The main objective of the project is to enable CSIRT security teams to respond effectively to new security threats, security incidents detected and critical information infrastructure protection (CII) incidents. For this purpose, it is necessary to create means to continuously monitor the security situation, adapt to changes, decide how to react and act on them.
The key to successful CII protection is that the security team decides and acts before the attacker. A timely response can interfere with the attacker's activities and reduce the impact of his behavior on CII. To achieve the main goal of the project, research into the Situational Awareness tools, evidence of vulnerabilities, threat prognosis, draft scenarios of reactive measures and their implementation will be carried out.
Compared to current solutions that address only selected activities and, moreover, separately, the activities of the security team will be conducted through the OODA decision-making process (Observe, Orient, Decide, Act). The aim is to use the existing technical means of security teams (tools for detecting, collecting, evaluating and suppressing security events) and to extend and link them appropriately so that the entire OODA decision-making process can be implemented in addressing security incidents and incidents in CIIs.