Ceit strengthens industrial cybersecurity with the CICERO project.

Ceit successfully concludes its participation in CICERO, a project that promotes the protection of industrial infrastructures and contributes to technological innovation in cybersecurity at the national level.

The consortium consisted of Ceit, Gradiant, i2CAT, ITCL and FIDESOL, who worked together to address four major cybersecurity challenges: identification, protection, detection, and response & recovery.

Cybersecurity has become one of the major challenges of industrial digitalization. With the exponential growth of connected devices and increasingly complex industrial networks, vulnerabilities and risks are multiplying. In this context, CICERO (Intelligent Cybersecurity Countermeasures for the Network of the Future) has concluded, establishing itself as a pioneering project in cybersecurity for critical sectors.

Funded with €3.5 million, CICERO featured 113 highly qualified researchers, produced 31 scientific publications, delivered 7 technological assets, and participated in over 150 training activities and technical events. The consortium—Ceit, Gradiant, i2CAT, ITCL and FIDESOL—worked jointly to address four main cybersecurity challenges: identification, protection, detection, and response & recovery.

Ceit drives technological innovation in cybersecurity

Ceit played a key role across all project pillars. In the identification challenge, the center developed an advanced tool for risk assessment in industrial environments, combining automatic asset detection with vulnerability analysis. The tool integrates international standards such as CVE and CVSS, allows real-time network topology visualization, and prioritizes threats based on asset criticality. Additionally, Ceit worked on critical-event monitoring systems using Distributed Ledger Technologies (DLT), ensuring data integrity and traceability with SIEM solutions like Wazuh and traffic-capture tools such as Suricata.

Protection and reinforcement of industrial networks

In the area of protection, Ceit strengthened the security of continuous integration pipelines (CI/CD), integrating tools like SonarQube, Trivy, and Cosign to ensure code quality, early vulnerability detection, and cryptographic signing of artifacts. It also implemented proactive scanning of Infrastructure as Code (IaC) using KICS and reinforced wireless communications with the Mioty protocol, known for its high resistance to interference and long range.

It also developed FDE algorithms for GNSS systems, improving positioning robustness against external interference, and created a secure data-exchange platform based on IDS standards with a decentralized Clearing House on Hyperledger Fabric, guaranteeing access control, traceability, and cryptographic identity verification.

Anomaly detection and AI security

Ceit led the detection challenge by developing unsupervised machine-learning algorithms for industrial networks, using clustering techniques and real-time traffic analysis. Furthermore, it evaluated the robustness of AI models against adversarial attacks and developed defenses to protect them, integrating them into MLOps pipelines monitored with tools like Kubeflow, Prometheus, and Grafana.

To validate these technologies, a hybrid testbed was created that combines advanced virtualization and real physical devices, managed with Ansible and GNS3, enabling the simulation of industrial network topologies and the automation of testing, prototyping, and training in controlled environments.

Incident response and recovery

In the area of response & recovery, Ceit designed a comprehensive strategy based on SDN and NFV to dynamically segment and isolate compromised network components, applying Advanced Moving Target Defense techniques to enhance resilience and complicate targeted attacks. It also developed rollback systems that allow quick restoration of prior configurations after incidents, ensuring operational continuity and fault tolerance in complex industrial environments.

Impact and results transfer

Beyond technological developments, Ceit actively contributed to dissemination activities, producing 15 scientific publications, participating in 18 national and international events, and registering 6 digital certificates and 3 innovative software tools.

With these achievements, CICERO strengthens Spain’s position in industrial cybersecurity, helping anticipate digital threats and consolidating innovation and technology transfer toward the industry.