NEWS

Toward “Cybersecurity blueprints” that address modern security challenges

Date: December 11, 2024

Given the heavily-digitization and numerous and diverse cyber-attacks that occur daily as part of our modern society, cybersecurity is increasingly becoming of paramount importance. Therefore (or especially! – depending on the perspective), even projects that do no not have a cybersecurity focus, such as in the EXTRACT project, should add cybersecurity foundations as early as possible and at all all aspects of project lifetime. It is critical that design, implementation, testing, integration, deployment, operation, and reporting integrate cybersecurity. As Figure 1 illustrates, there are several motivations for committing to cybersecurity in projects.

Information based on: https://sprinto.com/blog/cybersecurity-posture/

At the architecture and design stages of EXTRACT project, Binare participated in architecture and design meetings, and collected high-level technological requirements, needs and goals, including names of specific tools, technologies, frameworks, and programming languages. Collecting requirements and understanding them is an important starting point for outlining cybersecurity requirements and possible approaches to implementing and testing cybersecurity as well as understanding possible threats and attack scenarios at a high-level. Figure 2 highlights the key steps for security in the system development life cycle (SDLC).

Information based on: https://uptti.ac.in/classroom-content/data/cyber%20security%20unit-3.pdf#page=7

Currently, the EXTRACT project is in the development, pre-testing and integration phase. It counts with a combination of open-source supply-chain involved with a number of specifically developed modules for the EXTRACT platform. At this stage, Binare is applying and implementing security approaches, flows and automations into DevOps in order to reach a DevSecOps state. For this purpose, Binare is developing a dedicated “Binare’s Security Toolkit” for “Compute Continuum”, which is a combination of tools and well-documented practices in order to ensure that similar and future Compute Continuum projects start from, or attain in time, a cybersecure posture by default.

Image from: https://www.itsecuritydemand.com/insights/security/best-devsecops-practices-securing-the-agile-pipeline/

Some of the current steps undertaken by Binare to transform EXTRACT’s highly-innovative, yet traditional, DevOps approach into DevOps include:

Static Code Analysis (SCA) for Source Code (also included sometimes into a bigger activity named Static Application Security Testing, or SAST). This activity ensures that many (if not most) potential vulnerabilities are caught as early as possible at the code level and that they are reported, tracked and fixed by the corresponding code owner
Static (Docker) Container Scanning. This activity ensures that any combination of free or open-source (FOSS) software and project-specific code, and its underlying operating system (OS) and any other configuration, do not have any known or detectable security issues (at least at the time of scanning). This makes the overall system in which these containers are deployed and operated more secure and resilient to attacks
Static Kubernetes Cluster Scanning. This activity is similar to the Static (Docker) Container Scanning, but it is focused on scanning the cluster configurations, such as kubeconfig, and cluster deployments configurations, i.e., without actively engaging in dynamic testing on the cluster
Integration of automations into EXTRACT GitLab and GitHub repositories. This activity ensures that the majority of the abovementioned steps are smoothly, seamlessly, and automatically integrated into the code and docker repositories so that most (if not all) security checks are done transparently for the developer so that any issues are detected almost immediately as they enter the bases (code, configuration, documentation) of the project

Binare will continue to pursue new developments and updates on the DevSecOps and Cybersecurity front of the EXTRACT project, such as Penetration Testing (PenTest) and Dynamic Application Security Testing (DAST) and Cryptographic Assessments of the end-to-end scenarios being tested.

Ideally, at the end of EXTRACT, Binare envisions providing a starting point for a “cybersecurity must-have blueprint” for upcoming and future EU projects. Doing so would help to convince EU project officers and reviewers to apply and/or require such “cybersecurity blueprints” in their decision-making. This would show that concrete cybersecurity requirements, steps, tools and technologies as almost indispensable (or better, an absolute must!) within a strong and successful proposal.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.