The STOP-IT project has released a number of research results, including tools, technologies, best practice guidelines, reports, materials, and an integrated STOP-IT platform with modular components. You find most of our downloads here or when you click on the boxes below.
Here are some of our Key Exploitable Results
Key Exploitable Results are results of the project that can be a) exploited or used in further research activities, b) used to develop, create and market a product or process, or c) used to create and provide a service or standardisation activity.
An Access Control System based on the use of Electronic Locks (Smart Locks) and a mobile App, directly connected to the SCADA systems.
| Description of the solution | As a protection measure against physical threats, STOP-IT partners Mekorot and Aplicatzia developed Meklock, a smart lock system that is useful for any company that maintains and operates facilities with multiple buildings, entrances and cabinets with large quantities of expensive equipment, vulnerable to break-ins and sabotage. |
| Challenges addressed | With the help of the system it is possible to track entry of authorized users or enable or disable remote privileges for opening and locking doors. It does not require the implementation of wired or wireless infrastructure and therefore reduces maintenance costs. It increases the safety, is user friendly and flexible, offers navigation to facilities and works with a standalone system, among other things. |
| Innovation | Meklock is an innovative access-control mobile app with a sophisticated management system that interacts with electronic locks. |
| Download or further information | A Youtube video about the Meklock system. |
| Contact | Saar Afuta (Aplicatzia): saar@aplicatzia.com |
The Cross Layer Security Information and Event Management (XL-SIEM) detects incidents, correlates events received from different monitoring probes and generates the corresponding alerts when incidents are detected.
| Description of the solution | This tool receives cybersecurity events coming from different sources (e.g., Firewall, IDS, honeypot) to generate correlated alarms that indicate the risk level, and detailed information about the event (description, IP source and destination, Port source and destination, Protocols). The tool can generate tickets for further investigation. |
| Challenges addressed | 1. Correlation of cyber and physical events originated in Water critical infrastructures. 2. Detection of attacks against water critical infrastructures in real time. |
| Innovation | Main innovations of this technology are in the context of (i) scalability, events processed in parallel across a cluster of nodes; (ii) resilience, fault-tolerant and automatic reassignment of task; and (iii) expressiveness, capacity to define rich correlation rules from different perspectives. |
| Download or further information | – |
| Contact | Gustavo Gonzalez (Atos): gustavo.gonzalez@atos.net Rodrigo Diaz (Atos): rodrigo.diaz@atos.net |
XL-SIEM High Level Architecture
The Public Warning System (PWNS) detects incidents and informs users and citizens by sending information and instructions to follow.
| Description of the solution | The Public Warning Notification System (PWNS) has two main functionalities: detect and report incidents, and inform users and citizens. It is a key element in the solution developed by the project as it activates the first phase of the system that is triggering an alert that, in turn, will ultimately put in place the corresponding response plan. |
| Challenges addressed | Water agencies, regulators, municipalities and environmental agencies can benefit from this Public Warning Notification System. The tool is also useful for any industrial operator who needs to monitor processes and can integrate data sources or deploy sensors to capture data variables. Such data can be processed to generate alerts when specific conditions, like threshold limits, absolute/relative variations or other rules upon request from the operator, are met. Response plans and lists of action to be taken when a specific situation is presented can be defined individually to enable the operator to implement the appropriate actions. |
| Innovation | The PWNS processes data, alerts and detected incidents from external sources and reports them to the STOP-IT core platform. At this initial stage, in most cases, the incident has to be validated by a human operator. Once this is done, the anomaly is notified to the system that, by cross-checking with other incident-related data from different sources, can identify the risk situation. This assessment will be sent to the visualisation interface for water utilities. The visualisation interface starts a response plan with actions to be executed when specific situations arise. These actions are based on different parameters set by water operators and can include both corrective and mitigation measures. The system also sends the information and instructions to follow to the users and citizens using the most appropriate channels, i.e. email, SMS, mobile app notifications, etc. |
| Download or further information | Find more about the Public Warning Notification System here. |
| Contact | Ignasi Garcia-Milà (Worldsensing): igarciamila@worldsensing.com Maite Garcia (Worldsensing): mgarcia@worldsensing.com |
Network Traffic Sensors and Analysers (NTSA) to monitor network traffic and logs to accurately detect anomalies that might represent attacks to an infrastructure.
| Description of the solution | The Network Traffic Sensors and Analysers (NTSA) uses ML algorithms to build a model of the regular behaviour associated to a water critical infrastructure, based on NetFlow data. The model is used to detect abnormal network traffic behaviour in real time. |
| Challenges addressed | 1. Real-time detection 2. Development of a model representing the regular behaviour of a water critical infrastructure |
| Innovation | The main innovation of this technology covers the real-time detection of abnormal behaviour of the network traffic in a SCADA infrastructure. |
| Download or further information | Publication: LADS: A Live Anomaly Detection System based on Machine LearningMethods |
| Contact | Gustavo Gonzalez (Atos): gustavo.gonzalez@atos.net Rodrigo Diaz (Atos): rodrigo.diaz@atos.net |
NTSA Architecture
The Jamming Detection Sensor (JDet) detects anomalies on the physical layer and informs when there is an attack going on.
| Description of the solution | The Jammer detector solution performs detection of physical disturbances of wireless communications to ensure that they are not compromised by Denial of Service (DoS). |
| Challenges addressed | Real-time detection of jamming attacks in wireless communication to improve securitisation at physical level. |
| Innovation | Supports the identification of jammer attacks which block wireless communications. Wireless communication systems do not detect this kind of attack and only identify as non-availability or interference in the communication channel. Current wireless communication systems do not detect jamming attacks, only identifying non-availability or interference in the communication channel. Our jammer detector supports the actual identification of jammer attacks and sends alerts that facilitate taking timely corrective action. |
| Download or further information | – |
| Contact | Ignasi Garcia-Milà (Worldsensing): igarciamila@worldsensing.com Maite Garcia (Worldsensing): mgarcia@worldsensing.com |
Network view for Jamming attack sensors
Example of an installed sensor (not fixed to a wall but using a tripod, which is another option)
Jammer detector capable of blocking signals at 2.4GHz band
The Reasoning Engine (REN) generates alerts and proposes countermeasure actions to mitigate the negative effects based on utility-defined rules.
| Description of the solution | The solution processes real-time information, generates alerts and proposes mitigation actions when specific conditions (defined by the user) are met. At a strategic level, it assesses the risk exposure of a water utility with the creation and calculation of Fault Trees. |
| Challenges addressed | The decision making process in water utilities is supported with real-time alerting and mitigation proposition and also by assisting tactical and strategic decisions and planning. |
| Innovation | Processing, configurable per water utility, involves cyber and physical events as the solution integrates with the rest of the tools in the STOP-IT platform. |
| Download or further information | You will find related information here. |
| Contact | Theodora Karali (Risa): d.karali@risa.eu Stephanos Camarinopoulos (Risa): s.camarinopoulos@risa.eu |
Configuration of a processing rule
Fault tree editing
The Risk Reduction Measures Database (RRMD) is a collection of mitigation measures for the minimization of risks to the water critical infrastructure.
| Description of the solution | The Risk Reduction Measures Database (RRMD) is a collection of mitigation measures that can serve to establish a strategy for the minimization of the effect of materialization of risks inside the water critical infrastructure. It is related to the identified risks of the Risk Identification Data Base (RIDB). |
| Challenges addressed | – Development of the structure of the RRMD – Collection and categorization of possible risk reduction measures – Development of a methode and an algorithm for the automatic link between the identified risks and possible risk reduction measures. |
| Innovation | Suitable risk reduction measures are automatically identified for a selected risk. |
| Download or further information | Download the RRMD here. |
| Contact | Hans-Joachim Mälzer (IWW): a.maelzer@iww-online.de Aitor Corchero (Eurecat): aitor.corchero@eurecat.org |
The Fine-grain Cyber Access Control (FCAC) employs user specified policies to determine who can access which resources and for what purpose.
| Description of the solution | Fine-grain Cyber Access Control (FCAC) employs user specified policies to determine who can access which resources and for what purpose. This tool evaluates authorization request for users of the STOP-IT platform and provides rules to be implemented by cyber and/or physical security devices. |
| Challenges addressed | 1. Correlation of Cyber and Physical access violations. 2. Real time detection of access control violations in a water critical infrastructures. |
| Innovation | Main innovations of this technology are in the context of scalability, simplification of the device/user management, multi-stakeholder (able to deal concurrently with different access policies), support of authorization delegation and rights revocation. |
| Download or further information | – |
| Contact | Gustavo Gonzalez (Atos): gustavo.gonzalez@atos.net Rodrigo Diaz (Atos): rodrigo.diaz@atos.net |
Fine-grained Cyber Access Control (FCAC) Architecture
The Human Presence Detector (HPD) detects human presence in a room/area, using WiFi commercial devices and channel state information (CSI).
| Description of the solution | The Human Presence Detector using WiFi signals (HPD) is a movement detector which can detect the movement of a person in a delimited area just by using the signals generated by at least one commercial WiFi device. |
| Challenges addressed | Development of a cheap system, not intrusive with privacy, that works in the absence of light and goes through walls. |
| Innovation | The use of WiFi signals generated by commercial WiFi devices to detect the movement of a person. |
| Download or further information | Zenodo, Youtube and the toolbox for protection against physical threats. |
| Contact | Juan Caubet (Eurecat): juan.caubet@eurecat.org Mario Reyes (Eurecat): (mario.reyes@eurecat.org |
Human Presence Detector installed in a small office area
The Real-Time Anomaly Detector (RTAD) for cyber-physical infrastructures.
| Description of the solution | Real time anomaly detection for cyber-physical infrastructures based on the use of machine learning algorithms. It provides an additional layer of security by detecting complex and combined potential threats and attacks. The tool is composed of three main components: a security Big Data platform, machine learning algorithms, and signature-based rules. |
| Challenges addressed | The detection of unknown, complex, and combined threats and attacks in a critical water infrastructure. |
| Innovation | The differentiation factor with other tools in the market that use machine learning algorithms to detect unknown anomalies (complex and combined threats and attacks) is the ability and flexibility to integrate different sources of information, both cyber and physical, which increases the efficiency and performance of the solution. |
| Download or further information | STOP-IT tool explained on Youtube: The Real Time Anomaly Detector |
| Contact | Juan Caubet (Eurecat): juan.caubet@eurecat.org Mario Reyes (Eurecat): mario.reyes@eurecat.org |
The Real Time Anomaly Detector
Fault Tree Editor (FTE)
| Description of the solution | More to come |
| Challenges addressed | More to come |
| Innovation | More to come |
| Download or further information | More to come |
| Contact | More to come |
InfraRisk (CP)
| Description of the solution | More to come |
| Challenges addressed | More to come |
| Innovation | More to come |
| Download or further information | More to come |
| Contact | More to come |
The STOP-IT platform.
| Description of the solution | The STOP-IT platform is the combination of all STOP-IT solutions in an integral, scalable and modular solution. |
| Challenges addressed | STOP-IT solutions through their combination will help water utilities operators identify and detect risks, enhance their analysis capabilities as well as their preparedness and response. |
| Innovation | The STOP-IT platform introduces a novel integrated approach for the security of water critical infrastructures that combines cyber and physical protection modules in an overarching solution. |
| Download or further information | – |
| Contact | Project coordinator Rita Ugarelli (Sintef): Rita.Ugarelli@sintef.no |
STOP-IT Modular components and Dataflow
