AGRISEC | SYNAPSE:
Critical Agrifood Cyber-Security and Resilience for IoT/AI-Driven Greenhouse Operations
AGRISEC provides a cyber-physical pilot that integrates an end-user greenhouse operated by the ODINS INGROVIA platform. It represents a NIS2-critical agrifood infrastructure where both physical IoT/Edge hardware and cloudnative digital services can be targeted, monitored and protected. The pilot is aligned with the SYNAPSE objectives and bring an experimental environment where SYNAPSE functions can be evaluated under operational conditions.
AGRISEC subproject is funded by the open call of SYNAPSE. SYNAPSE is a project co-funded by the European Commission under the Horizon Europe Programme (HORIZON-CL3-2022-CS-01) under Grant Agreement No. 101120853.
AMBITION AND OBJECTIVES
AGRISEC provides a cyber-physical pilot that integrates an end-user greenhouse operated by the ODINS INGROVIA platform. It represents a NIS2-critical agrifood infrastructure where both physical IoT/Edge hardware and cloud-native digital services can be targeted, monitored and protected. The pilot is aligned with the SYNAPSE objectives and bring an experimental environment where SYNAPSE functions can be evaluated under operational conditions.
Exposing SYNAPSE to high-frequency climate, substrate, fertigation, actuator and microservice data streams. It enables the platform to analyse cyber-physical risk propagation and quantify technical and economic impacts such as water misuse, energy deviation or crop stress.
Continuous monitoring of IoT devices, Edge gateways, network flows, entities and AI outputs. It allows SYNAPSE to correlate multi-layer FIWARE anomalies, reduce detection latency and improve integrity-violation detection.
Allowing SYNAPSE to execute coordinated mitigation playbooks on real Edge gateways that control actuators for irrigation, fertigation, heating, ventilation and lighting. It enables realistic preparedness and operator-training scenarios.
Generating rich cybersecurity evidence (spoofed telemetry, intrusion attempts, tampered IoT flows and microservice anomalies). That can be sent to SYNAPSE CTI, alerting and reporting mechanisms.
The greenhouse functions as a complete TRL7 integration site where SYNAPSE components are deployed, tested and evaluated against multi-vector, complex cyber-physical attacks.
The measurable improvements in detection speed, integrity protection, actuator security and operational continuity demonstrate the value of SYNAPSE for critical agrifood infrastructures. This will support its long-term applicability and market uptake.
Baseline performance of the INGROVIA greenhouse before SYNAPSE integration:
– No intrusion detection beyond periodic human revision of FIWARE logs (estimated detection latency >1 day).
– No integrity protection on MQTT telemetry (0% detection capacity).
– No anomaly correlation in IoT-Edge-Cloud layers. (0% cross-layers anomaly correlation).
– No automated incident response; operators intervene manually (response >10-20 min).
SYNAPSE integration: The proposed pilot will be integrated in the building blocks of the SYNAPSE architecture:
|
SYNAPSE Component
|
Contribution of the INGROVIA Greenhouse Pilot
|
|---|---|
|
Real-time ingestion of climate, substrate, drainage, fertigation, actuator, microservice, and network data from IoT, Edge, and Cloud
|
|
|
AI-enhanced Situational Awareness
|
Use existing AI models for IoT data-driven anomaly detection and modelling of greenhouse processes
|
|
Execute mitigation workflows on irrigation, ventilation, heating, fog, and lighting systems
|
|
|
Integrated Risk Management
|
Assess cyber-physical propagation and impact (water waste, energy misuse, plant stress)
|
|
Human-in-the-loop simulation of attacks, and playbooks for cyber-physical events
|
Technical Challenges Addressed: Current agrifood platforms (IoT/Edge controllers, cloud platforms) lack multi-layer anomaly detection, CTI-driven threat correlation, automated response orchestration. SYNAPSE provides these missing capabilities that it is a major advancement beyond existing IoT-based greenhouse automation and commercial SCADA systems. The use case tackles the cyber-physical challenges present in modern agrifood infrastructures: (i) manipulation of SYNAPSE is a project co-funded by the European Commission under the Horizon Europe Programme (HORIZON-CL3-2022-CS-01) under Grant Agreement No. 101120853. Page 19 climate, substrate and fertigation sensor data and its propagation into AI predictions; (ii) vulnerabilities in heterogeneous IoT/Edge/cloud communication channels (Ethernet, WiFi, NB-IoT, MQTT) that allow spoofing, replay or tampering attacks; (iii) actuator-level misuse that affects irrigation, ventilation, heating, fog and lighting systems; (iv) exploitation of cloud-native microservices, FIWARE entities and SCADA control logic; and (v) integrity attacks targeting AI models such as poisoning, adversarial perturbations and boundary-condition manipulation. Current & target situation: The greenhouse operates an automated agrifood facility. But it lacks a unified cybersecurity monitoring/protection system capable of correlating anomalies across IoT devices, Edge gateways and cloud microservices. The INGROVIA platform manages sensor data, automation logic and AI optimisation, but it does not provide tools for detecting cyberattacks, orchestrating incident response or analysing cyber-physical risks. With SYNAPSE, the targeted situation evolves into a cyber-resilient environment equipped with multi-layer anomaly detection, automated response execution, operator-preparedness training and integrated risk–benefit analysis that links cyber incidents to agronomic, operational and economic impacts.
METHODOLOGY
Technical conditions of the scenario: The use case will be deployed in two main components:
(i) Experimental greenhouse, a 76.8 m² multitunnel agrifood facility equipped with >10 IoT/Edge devices to monitor and automate ventilation, fog cooling, recirculation fans, LED dimming systems, heaters, NUTRITEC fertigation units, and >40 sensors (temperature, humidity, CO₂, PAR, radiation, VPD, soil moisture, EC/pH, drainage pH/EC/flow). This environment creates a realistic and safety-critical set of devices/processes where cyberattacks can produce immediate agronomic, energy, and operational impacts.
(ii) INGROVIA cloud-native platform with Kubernetes-orchestrated microservices, a FIWARE Orion-LD broker, MQTT data ingestion, Keycloak authentication, PostgreSQL, InfluxDB, dashboards, automation engines, and AI-based analytics for irrigation, fertigation and climate optimisation.
Scope of Activities: to integrate this scenario with SYNAPSE pillars: Situational Awareness, Incident Response, and Preparedness. (i) ingestion of multi-source telemetry (sensors, actuators, microservices, , FIWARE entities, AI outputs) into SYNAPSE; (ii) validation of anomaly MQTTdetection using heterogeneous data modalities; (iii) development of incident-response workflows to safeguard climate control, fertigation, irrigation, and automation logic; (iv) deployment of preparedness exercises and operator-training scenarios.
Development of cyberattack scenarios: The use case will implement advanced, multi-layer cyberattack use cases that produce measurable physical or operational effects: (i) IoT Communication Attacks: MITM interception of Wifi/NB-IoT telemetry, spoofing of humidity/CO₂/EC/pH data, MQTT replay attacks, and drainage falsification. It enables SYNAPSE to assess AI-enhanced early attack detection and CTI-driven threat analysis. (ii) Gateway and Cloud Attacks: Credential brute forcing against Keycloak, unauthorized manipulation of FIWARE entities, exploitation of INGROVIA microservices (Rule-Service, Program-Service, Device-Service), API tampering, and DoS attacks on MQTT or Data-Service—validating SYNAPSE’s process-automation and orchestration capabilities. (iii) Actuator Manipulation Attacks: Forced activation of heaters, fog systems, irrigation sectors, LED dimming, or ventilation motors, testing SYNAPSE’s ability to mitigate real cyber-physical risks through automated containment actions. (iv) AI Attacks: Data poisoning of ET₀ models, adversarial manipulation of NDVI/NDRE multispectral inputs, and falsification of boundary conditions, allowing SYNAPSE to evaluate AI robustness and integrity monitoring.
Critical Services and Digital Assets: This pilot constitutes a critical digital infrastructure in the meaning of NIS2 (food production, IoT-Edge-cloud control systems. The pilot safeguards a set of critical services and digital assets that sustain the operational integrity of the greenhouse cyber-physical system. (i) climate, fertigation and irrigation control loops that regulate environmental conditions and water/nutrient delivery; (ii) control mechanisms based on AI workflows used for prediction, anomaly detection and crop-state optimisation; (iii) SCADA automation logic responsible for rules, schedules and device-management operations; (iv) the FIWARE Orion-LD entities that model and expose the real-time state of the greenhouse; (v) the time-series and transactional databases (InfluxDB, PostgreSQL) that store sensor telemetry and operational events; (vi) access-control and authentication based on Keycloak and JWT, which govern identity, authorisation and secure actuator execution.
Domain Relevance and Contribution: Agrifood cyber-physical infrastructures face rising threats targeting IoT/Edge manipulation, sensor spoofing, actuator misuse, AI corruption, and system deception. Equally critical are threats to the cloud platform itself: exploitation of microservices, API abuse within Kubernetes workloads, manipulation of rule engines, unauthorized modification of irrigation/fertigation programmes, tampering with FIWARE context entities, theft of credentials from Keycloak, and corruption of PostgreSQL/InfluxDB time-series data. Such attacks compromise physical processes, decision-making, resource optimisation, and operational continuity.
IMPACT
Advantages & Unique Offerings: AGRISEC brings a fully operational agrifood environment where IoT sensing, Edge gateways, cloud microservices, AI models, and real actuators interact continuously. Unlike synthetic datasets or simulated testbeds, the greenhouse provides continuous multi-layer telemetry (IoT-Edge-Cloud), spoofable data flows, actuator-level effects and AI integrity challenges that are absent in traditional pilots. This environment allows contributing to core SYNAPSE KPIs for early-detection latency, anomaly-correlation accuracy, response-playbook execution, and business-continuity preparedness. Thus, AGRISEC will enrich SYNAPSE threat intelligence, correlation models and response strategies. It also extends the SYNAPSE applicability to a new vertical sector: critical digital agrifood. It will showcase its capacity to protect NIS2-relevant agrifood greenhouses in which business continuity and safety-critical decision-making depend on trustworthy telemetry and secure automation. AGRISEC brings unique offerings to enable SYNAPSE to validate its 3 pillars (i.e. Situational Awareness, Incident Response and Preparedness) in a real infrastructure with IoT-edge-cloud ecosystem and digital agrifood telemetry and operations.
Target market & customers: AGRISEC addresses the growing market intersection of digital agriculture, Al-powered automation and OT/loT cybersecurity. Europe hosts >9 million farms, approx. 210,000 hectares of greenhouse agriculture, with particularly high concentrations in Spain, Italy, and the Netherlands. With strong digitalization driven by water scarcity, sustainability policies, and labor optimization. Global greenhouse market size was estimated at USD 30.09 billion in 2024 and is projected to reach USD 53.51 billion by 2030, with strong digitalisation driven by water scarcity, sustainability policies and labour optimisation. However, currently less than 5% of greenhouse operators deploy dedicated cybersecurity monitoring or automated incident-response systems. Primary customers include high-value greenhouse operators, precision-irrigation and fertigation companies, SCADA/automation vendors and digital-farming suppliers. From a cybersecurity perspective, target AGRISEC users are agri-tech SMEs, loT/OT cybersecurity suppliers, industrial-loT integrators, cloud-security providers and cyber-insurance companies that require cyber-security and risk evidence. The relevance of this market is reinforced by INCIBE-CERT, which reports increasing attacks on loT/Edge devices, PLC-controlled processes, cloud platforms and supply-chain data in the agrifood sector. These sector-specific attacks can disrupt production, compromise quality control, and jeopardize operational continuity.
SYNAPSE Evaluation: ODINS will measure project KPIs aligned with SYNAPSE evaluation metrics (detection latency, response effectiveness, anomaly integrity and business continuity), using baselines from existing greenhouse operation. Technical KPIs: (i) ≥95% reduction in incident-detection latency in IoT-Edge-Cloud layers improving the current baseline of >1 day (periodic human revision of FIWARE logs) through SYNAPSE correlation and alerting mechanisms; (ii) ≥90% integrity-violation detection accuracy for manipulated data sensing of climate, substrate and fertigation, starting from a baseline of 0% detection capacity via SYNAPSE can identify subtle telemetry anomalies; (iii) ≥85% detection rate of intrusion attempts against INGROVIA microservices for unauthorized API calls to improve from a baseline of no microservice-level IDS; (iv) ≥90% detection accuracy of authentication-related anomalies in Keycloak (token misuse, brute-force attempts, role escalation) to improve from no identity-threat monitoring in the current system; (v) ≥80% detection rate of MQTT/Orion-LD spoofing and replay attacks, to enhance from a baseline of 0% protection to allow SYNAPSE can identify tampered IoT flows feeding the greenhouse control logic. Business KPIs: (i) ≥45% reduction in unintended actuator activations that showcase SYNAPSE effectiveness to prevent malicious or erroneous commands in irrigation, ventilation, heating, fog and lighting systems; (ii) ≥30% reduction in operational disruptions assessed via avoided downtime, preserved crop stability and water/energy-use optimisation during cyber-incidents.
Dissemination Plan: ODINS will maximise visibility of SYNAPSE tools, architecture and AGRISEC results through demonstrations at SYNAPSE workshops, Open Call events and others (FIWARE Global Summit, IoT World Congress, cybersecurity conferences with at least 1 video demo, 1 flier, 1 whitepaper, 1 project website, LinkedIn regular posts. Public deliverables (D1-2-3) will be shared through SYNAPSE communication channels and the AGRISEC website. The exploitation strategy integrates the validated cybersecurity mechanisms (integrity validation, response playbooks, risk-scoring logic) into the commercial INGROVIA roadmap to enable a new AGRISEC product line. The greenhouse will remain as a long-term Agrifood Cyber-Resilience Testbed to support collaboration with research centres, industry stakeholders and cyber-tech providers interested in evaluating real cyber-threats and mitigation strategies.
IMPLEMENTATION
Phase-1, WP1 Requirements Definition and Integration Design (M1–M2)
Establishes the technical, architectural and security foundations required for SYNAPSE integration. WP1 supports the SYNAPSE project via defining assets, attack surfaces, telemetry flows and detection requirements.
(i) Task 1.1 System and Asset Characterisation: provides inventory of all greenhouse elements (i.e. IoT/Edge devices sensors, actuators, fertigation systems, AI models, FIWARE entities and microservices), mapping data flows, dependencies and cybersecurity exposure.
(ii) Task 1.2 Threat Modelling and Scenario Definition: defines advanced attack scenarios (MITM interception, spoofing of climate and fertigation values, Keycloak credential attacks, microservice exploitation, adversarial AI threats) and mapping each scenario to SYNAPSE detection and correlation components.
(iii) Task 1.3 Integration Architecture Design specifies the interfaces between INGROVIA system and SYNAPSE platform that include telemetry adapters, FIWARE-to-SYNAPSE semantic mappings, authentication points, expected data schemas and security-control points required for SYNAPSE response orchestration.
(iv) Task 1.4 KPI Finalisation refines the technical and business KPIs aligned to SYNAPSE evaluation metrics (detection latency, integrity monitoring, response effectiveness and business continuity) with the cooperation of SYNAPSE mentors. WP1 reports Deliverable D1 in Milestone 1 at Month 2. The success criteria are to complete asset model, approved attack scenarios, integration blueprint and final KPI list.
Phase-2, WP2 Intermediate Open Call Results (M3–M5)
implements and validates the first operational integration prototype. This WP2 validates SYNAPSE Situational Awareness and lays the foundation for Incident Response.
(i) Task 2.1 Development of Integration Components prepares FIWARE subscription interfaces, MQTT ingestion links, telemetry translation and secure data-flow pipelines needed for SYNAPSE to access sensor data, climate/fertigation actuators and microservice information in real time.
(ii) Task 2.2 Deployment of Detection Probes supports the use of anomaly-detection probes and SYNAPSE’s situational-awareness for environmental spoofing, actuator misuse, microservice anomalies, authentication deviations.
(iii) Task 2.3 Execution of Initial Attack Scenarios will perform controlled cyberattacks to verify ingestion stability, anomaly recognition, cross-layer correlation and alert generation.
(iv) Task 2.4 – Mid-Term Demonstration and Reporting will deliver a functional mid-term prototype integrated with SYNAPSE to show early detection and anomaly-correlation capabilities. This WP2 culminates with Deliverable D2 in Milestone 2 at Month 5. The success criteria are that SYNAPSE receives real telemetry, detects anomalies, and provides initial correlation outputs.
Phase-3, WP3 Final Open Call Results (M6–M8)
Completes the integration and validates SYNAPSE full situational-awareness, incident-response and preparedness capabilities using the entire greenhouse system. It begins with
(i) Task 3.1 – Full Integration and Hardening finalise all integration interfaces, optimises SYNAPSE anomaly-detection accuracy, performance tuning and validation of frequency agrifood telemetry.
(ii) Task 3.2 – Execution of Full Attack Campaign performs multi-vector cyberattacks such as microservice exploitation, API tampering, Keycloak bypass attempts, sensor-data manipulation and adversarial ML attacks to evaluate SYNAPSE detection speed, accuracy, response orchestration and evidence generation.
(iii) Task 3.3 – Preparedness and Business Continuity Evaluation will assess SYNAPSE’s ability to support operator training, continuity workflows and automated mitigation strategies under real greenhouse stress conditions. (iv) Task 3.4 – Final Demonstration and KPIs Delivery, provides KPI validation, risk-propagation analyses, video demo and delivery of the final prototype. The WP3 results are presented in Deliverable D3, Milestone 3 at Month 8. The success criteria are completed attack-campaign demonstration, KPI achievement, validated preparedness scenarios and software release.
Milestones & Deliverables: ODINS will provide the 3 deliverables (Dx) at corresponding milestones (MSx) indicated in the previous Gantt diagram and will contribute to all progress reports/documents required by SYNAPSE or EU Commission. Concretely, D1 Requirements Definition and Integration Design (M2) consolidate the full technical specification for the pilot to include the asset inventory, detailed threat model, selected attack scenarios, integration architecture blueprint, telemetry mappings, and the final set of technical and business KPIs. This deliverable is reported at MS1 to confirm that the AGRISEC system is fully characterised and that the integration approach with SYNAPSE is technically feasible. D2 Intermediate Open Call Results (M5) provides the first operational prototype connecting the greenhouse infrastructure with SYNAPSE. It includes implemented ingestion pipelines, FIWARE/MQTT interfaces, anomaly-detection probes, initial response-control hooks, and a mid-term demonstration to show early detection and correlation of cyber-physical anomalies. This deliverable is reported at MS2 to enable that SYNAPSE successfully receives real telemetry and can detect initial attack scenarios. D3 Final Open Call Results (M8) provides the fully operational, end-to-end integrated solution that includes finalised AGRISEC software components, performance-optimised interfaces, execution of the complete cyber-attack campaign, KPI validation results, risk-propagation analyses, video demonstration, and preparedness evaluation. This is assessed at MS3 to confirm that the pilot has demonstrated SYNAPSE Situational Awareness, Incident Response and Preparedness capabilities under realistic agrifood conditions and that all expected assets and validations have been delivered.
HUMAN RESOURCES
ODINS will implement the AGRISEC project with 6-person team (38 PM, person months). The multidisciplinary team combines the required skills such as IoT/Edge engineering, communications, cybersecurity, FIWARE–MQTT middleware, cloud microservices, and AI analytics to ensure full coverage of all WP1-2-3 and tasks indicated in the previous workplan.
Dr. Rafael Marín-Pérez
(5 PM) Postdoc Director of Research & Innovation and senior IoT/Cybersecurity specialist and business innovation exploitation with >15 years of experience in >20 EU projects such as ARMOUR, ANASTACIA, SEBURE/Resilmesh and NEPHELE. He will act as AGRISEC coordinator to manage all the technical AGRISEC tasks and the agile communication with the SYNAPSE consortium.
Dr. Ana Hermosilla
(7 PM) Postdoc An expert in communications system, IoT/Edge infrastructures, software defined network, virtualisation, orchestration from >5 EU projects such as 5GINSPIRE, 5G-MOBIX and 6G-PATH. She will integrate, deploy and validate the communication flows, network interfaces for incident- response actuations.
Alfredo Quesada
(7 PM) Master in Computer Science A senior IoT/Edge engineer with 15+ years of experience in IoT-based sensing and embedded Edge controllers in >10 EU projects (i.e. ANASTACIA, SMARTIE, GUARDIAN), will lead the configuration of IoT/Edge nodes, sensor/actuator and MQTT communication layers for the SYNAPSE integration and validation.
María Soto
(7 PM) Master in Cybersecurity Cloud/cybersecurity engineer participating in UniMaaS and EDS4Agro. She will focus on secure microservice development, API protection, database integrity (FIWARE, Postgres, InfluxDB), and consistency tests.
Miriam Zambudio
(7 PM) Master in IA an engineer with experience in federated learning and distributed AI analytics (HYPER-AI, DistriMuSe). She will lead the integration of AI models, anomaly detection pipelines and adversarial AI validation.
Alejandro Arias
(7 PM) Master in Cybersecurity Cybersecurity and IoT/Edge engineer with hands-on IoT/Edge platforms and trust-framework experience (NEPHELE, FLUIDOS/XADATU, SHIELD-IoT), will execute vulnerability analysis, cyberattack implementation and SYNAPSE probe configuration.
Compliance with SYNAPSE: The ODINS team brings experiences in IoT/Edge monitoring probes, SIEM event management, mitigation paybooks, AI anomaly detection, CACAO/Shuffle actuation interfaces and response systems in the H202 ANASTACIA project and the SEBURE opencall subproject within the HorzinEU Resilmesh project to protect a smart building use case. Throughout M1-M9, the team adhere to the operational expectations of SYNAPSE. ODINS will participate in all required meetings with the mentos to provide continuous updates on integration progress, attack-scenario execution, anomaly-detection performance and KPI validation. Moreover, we will contribute to SYNAPSE dissemination and communication activities that include at least 1 demo video, 1 flier, 1 whitepaper, social-media posts, OpenCall events. The team will attend all needed SYNAPSE mentoring meetings, to allow the alignment with relevant project decisions and cybersecurity integration/validation strategies.
Budget and Resources
The next tables reflect the resource needs to integrate, deploy and validate the AGRISEC greenhouse pilot with SYNAPSE. Personnel costs (€160,588 ) represent the main investment, as the project depends on specialised expertise in IoT/Edge engineering, FIWARE–MQTT integration, AI/ML analytics and cybersecurity attack/defence activities. 38 person-months distributed among 6 ODINS employees. The detailed breakdown is as follows:
- Rafael Marín-Pérez (5 PM × €5,455.4 = €27,277)
- Ana Hermosilla (7 PM × €4,541 = €31,787)
- Alfredo Quesada (7 PM × €4,541 = €31,787)
- María Soto (7 PM × €3,671 = €25,697)
- Miriam Zambudio (6 PM × €3,670 = €22,020)
- Alejandro Arias (6 PM × €3,670 = €22,020).
- Travel costs (€2,500) cover approximately 15 trips to the greenhouse site (100€ each) and 1 SYNAPSE physical meeting (1000€) that include transportation and subsistence.
- Other goods (€10,499,3) include 7 IoT/Edge devices (average 1500€ each).
|
Budget Category
|
Cost (€)
|
|---|---|
|
160.588,00
|
|
|
Travel cost
|
2.500,00
|
|
0,00
|
|
|
Other goods/services
|
10.499,30
|
|
0,00
|
|
|
Indirect costs (10%)
|
17.358,70
|
|
190.946,00
|
The next table breaks down the calculated personnel costs:
Scientific Publications
1. Herramientas y técnicas abiertas basadas en SDN/NFV para infraestructuras 5G+/6G y aplicaciones NetworkApps.
News
