Democratizing a Cyber Security Toolkit for SMEs and MEs

CyberKit4SME will provide cyber security tools that help SMEs and MEs become aware of, analyse, forecast and manage cyber security and data protection risks. The toolkit will provide sophisticated levels of analysis and protection in a manner that is low-cost, easy to understand, and collaborative in nature, plus facilities supporting incident reporting and security intelligence sharing and collaboration with other SMEs, larger supply chain partners, and CERT/CSIRTs.
CyberKit4SME will produce offline risk modelling tools to support ISO 27005 risk analysis and privacy and data-protection ‘by design’, covering technical, organisational and human risk factors, and supporting regulatory compliance analysis and compliance documentation generation.
CyberKit4SME will provide online cyber security risk monitoring based on collaborative security intelligence and event management (SIEM) tool, and data protection measures designed for easy access that will be effective in cloud environments.
Cyber security incident reporting and security intelligence sharing will be supported by a secure, privacy-aware blockchain framework, allowing SMEs to collaborate with CERTs, supply chain partners and indirectly, other SMEs to detect and address threats in critical sectors without fear of reputational damage.
These tools will be supported by training including cyber range demonstrations, raising awareness and encouraging adoption of advanced cyber security methods by SMEs and MEs. CyberKit4SME will thus increase awareness of cyber security threats, vulnerabilities and risks among SMEs and MEs, allow more confident and effective forecasting, monitoring and management of those risks, and simplify compliance with regulatory obligations under the GDPR and NIS Directive, as well as sector-specific regulations relating to security, data protection and privacy.
CyberKit4SME will validate its tools with SMEs in four critical sectors: finance, healthcare, energy and transportation.

The project start-up has been carried out so that all partners can collaborate. Processes have been implemented in order to ensure quality standards are respected.
The baseline analysis has been carried out with the internal SMEs and broad requirements have been gathered. Given the expected features from the tools are quite advanced, the detailed requirements are expected to change, with experience, over time and so partners are committed to work in an agile fashion.
The specifications of the toolkit have been defined in a general manner and an architecture has been defined, encompassing the interactions between the tools and the interactions with the client information systems. A central testbed for co-located services has been implemented with respect to said architecture.
The first deployment of most tools within the SMEs Information Systems and linked with the testbed is well under way. The validation scenarios are therefore ongoing and initial feedback to the technical partners has been provided.
The dissemination and communication activities, including with similar European projects, are ongoing and have intensified since the toolkit has been specified. The exploitation plan has been updated to reflect a better perception of the market.

The next steps are to carry on with the validation scenarios, as well as with the development of the tools and increasing the complexity of integration, while integrating the feedback from the SMEs. The cyber range will be defined and implemented.

The main technological advances proposed by CyberKit4SME are advances in the accessibility of advanced cyber security tools for SMEs, by reducing the time, cost and specialist cyber security expertise needed to use these tools to achieve a satisfactory level of cyber security and data protection.
The tools we have chosen to focus on cover:
● asset-based threat identification and risk analysis using the methodology specified by ISO 27005;
● tools to encrypt, protect and isolate data when stored, transferred and processed in the cloud;
● security intelligence and event management to help users monitor risks and understand what types of responses they should make to incidents.
● security intelligence sharing, addressing concerns about confidentiality and business impact when sharing security information including incident reports.
These types of tools all exist today, but they are difficult to use, requiring considerable time and expertise to set them up correctly and supply the necessary inputs, and for tools that use automation, to handle the volume of outputs generated. Moreover, sharing cyber security information poses reputational challenges for small businesses, who often have a small number of key customers and cannot afford any to lose trust in their ability to secure and protect information in their supply chain.
CyberKit4SME will address these issues and create tools that are more accessible in several ways:
● by loosely coupling tools so that one tool can easily provide at least some of the inputs needed by another, and (if necessary) integration with third party tools is possible using open interfaces;
● by using machine intelligence, not only to analyse security information and reduce the volume of output to analyse, but also to guide users and reduce the amount of input they need to provide;
● by packaging tools including cyber security data protection measures in a set of easily consumed services running in open (cloud) environments;
● by using a privacy-preserving mechanism for cyber threat intelligence sharing, that protects both the integrity of shared information, and the reputations of its SME and ME sources.
The state of the art relating to each tool (including SME adoption), and the proposed advances are described in more detail in the following sections.