The FINSEC Approach: Information modelling
Information Modelling for Integrated (Cyber/Physical) Security Systems
The H2020 FINSEC project is developing a unified approach to implementing security in the financial services industry, which is based on the integrated management of both cyber and physical security threats. This unified approach is motivated by the need to reduce the fragmentation of the security teams in financial organizations, while at the same time streamlining their activities and gaining extra efficiencies from possible correlations between cyber security and physical security incidents.
The development of an integrated approach that unifies physical and cyber security hinges on an integrated handling of information for both cyber and physical assets, including the interrelationships between them. To this end, two different approaches to managing can be envisaged:
Linking Security Information within Existing Repositories – Interoperability Registry Approach
This approach involves the development of a new (meta) data model, which should aim at link security information contained in other security repositories including cyber and physical security information. The gist of this (meta) model will be to provide associations of cyber and physical assets and cyber & physical security incidents on the basis of their location, their business/security context or even their temporal relationships (e.g., attacks happening within the same time window). This linking would accordingly enable “integrated” security intelligence through analytics systems that reason over interrelated or correlated assets. From an implementation perspective, this linking can be implemented based on an interoperability registry, which shall provide the linking of different schemas from different security information repositories. The main advantage of this approach is that organizations can dispose their existing information models such as the Common Security Model (CSEC) of the Physical Security Interoperability Alliance (PSIA) for physical security information modelling and OASIS Structured Language for Cyber Threat Intelligence Information (STIX) for cyber security information modelling, while combining them in a value-added approach. Moreover, this approach is extensible, as new information repositories and schemas can be linked through the meta model and the interoperability registry. On the other hand, the downside of the approach is that there is only loose connection between the different entities, which may limit the power of analytics, while at the same providing limited data management opportunities as the data reside essentially in their original repositories.
Development of a new security model for Integrated Security – Tightly Coupled Approach
Alternatively, a new data model (e.g., schema) integrated physical and cyber security information could be developed. Such as model would comprise information about cyber assets and cyber security incidents, physical assets and related security incidents and more. Information on existing repositories would then have to be transformed to the new schema, in order to allow for the instantiation of a repository of integrated security information and its population with data. This integrated security model could therefore serve as a basis for implementing a security data warehouse and/or a security BigData infrastructure (e.g. a Hadoop/NoSQL infrastructure), that would hold all information that is essential for the FINSEC integrated security applications. This is certainly a tightly coupled approach, as it requires security information repositories and data collection applications to transform their data to a rigorous schema. The advantage of this approach is that it would provide finer control over the security information, along with enforcement of specific types for security information. Nevertheless, the downside of the approach is that it is not very easily expandable with new information, as this requires extensions to the central/integrated scheme and to the middleware functions that are performing the transformations from the existing repositories to the integrated data warehouse or BigData datastores.
In the scope of our H2020 FINSEC project is thoroughly evaluating the pros and cons of these two approach against common functional and non-functional requirements for security systems in the financial sector. We will reflect our final choice in the FINSEC platform architecture, which is planned to be released during the first weeks of 2019.
Published October 18, 2018 on Innov-Acts Blog http://innov-acts.com/2018/10/18/information-modelling-for-integrated-cyberphysical-security-systems/