D1.2 - Requirements report

The goal of ECOSSIAN project is to create a platform that detects, analyses and responds to security incidents and attacks on critical infrastructures, specifically in industrial control systems. The platform should operate on three interconnected levels: operator, national, EUwide. This document describes the requirements that the ECOSSIAN system should realise in order to successfully deal with this task.
The requirements include both mandatory ones that are essential for a proof-on-concept system, and optional ones that increase the value, capabilities, or user-friendliness of the final system in production.
Chapter 1 describes the characteristics of the ECOSSIAN system. These characteristics form the basis for further requirements. The chapter also introduces the classification of requirements by type and importance.
Chapter 2 contains the list of system and architecture requirements. This includes architectural requirements for the system’s construction; data requirements for the format and content of the data, processed at all three levels (operator, national, EU-wide); common operational picture, situation awareness, and visualization requirements; requirements for successful forensic investigations; integration and interoperability capabilities.
Chapter 3 lists functional requirements of the system, which ultimately formulate what the system is supposed to do. The chapter lists functional modules of the system, and explains the detailed functions that each module should have. The modules include organizational and concept requirements; threat monitoring, indication, detection and early warning; risk analysis and impact assessment; cooperation between users and organizations; response capabilities, i.e. threat mitigation, planning, incident management, decision support, and recovery; and training and exercising module.
Chapter 4 contains different non-functional requirements, which include user interface capabilities; performance metrics; security control; legal and regulatory requirements; software licensing requirements; system modelling requirements; change management and organizational requirements.