Building and trial operation of the Cyber Threat Intelligence system

The main objective of the project is to comply with the Law No. 181/2014 Coll., on Cyber ​​Security, to strengthen the protection of critical information infrastructure and to reduce the damage caused by cybercrime by building an effective system for detecting, identifying and predicting cyber threats and cyber security incidents (Cyber Threat Intelligence). Based on the analysis of data and information on the operation of network electronic communications from a wide range of sources, this system will develop methods and procedures for assessing the vulnerability of the critical information infrastructure. The system created will allow these data to be correlated to provide a deeper insight into the relationship between each incident and its originator. Correlation of data and the ability to relate to them is a key aspect of identifying and resolving large-scale incidents, Advanced Persistent Threat Threats (ATP), or tracking the activities of criminal groups operating in virtual space. The next layer of the system will be the distribution of information about security incidents, in the form of vulnerabilities detected, as well as in the form of so-called gray-lists (lists of malicious IP addresses), which will be taken over by critical information infrastructure managers and important information systems, communications, data center operators, etc.