Increased competitiveness of European ICT security products and services catering to the needs of SMEs, local public administrations and individuals:

The combined outcome of the project in terms of both the technologies we adapt and deploy as well as the solutions we offer for validation in the respective pilots, contributes to the ‘increased competitiveness of European ICT security products and services catering to the needs of SMEs, local public administrations and individuals’. In particular, the CS-AWARE solution will automate much of the cybersecurity awareness effort in LPAs with a direct capability to be extended to SMEs or other organizational structures. Currently much of the insecurity comes from a lack of information of threats specific to an environment and about the countermeasures that will prevent or mitigate those threats. Insecurity hinders competitiveness (e.g. through loss of private and/or confidential information in a cyber attack). Moreover, small administrations or companies do not have the resources to invest in security (e.g. by employing a dedicated security expert). Automation will thus lead to significant improvement for security awareness. To this, there is a growing corpus of literature that illustrates some of the problems that local government face such as what would an LPA institutional authorities do in response to an attack? While there are big differentiations in expertise and capacities, it’s a little different (at least in small and medium-sized LPAs) there are some resources to go to but they themselves don’t have much reference material in terms of processes to employ or practices to apply and in general their existence is not well publicised. Further to this, our solution substantially improves the coordination and cooperation efforts by enabling information sharing with relevant national and / or EU-level cybersecurity information sharing communities (e.g. CERTs). One of the pillars of modern cybersecurity strategies is that information sharing and the cooperation and coordination resulting from it will improve cybersecurity for society and economy.

Increased resilience against widespread cybersecurity threats facing SMEs, local public administrations and individuals:

The core idea of CS-AWARE is to increase resilience of the IT infrastructures in LPAs (and potentially SMEs) by gathering cyber threat information (public, information sharing communities, expert knowledge) and relate it to the situation in the LPA IT systems and networks in order to detect threats and attacks. Visualisation of those attacks allows situational awareness and reaction to abnormal and crisis situations. To this, it is obvious that the ability for quick reaction and mitigation has a direct and immediate positive effect on increasing resilience. Further to this, information sharing of abnormal behaviour that can not be matched to known threat patterns is valuable information that, if shared with relevant information sharing communities like CERTs, can help to improve the resilience against those cyber threats for a much larger part of the society and the economy. Finally, it is obvious that the most resilient infrastructures are those that can adapt to changing situations and environments, while also exhibit the potential to maintain operation even in crisis situations such as in case of a large scale cyber attack. With the CS-AWARE solution we can provide a resilience as part of a self-healing mechanism that allows to automatically invoke predefined mitigation actions in case a threat was detected (e.g. switch to backup or scale service up/down). As a consortium, we set high expectations regarding the innovation potential of the self-healing aspects of the CS-AWARE solution. This is very much in line with current and emerging developments and breakthroughs in the cybersecurity field. For instance, as mentioned in a recent article by Anjana Ahuja that appeared in Financial Times on 10 July 2016, ‘cybersecurity will soon be the work of machines’, “in an era of pervasive interconnectedness, a cyberattack cannot necessarily be contained”, while though “Computers are already used to detect vulnerabilities in networks, and to ferret out malicious software that can exploit chinks in security, once a flaw is detected, the remedy requires human input – and it can take months for software engineers to effect a fix. This means the status quo favours cyber attackers over defenders”. While large players in this field may mainly come from the military context, who see the value of self-healing and are pushing towards automatic detection, our approach goes towards fully automatic reaction to threats, giving emphasis to the fact that human interaction is still required to set up efficient defence strategies. To this, CS-AWARE is definitely pushing the state-of-the-art towards fully automatic reaction to threats and self-healing.

Increased effectiveness of cybersecurity solutions through usability advancements and increased automation:

Effectiveness of security solutions highly depends on an accurate assessment of the situation and the awareness of potential security problems. With the CS-AWARE solution we provide a situational awareness tool that allows the relevant stakeholders to effectively and intuitively assess the security situation and provide timely response. CS-AWARE enhances the effectiveness of cybersecurity solutions on the large scale by including a mechanism for cyber threat information sharing. Shared information about detected and previously unknown threats will increase effectiveness for all security solutions that rely on cyber threat information. And in contrast to the majority of existing systems that base information sharing at the level of sharing common exchange formats, in CS-AWARE we offer unique threat identifiers that are built both in a top down fashion (with use of upper ontologies) as well as in a bottom up fashion (with use of local ontologies). Such a mapping between local ontologies called also context mapping, transforms the source ontology entities into the target ontology entities based on semantic relations dened at a conceptual level. This mapping provides interoperability between local ontologies and it is more appropriate and exible for scaling up to the Semantic Web because the changes of local ontology could be done locally without regard to other mappings. This mapping is very suitable for ontologies having mutual inconsistency of their information as it is usually the case for the (cyber)security area of applications, eventually leading to shared cybersecurity infrastructures.

CS-AWARE increases automation for situational awareness and information sharing, reducing the expert input to a system and dependency analysis phase. Data collection, threat detection, visualisation and information sharing require no or minimal input, reducing the burden on and the cost of personal dealing with security in LPAs. The resilience/self-healing aspect of CS-AWARE furthers automation even more by automatically invoking mitigation strategies, where applicable. A further implication of this is that information sharing infrastructures will only reach their potential when appropriate economic incentives to share security information are in place. In fact, without the appropriate economic incentives, ‘free riding behaviour’ on the part of LPA members of the CS-AWARE infrastructure will likely lead to underinvestment (in terms of what is socially optimal) in information security. Unfortunately, the available anecdotal and empirical evidence we have acquired in the past years in our communications and collaborations with LPAs and SMEs indicates that the appropriate economic incentives are not in place. For example, joining and reporting to some information security analysis centers like CERTs is voluntary, with no incentives in place to encourage full reporting and discourage free riding. As a consequence, LPA members may underinvest in the development of information security measures in anticipation of obtaining them for free from other LPA members and/or under-report breaches and attempted breaches of their computer systems. This is an important issue and poses a significant risk that might help to a failure in wider adoption of CS-AWARE by LPAs.