Capacity building of Security Operation Centres
Details
Description
Call Updates
May 15, 2023 12:01:54 PM
For information on the evaluation results of this call, please consult the Flash call info.
https://digital-strategy.ec.europa.eu/en/news/flash-information-call-results-cybersecurity-and-trust
Dec 13, 2022 8:49:29 AM
NB: Please be aware of the update in the call document relevant to topic. DIGITAL-ECCC-2022-CYBER-03-SOC - Capacity building of Security Operation Centres.This update only concerns said topic.
Nov 25, 2022 5:28:40 PM
NB: Please be aware that the budget table relating to this call has been modified ONLY for those topics where the cost category of Financial support to third parties is not an eligible cost. We therefore invite you to check the call document to see whether this cost category is eligible under your topic or not. Those topics for which “Financial support to third parties” is not an eligible cost are affected by the removal of the column relating to this cost category in the budget table. Should your topic not allow for this cost category (as per call document), and should you have included an amount under this column, we would recommend that you revise your budget table.
Nov 15, 2022 12:00:01 AM
The submission session is now available for: DIGITAL-ECCC-2022-CYBER-03-SOC(DIGITAL-JU-SIMPLE)
Nov 14, 2022 2:42:15 PM
Call DIGITAL-ECCC-2022-CYBER-03 on Cybersecurity and Trust has opened for submission today. Please note that the call document complements the WP and is valid for all the topics contained in the call document.
This call has 7 topics. In the coming few days, one topic: DIGITAL-ECCC-2022-CYBER-03-SOC (capacity building of Security Operations Centres) of the call document will incorporate an update which shall be published as an amendment to the call document. Please note that the amendment will only affect the topic on capacity building of Security Operation Centres (SOCs).
Sep 29, 2022 10:27:51 AM
Please note that the opening of the call has been postponed to 15th of November 2022.
The deadline has also been postponed and it is now set to Wednesday 15th of February 2023 at 17:00hrs Brussels time.
Capacity building of Security Operation Centres
TOPIC ID: DIGITAL-ECCC-2022-CYBER-03-SOC
Programme: Digital Europe Programme (DIGITAL)
Work programme part: Digital Europe Work Programme 2021-2022
Call: Cybersecurity and Trust (DIGITAL-ECCC-2022-CYBER-03)
Work programme year: DIGITAL-2021-2022
Type of action: DIGITAL-JU-SIMPLE DIGITAL JU Simple Grants
Type of MGA: DIGITAL Action Grant Budget-Based [DIGITAL-AG]
Deadline model: single-stage
Planned opening date: 29 September 2022
Deadline date: 24 January 2023 17:00:00 Brussels time
Outcomes and deliverables
- Several cross-border platform(s) for pooling data on cybersecurity threat between several Member States, equipped with a highly secure infrastructures and advanced data analytics tools;
- World-class SOCs across the Union, strengthened with state of the art technology in areas such as AI;
- Sharing of Threat Intelligence between SOCs, and information sharing agreements with competent authorities and CSIRTs;
- Threat intelligence and situational awareness capabilities supporting strengthened collaboration in the framework of the Blueprint/CyCLONe and the Joint Cybersecurity Unit, as well as with law enforcement and defence.
The objective will be to create, support and/or strengthen and interconnect SOCs at regional, national and EU level. This will allow for reinforced capacities to monitor and detect cyber threats, the creation of collective knowledge and sharing of best practices. In addition, data and capacities related to cybersecurity threat intelligence will be brought together from multiple sources (such as CSIRTs and other relevant cybersecurity actors) through cross-border platforms across the EU. The use of state-of-the-art AI, machine learning capabilities and common infrastructures will make it possible to more efficiently and more rapidly share and correlate the signals detected, and to create high-quality threat intelligence for national authorities and other stakeholders, thus enabling a fuller situational awareness and a more rapid reaction.
Scope:The aim is to improve cybersecurity resilience with faster detection and response to cybersecurity incidents and threats at national and EU level through the establishment of SOCs, leveraging disruptive technologies, and sharing of information leading to increased situational awareness and stronger EU supply chains. Specifically:
- Supporting existing SOCs or establishing national, regional or sectoral SOCs serving private (SMEs in particular) and/or public organisations with real-time monitoring and analysis of data from public internet network traffic to detect malicious activities and incidents that affect the resilience of network and information systems;
- Strengthening SOCs by leveraging state of the art Artificial Intelligence (including Machine Learning techniques) and computing power to improve the detection of malicious activities, and dynamically learning about the changing threat landscape;
- Supporting information sharing among public authorities (including competent authorities and CSIRTs under the NIS Directive), as well as with other SOCs (e.g. operated by private entities), facilitated through appropriate sharing agreements, while complying with all obligations related to privacy and personal data protection;
- Developing and deploying appropriate tools, platforms and infrastructures to securely share and analyse large data sets among SOCs. Where possible and appropriate, existing building blocks will be re-used, including the results of relevant Connecting Europe Facility and Horizon 2020 projects;
- Supporting the increased availability, quality, usability and interoperability of threat intelligence data among SOCs and relevant entities;
- Identify potential critical dependencies on foreign suppliers and solutions in the area of threat intelligence and develop an EU supply chain on threat intelligence;
- Provide Member States bodies with threat intelligence and situational awareness capabilities helping to anticipate and respond to cyber-attacks, notably in the framework of the Blueprint/CyCLONe and the Joint Cybersecurity Unit;
- Bridge cooperation between various cybersecurity communities, e.g. civilian cybersecurity resilience, law enforcement, defence, taking into account cooperation frameworks such as the Blueprint/CyCLONe and the Joint Cybersecurity Unit.
To achieve this aim, the following activities are foreseen:
- Grants will be made available to enable capacity building, e.g. through the establishment or reinforcing of SOCs serving private or public organisations, leveraging state of the art technology such as artificial intelligence and dynamic learning of the threat landscape
- A call for expression of interest will be launched to select entities in Member States that provide the necessary facilities to host and operate cross-border platforms for pooling data on cybersecurity threat between several Member States (data potentially coming from various sources). The call for expression of interest will also build up the planning and design of necessary tools and infrastructures.
- Building on the call for expression of interest, a joint procurement will be launched to develop and operate capacities for the selected cross-border platforms, including advanced tools and infrastructures to securely share and analyse large data sets and threat intelligence among the selected cross-border platforms (e.g. highly-secure infrastructure or advanced data analytics aimed at significantly improving the ability to analyse large sets of data).
