Regulatory compliance supported by PHOENI2X

Cybersecurity has a prominent place in recent EU legal activities. A plethora of regulations and directives that provide governance tools to bolster cybersecurity have been released. This regulatory work comprises a framework that affects and guides authorities, operators of essential services, incident response teams and other relevant stakeholders to assess cyber risks and handle cyber incidents. The cornerstone of this framework is the EU Directive 2016/11481 (NIS Directive) which mandates certain cybersecurity measures for entities of essential services, aiming to elevate the level of preparedness of all Member States. Later developments include the EU Cybersecurity Act2 (CSA), the Digital Operational Resilience Act3 (DORA), and most recently, the EU Directive 2022/25554 (NIS2 Directive). The continuous legislative developments in the field of cybersecurity are also demonstrated by the EU Cyber Solidarity Act5 which was proposed recently, on 18 April 2023, by the European Commission.

How exactly can PHOENI2X and its outcomes support organizations in coping with the new obligations? To gain a clear perspective of the benefits PHOENI2X will bring to involved parties, a brief description of NIS2 Directive and an overview of the proposal of the EU Cyber Solidarity, Act will be presented.

NIS2 Directive

The NIS2 Directive, published in the Official Journal of the EU on January 2023, replaces the NIS directive, and aims to enhance cybersecurity resilience by extending the scope of liable entities and their obligations regarding the measures for increasing their cybersecurity capacity. It also aims to harmonise security measures, incident response and information sharing across the EU. In addition, the legislators have aligned NIS2 with sector-specific legislation, such as DORA, to provide clarity and coherence. NIS2 requires essential and important entities to implement risk analysis and take appropriate and proportional technical, operational, and organisational measures to manage the associated risks posed to their network and information systems.

Regarding Incident handling, the entities will need to report to their CSIRT or competent authority any incident that significantly impacts their ability to provide services and the cross-border impacts of that incident.

Other requirements include cybersecurity training, supply chain security, vulnerability handling, and disclosure (and many more).

The new directive sets the grounds for information exchange and best practices sharing between public and private sector entities, and thus, promotes collaboration between them. Finally, it establishes the European Cyber Crises Liaison Organisation Network6(EU CyCLONe) to support coordinated management of large-scale cybersecurity incidents and crises at EU level and among the Member States.

Some of the identified prerequisites for achieving readiness in conforming to the NIS2 Directive are presented below:

  • Entities must report incidents to their CSIRT or competent authority in a predefined timeframe.
  • Entities must maintain constant vigilance for threats and vulnerabilities that could affect their services.
  • Entities need to develop, test and establish incident and business continuity plans, and also must perform risk assessments and analysis.
  • Entities must provide advanced cybersecurity training methodologies to their employees, so as to improve the overall security posture of the organisation.
  • Entities should be capable of sharing and exchanging information for coordinated threat handling and incident response, in an efficient manner.
  • Authorities must be able to tackle the increased flows of incoming information and reports from the liable entities.

In acknowledgment of the challenges in building fences and guarding against the volume and sophistication of cyberattacks, the directive encourages “the use of any innovative technology, including artificial intelligence, the use of which could improve the detection and prevention of cyberattacks……”

Cyber ​​Solidarity Act

Another development that demonstrates the latest cybersecurity trends is the Cyber ​​Solidarity Act. This proposal, which was published on 18 April 2023, includes a) a European Cybersecurity Shield made of interconnected SOCs across the EU, b) a Cybersecurity Emergency Mechanism to strengthen the EU’s preparedness, incident response and mutual assistance capabilities, as well as c) a Cybersecurity Incident Review Mechanism for incident reviewing and assessment capabilities. These functionalities are intended to be equipped with tools that use the latest artificial intelligence and data analytics technologies, in order to produce actionable information and cyber threat intelligence throughout the whole lifecycle of a potential incident.

PHOENI2X Project

PHOENI2X aims to develop and deliver a Cyber Resilience Framework that will provide advanced capabilities for business continuity, incident response and information exchange, tailored to the needs of entities responsible for essential services and of EU competent cybersecurity authorities.

The PHOENI2X platform under development will facilitate compliance with the obligations derived from NIS2, as described below:

  1. The AI-assisted Situational Awareness functionality of PHOENI2X will employ risk assessment and business impact analysis to offer a list of potential mitigation measures for the identified risks, classified in order of priority. In that way, entities will have tailored guidance in selecting appropriate and proportionate cybersecurity measures. This Situational Awareness will also provide the necessary tools for monitoring and hunting threats as they emerge.
  2. The Resilience, Orchestration, Automation & Response functionality of PHOENI2X will provide proactive & reactive business continuity, recovery & incident response capabilities to the entities, enriching the relevant plans in place or supporting the development of new ones from scratch. Business continuity and incident response activities will be orchestrated and automated by newly developed playbooks.
  3. The Preparedness functionality will enable advanced training capabilities for entities, based on Cyber Ranges and Serious Games. PHOENI2X will go beyond current state-of-the-art, by developing a Resilience Cyber Range, which will be able to assess the effectiveness and efficacy of the relevant orchestrations and automations, and generate hands-on training programmes to increase the preparedness of employees. Serious games will be designed and used to raise the awareness of employees regarding social engineering attacks.
  4. The Alerting, Reporting & Information Exchange functionality of PHOENI2X will enable timely and actionable information exchange and reporting between entities and national authorities, in line with the associated regulatory requirements and the Standard Operation Procedures specified in EU Cyber Blueprint and CyCLONe. The alerting and information exchange mechanisms will also accommodate interactions among entities, for the exchange of various types of technical information (e.g., CTI indicators, attack prediction data, sanitized playbooks). All the above, will facilitate the protection of critical sectors from sophisticated cyber threats and support handling of large-scale cross-sector incidents in a coordinated manner. 

As a conclusion, PHOENI2X is being developed in a time where trends such as cross-border cooperation, public-private partnerships, as well as the integration of artificial intelligence are pervasive in the effort to increase cybersecurity. Therefore, it can play a crucial role in assisting organizations to navigate the complex landscape and ensure compliance. PHOENI2X platform covers critical cybersecurity aspects of an organization and provides the required automation, toolsets, and advanced technologies required by the entities to fulfil their institutional role. From the perspective of a National Authority, the implementation of such a comprehensive cybersecurity platform can offer valuable support to organizations imposed by European regulations, in effectively managing new obligations. 

For a detailed presentation of the approach of PHOENI2X and its envisioned Cyber Resilience Framework, please refer to the consortium’s concept paper7.

Author: the NCSA team

  1. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union –
  2. Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act – 
  3. Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 – 
  4. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) – 
  5. “The EU Cyber Solidarity Act”, European Commission, 18 April 2023 –
  6. “ENISA serves as the CyCLONe Secretariat boosting cooperation among national Cyber Crises Liaison Organisations”, ENISA –
  7. Fysarakis, Konstantinos, et al. “PHOENI2X – A European Cyber Resilience Framework With Artificial Intelligence -Assisted Orchestration Automation For Business Continuity, Incident Response & Information Exchange”, IEEE International Conference on Cyber Security and Resilience (IEEE CSR), 2023