attacks. Validation of individual components and the overall MIRANDA platform will be conducted in three relevant Use Cases, covering different platforms for Smart City services. The purpose will be to demonstrate the adaptability to the evolving context and the effectiveness to stop latest-generation cyber kill-chains and lateral movements across digital chains. The Project will also consider the new business and operational models that are required to run the platform.

Evolving business models are progressively reshaping the scope and structure of ICT services, with massive introduction of virtualization paradigms and tight integration with the physical environment. Several market forces are already driving towards the creation of multi-domain and complex business service chains, which undoubtedly bring more agility in service deployment and operation but introduce additional security and privacy concerns that have not been addressed in a satisfactory way yet. Tackling conflicting trends in the cybersecurity market, like fragmentation or vendor lock-ins, GUARD will develop an open and extensible platform for advanced assurance and protection of trustworthy and reliable business chains spanning multiple administrative domains and heterogeneous infrastructures. The purpose of GUARD is manifold: i) to increase the information base for analysis and detection, while preserving privacy, ii) to improve the detection capability by data correlation between domains and sources, iii) to verify reliability and dependability by formal methods that take into account configuration and trust properties of the whole chain, and iv) to increase awareness by better propagation of knowledge to the humans in the loop. The distinctive approach of GUARD will be the architectural separation between analysis and data sources, mediated by proper abstraction; this paradigm will result in an open, modular, pluggable, extendable, and scalable security framework. This holistic solution will blend security-by-design with enhanced inspection and detection techniques, raising situational awareness at different levels of the companies’ structure by tailored informative contents, so to enable quick and effective reaction to cyber-threats. Demonstration and validation in two challenging scenarios is envisioned to bring the technology to an acceptable level of maturity, as well as direct involvement of relevant stakeholders for concrete business planning.