The project addresses the user organization’s need for effective processing of security telemetry flood generated in the context of Czech cyberspace protection. Its aim is research, development, and innovation in the data science and security automation area. Its goal is to create a reference system for processing, retention, and advanced analysis of security telemetry in both relational and graph paradigm, including the use of machine learning. The existence of a similar system is imperative for the future advances in automated cybersecurity. An encapsulating result will demonstrate the automation possibilities of selected sec-ops tasks in the data analytics area. The outcome will be a coherent set of open-source tools with the goal of maximizing its national and international impact.

Sustainable Development Goals

Masaryk University is committed to the UN Sustainable Development Goals, which aim to improve the conditions and quality of life on our planet by 2030.

Předmětem předloženého projektu je navázání a posilování spolupráce mezi výzkumnými organizacemi, průmyslovými partnery a vládními aktéry na výzkumu a vývoji autonomních kyberbezpečnostních systémů. Vzhledem k charakteru těchto systémů je třeba vyřešit velké množství výzkumných, technických, etických i právních problémů, jejichž rozsah je mimo možnosti kterékoliv jednotlivé organizace. Předložený projekt proto usiluje o vybudování interdisciplinární a intersektorální sítě spolupracujících entit, jejímž cílem je podpora vzájemné výměny informací, specifikace relevantních problémových oblastí, organizace vzájemných spoluprací, koordinace přípravy projektů a organizace aktivit podporujících rozvoj relevantních technologií.

Sustainable Development Goals

Masaryk University is committed to the UN Sustainable Development Goals, which aim to improve the conditions and quality of life on our planet by 2030.

Developing and deploying SOC capabilities for the academic sector - a teamwork of Universities and RTOs in the CEE region project is aimed at strengthening the cybersecurity capabilities and resilience of the EU by supporting the development of Security Operations Centres (SOC) preparedness, readiness, capabilities, and infrastructure within the academic sector – Universities and Research and Technology Organisations (RTOs) particularly in the Central Eastern Europe (CEE). The CEE region is now being heavily affected by a multitude of cyber operations executed parallelly to growing geopolitical tensions, the same trend can be observed regarding the academic centres which are now under a permanent threat, experiencing “the highest volumes of attacks every month in 2022 and in 2021”. Thus, the project is expected to support a structured and underpinned with unified methodology, development and deployment of SOC infrastructure and services within academic centres involved in the project’s consortium. This includes a creation of a Toolbox to share best practices regarding the SOC establishment and models of possible SOC services deployment and integration. Academic sector saturation with given SOC solutions will result in better monitoring, detection and response to cyber-attacks and threats, including knowledge and cybersecurity threat intelligence (CTI) sharing (vulnerability databases), as well as supporting the popularisation of a framework for joint reaction against cyber incidents (FIRST, SIM3). An important objective of the project is a popularization of knowledge about the SOC development, deployment, and functioning and a buildout of relevant SOC’s skills across cybersecurity community within universities, a future grouping of cybersecurity professionals expected to support private and public entities in upgrading their cybersecurity capabilities.

ResilMesh will develop a cyber situational awareness based Security Orchestration and Analytics Platform Architecture (SOAPA)
toolset to improve digital infrastructure resilience through fulfilling these objectives:
1: Improving end-to-end data aggregation and security control interoperability in dispersed digital infrastructures
2: Giving CSIRTs better awareness of the service and asset dependencies of their network
3: Helping CSIRTs to build cyber resilience capacity
4:Developing AI based algorithms and tools for early and ongoing attack detection and prediction
5:Developing a situation assessment system to view and forecast network level risk
These objectives are achieved through a 10 work package project plan. ResilMesh will build a SOAPA platform by combining existing security controls and other tools from consortium participant with readily available open source elements. It will develop algorithms and software tools in the project and will integrate these with the platform to form a complete SOAPA system. It will validate the operation of the ResilMesh system through use cases in three different infrastructure categories (i.e. renewable energy SCADA; smart
manufacturing robotics and regional civil infrastructure) and five open call use cases. These 8 pilots will ensure that the platform is evaluated across a wide range of critical infrastructures.
ReilMesh develops AI based algorithms to improve attack detection and prediction for endpoint and network traffic; it help CSIRTs deal digital infrastructure complexity and heterogeneity by providing tools to give them better awareness of environment dependencies, threats and risk while preserving privacy. It increases the reliability and granularity of shared threat intelligence to improve context for threat hunting and cyber forensics incident response leading to more robust decision making. Finally it provides a suite of best practices to build cyber capacity to improve resilience preparation.

Sustainable Development Goals

Masaryk University is committed to the UN Sustainable Development Goals, which aim to improve the conditions and quality of life on our planet by 2030.

Cybersecurity teams currently use the tools that excel in analytical capabilities but offer only limited support for their procedural documentation. It results in unnecessarily high cognitive demands on analysts, which makes the whole process time-consuming and error-prone. The project aims at providing a drill-down analysis support tool that combines visual querying methods, an analytical provenance concept, and a machine-readable data format to store provenance metadata. The proposed approach will enable the authoring of reusable analytical process reports and their automatic execution, which will lead to a significant streamlining of cybersecurity analysts' workflows. By using a recommendation system, it will also be possible to propose further analytical steps.

Sustainable Development Goals

Masaryk University is committed to the UN Sustainable Development Goals, which aim to improve the conditions and quality of life on our planet by 2030.

The project's goal is to design methodologies for maintaining and expanding the logging infrastructure and implementing technical support tools for automating processes and improving situational awareness. The proposed solution will cover the issue of logging in large and partly decentralized networks, which are common in the environment of public universities. At the same time, current and upcoming legislation affecting the collection of events will be considered when compiling the methodologies; represented in the Czech Republic by the Cyber ​​Security Act (181/2014 Sb.) and the Personal Data Processing Act (110/2019 Sb.), Methodologies and software outputs will be created in an open form and will be directly usable by the CESNET association or by individual member organizations.

Cílem tohoto projektu je návrh a následná implementace nástroje, který významně zefektivní procesy spojené se zavedením a provozováním systému řízení bezpečnosti informací na veřejných vysokých školách.

Navrhované řešení pokryje komplexní problematiku SŘBI s důrazem na realistický přístup k analýze a řízení rizik. Řešení bude dostatečně flexibilní, plně reflektující specifické potřeby vysokých škol, s rozhraním pro systém vzdělávání (rozvoj kompetencí) v oblasti bezpečnosti informací a pro další relevantní informační systémy vysokých škol.

Navrhované řešení bude použitelné pro samotné sdružení Cesnet, případně pro jednotlivé členské organizace.