Ceit strengthens industrial cybersecurity with the CICERO project

Ceit successfully concludes its participation in CICERO, a project that promotes the protection of industrial infrastructures, contributing to technological innovation in cybersecurity at national level.

The consortium has been formed by Ceit, Gradiant, i2CAT, ITCL and FIDESOL, who have worked together to respond to four major challenges in cybersecurity: identification, protection, detection and response and recovery.

Cybersecurity has become one of the major challenges of industrial digitization. With the exponential growth of connected devices and increasingly complex industrial networks, vulnerabilities and risks are multiplying. In this context, CICERO (Intelligent Cybersecurity Countermeasures for the network of the Future) has been completed, consolidating itself as a pioneering project in the field of cybersecurity applied to critical sectors.

Funded with 3.5 million euros, CICERO has had the participation of 113 highly qualified researchers and has generated 31 scientific publications, 7 technological assets and the participation in more than 150 training activities and technical events. The consortium has been formed by Ceit, Gradiant, i2CAT, ITCL and FIDESOL, who have worked together to respond to four major challenges in cybersecurity: identification, protection, detection, response and recovery.

Ceit promotes technological innovation in cybersecurity

Ceit 's role has been a core topic in all the axes of the project. In the identification challenge , the center has developed an advanced tool for risk assessment in industrial environments that combines automatic asset detection with vulnerability analysis. This tool incorporates international standards such as CVE and CVSS, allows real-time visualization of the network topology and prioritizes threats according to the criticality of the assets. In addition, Ceit has worked on critical event monitoring systems using DLT (Distributed Ledger Technologies) technologies, ensuring the integrity and traceability of information through SIEM solutions such as Wazuh and traffic capture tools such as Suricata.

Protection and reinforcement of industrial networks

In the area of protection, Ceit has reinforced the security of continuous integration pipelinesIC), integrating tools such as SonarQube, Trivy or Cosign to guarantee code quality, early detection of vulnerabilities and cryptographic artifact signature . It has also implemented proactive infrastructure-as-code (IAC) scanning using KICS and has strengthened wireless communications with the Mioty protocol , characterized by its high resistance to interference and its long range.

It has also developed FDE algorithms for GNSS systems, improving positioning robustness against external interferences, and has created a secure data exchange platform based on IDS standards with a decentralized Clearing House on Hyperledger Fabric, guaranteeing access control, traceability and cryptographic identity verification.

Anomaly detection and AI security

Ceit has led the detection challenge by development unsupervised machine learning algorithms for industrial networks, using clustering techniques and real-time traffic analysis. In addition, it has evaluated the robustness of AI models against adversarial attacks and has developed defenses to protect them, integrating them in MLOps pipelines monitored with tools such as Kubeflow, Prometheus and Grafana.

To validate these technologies, a hybrid testbed has been created that combines advanced virtualization and real physical devices, managed with Ansible and GNS3, to simulate industrial network topologies and automate testing, prototyping and training in controlled environments.

Incident response and recovery

In the field of response and recovery, Ceit has designed a comprehensive strategy based on SDN and NFV to dynamically segment and isolate compromised components in the network, applying Advanced Moving Target Defense techniques that increase resilience and make targeted attacks more difficult. It has also developed rollback systems that allow rapid restoration of previous configurations after incidents, ensuring operational continuity and fault tolerance in complex industrial environments.

Impact and transfer of results

In addition to technological developments, Ceit has actively contributed to the dissemination of results, generating 15 scientific publications, participating in 18 national and international events and registering 6 digital certificates and 3 innovative softwares.

With these achievements, CICERO reinforces Spain's position in the field of industrial cybersecurity, contributing to anticipate digital threats and consolidating innovation and technology transfer to industry.