Attacks on Industrial Software supply chains are increasing. The DOSS research project is now developing new defence mechanisms.

The resilience of industrial software and IoT supply chains continues to be fiercely fought over. Continuous digital transformation and ever-changing cyberattack patterns keep CISOs and process owners on their toes. Cutting-edge research is instrumental in staying far enough ahead of adversaries in the cyber battle. A new European research and innovation project named “DOSS” with asvin participation has now been launched. The aim of the DOSS is to set up a digital security passport for supply chain hardware and software elements.

The core topic of the consortium of eleven industrial players and research institutes from six European countries is to develop a machine-readable “Device Security Passport” over the next 36 months, which contains relevant information about the hardware components and their software applications of a system. In addition, an integrated component tester is to be developed for evaluating third-party applications as well as in-house developments. Furthermore, the development of an architecture for modelling cybersecurity threats is on the agenda; this is where asvin plays out its risk analysis competence of complex supply chains.

The researchers expect significant speed advantages for CISOs from the planned security validator. The software should ensure that standards and regulations are adhered to. Last but not least, a set of tools to protect connected products and assets in operations on the researchers roadmap, providing feedback loops to all stakeholders in the supply chain.

The DOSS project with the full name “Secure-by-design IoT operation with supply chain control” has a duration of three years and is funded by the European Commission with five million euros as part of the “Horizon Europa” program. The concept is based on the “Security by Design” paradigm, which includes validation and assurance of product and operational security, as well as all phases of the product life cycle from design, implementation and distribution to operation and end-of-life decommissioning.

The results of the project will be validated in three IoT use cases – industrial (prosumer cell operation), consumer (smart home) and automotive (connected car).

The consortium includes all stakeholders in the IoT ecosystem, including service operators, OEMs, technology providers, developers and security research experts. End users will be involved via a living lab environment. The DOSS project is coordinated by Atos Hungary.
https://dossproject.eu/

About asvin:

Security innovator asvin from Stuttgart addresses a new economic phenomenon with its cyber security solutions: cyber awareness. With powerful technology, asvin creates predictive solutions that analyse and assess the best possible resilience of devices and systems against cyber-attacks. asvin provides risk analysis and software risk management for the supply chain that meets operational and regulatory requirements. For this, asvin uses unique mesh architectures, graph methods and an innovative risk-by-context approach. This enables companies to stay one step ahead of threats, efficiently deploy their resources and optimise their security investments. asvin thus strengthens cyber resilience and protects customer systems throughout their entire lifecycle. https://asvin.io/

Press contact:

Konrad Buck

Mail: k.buck@asvin.io

Key facts about the project:

– Full name: DOSS: SECURE-BY-DESIGN IOT OPERATION WITH SUPPLY CHAIN CONTROL (DOSS = Design and Operation of Secure Supply Chain).

– Contract no.: HE – 101120270

– Start date: 01 September 2023

– Duration: 36 months

– EU contribution: 5 million euros

– Coordinator: Atos Hungary Ltd

Project participants:

France:

Thales SIX GTS France SAS

Red Alert Labs SAS

Germany:

Fraunhofer FOKUS

asvin GmbH

Greece:

Centre for Research and Technology-Hellas

Hungary:

Atos Hungary Ltd.

Budapest University of Technology and Economics

SafePay Systems Ltd.

Poland:

Institute of Theoretical and Applied Informatics, Polish Academy of Sciences

Spain:

Fundacion Tecnalia Research & Innovation

University of Murcia