In the ever-evolving landscape of cybersecurity, the PHOENI2X project stands as a beacon of innovation and resilience. Funded under the European Union’s Horizon Europe programme, PHOENI2X aims to bolster the cyber resilience of Operators of Essential Services (OES) across sectors such as energy, transport and healthcare. By integrating Artificial Intelligence (AI)–assisted orchestration, automation and response capabilities, the project seeks to enhance business continuity, incident response and information exchange mechanisms thus improving cybersecurity in EU (https://phoeni2x.eu ).
In the context of the project, two (2) surveys were conducted to collect valuable insights, regarding key trends related to cybersecurity challenges, practices and priorities, as well as, the assessment of the tools/solutions developed within the PHOENI2X framework, by: (a) Security Experts (SEs) and (b) Critical Infrastructure Organizations (CIOs)/OESs.
The surveys covered various sectors, roles, concerns, barriers/limitations, security frameworks/tools, incident response measures, training methods, regulatory challenges and priorities for improving cybersecurity.
Key Takeaways
- Both groups identified external threats as the top concern. CIOs rated internal vulnerabilities and human-related weaknesses as more significant compared to SEs.
- Both groups highlighted situational awareness (assets & threats) and funding as key challenges. In addition, CIOs placed a greater emphasis on translating cybersecurity issues and employee training, whereas SEs focused more on incident response and access to cyber-defense tools.
- Both groups agreed that regulatory complexity and cost of compliance are the major obstacles. In addition, CIOs rated lack of internal expertise and management support as more critical, while SEs emphasized the need for clearer regulatory expectations.
- A common challenge across both groups was communication and data-sharing limitations. SEs highlighted technical barriers (e.g., interoperability) and lack of standardized protocols, whereas CIOs focused more on privacy concerns and regulatory constraints.
- Both groups consider proactive & reactive incident response and security controls as top priorities. Moreover, CIOs focused more on local situational awareness, while SEs put higher importance on compliance tools and training.
- Both groups highlighted that real-time monitoring of cyber assets and solutions aggregating security events (e.g., SIEM) are very important. AI-based tools and penetration testing are currently less frequently used, often monthly or a few times per year.
- Both groups emphasized tool access and training & awareness as top priorities. Moreover, CIOs rated communication and automation higher than SEs, whereas SEs placed more emphasis on documentation and business impact analysis.
- Both groups strongly favored interactive, hands-on training such as seminars, tabletop exercises and realistic simulations. However, CIOs viewed self-study less favorably than SEs, indicating that direct engagement is a more effective learning strategy.
- Both groups prioritized NIST Cybersecurity Framework (CSF), followed by the ISO27000 standards. Industry-specific standards (e.g., ISA/IEC 62443) and ENISA/EU certifications are also used but less frequently.
- Both groups acknowledged training & awareness and enhanced alerting as major areas of impact. In addition, SEs viewed early warnings and proactive actions as slightly more critical, while CIOs saw improvements in compliance and standardization as key benefits. This indicates that the project’s potential success lies in both technical and regulatory advancements.
Interesting Facts
A surprising insight was the low prioritization or limited use of AI-based tools for situational awareness and for incident detection and threat hunting. Currently, CIOs seem to prefer tried-and-tested tools over AI-based ones mainly due to cost barriers or lack of in-house expertise, while Security Experts address a gap in adopting advanced technologies for the same reasons.
Looking Ahead
As PHOENI2X progresses towards its final phases, the feedback obtained from the surveys serves as a testament to its impactful contributions to the cybersecurity domain. The project’s holistic approach, encompassing technological innovation, strategic training and collaborative information sharing, positions it as a cornerstone in fortifying Europe’s cyber infrastructure.
A more detailed exploration of the surveys’ findings will be included in D6.2 (June/2025). Stay tuned!
Author: OTE R&D team