CUSTODES

A Certification approach for dynamic, agile and reUSable assessmenT fOr composite systems of ICTproDucts, servicEs, and processeS

Started at: 01-10-2023
Ends on: 30-09-2026

Budget: € 6 382 922.50

Areas: Internet of Things (IoT)

Description:

Cybersecurity certification as introduced by the EU Cybersecurity Act (EUCSA) will play a crucial role in increasing the trust to and security of ICT Products, ICT Services and ICT Processes. Cybersecurity certification is a complex process, posing a variety of challenges to the different interested parties. The envisioned CUSTODES system is comprised of a variety of components with the aim to provide trustworthy, cost-effective, agile and portable conformity assessment capabilities to a variety of interested parties, covering multiple Assurance levels of Composite ICT products or ICT services.

The CUSTODES system will discover and translate certification information of the Building Blocks of the composite ICT products or Services under evaluation, will provide Certification information to the interested parties and will share information on newly identified vulnerabilities related to the specific blocks or composite products as needed increasing transparency, re-usability and trust. It will also utilize a Restricted & Trusted Execution (RTE) Environment to ensure the product’s chain of custody under assessment.

CUSTODES will be validated in three pilots:

  • One of two Class I composite products with digital elements.
  • One of an ICT product with an embedded AI component.
  • A final one of the as-a-service functionality through EIT Digital extensive digital ecosystem.

Within the project, the i2CAT Foundation participates in the different project’s Work Packages and, specifically, the Catalan research centre has active participation in Work Package 5 – Pilot’s Execution and System Evaluation, which defines CUSTODES’ use cases and integrates all the necessary tools and services for their materialization. Within this Work Package, i2CAT leads Task 5.3 – Ambient Intelligence for Smart Buildings/Homes. This pilot will evaluate and validate the CUSTODES on the conformity self-assessment of an ambient intelligence service, which is composed of IoT Sensing and actuator devices and IoT gateway/edge devices. Researchers will focus on providing the means and implementing conformity self-assessment of the Ambient Intelligence service. For this service, several IoT sensing and actuator devices and an IoT gateway/edge device are distributed inside a home environment to collect data, which are then forwarded to an application that makes intelligent decisions/actions (e.g., increase the heat) individually or cooperatively. The IoT Sensing and actuator devices have various physical sensors (temperature, presence, microphone, etc.), while the IoT gateway/edge device acts as the connecting point of the overall system and is responsible for the collection and aggregation of data, also performing local data processing.

Estimated impact:

The CUSTODES consortium has identified the following expected outcomes and impacts:

  • Availability of applicable tools and procedures for partial and continuous assessment and lean re-certification of ICT products, ICT services and ICT processes.
  • Reduction of time and efforts spent for (re-) certifying ICT products, ICT services and ICT processes.
  • Improved stakeholder collaboration on cybersecurity certification information, including manufacturers and end users from different Member States.
  • Efficient (re-)use of information and evidence relevant to certification and in support of multi-scheme (re-)use.
  • Integration of certification on the whole system modelling, verification, testing and verification process.
  • Increased comparability of assurance statements arising from certification schemes and the standards used therein avoidance of multi-certification.
  • Advancing test and simulation facilities, including incident and threat analysis.
  • Increased Digital Twin capabilities for continuous assessment and integration of new solutions.

Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union. Neither the European Union nor the granting authority can be held responsible for them.

Consortium

CUSTODES project has received funding from the European Commission programme Horizon Europe, under grant agreement number: 101120684