Advance the automation of cyber incident detection, classification and visualisation to provide situational awareness. This includes socio-technical system analysis, data collection, data analysis and decision making as well as the visualisation of the findings.
Identifying, extracting and storing information and events about potential cyber incidents it is not enough. The volume and speed such cyber related information can be generated is overwhelming and neither the human brain or basic screening systems can process the Big Data incidents. Therefore our approach will be to employ complex decision making algorithms to facilitate the identification of the most probable threats and incidents and then automatically pass them to both specialists and other automated systems for processing and action upon them.
While we aim to automate the cybersecurity incident detection, correlation and visualization process as much as possible, we realize that a fully automatic solution is currently infeasible. Real systems are complicated, fuzzy, messy, ill defined and influenced by social and organizational factors. And above all, organizational set-ups in each LPA will differ from each other. Therefore, CS-AWARE provides a system and dependency analysis based on soft systems thinking as a basis for the cybersecurity automation goal of the project. This allows us to identify, on a socio-technological level, the most valuable assets of an LPA, the dependencies among those assets and measurements that allow to monitor the cybersecurity state of those assets. This allows us to implement automatic data collection from within LPA systems and correlate it with relevant data from public sources such as NIS competent authorities or even social networks.