D3.2 Preliminary Pilot II Integration Hospital Operational Technology Management System Use Case

Summary:

WP3 deals with the adaptation of the CIPSEC security framework into the pilots proposed in the project. In particular, it deals with the adaptation of the reference architecture defined in Task 2.1 within WP2 WP3 aims at defining three robust and specific solutions with capabilities to improve the resilience of the respective critical infrastructures. The outcomes of WP3 are to be tested in the context of WP4 in a clear interplay between the two WPs.

This deliverable reports the work done in the Spanish environmental pilot, in the context of Task 3.2, from the beginning of the task (M10, February 2017) to the release of the document (M18, October 2017).

To produce the report, a methodology has been created with a sequence of steps being followed. This workflow is replicated in the document structure:

  1. Understanding the pilot. The documentation generated in the context of WP1 and reflected in D1.2 is revisited and the most important aspects of the pilot are highlighted (see section 2.1).
  2. A list of security features is accurately defined. Then, for each security feature, the product owners describe how their tools can provide each security feature (provided that the tools can do so). This is done in section 2.2.
  3. Then the pilot owners choose the security feature they want to have for each pilot device / resource, justifying their choice (see section 2.2).
  4. Once the pilots have made their wish-list, and the product providers have analysed how their products can provide the security features, the table in section 2.3) is automatically generated.
  5. All the product owners with prospective participation in the pilot will reflect in section 2.3, within the specific subsections, if their products need some kind of change/modification/configuration required for its integration within the pilot, justifying them appropriately.
  6. With the analysis of the coverage of security features by the products, the pilot owner can choose the products to be used to secure the critical infrastructure in question (see section 2.4).
  7. An introduction to the actual Health pilot and a description of the preliminary efforts carried out to integrate the CIPSEC Platform in Pilot II (section 3.1) is done.
  8. Subsequently, the providers specify the hardware and software requirements each product presents (see section 3.2).
  9. Then the pilot analyses the feasibility of using the products on the infrastructure in question, according to the specs obtained in the previous step (see section 3.3). If some product presents specs stronger than what the pilot can support, the product will be ruled out and an alternative will have to be searched if this implies that some security feature is left uncovered.
  10. Then the pilot proceeds to adapt their infrastructure to accommodate the solutions. This includes OS updates and, if necessary, the re-definition of the virtual test environment for testing purposes.
  11. Subsequently the pilot produces the final detailed definition of the infrastructure map with all the associated technical details (see section 3.4).
  12. Then both pilot and providers work together to determine how and where the different selected products are going to be deployed within the pilot infrastructure (see section 3.5).
  13. Finally, it is documented the relationship between the final deployment and the reference architecture, and the role of the CIPSEC services in the pilot is addressed (see section 3.6).