Completed projects

The CARE SHARE project was focused on designing procedural, technological, educational, and legal procedures to establish means for ensuring the secure sharing of selected types of healthcare services. The project was built on the principles of establishing a Security Operations Center (SOC), which is responsible for the cybersecurity of organizations providing healthcare services, where there is a higher involvement with sensitive data.

The project focused on researching the monitoring and security of distributed manufacturing information systems. The aim was to design and implement software for monitoring and analyzing non-functional properties of manufacturing information systems (such as computational and memory resource consumption), enabling the detection of operational anomalies in the measured data. The project's output is a solution that allows the collection and preprocessing of data from local instances of manufacturing information systems. The proposed solution also ensures the secure transmission of this data to a central monitoring center. The monitoring center subsequently handles the processing of telemetry data, detects abnormal behavior, and visualizes the status of individual instances of manufacturing information systems.

The project focused on remote data collection from smart electricity meters and centralizing the management of security events and incidents in energy networks. Why was the project initiated? In the Czech Republic, in 2020, regulation No. 359/2020 was introduced, defining security and technical requirements for smart meters and related infrastructure. However, at that time, there was neither a methodology for testing them nor a testing laboratory. The project responded to this need by establishing a testing ground for Smart Grids and Smart Metering with the aim of creating laboratories for the security certification of devices used in the energy sector. The project also developed the missing universal testing methodology as part of its efforts.

The project Tools for Attack Simulation and Intrusion Emulation into Critical Information Infrastructure (BEAST) aims to create a set of tools that will partially replace experts in penetration testing. By emphasizing the automation of both static and dynamic cybersecurity testing, it will be possible to reduce the personnel workload of security teams while continuously monitoring and evaluating the security of the tested infrastructure.

The project focuses on the research and development of advanced tools that ensure the automation and efficiency of operational activities for security teams in the context of protecting critical information infrastructure (CII) and significant information systems (SIS). Thanks to the developed tools, it will be possible to determine the status of the protected infrastructure and obtain information about relevant threats. Furthermore, they will enable the streamlining of selected phases of the cybersecurity threat lifecycle management through security orchestration support in conjunction with a contextualized user environment for collaboration.

The goal of the Sharing and Automation for Privacy Preserving Attack Neutralization (SAPPAN) project was to address cybersecurity policy issues in the European Union and was supported under the European Union's Horizon 2020 (H2020) initiative.

The four-year implementation of the SAPPAN project began in May 2019 with the aim of effectively protecting ICT infrastructures from cyberattacks.

On the path to a safer virtual environment, the project relied primarily on threat analysis, advanced data collection techniques, and collaboration across institutions, especially in terms of sharing security information and experiences. It placed great emphasis on preserving the privacy of all involved parties.

The consortium of the SAPPAN project consisted of partners from the academic and industrial sectors, which helped maximize societal impact and increase the effectiveness of the results. Specifically, the consortium included the Fraunhofer-Gesellschaft research institute, the national research and education network CESNET, the multinational company Hewlett Packard Enterprise, F-Secure Oyj, and Dreamlab Technologies AG. The academic representation included Masaryk University, RWTH Aachen University, and the University of Stuttgart.

Masaryk University's Center of Excellence for Cybercrime, Cybersecurity, and Critical Information Infrastructure Protection (C4e) project connects expert units at Masaryk University and investigates comprehensive issues in the cyber domain.

The primary goal of this project was to establish a national center for training and education in the field of cybercrime prevention and repression.

While the core target audience of C4e is the Czech Republic's Police Force, the center was designed to provide services to other target groups as well, including courts, prosecution offices, legal practitioners, government agencies, private organizations, and the academic sector.

The abbreviation NC3 stands for the National Competence Center for Cybersecurity (NCC), which brings together leading research institutions and industry representatives to collaborate on research and development of technical solutions in cybersecurity at both hardware and software levels, as well as certification mechanisms for security features of technological products. The participating institutions include Masaryk University, Brno University of Technology, and CESNET, which have a long-standing commitment to cutting-edge research in the field of cybersecurity from various perspectives. The project emphasized the involvement of partners from the application sphere in research with the goal of creating products that can be applied in relevant markets and practical use.

Within the project, a solution was developed based on network monitoring, which secures industrial systems by increasing the visibility of ICS communication, collecting domain-specific information, and providing rich and expressive visual data. The project responded to the increasing number of cyberattacks on industrial systems, which raised concerns about whether the cybersecurity of industrial control systems (ICS) is at an appropriate level.

The goal of the project was to create intelligent sensors for measuring and analyzing network traffic in a cloud environment. These sensors would provide precise and reliable information about activities in the cloud while also aiming to minimize operational costs.

(The Cybersecurity Team of Masaryk University ensured that the management, control, and data transfer from the measurement sensors were secured against unauthorized manipulation and misuse.)

The results will be applied to Flowmon's products and introduced to the market for cloud monitoring solutions as soon as possible.

The Asset Management ANd Diagnostics (AMANDA) project was created with the aim of expanding the set of protocols supported within the automatic diagnostic tool to include protocols used in the field of Industrial Control Systems (ICS). This diagnostics was based on manually created models - decision trees. The second goal of the project was to create an asset management system that would simplify resource management. The developed system also allowed mapping these resources to monitored data and network traffic metrics, including relevant visualization methods, along with generating configuration for individual modules of Flowmon's Flowmon Networks solution.

The aim of the CRUSOE project was to research tools that help maintain so-called situational awareness of a protected network and thereby support correct and effective decision-making in the protection of critical information infrastructures.

Within the Security Events Sharing and Analysis (SABU) project, researchers worked on developing a system for intelligent analysis and efficient information sharing among security teams. This system enables the prediction of attack developments and the limitation of their impacts on the national cyberspace.

CSIRT-MU collaborates on the project with the CESNET association.

The IT Operation Analytics (ITOA) project focused on two main objectives. The first was the analysis of network traffic measurement data in terms of the performance characteristics of applications in the network, and the second was the comprehensive processing of events from security and performance monitoring.

The goal was to create a tool that would comprehensively evaluate the outputs from advanced monitoring technologies, thereby helping network administrators to quickly and accurately understand the connections between events occurring in the computer network.

​In the Czech Republic, Cyber Czech is the only regular cybersecurity exercise of its kind. The combination of technical and non-technical means creates a comprehensive and realistic situation for practicing defense against cyberattacks.

The exercise is conducted in collaboration with the National Cyber and Information Security Agency (NÚKIB) within the Cyber Polygon (KYPO) environment, contributing to the development of more efficient solutions for potential security incidents.

The knowledge gained from organizing the Cyber Czech security exercises is also applied to other offered services. Specifically, this includes exercise-as-a-service within Masaryk University and a commercial form of exercises for interested parties from other organizations.

The Security Cloud project focused on creating a technological solution for modern services and infrastructure.

The project aimed to enable both network infrastructure providers and users to detect operational and security issues (such as attacks, anomalies, or outages).

As part of the project, the key technology called Stream4Flow was developed. This is a tool for real-time analysis of network data, leveraging leading contemporary tools for distributed stream processing of large data volumes, visualization, and network traffic monitoring.

In the WARDEN project, we contributed to the development of a system designed for the easy and fast exchange of detected threats among participating CSIRT teams.

WARDEN allows for straightforward and rapid sharing of detected anomalies among teams. This data is subsequently passed on by the system, providing teams with additional valuable information needed to ensure network security and health monitoring

The goal of the Optical Component Security in Data and Communication Networks (BOP) project was the research and development of cybersecurity tools for high-speed networks.

The project addressed the current needs of the Ministry of the Interior. The outputs of the project were used by The Cybersecurity Team of Masaryk University (CSIRT-MU) to enhance the security of the university network.

The project Mobile Dedicated Device for Fulfilling Cyber Incident Response Capabilities (CIRC) aimed to create a mobile dedicated device for enhancing cyber incident response capabilities. During its implementation, the project fell within one of the main thematic priorities of defense research and development for the Ministry of Defense of the Czech Republic.

The Cyber Polygon (KYPO) is a unique virtual environment for research and development of methods to protect critical information structures against cyberattacks. Among its core features are flexibility, scalability, and resource efficiency. Within the exceptional facilities of the KYPO laboratory, comprehensive security training and exercises can be conducted.

The Cyber Polygon project team was awarded the Minister of the Interior's Prize for outstanding achievements in the field of security research.

The goal of the CYBER project was to design protection for information and communication systems against cyberattacks, known as Cyber Defence.

During the project's implementation, it fell within one of the main thematic priorities of defense research and development for the Ministry of Defense of the Czech Republic.

The project Cooperative Adaptive Mechanism for Network Protection (CAMNEP) focused on the design and implementation of a system for intrusion detection in high-speed computer networks.

The system is based on monitoring computer networks using hardware-accelerated Flowmon probes, detecting network anomalies with an agent layer, and visualizing malicious traffic for the operator.

The investor of this program was the United States Army (U.S. Army Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center - C5ISR Center).