Critical infrastructures (CI) rely on complex safety- and security-critical ICT systems placed into unpredictable environments and forced to cope with unexpected events and threats while exhibiting safe adaptive behavior. Recent security trends stress continuous adaptation to increase attacker work factor and to confound reverse-engineering. Critical CI systems must undergo extensive and costly scrutiny under diverse certification regimes. Improved, effective and affordable development and certification methods are essential. CITADEL will provide innovative platform technology, methodology and tools for development, deployment, and certification of adaptive MILS systems for CI, to be demonstrated in three industrial CI use cases. The solution enables robust and resilient CI through monitoring and adaptive self-healing mechanisms that respond to natural and malicious occurrences by intelligently reconfiguring hosts, functions, and networks, while maintaining essential functions and defences. CITADEL is based on MILS, an approach featuring modular construction and compositional assurance, reducing the time and cost for development, certification, and maintenance of dependable systems. The MILS platform, based on a separation kernel, manages physical resources while establishing and enforcing a verified application architecture. Leveraging advances from the D-MILS and EURO-MILS projects, CITADEL will extend the MILS approach by adding dynamic reconfiguration to the MILS platform, and Monitoring and Adaptation Systems enabling resilience to adversity while preserving vital system properties. CITADEL supports certification of Adaptive MILS systems by analyzing configuration change mechanisms, adaptation system, configuration properties, and configuration change policies with automated verification tools, and by providing an innovative runtime evidence management agent to automatically generate up-to-date certification assurance artifacts as the system adapts.

Cyber threats are the most significant and growing risk for public administrations (PA). However, technological, organisational and structural issues hamper the ability, especially for local PAs (LPAs) to improve their cyber security level. Budget constraints and evolving legal, ethical, societal and privacy regulations render the situation even more complex. COMPACT’s goal is to empower local LPAs to become the main actors of their cyber-resilience improvement process. COMPACT’s objectives are to 1) increase awareness, skills and protection; 2) foster information exchange between European LPAs; 3) link LPAs to major EU initiatives, including the newly created cyber-security private-public partnership. COMPACT innovates at technological level and at process level – an important dimension in engaging LPA employees in the improvement of cyber-resilience. At technological level, COMPACT innovates in real time security monitoring, security awareness training, information sharing, cyber-security gamification, risk assessment, and threat intelligence. At process level, COMPACT adapts the Plan-Do-Check-Act cycle for LPAs to do iterative removal of security bottlenecks and achieve compliance to EN ISO/IEC 27001 and BS ISO/IEC 27005. COMPACT delivers an integrated platform with 4 types of tools/services – 1) risk assessment, 2) education, 3) monitoring, and 4) knowledge sharing – characterized by a high degree of usability by non IT experts and automation. It protects LPAs’ investments by interoperating with market solutions from major vendors. It eases deployment and adoption by being both cloud-enabled (i.e. it addresses cloud specific issues) and cloud-ready (i.e. it can be deployed – if users wish– on the cloud). COMPACT validates its results through 5 challenging use cases provided by 5 users in 4 European countries. 90% of COMPACT solutions will achieve TRL7 and the residual part TRL6.