ExpectedOutcome:
Deliverables
This topic addresses enabling technologies (such as AI) for SOCs, including National SOCs which provide a central operational capacity and support other SOCs at national level and play a central role as a hub within a context of SOCs, and also Cross-border SOC platforms where such technologies can strengthen capacities to analyse, detect and prevent cyber threats and incidents, and to support the production of high-quality intelligence on cyber threats.
These enabling technologies should allow more effective creation and analysis of Cyber Threat Intelligence (CTI), as well as faster and scalable processing of CTI and identification of patterns that allow for rapid detection and decision making.
Scope:Actions in this topic should develop and deploy systems and tools for cybersecurity based on enabling technologies (such as AI), addressing aspects such as threat detection, vulnerability detection, threat mitigation, incident recovery through self-healing, data analysis and data sharing. Activities should include at least one of the following:
Tool and service providers are welcome to apply to this topic, also when in a consortium with National SOCs. Links with stakeholders in the area of High-Performance Computing should be made where appropriate. In well justified cases, access requests to the EuroHPC high performance computing infrastructure could be granted.
The systems, tools and services developed under this topic will be made available for licencing to National and/or Cross-Border SOC platforms under favourable market conditions.
These actions aim at creating or strengthening national and/or cross-border SOCs, which occupy a central role in ensuring the (cyber-)security of national authorities, providers of critical infrastructures and essential services. SOCs are tasked with monitoring, understanding and proactively managing cybersecurity threats. In light of the crucial operative role of SOCs for ensuring cybersecurity in the Union, the nature of the technologies involved as well as the sensitivity of the information handled, SOCs must be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt foreign influence and control. As previously noted, participation of non-EU entities entails the risk of highly sensitive information about security infrastructure, risks and incidents being subject to legislation or pressure that obliges those non-EU entities to disclose this information to non-EU governments, with an unpredictable security risk. Therefore, based on the outlined security reasons, the actions relating to SOCs are subject to Article 12(5) of Regulation (EU) 2021/694, in consistency with WP 2021/2022.