Addressing Advanced Cyber Security Threats and Threat Actors
Over the past decade, we have seen that cyber attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted which may leverage zero-day exploits and highly creative interdisciplinary attack methods.
Detecting and responding to such attacks by a highly motivated, skilled and well-funded attacker has however been proven highly challenging.
As our society is becoming increasingly dependent on (critical) cyber infrastructure, new technologies are needed to increase our detection and response capabilities.
b) Research and Innovation Actions –Situational Awareness
The focus of the proposals should be on the development of novel approaches for providing organisations the appropriate situational awareness in relation to cyber security threats allowing them to detect and quickly and effectively respond to sophisticated cyber-attacks.
The solution may leverage techniques such as anomaly detection, visualisation tools, big data analysis, threat analysis, deep-packet inspection, protocol analysis, etc as well as interdisciplinary research to counter threat actors and their methods.
The proposals should also consider the need to collect necessary forensic information from attackers that can be used as evidence in court.
Proposals should assess and address the the impact to fundamental rights, data protection and privacy in particular, in the design and developmentof their solutions.
The Commission considers that proposals requesting a contribution from the EU between EUR 2 and 3 million would allow these areas to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
The outcome of the proposals are expected to lead to development up to Technology Readiness Level (TRL) 3 to 5; please see part G of the General Annexes.
b) Innovation Actions – Simulation Environments, Training
Proposals should develop innovative simulation environments and training materials in order to adequately prepare those tasked with defending high-risk organisations to counter advanced cyber-attacks.
The simulation environments should take into consideration the following challenges:
- Tools for creating realistic cyber environments that fit the training objectives and tools for producing both benign and malicious system events that fit the training scenario;
- Real-time student performance assessment, dynamic configuration and adaptation of exercise scope and difficulty;
- Exercise monitoring and evaluation of its state, being able to control the progress of the exercise, detect inconsistencies and hard-to-solve situations, etc;
- Definition and creation of new scenarios and cyber threats in a cost and time-effective manner, and that better achieve the pedagogical objectives for a wide variety of student profiles;
In the context of cyber security attacks, proposals may also consider scenario building and simulation training to prepare organisations' response and decision making processes in relation obligations stemming from applicable legal frameworks or in the wider context of managing crises and emergency situations.
The Commission considers that proposals requesting a contribution from the EU between EUR 4 and 5 million would allow these areas to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
The outcome of the proposals are expected to lead to development up to Technology Readiness Level (TRL) 6 to 7; please see part G of the General Annexes
Proposals have to address the specific needs of the end-user, private and public security end users alike. Proposals are encouraged to include public security end-users and/or private end users.
- Improved detection and response time to advanced cyber security threats.
- Increase society's resilience to advanced cyber security threats.
- (RIA) Progress in technologies and processes needed to improve organisations' capabilities to detect and respond to advanced attacks.
- (IA) Improvements in the preparadness of those charged with defending ICT systems from advanced threats in high risk scenarios.