What's

CS-AWARE-NEXT is follow-up to CS-AWARE, a successful H2020 project completed in 2020.

The mission

Addressing cybersecurity and collaboration within local and regional intra-organisational and supply chain networks, in concert with the European cybersecurity framework defined by the European cybersecurity strategy.

Objectives

Improved organisational policy support for dynamic cybersecurity management

Provide a cybersecurity management policy framework for organizations to better address the dynamic and constantly changing cybersecurity landscape. This includes a tighter integration between classical risk management and incident management tasks, in order to e.g. be able to more dynamically manage disaster recovery and business continuity after an incident. Collaboration within organizations (between different departments) and with other actors in the multi-level European cybersecurity framework, starting from actors in the local/regional supply chain to actors and authorities on the national/European level, is an important aspect to be addressed by a modern organizational cybersecurity management policy framework.

Better cybersecurity cooperation and collaboration on the local and regional level

Provide a socio-technical framework for local/regional cooperation/collaboration on cybersecurity to better address local supply chain dependencies. The local/regional level is currently not addressed in a strategic way in the multi-level cybersecurity framework established by the 2013/2020 European cybersecurity strategy and the NIS/NIS2 directive. This objective aims to address this gap and provide adequate support for cooperation and collaboration on this level (both methodological and tool support), and to improve the link between the local/regional level and the multi-level cybersecurity framework outlined by European legislation.

Improved data quality assessment and AI-based data correlation for utilising threat intelligence and social media in dynamic incident and risk management

Provide a real-time data collection and AI framework that is able to collect information from a variety of sources (log files, threat intelligence, social media, …) and correlate organizational and local/regional information (assets, dependencies, behaviour, …) with contextual cybersecurity information coming from threat intelligence or social media discussions. The goal of the framework is to be able to (a) better predict systemic vulnerabilities and risks by mapping the organizational state with the cybersecurity landscape in a dynamic way, and (b) derive mitigation and disaster recovery/business continuity/self-healing strategies, building the knowledge base for the dynamic cybersecurity and incident management covered in other project objectives (policy framework, local/regional and multi-level collaboration, dynamic business continuity and self-healing as well as cybersecurity information sharing).

Dynamic disaster recovery, business continuity and system self-healing on the organisational and local/regional level

Provide a framework for dynamic (real-time) creation and continuous reassessment of disaster recovery/business continuity options relevant to specific organizational or local/regional dependency set-ups to be able to deal with cascading effects. The framework will be designed to take into account systemic organizational and local/regional set-ups as well as general mitigation and recovery/ business continuity strategies shared via e.g. threat intelligence to predict and provide tailored recovery/ business continuity and self-healing strategies. The goal of this framework is the closer integration of disaster recovery/ business continuity, which is traditionally a risk management task, with the day-to-day (real-time) incident management. Therefore, the framework will provide integrations with cybersecurity incident management tools and advanced system self-healing tools for technical assistance and automated implementation of business continuity in case of an incident.

Improved integration of threat intelligence and information sharing in organisational cybersecurity management

The generation and sharing of threat intelligence based on real-world evidence is one of the core pillars of the multi-level collaborative European cybersecurity framework. Collaboration and information sharing is already operational to some extend on the European and national levels (e.g. between competent authorities, CSIRTs), but when it comes to utilization of threat intelligence by individual organizations and local/regional networks in their day-to-day cybersecurity incident and risk management, there is currently little awareness and supporting procedures/tools available to streamline the process. Besides technical obstacles to improve the automation of the process, there are organizational/political as well as social/psychological issues involved that prevent organizations from sharing information about cybersecurity beyond legal obligations.

Define KPI based benchmarking and profiling to dynamically assess the security state in the multi-level cybersecurity environment

Provide KPI based benchmarking and profiling to help organizations assess their (cascading) cybersecurity risk and incident management performance against other actors in the collaborative multi-level European cybersecurity environment (e.g. other organizations in the local/regional network, other organizations in the same NIS sector, other organizations in the national/European context). In line with the framework defined by the 2013/2020 European cybersecurity strategy and subsequent legislation (e.g. NIS/NIS2), the aim is to continuously monitor and assess the cybersecurity state of organizations according to performance indicators related to the European cybersecurity framework (e.g. how much information shared, how many resources dedicated to collaboration in a certain time frame, impact on the effectiveness of cybersecurity management, …). This objective includes the definition of appropriate KPIs in the context of the main project objectives, and a reference implementation to automatically collect and visualize the relevant statistical information and to evaluate the KPIs in the context of the CS-AWARE platform. The goal of the KPI based benchmarking is to allow organizations to better assess their cybersecurity status against other relevant actors, and at the same time provide incentives to improve their behaviour in areas they are lacking behind, in order to more actively participate in the European collaborative cybersecurity efforts.

Provide a reference implementation and deployment in the context of the CS-AWARE cybersecurity awareness and collaboration platform

While frameworks and methodologies defined through the project objectives are designed to be generic and can in general be adapted to any advanced cybersecurity solutions like SIEM (Security Information and Event Management) systems, a reference implementation of all frameworks and methodologies (policy framework, local/regional collaboration, AI framework, disaster recovery/business continuity framework, KPI based benchmarking and profiling framework, system self-healing and cybersecurity information sharing) will be provided in the context of the CS-AWARE platform developed during the CS-AWARE H2020 project, allowing to integrate the novel aspects developed in this project by extending existing components (awareness and visualization, data collection and AI, system self-healing, cybersecurity information sharing), and adding/integrating new components to the CS-AWARE framework (cybersecurity policy management, local/regional collaboration, business continuity, KPI based benchmarking and profiling).

Follow an agile, design-science based approach to project implementation and validation, with end-user involvement in all project phases

The applicability and relevance of the objectives addressed by this project in the context real-world scenarios needs to be ensured through agile, iterative and collaborative design, implementation and validation. This involves the inclusion of the perspectives of all relevant stakeholders (e.g. academic, industry, authorities, end- user) in all project phases (e.g. requirements analysis, design, implementation, validation). For this purpose, realistic scenarios will be developed together with the stakeholders to serve as basis for design and validation. The project consortium includes relevant public and NIS sector partners in two local/regional case studies in Greece and Italy (including NIS critical sector organisations from health care and water supply/distribution, and major Industry representatives), as well as a relevant CERT/CSIRT partner to ensure the inclusion of actors from the multi-level European cybersecurity environment.

Find out more

Learn more about the project’s results in our deliverables.

Publications

Recent posts

You can follow the progress of the project by reading our blog posts.

Read more

Cybersecurity in Italian Municipalities: A Growing Emergency

By CeSViTer Consulting on March 31, 2025

In recent years, the digitalization of Public Administration has increasingly exposed the cybersecurity vulnerabilities of Italian municipalities. Hacker attacks are multiplying, targeting public offices and essential services, while institutions struggle to respond with new regulations and protective measures. However, the problems persist, and municipalities often find themselves unprepared in the face of increasingly sophisticated threats.

Rising Concern Over Cybersecurity in Municipalities

According to data from the National Cybersecurity Agency (ACN), in 2024 about 18% of cyberattacks targeted Public Administration, particularly affecting local authorities and healthcare centers. This alarming trend prompted the government to respond with legislative measures and security strategies.

Continue reading

Read more

Social engineering - the Jedi mind trick of cyberattacks.

By Rheasoft on March 3, 2025

“These aren’t the droids you’re looking for”, “These aren’t the droids we’re looking for” - The iconic exchange between Ben (Obi-Wan Kenobi) and the Stormtroopers in Star Wars episode IV - A New Hope. A scene where our heroes are almost caught in a check-point, but are able to convince the enemy Stormtroopers to let them pass.

And while the cybercriminals haven’t graduated from the Jedi Academy, they can use similar techniques to manipulate you when you least expect it.

Continue reading

Read more

Increased ransomware incidents in 2024 – Checkpoint Report

By OTS on January 31, 2025

The annual Ransomware report for 2024 from the research team of Checkpoint reveals a deep change in cyber threats, with ransomware incidents facing an increase of 11% in 2024 in comparison to 2023.

In particular, Q4’s attacks represented the 33% of all the attacks, making it the most active semester recorded, with a total of 1.827 incidents.

Key findings of the report are outlined below:

  • General increase: the report records in total 5.414 ransomware attacks in 2024, with an increase of 11% when compared to 2023. The most active period was the fourth semester, with 1.827 incidents which represent the 33% of the annual total.

    Continue reading

Read more

CriM 2024

By Juho Bruun on November 11, 2024

The yearly cyber security seminar CriM is upon us once again! We are glad to host three days of expert lectures on this year’s topic: CyberSec in Muumimaa - Finnish Cybersecurity in a changing world.

Alongside with the expert lectures, there is a workshop on TPM 2.0 and a two-afternoon hackathon on AI Security focused on Large Language Models. The 100+ attendants from the industry and University of Oulu will get acquainted with TPM2.0 security, prompt engineering, and the latest LLM security testing tools.

Continue reading

Project Partners

  • University of Oulu
  • CS-Aware Corporation OÜ
  • University of Vienna
  • Centro Regionale Information Communication Technology SCARL
  • Politecnico di Milano
  • Fujitsu Technology Solutions (Luxembourg) SA
  • Innovative Secure Technologies IKE
  • Wise & Munro
  • 3rdPlace
  • RheaSoft
  • CesViter Consulting SRL
  • Open Technology Services AE
  • Focus Europe - Laboratorio Progettuale Per L'integrazione Europea Associazione
  • Dimos Lariseon
  • Consorzio per l'Area di Sviluppo Industriale ASI di Foggia
  • ΔΗΜΟΤΙΚΗ ΕΠΙΧΕΙΡΗΣΗ ΥΔΡΕΥΣΗΣ ΚΑΙ ΑΠΟΧΕΤΕΥΣΗΣ ΛΑΡΙΣΑΣ - The Municipal Water and Sewerage Company of Larissa (DEYAL)
  • 5 Ygionomiki Periferia Thessalias & Stereas Elladas
  • Barilla G.E.R. Fratelli SPA
  • TRAFICOM - Finnish Transport and Communication Agency
  • Fiat Power Train (FPT) Industrial SPA""
  • Leonardo - Societa Per Azoni