Cyber Security Incident Handling, Warning and Response System for the European Critical Infrastructures

Ana María Morales Pérez

01 September 2019

31 August 2022

EC funded project

CyberSANE is an EU-funded project aiming to develop an innovative and novel system to protect Critical Information Infrastructures (CIIs) against cybercriminals and tackle current threats that could affect the operations of infrastructures related to healthcare, energy, and transportation.

Due to the amount of information and data used, gathered and shared, these industries rely on robust and reliable ICT components and infrastructures integrating multiple novel technologies for operation optimisation, which make them vulnerable to attacks coming from hackers and cybercriminals.

Over the last few years, it is a common phenomenon to see daily headlines describing major cyber-attacks or some new strain of malware or insidious social engineering technique being used to attack ICT infrastructures. In particular, CIIs have become lately targets for cyberattacks attracting the attention of security researchers, cyber-criminals, hacktivists (e.g. Anonymous, LulzSec) and other such role-players (e.g. cyber-spies). These cyber actors have significantly evolved their tactics, techniques, and procedures to include next-generation malware toolkits available on various locations on the internet (e.g. deep web, dark web) and new data exfiltration methods that give them an asymmetric quantum leap in capability.

In the past years, there have been a number of cybersecurity meltdowns and high-profile breaches affecting critical infrastructures, and in most cases, they targeted the organizations’ interconnected infrastructures as a means of targeting the broadest audience for their malware as possible. Obviously, the impact of a compromised CII can extend far beyond the corporate boundaries, putting not just individual organizations but also their dependent entities at risk.

CyberSANE proposes a state of the art solution that:

  • Improves the detection and analysis of cyber-attacks and threats on CIIs and increases the knowledge of the current cyber threat landscape.
  • Supports human operators (such as Incident Response professionals) to dynamically increase preparedness, improve cooperation amongst CIIs operators, and adopt appropriate steps to manage security risks, report, and handle security incidents.
  • Complies with relevant regulations (such as the GDPR and NIS directive), which requires organizations to increase their preparedness, improve their cooperation with each other, and adopt appropriate steps to manage security risks, report and handle security incidents.

CyberSANE components are:

  • LiveNet | Live Security Monitoring and Analysis:
    Implements services for preventing and detecting threats, providing to CyberSANE security professionals both insights and a track record of the activities within their Information Technology environment.
  • DarkNet | Deep and Dark Web Mining and Intelligence:
    Searches and analyses threat actor communications in dark web communities for identifying compromised assets or information.
  • HybridNet | Data Fusion, Risk Evaluation, and Event Management:
    Correlates attack-related patterns associated with specific malicious or anomalous activities in a given CII, proposing mitigation steps for all vulnerabilities, threats, and risks.
  • ShareNet | Intelligence and Information Sharing and Dissemination:
    Provides the necessary threat intelligence and information sharing capabilities within the CIIs and with other involved parties, allowing them to determine the trustworthiness of each information source.
  • PrivacyNet | Privacy and Data Protection Orchestrator:
    Responsible for managing and orchestrating the application of the required privacy mechanisms, maximizing achievable levels of confidentiality and data protection.

CyberSANE will be validated in the following scenarios:

  • Solar Energy
  • Transportation of Container Cargo
  • Health Records

CyberSANE Project of the Week 19-23 October 2020




Vertical Category:

Past Events