Freely subscribe to our NEWSLETTER

Currently being standardized at the IETF by an international team of researchers led by the Institut des Mines Télécom (IMT), the IDMEFv2 (Incident Detection Message Exchange Format) format is a standardized information feedback format for incident detection. Designed to manage all types of incidents, whether cyber, physical, or natural. It facilitates the detection of complex and hybrid attacks on critical infrastructures, enables the monitoring of connected and mobile objects, and anticipates the consideration of cyber and physical convergence. Its interoperability also allows the interconnection of Security Operational Centers (SOC) and the deployment of "SOC" in both the civilian and defense sectors.

Agenda:

Theory

o The problem of heterogeneous incident detection
o The solution proposed by IDMEFv2
o The history of the format
o Use cases
o Main technical concepts
o The ongoing standardization process
o The various tools and libraries available

Practice

o Presentation of several European projects using IDMEFv2: 7SHIELD, PRECINCT, CyberSEAS, ATLANTIS, KINAITICS, TESTUDO, ENDURANCE, and SAFE4SOC.
o Feedback on the use of the format

Conclusion

o Q&A
o Demonstration
o Networking around the development of IDMEFv2 projects
The webinar will be presented in English.
Full schedule and registration on the IDMEFv2 website: https://www.idmefv2.org

IDMEFv2: History

The IDMEFv2 (Incident Detection) format builds on some of the concepts of its predecessor, IDMEFv1 (Intrusion Detection – RFC 4765 - 2007), expanding it to all types of incidents (cyber and physical), adding availability and geolocation, and finally, the potential interference of natural elements on system security. These natural phenomena are increasingly important when these systems are embedded within mobile architectures outside of sheltered and refrigerated data centers. The definition of this format is the result of a series of research projects, the first of which, SECEF1 (SECurity Exchange Format), was funded by the French Ministry of Defense (DGA) and sponsored by French National Security Agency (ANSSI) in 2015. The objective of this first project was to promote the IDMEFv1 format within administrations and within the army, and its conclusions highlighted the need to improve the format. In 2020, the collaboration between the SECEF2 project and an H2020 project (7Shield.eu) to protect critical infrastructures against hybrid and complex attacks highlighted the need to extend the format to all types of physical and natural incidents. The IDMEFv2 initiative (www.idmefv2.org) to standardize a new version of the format with the IETF was then launched. Today, work continues within a European Safe4SOC (Standard Alert Format Exchange for SOCs) research project, overseen by the Telecom SudParis research teams.

IDMEFv2: Technical Implementation

To facilitate its adoption, IDMEFv2 is based on simple and universal concepts. Technically, the drafts define the implementation of a JSON message transported over HTTPS. Conceptually, the format prioritizes simplicity over completeness, with simple extension mechanisms. To date, it is the only incident format initiative that combines digital and physical space, as well as the ability to handle natural incidents.
This format thus addresses issues related to the protection of critical and vital infrastructures, as well as inter-SOC collaboration, both in the civilian and military worlds, particularly in cases of inter-service collaboration. The format is currently being tested and validated in several European research projects. The final version is planned for the beginning of 2027. Given the geopolitical issues shaking Europe at the beginning of 2025, it is urgent that manufacturers and national security and safety administrations, as well as those of Defense, get involved to support this phase of adjustment and adoption alongside the research teams.