Periodic Reporting for period 2 - COMPACT (COmpetitive Methods to protect local Public Administration from Cyber security Threats) Reporting period: 2018-05-01 to 2019-10-31 Summary of the context and overall objectives of the project "The cybersecurity landscape is changing, and Local Public Administrations (LPAs) are now an attractive target for cybercriminals. Cyber-attacks against local governments have become very common and the consequences may include disclosure of personal data, or gain control over smartly operated city resources through LPAs infrastructures, thus significantly impacting both individuals and organisations.COMPACT works to address these issues by empowering local LPAs to become the main actors of their cyber-resilience improvement process and by providing them with effective tools and services for removing security bottlenecks. This is done by (#1) Making the PA personnel aware of the basic cyber security threats they are exposed to (#2) Improving the skills – both technical and behavioural – of the PA personnel via innovative training techniques that are well received by the (non IT-expert) workforce (#3) Providing protection tools against basic cyber security threats, i.e. those with a higher impact on LPAs. These include phishing, ransomware, Bring Your Own Device (BYOD) and more (#4) Creating a LPAs level information hub, for favouring reliable and timely exchange of information among LPAs on cyber security guidelines and best practices, as well as on Indicators of Compromise (IoC) and (#5) Creating a link between COMPACT LPAs level information hub and major EU level initiatives, for supporting LPAs to improve cyber-resilience in a complex European context.To achieve its objectives, COMPACT is developing four types of tools/services, which include: (1) Risk assessment tools - enabling LPAs to evaluate and monitor their exposure to the most relevant cyber treats to prioritize the adoption of preventive and reactive countermeasures for maximum efficiency of resource usage for cyber protection purposes (2) Education services - through dedicated game-based training, focused not only on specific cyber-threats but also on psychological and behavioural factors, to maximize the effectiveness of the learning experience, while also containing the training time (3) Monitoring services – that continuously process events related to the status of the infrastructure and correlate them with information from threat intelligence feeds to timely spot anomalies and also suggest recovery actions that can be implemented (4) Knowledge Sharing services – including best practices and guidelines, focused on the specific needs of LPAs, that can be easily adopted to quickly increase the cyber security level of the organization." Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far COMPACT achieved the following main results. To address the Human Factor dimension in LPA, the project conducted an online study among LPAs aiming at identifying the components of cyber-secure behaviour, their predictors as well as interactions with working conditions and organisational variables. This constitutes the basis for the definition of the gamified awareness interventions that were focused on increasing security knowledge (individual) and foster a supportive organizational climate/culture/norm for cyber-secure behaviour. LPAs have also been involved in the definition of use cases COMPACT aims at support, as well as in the identification, collection and analysis of the related requirements.The consortium detailed specifications for services and contents that composes the COMPACT platform, as well as the preliminary version of the COMPACT architecture and its components, their features and evolutions and the interactions among them. On the Security, Ethical Legal and Privacy aspects, the project defined the overall approach to managing these aspects through the usage of three S.E.L.P. checklists (for theoretical work, for design work and for the research with human participation). Additionally, the partners that are involved in data management conducted a Data Protection Impact Assessment.Concerning the communication and dissemination activities, the project set up a website available in 6 languages, and a set of social network accounts. Promotional material includes a COMPACT video that was submitted to the EU-funded R&I projects Playlist. COMPACT is registered in the European Catalogue of Cybersecurity & Privacy Service Offers and participated to the 1st Cyberwatching.eu Concertation Meeting in April 2018, having had the opportunity to share knowledge with 16 other EU projects with focus on cybersecurity. Also, the project was presented to a number of external entities, including 3 general press articles. Recently, the consortium focused on implementing the strategic axes of Participation and Uptake/Advocacy with the development and animation of the Information Hub. During the second year, partners have developed efforts to reach external organisations – especially LPAs – to present COMPACT solutions and attract new members to the knowledge-sharing community.Regarding the exploitation activities, the consortium developed and shared best practice on threat information sharing and focused on the user exploitation activities, including research of end-user targets and practice methods of awareness and communication. Emphasis was put on monitoring and reviewing the COMPACT market and competitor landscape in order to maximize the project focus on exploitation results Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far) In this second reporting period, COMPACT has made achievements in advancing the SOTA of:- Real-Time Security Monitoring technologies by extending SOC to monitor multiple domains and multiple layers. The final version of COMPACT SOC collects and correlates events at various architectural layers of the typical IT infrastructure of an LPA.- Security Awareness Training and Information sharing technology in that the COMPACT suite stimulates learners by creating collective activity via various tools and multiple forms of interaction. The collaborative platform proposed in COMPACT provides a creative yet professional environment for LPA employee profiles that have been identified in the first period of research activity.- Cybersecurity Awareness Training, based on Gamification principles thanks to the development of five games specifically tailored to deliver security awareness training to LPAs employees. The games have been designed including a set of goals, reward schemes, rules, and limitations and their principles have been validated by COMPACT LPA partners through the testing with the end-users. The games have been adapted to be integrated into a Learning Management System, to allow training managers to develop security awareness training programmes.- risk assessment technology. The COMPACT approach relies on the collection of information about how the LPAs is organized and works, as opposed to asking LPAs to identify the threats they are exposed to (which typically requires the intervention of a security expert). The research has already led to the identification of some of the threats that have a major impact on the operation of LPAs, and the risks that result from such threats.- Threat Intelligence technology developing a solution and technology for a niche market of local public administration and general government entities to have a quick and cost-effective method for monitoring threat indicators. The OpenIntel Platform allows to effectively use best-practice open source cyber threat intelligence feeds and provide functionalities, which are normally found in highly expensive corporate solutions.