Project at glance

NG-SOC (Next Generation Security Operations Centres) is an EU project funded by the Digital Europe Programme (DIGITAL), performed by a multinational and interdisciplinary team, consisting of experts in cyber security domain, research/academic institutions and technology, and End-Users from the finance, energy and education sectors.

A cornerstone to the protection of digital infrastructure and services for nations, organisations, and citizens from cyber-attacks are the SOCs and the CSIRTs, whose importance is established in the NIS Directive. Today more than ever, cooperation between different SOCs and CSIRTs becomes extremely important because it increases the overall resiliency and readiness through supporting activities such as capacity, operational, and knowledge building, and valuable information distribution. Sharing information about threats, incidents, vulnerabilities, and security processes with other organisations and government bodies, enabled by interoperable cyber defence ecosystems that facilitate the exchange of information, analytics, and response across tools and teams, will increase situational awareness, enhance the collaborative resilience of all actors and at the same time decrease the overall risk.

NG-SOC envisages the establishment of a network of AI-enabled SOCs, within and across EU member states that can actively communicate, cooperate, share information and respond to cyber threats effectively. To this end, NG-SOC will architect and deploy a collaborative, interoperable SOC service that holistically combines capacities for shared situational awareness, coordinated incident handling/response, and joint preparedness, while also benefiting from the interplay between them, ultimately enhancing national cybersecurity capabilities and cross-border collaboration, in line with current and upcoming regulatory requirements.

Challenges

There are numerous challenges as identified by numerous reports and studies that the project aims to address.

While the complexity of digital systems makes it impossible to prevent all attacks, the above challenges/considerations and the elevated risks for proliferation in highly damaging breaches have accelerated the awareness and need to establish more robust cybersecurity defences that reduce the threat to business continuity. The new cohort of highly sophisticated attackers challenges traditional cybersecurity frameworks, and new approaches are required to preserve the security of CIIs. Monitoring and understanding threat actors' tactics, techniques, and procedures (TTPs) to achieve their objectives, along with staying up-to-date with their motivations, goals and targets, enables stronger and coordinated cybersecurity defence strategies.

Objectives

Motivated by the aforementioned areas of concern, NG-SOC envisages the establishment of a network of AI-enabled SOCs, within and across EU member states that can actively communicate, cooperate, share information and respond to cyber threats effectively. To this end, NG-SOC will architect and deploy a collaborative, interoperable SOC service that holistically combines capacities for shared situational awareness, coordinated incident handling/response, and joint preparedness, while also benefiting from the interplay between them, ultimately enhancing national cybersecurity capabilities and cross-border collaboration, in line with current and upcoming regulatory requirements

The envisioned capacity-focused SOC service will incorporate: a) an interoperable CTI toolbox able to exchange and operationalise, machine- and human-readable CTI from multiple sources (e.g., open source, commercial, ENISA, CSIRTs Network), b) incident response capacities in line with good practices established by the CSIRTs Network and CERT-EU, enabling interaction between established SOCs, diverse EU actors and layers (such as CSIRTs Network, CERT-EU, ENISA, NIS Cooperation Group, EU CyCLONe) and connected third parties (e.g., private organisations), c) dedicated training sessions and educational programmes in digital infrastructure security, tailored to identified training goals and objectives and delivered via different training delivery methods. d) AI-enhanced technologies maximising the capability of the proposed solution to effectively predict, detect, analyse, and respond to threats.

To achieve these objectives, NG-SOC will combine and deploy several different technologies, tools and techniques concurrently and in unison. In support of an EU-wide collaborative, interoperable SOC service and ecosystem, NG-SOC will adopt an open-standards-based implementation strategy, enabling the exchange of information, insights, analytics, and responses within and across national borders, while mitigating the vendor/software lock-in situation. 

The proposed solution will be validated in 3 diverse sectors (banking, energy, CSIRT training) over a set of use-cases carefully selected by the end-users.