Mathias: Created page with "WICE has a large number of cybersecurity mechanisms implemented in response to threats. Threats are identified in a TARA procedure and potential weaknesses in WICE are addressed. Alkit maintains a publicly accessible Vulnerability disclosure programme that allows for the disclosure of Vulnerabilities discovered by researchers and other external actors or entities. Contact [https://www.alkit.se/index.php/contacts Alkit Communications] to receive information required to u..."

2025-02-19T11:38:58Z

Created page with "WICE has a large number of cybersecurity mechanisms implemented in response to threats. Threats are identified in a TARA procedure and potential weaknesses in WICE are addressed. Alkit maintains a publicly accessible Vulnerability disclosure programme that allows for the disclosure of Vulnerabilities discovered by researchers and other external actors or entities. Contact [https://www.alkit.se/index.php/contacts Alkit Communications] to receive information required to u..."

New page

WICE has a large number of cybersecurity mechanisms implemented in response to threats. Threats are identified in a TARA procedure and potential weaknesses in WICE are addressed.

Alkit maintains a publicly accessible Vulnerability disclosure programme that allows for the disclosure of Vulnerabilities discovered by researchers and other external actors or entities. Contact [https://www.alkit.se/index.php/contacts Alkit Communications] to receive information required to utilise the disclosure programme.

=== WICE Cybersecurity Approach ===
The high level approach is to secure the back-end and the WCUs and provide a secure channel between them to ensure confidentiality and integrity of the system.

=== Access control mechanism ===
The WICE system has a comprehensive Access Control framework (configured in the WICE Portal) to control which user has access to which WCU.

=== Secure communication mechanism ===
The WICE system relies on a secure communication mechanism based on TLS 1.3 and a PKI for communication between WCUs and the WICE back-end.

The WCU communicates with the WICE-back-end using the secure TLS-based tunnel, allowing configurations of the WCUs. The access control of the PKI solution is based on X.509 certificates identifying the endpoints of communication (WCU and WICE back-end). Only WCUs with a valid certificate can connect to the WICE back-end and is therefore an access control mechanism that ensures only authorised WICE users can access a WCU.

=== Authentication mechanism ===
The WICE system authenticates all users when logging in to the WICE Portal front-end user interface. A role-based access control framework is used to configure which WICE user has access to different resources, including WCUs. A specific user that has been assigned credentials to a specific WCU can then access the WCU by means of the secure TLS-based connection between the WCU and the back-end, provided the WCU is properly configured and authenticated through the PKI.

=== Secure update mechanism ===
The WICE system supports remote updates of the WCU software, including firmware. The software update mechanism allows an authenticated WICE user with the proper access rights to select a new software version to be installed on one or more WCUs through the WICE Portal user interface. The selected software will be downloaded to the WCU(s) over a secure channel (TLS tunnel), verified for integrity, and installed on the WCU.

=== Resilience mechanism ===
The WICE system uses resilience mechanisms to mitigate the effects of Denial of Service (DoS) Attacks on the network interfaces of the WCU and return the WCU to a defined state after the attack.

=== Input validation ===
The WICE system validates all input received via external interfaces if the input has potential impact on security assets and/or network assets.

=== Vulnerability Monitoring ===
Alkit maintains a publicly accessible Vulnerability disclosure programme that allows for the disclosure of Vulnerabilities discovered by researchers and other external actors or entities. Contact [https://www.alkit.se/index.php/contacts Alkit Communications] to receive information required to utilise the disclosure programme.

WICE Cybersecurity - Revision history