As the result of five years of collaboration with nine industrial and academic partners, CHESS is a platform dedicated to the development, evaluation and integration of cyber security solutions for hyper connected computer and cyber-physical systems.
The Institute and its partners (CEA, Télécom SudParis/Institut Mines-Telecom, Airbus, Airbus Defence & Space, Berlin IT, Engie, Gemalto, Prove&Run, Thales) have developed, in collaboration with ANSSI, a “secure and trusted” envrionment dedicated to the integration, evaluation and reinforcement of the cyberse-curity of the systems of the future (connected vehicles, industrial IoTs, smart grids, etc.), during advanced scenarios. Named CHESS2, this platform offers a complete hardware and software environment for analysing the future systems, identifying security flaws, modelling and simulating attacks and testing protection strategies and innovative defence technologies (moving target defence, segmentation, isolation, authentification, homomorphic encryption, etc).
Certified by the CoFIS, it also offers a rich catalogue of cyber attacks on IT (Infomation Technology) and OT (Operational Technology) networks, as well as an environment dedicated to cyber awareness and training. The CHESS platform is also the venue for the ANSSI’s national selection to represent France in the European Cyber Security Challenge, organised each year by the European Cybersecurity Agency (ENISA). The platform is also made available to companies as part of their mission to raise awareness and train their employees in cyber risks.
CHESS aims at becoming a French reference platform in industrial cybersecurity. Constantly enriched by new building blocks, which may take the form of software, attack scenarios, life generators or detection tools, and fed by SystemX projects, the platform aims at build-ing a range of services dedicated to cybersecurity and open to all in order to encourage the sharing of expertise and knowledge between industrialists and academics.
CHESS is one of the few platforms, at national and European level, entirely dedicated to cybersecurity, which is secure, trustworthy, comprehensive, neutral and open to all. It offers a wide range of hardware and software capabilities, together with a range of security services based on cutting-edge human expertise, manufacturers wishing to assess the vulnerabilities of their systems, their protection strategies and/or their innovative solutions to test it.
Reda Yaich, Digital Security and Networks Team Leader, IRT SystemX
Interview
Patrick HEBRARD
Cyber Research and Innovation manager,
Noval Group
Why and how does Naval Group position itself in the field of industrial infrastructure security?
Industrial infrastructures are an integral part of the areas concerned by cybersecurity for Naval Group. It is at the very heart of our strategy: we integrate cybersecurity into the entire life cycle of the ship, from design to maintenance, and this includes the entire ecosystem, of which industrial infrastructures and the supply chain are part. Naval Group also ensures the security of its own infrastructures and information systems, at its sites in France and abroad.
What are the prospects for the use of the CHESS platform by Naval Group?
We discovered CHESS as part of the Secure Future Port and Ship of the Future (PFS) project, which we are carrying out with SystemX and which deals with cybersecurity in the maritime domain. It opens up a new playground for the CHESS platform, which already feeds on various use cases in the fields of smart grids, smart cars or Industry 4.0 – subjects on which we are also working with SystemX through the H2020 SeCoIIA (Secure Cooperative Intelligent Industrial Assets) project.
Naval Group has invested heavily in cybersecurity in recent years. We are now bringing all our expertise. and experience for the benefit of the PFS project. The collaboration will accelerate our cyber innovations on both sides and in particular around CHESS. The project is only just starting and we will study the functionalities that can be possibly reused (catalogue of attacks, knowledge about security probes, etc.). Several other partners have joined the project to develop new use cases, in the SystemX premises in Saclay. This will be an opportunity for us to enrich each other with all our know-how and to capitalise on our different platforms.
Focus
As part of the work on the CHESS platform, a thesis on “Simulation of activity and attacks: application to cyber defence” (Pierre-Marie Bajan – IRT SystemX, Télécom SudParis) was devoted to the development of a new networked simulation method to create an environment for evaluating security products and services. This thesis was awarded a “Best Paper Award” at the 2018 edition of the ICIMP conference (International Conference on Information Communication and Processing).
Focus
Ground-breaking field survey by the IRT SystemX among French SMEs and VSEs that were cyber-attacks’ victims
For almost three years, SystemX surveyed around 60 companies, mainly French VSEs and SMEs, which were victims of successful cyber attacks. Objective: The objectives were to quantify the real impact of cyber-attacks in France, to develop models for calculating the costs as well as a company’s exposure to risk. From this unpublished study, particularly interesting figures emerge which shatter two commonly accepted beliefs: the number of successful cyber attacks, of the order of 2 to 5%, proves to be much higher than the estimates made public, while the average cost of cyber attacks proves to be much lower than assumed and is evaluated in thousands of euros. This study has made it possible to make small French structures widely aware of the cyberrisks and basic measures to be implemented. A study was also conducted with insurers to better control cyber risk throughout the value chain and its transfer to the insurance industry.