Information driven Cyber Security Management

Specific challenge:

Our dependence on technology continues to grow and, at the same time, the internal complexity of organisations' ICT systems and the external threat environment continue to grow as well and evolve in dynamic and daunting ways.

One approach to cyber security risk management focuses inward on understanding and addressing incidents, vulnerabilities, weaknesses and potential impact. Meanwhile, effective defence against current and future threats requires the addition of a balancing, outward focused approach, on understanding the adversary’s behaviour, capability, and intent.

Those called to deal with incidents or responsible for managing cyber security programmes are often faced with an overwhelming amount of information, often raw and unstructured, to the point where making efficient use of these information flows has become a challenge in itself. Effective decision making may be therefore hampered, especially in times of crisis.

SMEs face a particular challenge seeing as they often do not have the capacity to obtain relevant information or the necessary expertise to analyse it in order to address the cyber security threats they face on their own.

Scope:

Effective decision making, early warning systems and cyber security management requires tools and techniques that enable organisations to efficiently process the flow of information from both internal and external sources, through improved information processing, analysis and, where necessary, exchange; as well as to manage the implementation of cyber security solutions.

The tools and techniques should leverage the state-of-the-art in areas such as SIEM, data analytics (including Big Data) and visualisation, threat intelligence, malware analysis and cyber security information exchange.

Taking into account the large variety of IT systems and architectures in use today, the projects should strive to promote interoperability through the use of globally accepted open standards and wider uptake of any proposed solutions.

Several pilots projects will be supported, for different application areas.

The Commission considers that proposals requesting a contribution from the EU of between €2m and €5m EUR would allow this topic to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.

Proposals have to address the specific needs of the end-user, private or public organisations.

With the goal of providing assistance to the private sector (including SMEs), proposals may also address the needs of those entities whose mission it is to assist others such as CSIRTs, national or sector-specific Cyber Security Centres or similar organisations.

Proposals are encouraged to include public security end-users and/or private end users.

Expected impact:

The pilots projects will establish and validate tools and techniques that will facilitate the management of internal and external information sources related to cyber security management.

Through better information management and appropriate dissemination, the actions are expected to lead to more effective vulnerability remediation, enhanced prevention and detection capabilities and faster response to incidents.

Ultimately the actions should aim to reduce the impact of incidents and in particular to increase the level of awareness and preparedness of all stakeholders, public or private, large organisations or SMEs.

The outcome of the proposal is expected to lead to developments up to Technology Readiness Level (TRL) 6 or above; please see part G of the General Annexes. (Innovation Actions may include prototyping, testing, demonstrating, piloting, large-scale product validation and market replication (see Annex D).)“

Type of action: Innovation action