Dynamic business continuity and recovery methodologies based on models and prediction for multi-level Cybersecurity

This action aims at developing new methodologies, services and tools for accelerating the self-recovery and possible adaptation of the infrastructures and supply chains after an attack. In line with the NIS Directive the focus should be on critical sectors (e.g. energy, transportation, health) as well as telecommunication networks. The proposal should go beyond the state-of-the-art in developing and validating AI-based self-healing, effective business continuity and disaster recovery in real-world scenarios covering two or more business sectors and supporting their private and public actors.

Cyber threat intelligence and situational awareness need to be developed from the current research level towards strategic considerations, and down to real-time events. This requires collaboration and data sharing between different security actors and should be based on a collection of heterogeneous data, models and predictions for multi-level security. Cyber incidents are likely to require the efforts from a heterogeneous network of organisations or a network of business units inside a single organisation, both when it comes to prevention, detection and response. The solutions (technologies, methods, tools, procedures, practices and/or strategies including escalation and de-escalation) developed must satisfy the needs of the end-users and support daily tasks, efficient and effective operations and ensure business continuity. Thus, an organisational perspective should be included. Furthermore, the methods for exchanging information and the actors considered should build, whenever possible, on the current practices in line with the NIS Directive.

The proposed solutions should include dynamic execution of disruption recovery and business continuity processes. They should dynamically extract all relevant digital evidence, information and digital traces, provide real-time personalised technical assistance, share information and real-time alerts with relevant stakeholders.

Human factors (e.g. behavioural, psychological, physical, cultural and gender) need to be considered appropriately in all aspects of the proposed solution. Proposals should build on existing research and projects[[For example projects funded under the H2020 topic SU-INFRA01-2018-2019-2020: Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure in Europe.]], clearly identify the state-of-the-art and explain the strengths of the new solution in the context of the chosen sectors.

Research should address the risks and impact of a cyber-incident on the business itself, using appropriate KPIs, but also possible cascading effects of cyber incidents for critical infrastructure (including potential cross-sectoral and cross-border impacts) and society overall.

The research should include a proof of concept in order to validate the claimed progress and show the benefits in an adequate testing environment involving real end-users. End-users should be involved in all steps of the cycle from design to development and testing. Participation of SMEs is encouraged. This topic requires the effective contribution of SSH disciplines and the involvement of SSH experts, institutions as well as the inclusion of relevant SSH expertise, in order to produce meaningful and significant effects enhancing the societal impact of the related research and innovation activities.