Improved monitoring of threats, intrusion detection and response in complex and heterogeneous digital systems and infrastructures

Digital infrastructures together with their connected devices are characterised by complex interdependencies involving various physical and logical layers and connecting a wide range of legacy IT solutions and innovative technologies. Application scenarios include but are not limited to cybersecurity of communication systems and networks and their components, e.g. 5G networks, Internet of Things (IoT) devices, medical devices, supervisory control and data acquisition (SCADA) systems, and their services, e.g. cloud-based ICT solutions. Their availability, controlled performance and reliability need to be guaranteed at every moment serving the needs, sometimes critical and safety-related e.g. in transportation, energy, healthcare, of millions of citizens, enterprises and society. Therefore, they need to be protected in real-time against ever-evolving cybersecurity threats.

Building on research and innovation in the area of cybersecurity of digital infrastructures for example projects funded from H2020 SU-DS01-2018[[Cybersecurity preparedness - cyber range, simulation and economics]], SU-DS04-2018-2020[[Cybersecurity in the Electrical Power and Energy System (EPES): an armour against cyber and privacy attacks and data breaches]], SU-DS05-2018-2019[[Digital security, privacy, data protection and accountability in critical sectors]] and SU-TDS-02-2018[[Toolkit for assessing and reducing cyber risks in hospitals and care centres to protect privacy/data/infrastructures]], state of the art technologies should support the logging, categorisation, data aggregation from different sources, automatic information extraction and analysis of cybersecurity incidents. This includes advanced methods for cyber threats intelligence and cyber-incident forensics enabling better prediction of cyber security threats. Proposals should develop and validate demonstration prototypes of tools and technologies to monitor and analyse cybersecurity incidents in an operational environment in line with the NIS directive and the General Data Protection Regulation. They should contribute to improved penetration testing methods and their automation by using machine learning and other AI technologies as appropriate. Moreover, proposals should support effective network traffic analysis applying detection techniques in network operations based on advanced security information management and threat intelligence. Proposed solutions should also include validation or piloting of cyber threat intelligence with early-stage detection, prediction and contributions towards response capability using predictive analytics, and as relevant, with efficient and user-friendly interaction methods, e.g. visual analytics. Furthermore, solutions deployed by this action should validate their approach to intrusion detection and incident monitoring with real end-users and their needs.

For expanding the proposed work in terms of additional pilot sites, additional user groups, additional applications, and complementary assessment of the acceptability of the use case, the actions may involve financial support to third parties in line with the conditions set out in Part B of the General Annexes. Each consortium will define the selection process of the third parties for which financial support will be granted (typically in the order of EUR 50 000 to 300 000 per party). Up to 20% of the EU funding requested by the proposal may be allocated to the purpose of financial support to third parties.

A strong culture awareness of data protection should be fostered. The proposals should also appropriately address concerns about mass surveillance and protection of personal spaces. All technologies and tools developed should be appropriately documented, to support take-up and replicability.

Consortia should bring together interdisciplinary expertise and capacity covering the supply and the demand side. Participation of SMEs is strongly encouraged. In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.