The CyberSANE project proposes a cutting-edge solution to improve the detection and analysis of cyber-attacks on critical infrastructures. It thereby adds to the knowledge base on the current situation regarding this type of cyber threat. In addition, CyberSANE supports security operators (such as incident response professionals) in preparing for, responding to, and taking the appropriate steps to manage risks, as well as the decision-making regarding security incidents.
This project is fully in line with regulations (such as the GDPR and NIS directives), and is aimed at increasing organizations’ preparedness, improving their cooperation, and facilitating the adoption of appropriate security risk management protocols.
The project includes the following actions:
- User requirements and reference scenarios.
- Monitoring and security analysis in (LiveNet).
- Intelligence and web monitoring (DarkNet).
- Data fusion, risk assessment and event management (HybridNet).
- Intelligence and exchange – dissemination of information (ShareNet).
- Privacy and data protection (PrivacyNet).
- Visualization and correlation of different sources of information on the platform – CyberSANE.
- Preparation and definition of pilot projects.
- Evaluation of the different parameters and proposed best practices.
The project proposes the assessment of potential threats in the LiveNet and DarkNet through a correlation system (HybridNet). The information sources assessed are both the public access sources belonging to the organization, referred to as LiveNet (web, social networks, etc.) and the “private” DarkNet sources, whose contents remain inaccessible to the general public.
The added value of the project derives from the access to the latter sources, networks and technologies used to share information and digital content (e.g. texts, software, songs, images and films) linked to the anonymity of those who exchange such information, and which may therefore contain relevant information that can predict potential threats to organizations.
The CyberSANE system thus seeks to manage the transfer of information that may be related to the organization and to assess the potential threat level.