Critical Infrastructure

Critical infrastructures such as electric grids are increasingly controlled by computers and digital systems and are thus vulnerable to cyber-attacks, as was repeatedly demonstrated in a recent past. Securing such infrastructures involves many dimensions and it is difficult to reduce security to a small number of practical guidelines. However, the following points can clearly be formulated.

Successful attacks often start by attacking non-critical infrastructures. It is generally accepted that it is important to correctly authenticate all actions and traffic, in order to avoid for example attacks based on false data injection. It is less obvious and less well admitted that confidentiality is also important as, in the absence of confidentiality, attacks on non-critical and less protected infrastructures can be used to gain information on the operation, which, in a second phase, can lead to a successful attack on the critical components.

In this context, particular attention should be given to device authentication, which should be consolidated with per-user authentication of all accesses (i.e. credentials should be those of a human user, not of a device). Many attacks are accomplished with the explicit or implicit participation of trusted insiders. Per-user authentication enables fast repudiation of compromised accounts and is necessary during post-attack recovery.

Installation of new devices during emergency conditions require special attention as it is typically during such phases that the pressure on operational conditions may lead to security breaches. It should be carefully prepared as part of contingency plans.

In addition to the generic cyber-security mechanisms mentioned above, critical infrastructures have security weaknesses that are specific to their physical processes. For example, grid monitoring and control uses high precision (GPS) time; attacks against the time synchronization system can have devastating effects. It is not always possible to use encryption and authentication to thwart such attacks: for example, it was recently demonstrated that introducing delay boxes in the communication lines on high voltage corridors can lead to estimation errors that may cause irreversible damages. Such delay boxes are below the physical layer and cannot be detected by crypto-mechanisms. It is necessary to reason vertically about the complete set of data received by the cyber-physical infrastructure, thus leading to attack detection systems that act at the global scale.
This application vertical will be extended to other critical infrastructures, such as transportation systems.

7th edition of Foundations of ICT and Digital Trust for Decision Makers course

The revamped course “Foundations of ICT and Digital Trust for Decision Makers” becomes a catalyst for responsible digital transformation. The 7th edition of this course took place throughout the week of October 31, 2022, in collaboration with the Fondation Lombard Odier.
News type : News

Science and Technology for Humanitarian Action Challenges (HAC)

The challenges faced by humanitarian organizations in general and by the International Committee of the Red Cross (ICRC) in particular are immense. Therefore, EPFL and ETH Zurich are joining forces with the ICRC through the Engineering for Humanitarian Action initiative to explore innovative solutions to such crises.
News type : News

Deploying Decentralized, Privacy-Preserving Proximity Tracing

Contact tracing is a time-proven technique for breaking infection chains in epidemics. Public health officials interview those who come in contact with an infectious agent, such as a virus, to identify exposed, potentially infected people. These contacts are notified that they are at risk and should take efforts to avoid…
News type : Press reviews

The SwissCovid App

In response to the COVID-19 disease that has stormed the world since early 2020, many countries launched initiatives seeking to help contact tracing by leveraging the mobile devices people carry with them. The Federal Office of Public Health (FOPH) commissioned the effort for Switzerland, which resulted in the official SwissCovid…
News type : News

[FR] La Confédération s’arme face aux cyberattaques avec un office dédié à ce fléau

Prof. Hubaux, C4DT Academic Director, provides insight on the confederation's decision to create a federal office for cybersecurity.
News type : Press reviews

“Deepfake generation and detection is like an arms race”

Two EPFL computer scientists have taken home a major prize in Singapore’s Trusted Media Challenge, a five-month long competition aimed at cracking the code of deepfakes.
News type : Press reviews

[FR] DIS, POURQUOI? – La crypto (1/5)

Une série d'épisodes traitant de la crypto dans l'émission "DIS, POURQUOI?", avec Rachid Guerraoui, Professeur dʹalgorithmes en réseau et chercheur à lʹEPFL.
News type : Press reviews

[FR] Des solutions pour déjouer les fausses images créées par le deepfake

Prof. Touradj Ebrahimi, head of the C4DT affiliated Multimedia Signal Processing Group, presented solutions to uncover deepfakes today on the RTS CQFD radio show.
News type : Press reviews

[FR] Deep fakes: «La manipulation des images en période de guerre n’a rien de nouveau»

Il n’aura pas fallu longtemps pour que les deep fakes, ces vidéos inventées de toutes pièces à partir de vidéos publiques par des algorithmes, s’invitent dans la guerre qui oppose la Russie à l’Ukraine depuis l’invasion de cette dernière le 24 février 2022. Le 16 mars dernier, des médias ukrainiens…
News type : Press reviews

[FR] Ukraine: comment la cyber-guerre peut tout faire basculer (en Suisse aussi)

La guerre menée par la Russie en Ukraine est hybride: elle se passe aussi sur le front numérique. Quels sont les mécanismes de la cyberguerre, déjà entamée depuis plusieurs mois, et comment les Etats, y compris la Suisse, se protègent-ils? Décryptage avec trois spécialistes internationaux de la cybersécurité.
News type : Press reviews

[FR] Et si la Suisse aidait le CICR et les ONG contre les cyberattaques?

Le vol de données de plus de 500 000 personnes dans les serveurs du CICR relance l’idée d’une implication technologique de la Suisse pour aider les ONG dont elle abrite le siège. Par exemple avec un cloud lancé en Suisse
News type : Press reviews

DuoKey, Futurae and Nym join the C4DT through its associate partner program

We are delighted to announce that 3 additional start-ups have joined the C4DT community through the C4DT start-up program. For two years Duokey SA, Futurae Technologies AG and Nym Technologies SA will complement the already diverse group of partner companies through their start-up perspectives to collaborate and share insights on…
News type : News

Ruag AG joins the C4DT

We are pleased to announce that Ruag AG, Switzerland, has just joined the C4DT as partner. Owned by the Confederation, Ruag AG is the technology partner of the Swiss Armed Forces. Together with armasuisse, Ruag’s presence strengthens C4DT's expertise in cybersecurity and cyber defense. We are convinced that this partnership…
News type : News

Client-side scanning is like bugs in our pockets

Encryption provides a solution to security risks, but its flipside is that it can hinder law enforcement investigations. A new technology called client-side scanning (CSS) would enable targeted information to be revealed through on-device analysis, without weakening encryption or providing decryption keys. However, an international group of experts, including EPFL,…
News type : Press reviews

[FR] Les experts sont unanimes, la prochaine pandémie sera numérique

La menace d’une pandémie numérique est imminente et il faut s’y préparer, ont affirmé des experts réunis lundi lors d’une journée de réflexion à l’EPFL. Le nombre croissant de cyberattaques de tous types et un manque de préparation seraient en cause.
News type : Press reviews

Tune Insight secures pre-seed round from Wingman Ventures

Tune Insight B2B software enables organizations to make better decisions by collaborating securely on their sensitive data to extract collective insights. Incubated at the EPFL Laboratory for Data Security, with a deployment in Swiss university hospitals and customer-funded projects in the insurance and cybersecurity businesses, Tune Insight will use the…
News type : News

Les partisans d’un cloud suisse contre-attaquent et ciblent le Conseil fédéral

Les sociétés ELCA, Infomaniak ou encore Proton lancent un appel pour la création d’un consortium helvétique pour des services cloud. La décision de la Confédération de choisir des prestataires américains et chinois est vivement critiquée. More:
News type : Press reviews

Federal government launches examination of new e-voting system

With consultations already underway on new federal provisions that define extensive security requirements for e-voting systems and their operation, some cantons are planning new trials with the redesigned Swiss Post e-voting system. The Confederation is therefore launching an independent examination of this system and its operation. This will take several…
News type : News

“Network neutrality is a buzzword but there is no agreed definition”

C4DT affiliated Associate Professor Katerina Argyraki works on computer networks and neutrality, a notion she believes is critical to ensuring that the internet continues to foster competition and innovation.
News type : Press reviews

Little Syster: the first privacy trust index for digital services

Giving back to citizens the control of their private life in the face of digital technology: this is the mission of the French company Little Syster. Launched in 2020, it uses a technology based on artificial intelligence that was developed at the LSIR EPFL laboratory headed by C4DT affiliated Prof.…
News type : Press reviews