Increased resilience against widespread cybersecurity threats facing SMEs, local public administrations and individuals:
The core idea of CS-AWARE is to increase resilience of the IT infrastructures in LPAs (and potentially SMEs) by gathering cyber threat information (public, information sharing communities, expert knowledge) and relate it to the situation in the LPA IT systems and networks in order to detect threats and attacks. Visualisation of those attacks allows situational awareness and reaction to abnormal and crisis situations. To this, it is obvious that the ability for quick reaction and mitigation has a direct and immediate positive effect on increasing resilience. Further to this, information sharing of abnormal behaviour that can not be matched to known threat patterns is valuable information that, if shared with relevant information sharing communities like CERTs, can help to improve the resilience against those cyber threats for a much larger part of the society and the economy. Finally, it is obvious that the most resilient infrastructures are those that can adapt to changing situations and environments, while also exhibit the potential to maintain operation even in crisis situations such as in case of a large scale cyber attack. With the CS-AWARE solution we can provide a resilience as part of a self-healing mechanism that allows to automatically invoke predefined mitigation actions in case a threat was detected (e.g. switch to backup or scale service up/down). As a consortium, we set high expectations regarding the innovation potential of the self-healing aspects of the CS-AWARE solution. This is very much in line with current and emerging developments and breakthroughs in the cybersecurity field. For instance, as mentioned in a recent article by Anjana Ahuja that appeared in Financial Times on 10 July 2016, ‘cybersecurity will soon be the work of machines’, “in an era of pervasive interconnectedness, a cyberattack cannot necessarily be contained”, while though “Computers are already used to detect vulnerabilities in networks, and to ferret out malicious software that can exploit chinks in security, once a flaw is detected, the remedy requires human input – and it can take months for software engineers to effect a fix. This means the status quo favours cyber attackers over defenders”. While large players in this field may mainly come from the military context, who see the value of self-healing and are pushing towards automatic detection, our approach goes towards fully automatic reaction to threats, giving emphasis to the fact that human interaction is still required to set up efficient defence strategies. To this, CS-AWARE is definitely pushing the state-of-the-art towards fully automatic reaction to threats and self-healing.