Dynamic cybersecurity management for organisations and local/regional networks based on awareness and collaboration

CS-AWARE-NEXT aims to provide improved cybersecurity management capabilities to organizations and local/regional supply networks. Such organisations and networks operate in a highly dynamic cybersecurity environment, and are required to comply with prevailing European legislation such as the network and information security (NIS) directive. The way such organizations approach cybersecurity increasingly needs to be more dynamic and more collaborative, building on a shared situational awareness of potential cybersecurity issues relevant to the organisations and networks in question. To achieve this, CS-AWARE-NEXT has identified several focus areas to be addressed: (a) Improved organisational policy support to enable organizations to deal better with the dynamic nature of cybersecurity. (b) Greatly enhanced cooperation/collaboration within the organization and with external actors, such as those comprising the local/regional supply chain. (c) Better integration of threat intelligence in operational cybersecurity management using innovative AI approaches and techniques. (d) Much improved disaster recovery/business continuity, integrated in operational cybersecurity management. (e) Elevated evidence collection and information sharing with relevant actors on the multi-level European cybersecurity framework. (f) Improved capacity for enabling organizations to assess their security status in comparison with other relevant actors through benchmarking and profiling. CS-AWARE-NEXT builds on the awareness, cybersecurity information sharing, and system self-healing capabilities of the CS-AWARE platform developed during the H2020 project of the same name. The integration of the advanced capabilities of CS-AWARE-NEXT will enable organizations and dependent supply networks to be much more effective and efficient in their use of cybersecurity platforms like CS-AWARE, supporting their day-to-day cybersecurity risk and incident management operations.
CS-AWARE-NEXT comprises 8 objectives which we briefly describe below:
Objective 1: Improved organisational policy support for dynamic cybersecurity management
Objective 2: Better cybersecurity cooperation and collaboration on the local and regional level
Objective 3: Improved data quality assessment and AI-based data correlation for utilising threat intelligence and social media in dynamic incident and risk management
Objective 4: Dynamic disaster recovery, business continuity and system self-healing on the organisational and local/regional level
Objective 5: Improved integration of threat intelligence and information sharing in organisational cybersecurity management
Objective 6: Define KPI based benchmarking and profiling to dynamically assess the security state in the multilevel cybersecurity environment
Objective 7: Provide a reference implementation and deployment in the context of the CS-AWARE cybersecurity awareness and collaboration platform
Objective 8: Follow an agile, design-science based approach to project implementation and validation, with end-user involvement in all project phases

During the second reporting period of the project all Tasks that have commenced earlier have been concluding with the provision of results in the form of Deliverables, most of them appearing by Month 24. As foreseen, and because the individual maturity of the pilot partners regarding cybersecurity policies had been assessed as being significantly below the expected level assumed in the planning phase of the project, both in terms of available organisational processes, as well as regarding the technological support concerning the policy lifecycle, we needed to adapt the developed set of requirements and KPIs from taking the existing processes of the individual pilot partners and defining them as the baseline for further development to ensure a high degree of user acceptance.
The outcomes of this second reporting period allow for continuing post-project collaboration and especially in regard to the transition of the project's TRL 5 outputs into TRL 7/8 market applications and standards.

The CS-AWARE NEXT project, typical of Horizon Europe research actions, aimed to deliver both tangible technological assets and intangible frameworks that will shape future cybersecurity strategies. Below we elaborate on what we see as the project's legacy and concrete action points for post-project collaboration.
Given the pre-existing collaborations amongst the consortium members, we see that there will be a fertile ground to prepare for the post-project exploitation phase.
Same as with the prior to our project CS-AWARE Innovation Action, the legacy of CS-AWARE NEXT is expected to extend far beyond its duration in terms of contributing with foundational tools and methodologies necessary for a unified, predictive European cyber defense.
The core technical legacy is the Advanced Situational Awareness (SA) Platform and the associated AI/ML Threat Prediction Models.
• Predictive Defense Capability: The platform's main legacy is shifting cybersecurity from purely reactive defense (responding to an attack) to predictive defense (anticipating an attack before it fully manifests). This capacity for next-generation threat intelligence will be the enduring feature that separates it from current, standard Security Operations Center (SOC) tools.
• The Shared Intelligence Model: The specific data models, taxonomies, and exchange formats developed to facilitate real-time sharing of threat indicators across different organizational sectors and national CSIRTs (Computer Security Incident Response Teams) will remain a valuable asset, effectively increasing the cyber resilience of its targeted users.
• Proof-of-Concept for Federating EU Cyber Defense: The project's successful demonstration in diverse pilot environments (e.g. energy, finance) serves as the primary Real-World Evidence (RWE) that a distributed, AI-driven situational awareness platform can function effectively at a cross-border, multi-sector level.