As digital technologies become more pervasive in society and the economy, cybersecurity incidents become more frequent and diversified. ENISA’s Threat Landscape for 2020 has highlighted that during the coming decade “cybersecurity risks will become harder to assess and interpret due to the growing complexity of the threat landscape, adversarial ecosystem and expansion of the attack surface”. It has also reported an increase in sophisticated and targeted attacks in critical domains (e.g., energy, healthcare), and an increased prevalence of hybrid threats, i.e., threats combing both the cyber and the physical domains. Hence, threats in cyberspace endanger the European long-term objectives (e.g., the Digital Single Market that aims to enhance Europe’s position as a world leader in the digital economy), and our democracies and freedoms.
Thanks to the NIS Directive (2016/1148), EU Member States and their Operators of Essential Services (OES) are now forced to have a minimum baseline set of capabilities while providing cross-border coordination and cooperation. But this is only a small step towards European cyber resilience. Dealing with systemic and complex cyber risks remains the significant challenge, which is exacerbated by the increased motivation (often combining financial, nation-state interests, nationalistic and political motives) and sophistication of, often state-sponsored, threat actors, who carry out growing targeted and persistent attacks on high-value data, exploiting the inevitably ever-increasing interconnectedness of various systems and networks1. Several European initiatives are underway to strategically address this challenge, such as the European Cyber Defence Policy and the European Cyber Resilience Act, the importance of which was highlighted by European Commission President Ursula von der Leyen in her 2021 State of the Union address. Furthermore, as stated by Thierry Bretton, European commissioner for Internal market, these efforts and the associated entities that will be created to support their implementation (e.g., Joint Cyber Unit, Joint Situation Awareness Centre) are necessary for increasing the collective resilience, incident detection and defence capabilities, as well as the operational and technical coordination of EU countries for crisis management.In this context, the importance of preparedness, sharedsituational awareness, and coordinated incident response are essential not just for effective crisis management and cybersecurity resilience, but also for driving strategic and political decisions that will effectively tackle threats that threaten the well-being of the European Union. In this context, essential enablers include:
- automation and orchestration mechanisms for business continuity & incident response;
- actionable and pertinent Cyber Threat Intelligence (CTI) and threat landscape information, and interoperable, standardised alerting and information exchange mechanisms for building a shared situational awareness, as well as;
- access to sophisticated early warning systems and structured, realistic trainings (e.g., through hand-on, realistic Cyber Ranges) for preparedness, means are essential.
Motivated by the above, the European Commission, under the European Union’s Horizon Europe programme (Grant Agreement no. 101070586), launched in July 2022 project PHOENI²X, which aims to design, develop, and deliver a Cyber Resilience Framework providing Artificial Intelligence (AI) – assisted orchestration, automation & response capabilities for business continuity and recovery, incident response, and information exchange, tailored to the needs of Operators of Essential Services (OES) and of the EU Member State (MS) National Authorities entrusted with cybersecurity.
Through the deployment PHOENi²X Cyber Resilience Centres (PHOENi²X CRCs, depicted in Figure 1), OES will gain:
- enhanced Situational Awareness with AI-assisted Prediction, Prevention, Detection & Response capabilities, and business risk impact assessment-based prioritisation;
- proactive and reactive Resilience Automation, Orchestration, and Response (ROAR) mechanisms, providing Business Continuity, Recover and Cyber & Physical Incident Response;
- Increased Preparedness through relevant Serious Games and realistic Resilience Cyber Range (RCR) Assessment & Training;
- timely and actionable Information Exchange between OES, National Authorities and EU actors, leveraging interoperable and standardised alerting and reporting mechanisms and processes.
The above will be aligned with the pertinent EU initiatives, such as the recommendations provided in the European Commission Recommendation on Coordinated Response to Large Scale Cybersecurity Incidents and Crises (hereafter referred to as “Cyber Blueprint”), which aims to provide a structured approach towards shared situational awareness, preparedness and coordinated incident response that also considers and involves all key EU actors involved in response to cybersecurity crises (e.g., ENISA, CSIRTs network, CERT-EU, Europol, Information Sharing and Analysis Centres – ISACs). Important, in this context, will be support for the newly launched Cyber Crisis Liaison Organisation Network (CyCLONe) that aims to contribute to the Cyber Blueprint’s implementation and complements the existing EU cybersecurity structures by linking the cooperation at technical, operational, and political/strategic levels.
Therefore, PHOENi²X will not just assist operators of critical sectors achieve cyber resilience but will also support EU MS authorities in enhancing national cybersecurity capabilities, cross-border collaboration, and national supervision of their critical sectors, per the NIS Directive’s requirements. Furthermore, the project will investigate avenues on how the PHOENi²X CRCs and their innovative building blocks will be able support the operational work on preparedness and response in the Joint Cyber Unit.
The above will be demonstrated and validated in the context of 3 use cases, involving:
- Energy use case, based in Greece, directly involving an OES (Public Power Corporation S.A.) as well a supporting telecom provider (Cosmote Kinites Tilepikoinonies AE.), and the National Authority (National Cybersecurity Authority, Ministry of Digital Governance) overseeing the OES;
- Transport use case, based in Spain, directly involving an OES (Ferrocarrils de la Generalitat de Catalunya railway), and;
- Healthcare use case, based in Cyprus, involving an essential solution and infrastructure provider (Nodalpoint Systems) of an OES (the General Healthcare System of Cyprus), to highlight the importance of supply chain aspects.
To achieve the above, PHOENI²X involves an SME-heavy consortium that includes 16 partners including 3 Academics (University of Patras, Universitat Politecnica de Catalunya, University of Oslo), 4 partners from the industry (Cosmote Kinites Tilepikoinonies AE., Ferrocarriles de la Generalitat, Public Power Corporation S.A., Atos IT Solutions and Services Iberia S.L.), 7 SMEs (Sphynx Analytics Limited, World Sensing, AEGIS IT Research AG, Social Engineering Academy, EUNOMIA Limited, Nodalpoint Systems), and 2 public bodies (National Cyber Security Authority, Ministry Of Digital Governance, Greece and Archi Psifiakis Asfaleias – Digital Security Authority of Cyprus).
Watch this space for more interesting blog posts in the coming months, analysing various aspects of the PHOENI²X approach, and do not forget to monitor the project website and our Twitter, Facebook and LinkedIn page for updates on the latest project activities.
Chief Technology Officer, Sphynx Analytics Ltd, Cyprus
Konstantinos Fysarakis, PhD