In a joint project, partners of the SECEF consortium have defined the IDMEF V2 standard for detecting incidents on cyber and physical systems. The partners are CS Novidy’s from CS Group, IMS Network, CyberTest System, and Centrale Supelec. The project received support from the Région Ile de France and the Public Investment Bank of the French State.This new “Incident Detection Message Exchange Format” is an improvement of the IDMEF V1 format (RFC 4765), which CS GROUP has used for over a decade for security event supervision within its SIEM PRELUDE. Initially, it was specialized for detecting cyber intrusions and the new version extends to all incidents.
A new IDMEF V2 format has been submitted to the international standardization organization IETF (Internet Engineering Task Force) where the main Internet standards are defined (HTTP, SMTP, FTP, etc.). The SECEF consortium has opened a site www.idmefv2.org,to collect external contributions for possible enrichment.
Thanks to the European H2020 7SHIELD research project (Grant Agreement n. 883284) for the protection of critical infrastructures such as the European ground segments (7shield.eu), the SECEF and 7SHIELD projects were able to jointly enrich the IDMEF V2 format. CS Novidy’s, then partner of the 7SHIELD project and Leader of the SECEF project, brought its IDMEF experience to the 7SHIELD project and reciprocally enabled the IDMEF V2 format of the SECEF project to benefit from the experimental feedback carried out on a large scale on the five pilots European countries (Belgium, Finland, Greece, Italy, Spain) of the 7SHIELD project.
Gabriele Giunta, ENGINEERING ING. INF. SPA (Italy), project coordinator and expert in security of critical infrastructure confirms that “The use of IDMEF in a specific UAF format to 7SHIELD was essential for our experiments. About thirty technical modules of our system architecture are able to communicate with each other thanks to this format, in a very effective and seamless way. We are looking forward to supporting a future standardization.”
About Central Supelec
Centrale Supélec, a Public Institution of a scientific, cultural and professional nature, was created by the merging of Ecole Centrale Paris and Supélec in January 2015. Since 2009, the two Schools have steadily strengthened their partnership and collaboration in order to cover all their activities (initial training, research and further training) and to assert their shared values of excellence, innovation, entrepreneurship, international openness and leadership. Today, CentraleSupélec consists of 4 campuses in France. It has 4,700 students, 3,500 being engineering students, and includes 16 laboratories or research teams. As an international School, CentraleSupélec has offices in China, India and Morocco. CentraleSupélec is a reference centre in the field of engineering sciences and systems and a leading School in higher education and research, ranked among the best institutions in the world. CentraleSupélec is a founding member of Paris-Saclay University and chairs Ecole Centrale Group.
About IMS Networks (Custocy)
Custocy develops innovative NDR technology by integrating artificial intelligence bricks developed internally, by its teams made up of 30% doctors and doctoral students. In partnership with LAAS CNRS.
About CS GROUP-CS NOVIDY’S
Designer, integrator and operator of critical systems, CS GROUP operates in the demanding markets of defense and security, space, aeronautics, energy and cybersecurity. With 2,700 employees in Europe and North America, who combine a high level of technical and business expertise, CS GROUP is the trusted partner of its customers for the digitization of their operational systems guaranteeing the conduct and safety of their assignments.
About CTS
Cyber Test Systems is a cyber security company privately funded with an HQ in France for EMEA and in Singapore for APAC HQ. Cyber Test Systems provides to government agency, ministry of defence and large enterprise cyber solutions, cyber products and cyber services. Our offering is : Cyber Solutions Hybrid Cyber Range CTS-HCR covering Cyber Training Environment CTE, Cyber Test Lab CTL and Cyber Research Lab CRL; Cyber Products hardware and software as Network Traffic Generator CTS-NTG, Penetration Testing Platform CTS-PTP, Replicator of Real Human Activity CTS-RRHA and Cyber Services focus in cyber training and cyber tests.