1. Home
  2. News

Zero Trust, Edge AI, and Confidential Computing — The Technologies Redefining Edge Security

The security architecture being built for the edge is fundamentally different from what came before. Perimeter defence — the logic of a hard external wall and a trusted interior — does not work when the “perimeter” is a sensor on a wind turbine, a camera on a factory floor, or a controller on a substation. These devices sit in physically uncontrolled environments, often connected via public networks, and there are too many of them to manage individually. The industry is converging on a new model built around three core technology trends.

Zero Trust is the foundational shift. In a Zero Trust architecture, no interaction between an edge device and its gateway is assumed safe: every request must be authenticated and authorised, regardless of where it originates or what it claims to be. For edge environments with hundreds or thousands of endpoints, this is architecturally demanding — but it is increasingly the baseline expectation set by both regulators and enterprise customers. NIS2 and the CRA effectively mandate Zero Trust principles without using the term.

Edge AI is making Zero Trust operationally viable at scale. The ENISA Threat Landscape 2024 documents that edge devices such as routers and IoT hardware are prime targets precisely because of outdated firmware and limited local monitoring capabilities. Running AI-native threat detection models directly on the edge node — rather than routing raw telemetry to a central Security Operations Centre — addresses this structural weakness head-on: a smart meter or industrial gateway can apply lightweight anomaly detection locally, flagging suspicious behaviour in milliseconds without transmitting sensitive operational data to the cloud.

In many industrial and healthcare contexts, local inference is the only architecture that simultaneously meets latency, bandwidth, and data sovereignty requirements.

Confidential Computing addresses a different but equally critical problem: what happens when sensitive workloads must run on third-party infrastructure? Hardware-based Trusted Execution Environments (TEEs) — such as Intel SGX — process data inside an encrypted enclave, meaning the infrastructure provider physically cannot access the raw data being computed. This allows organisations to use shared or commercial edge infrastructure without surrendering data confidentiality — a capability that is increasingly essential as edge deployments scale beyond what any single organisation can own outright.

Two further developments are reshaping the threat landscape itself. Private 5G Networks combined with Multi-access Edge Computing (MEC) enable compute to be placed at mobile base stations, offering high security through physical isolation of industrial traffic from public networks. ModelOps Security (AI TRiSM) is emerging as a response to adversarial attacks that target not the network infrastructure, but the integrity of the AI model itself. Recent incident analysis of cloud-edge deployments documents cases where attackers manipulated communication links between edge and cloud nodes to modify sensor data — underscoring that in environments where AI drives automated decisions, securing the model pipeline is as critical as securing the network.

These technologies are not on the horizon. They are being deployed now, in real industrial environments, by the same organisations that CyberNEMO works with.

Read More

MoniKube: Security-Aware Infrastructure Discovery for Cloud-Native Environments

As organizations continue to adopt Kubernetes and cloud-native technologies, their infrastructures become increasingly complex and difficult to manage. Distributed clusters, virtual machines, containers, and interconnected services provide scalability and flexibility, but they also create significant challenges in maintaining visibility, understanding asset relationships, and identifying security risks.

MoniKube is a distributed security-aware monitoring and intelligence platform designed to address these challenges. By continuously monitoring Kubernetes and cloud-native environments, collecting telemetry data, and performing vulnerability assessments, it automatically discovers infrastructure components and builds a comprehensive representation of the operational environment. The platform correlates infrastructure, monitoring, and security information to provide organizations with a deeper understanding of their assets, dependencies, and overall security posture.

At the core of MoniKube is a security-aware knowledge graph that transforms distributed infrastructure data into a centralized and interactive model. By mapping assets and their relationships, the platform enables operators and security teams to explore infrastructure topology, understand dependencies between systems, identify exposed components, and gain valuable insights into potential risk and exposure pathways.

MoniKube discovers Kubernetes resources through the Kubernetes API and can optionally enrich the model with host-level Docker workloads. The platform integrates Trivy-based vulnerability and misconfiguration scanning, allowing assets to be continuously assessed for security weaknesses. Vulnerability information, exposure indicators, runtime metrics, and security scores are incorporated directly into the graph, enabling users to filter, compare, and prioritize risks from a single dashboard.

Beyond infrastructure discovery, MoniKube can ingest information from external security and monitoring solutions, including IDS, SIEM, and IDMEF-compatible sources. This allows the knowledge graph to remain synchronized with operational reality while providing a unified view across cloud-native and traditional systems.

MoniKube combines vulnerability information, runtime monitoring metrics, and exposure indicators into a unified security-scoring framework. It can integrate information from both cloud-native and traditional systems, creating a unified view of infrastructure regardless of underlying technology. Beyond infrastructure monitoring and security assessment, MoniKube introduces the ability to generate exportable infrastructure models that can serve as the foundation for digital twins, automating much of this process by capturing the security characteristics of operational environments and transforming them into reusable digital representations. The result is a comprehensive solution that helps organizations gain visibility into complex environments, strengthen their security posture, and transform operational infrastructure data into actionable security intelligence.

Read More

CyberNEMO Tools: First Validation Results in the Supply Chain / Smart Agriculture Pilot

CyberNEMO has started initial validation of its integrated tools within the pilots and specifically the Supply Chain / Smart Agriculture pilot, led by ENTERSOFTONE and technically supported by SYNELIXIS. The validation largely covers the end-to-end cybersecurity risk management process, i.e. from scope establishment to detection, decision support and countermeasure enforcement, across the computing continuum composed by:

-The dedicated pilot cluster hosted in a commercial cloud provider

-The NEMO and CyberNEMO clusters hosted by OneLab facility of Sorbonne University.

In terms of tools, Monikube extracts topology discovery, asset reading, and vulnerability identificationand assessment. AI-FWaaS detects cybersecurity incidents while the IPDM DSS correlates threat intelligence with asset risk profiles to generate response recommendations. The CyberNEMO Policy Manager (CNPM) enforces network policies as countermeasures across the infrastructure.

Services run across the pilot’s Kubernetes cluster and the shared OneLab infrastructure, which hosts both CyberNEMO and NEMO project clusters while the multi-site architecture allows for local and centralised deployment modes.

Read More

CyberNEMO contributes to AIOTI – Mutual Reinforcement

CyberNEMO has submitted its contribution to the AIOTI report on the IoT and Edge Computing EU-funded Projects Landscape (Release 5.0).

CyberNEMO brings to AIOTI a timely contribution at the frontier of the IoT and edge security agenda. Specifically, CyberNEMO contribution referred to a set of research challenges confronted by the project including:

  • Zero Trust and dynamic identity management across heterogeneous continuum environments.
  • AI-powered runtime threat detection and self-healing architectures at the edge.
  • Privacy-preserving federated learning for secure AI model lifecycle management.
  • Kubernetes and container security at scale in multi-cluster deployments.
  • Federated and decentralised security policy management.
  • Cross-domain Cyber Threat Intelligence sharing with IDMEFv2 and STIX.
  • Secure lifecycle and update management for distributed IoT/edge services.
  • Explainable, human-centric decision support for security operators.

Through AIOTI, the project is acquiring access to a high-impact dissemination channel reaching the European research, standardisation, and policy communities and positioning the project within the broader IoT and edge computing ecosystem.

Read More

Privacy Protection Enforcement (PPE)

The Privacy Protection Enforcement (PPE) component has been designed and developed by CyberSocial Lab  within the CyberNEMO project and publicly accessible on the Eclipse Research Labs repository,
Our tool acts as a privacy-aware authorization and enforcement mechanism supporting secure data sharing across the computing continuum. Operating in conjunction with the Computing Continuum Access Security Broker (CASB), the PPE is responsible for ensuring that access to personal and sensitive data is granted only when the applicable processing policies and user consents are satisfied.

The architecture of the PPE has been designed to support secure and trustworthy data exchanges across cloud, edge, and IoT environments, while promoting data sovereignty, privacy preservation, and regulatory compliance. By combining policy-based access control mechanisms with consent management capabilities, the component enables organizations to maintain control over how sensitive data is accessed and processed across distributed infrastructures.

PPE provides a structured framework for defining and enforcing privacy and data access requirements. Indicative controls and verification mechanisms supported by the component include:

  • Validation of consent records before access to protected data is granted.
  • Enforcement of data processing policies applicable to data consumers.
  • Verification of consent validity and policy applicability during access requests.
  • Auditing and traceability of authorization and access control decisions.
  • Verification of cryptographic proofs associated with policies and consents.

The PPE has been designed in alignment with the principles of the General Data Protection Regulation (GDPR), supporting key requirements such as lawful processing, explicit consent management, accountability, transparency. It contributes to ensuring that sensitive data is accessed only when valid consent and an applicable processing policy exist.

Furthermore, the use of cryptographic proofs and immutable audit trails strengthens accountability by providing verifiable evidence of consent and authorization decisions throughout the data lifecycle. The adoption of blockchain-based evidence storage, rather than storing personal data directly on-chain, supports privacy-preserving processing practices while facilitating regulatory compliance across distributed cloud, edge, and IoT environments.

PPE integrates with the broader CyberNEMO security ecosystem through the CASB. When a data consumer requests access to protected data, the component evaluates the corresponding policies and consents before authorizing the request. Authorization outcomes can be propagated to other platform components, enabling coordinated security, governance, and compliance operations across the CyberNEMO architecture.

The component is currently under development and will contribute to the implementation of secure, privacy-preserving data sharing services compliant with applicable regulatory requirements across the CyberNEMO computing continuum. In line with the CyberNEMO open-source strategy, the PPE is released under the Apache License 2.0. 

Read More

CyberNEMO at the EE-ISAC / JE-ISAC / E-ISAC Joint Webinar

On May 28, CyberNEMO partners (Synelixis, Maggioli and Netcompany) attended and participated in the joint webinar “North America, Japan and Europe: Ensuring Trust in Global Energy Infrastructure”, organised by the European Energy Information Sharing and Analysis Centre (EE-ISAC), the Japanese ISAC (JE-ISAC), and the North American E-ISAC.

Aspects related to trust, threat intelligence sharing, and operational coordination were discussed. The webinar covered the current state and future direction of Cyber Threat Intelligence (CTI) sharing among ISACs and their members. The necessity for anonymisation, the adoption of TLP classification levels, the automation based on APIs and the role of STIX for structured threat information have been presented and discussed. The increasing presence of AI-driven threat campaigns and AI tools for in-depth threat analysis were also pointed out, while a challenging point has been the one-way incident reporting practices and the still-evolving automation of information flows between operators, C-SIRTs, ENISA, and ISACs.

CyberNEMO project coordinator discussed with EE-ISAC representative Thomas Krauhausen (https://www.ee-isac.eu/who-we-are/) on the information flow from an energy operator, through C-SIRT, ENISA, and ISAC structures, to other EU operators and the role of STIX to enable automation that accelerates NIS2-mandated steps while enriching the semantic quality of shared data. The discussion confirmed that STIX-based automation remains a priority direction.

The presentations and discussions validated pillars of the SAAM platform currently under development within CyberNEMO. The challenges reported by ISAC practitioners, fragmented communication flows, limited automation are aligned with SAAM objectives.

Read More

DNV Cybersecurity Research Day 2026: Continuous Risk Management and Certification of Critical Systems – a Challenge in Cybersecurity

Cybersecurity assurance cannot be achieved at isolated points in time. Technologies, vulnerabilities, and threats evolve constantly, and system owners need continuous insight into their security posture. Emerging regulations, including the EU Cyber Resilience Act, the AI Act, and NIS2, are further raising the bar for both providers and operators of digital systems.

DNV Cybersecurity Research Day 2026: Continuous Risk Management and Certification of Critical Systems – a Challenge in Cybersecurity is dedicated to cybersecurity assurance through continuous risk management and certification of critical systems. CyberNEMO project will present research results, covering methods and tools currently in development

The event is expected to bring together industry leaders, CISOs, researchers, and regulatory authorities to share the latest knowledge and discuss the road ahead. Framing the regulatory context and exploration of what organisations need to succeed with cybersecurity assurance in practice are also included in the agenda.

Read More

CyberNEMO Releases the Network Policy Manager (CNPM)

The alpha version of the CyberNEMO Network Policy Manager (CNPM), a policy enforcement component of the CyberNEMO cybersecurity platform, developed by Synelixis SA and publicly accessible on the Eclipse Research Labs repository, undergone under initial testing and validation in the Smart Agriculture / Supply Chain pilot.

CNPM is designed for the cloud–edge–IoT continuum as it operates natively within Kubernetes, the de facto orchestration standard for containerised applications. It is based on Cilium networking layer that enables fine-grained, identity-aware security controls across distributed clusters. Each cluster in a CyberNEMO deployment runs its own CNPM instance, ensuring that policy management remains local, responsive, and aligned with the specific security posture of that environment.

CNPM provides the operators a structured, template-driven workflow for defining and enforcing network security policies. Indicative policies that CNPM can create and enforce include:

  • Deny-all ingress rules that block all inbound traffic to a namespace by default, enforcing an explicit allowlist model.
  • Least-privilege access controls that permit only the minimum necessary communication between services.
  • Source-based filtering, restricting traffic to specific IP ranges or trusted origins.
  • Port-level controls, limiting exposure to only the protocols and ports a service legitimately requires.

Policies can be generated from reusable templates, validated before deployment, and pushed directly to the cluster, reducing the risk of misconfiguration and ensuring consistency across environments.

CNPM integrates with the CyberNEMO event bus, receiving mitigation instructions from upstream platform components such as the Cloud Access Security Broker (CASB) and the Intrusion Prevention Detection and Mitigation Decision Support System (IPDM-DSS), closing the loop between threat detection and network-level response.

The module is released under the Apache License 2.0.

Read More

CyberNEMO attends the CEI-Sphere and LSP O-CEI and COP-Pilot Webinar on Privacy-Enhancing Technologies

CyberNEMO partners (Synelixis and Maggioli) attended the webinar on Privacy-Enhancing Technologies for Information Security in Edge-Cloud Applications, organized by CEI-Sphere and Large Scale Pilots O-CEI and COP-Pilot.

The webinar explored the growing challenge of securely sharing and processing data across distributed environments, from industrial platforms to smart infrastructures, where large numbers of devices, man-in-the-middle threats, and purpose limitation requirements create complex security landscapes. Protecting sensitive data today goes well beyond personal data as business data sovereignty is equally at stake.

Presentations from Fraunhofer ISST and insights from the O-CEI and COP-PILOT Large-Scale Pilots highlighted how technologies such as Federated Machine Learning (FML), Trusted Execution Environments, Homomorphic Encryption, and Zero-Knowledge Proofs can be embedded directly into system design. The “black sheep problem” in FML, identifying and mitigating malicious or corrupted participants in federated learning, is a as a shared concern directly relevant to CyberNEMO’s work on ZT-FML.

CyberNEMO identified synergies in two areas a) the Zero-Trust Federated Machine Learning (ZT-FML) and b) the use of LLMs and MCP-based architectures for privacy-aware decision support functionality.

Read More

CyberNEMO Meets IDMEFv2: Employing, Supporting and Contributing to Incident the Detection Standard

CyberNEMO project, represented by the Coordinator Synelixis and partner Maggioli, met Gilles Lehmann, lead of the IDMEFv2 Task Force, on 30 April 2026, for a focused exchange on IDMEFv2 standardisation developments and its usage in the context of the project.

In the context of IDMEFv2 standardisation effort, draft v08 has been published in April 2026 and the IETF meeting scheduled for July 2026, where the standard is seeking to advance towards an Experimental RFC status.

CyberNEMO is as one of the projects employing IDMEFv2 (link). Specifically, IDMEFv2 is used in the communication backbone between heterogeneous security detectors and the Decision Support System. By adopting a standardised, JSON-based incident description format, the project enables diverse sensors to feed alerts into a unified pipeline. The usage of IDMEFv2 across the computing continuum allows for suggestions to the standard on behalf of the CyberNEMO consortium, an effort led by partner Maggioli who provides one of the main detector AI-based Firewall as a Service.

Both sides concluded that this partnership is going to level up the standard and bring some serious momentum to the project, while this contribution is foreseen to have a significant impact on the domain and will play a pivotal role in future developments.

Read More