EU Call for Proposals: Software suite enabling real–time cyber defence situational awareness for military decision-making
Cyber Situational Awareness (CSA) enables commanders to have a clear understanding of the threats landscape in order to manage cyber risks during the planning and conduct phases of a military operation. In 2013, Member States identified, within the EDA (European Defence Agency) cyber defence project team, the need for capabilities to enable military commanders to put in place measures to mitigate the risk of cyber attacks at all operational levels. An important prerequisite was to provide CSA for commanders and related staff.
The analysis of the state-of-the-art in CSA suggested that there are neither commercial nor open-source CSA solutions that appropriately match the full capabilities raised by military end users, as it was echoed by EDA. Although certain capabilities might be more mature than others, all-in-one solutions are not available yet. In order to overcome this shortcoming, the proposals against this sub-topic should be complementary to any ongoing EDA project.
Proposals submitted under this topic must bring support to the ongoing CSA capabilities of the Member States. In this way, they shall focus on providing operational prototypes of software suites for enabling real-time CSA that facilitate military decision-making. Contributions should introduce cognitive visualisation tools and integration with existing sensors. The system should be multi-tiered meaning information, which shall be aggregated according to the needs of the viewer at technical, operational or strategic level.
Proposals shall cover the following activities related to design and system prototyping, not excluding upstream and downstream activities required for supporting the acquisition of CSA and incident response:
- Automatic data collection, normalization, aggregation, and fusion from various data sources, including, but not limited to, Network Operation Centers (NOC), Security Operation Centers (SOC), Cyber Threat Intelligence (CTI), conventional security sensors (e.g. firewalls, SIEMs (Security Information and Event Management), NIDS/NIPS (Network Intrusion Detection Systems / Network Intrusion Protection Systems), FPC (Full Packet Capture), DPI (Deep Packet Inspection), etc.), and Mission Planning Systems (MPS);
- Impact and risk calculation on assets and services held by computer information systems and missions, including those that support the instantiated CSA capabilities. This must cover at least alerts, warning, errors, anomalies and any other symptom of suspicious activities;
- Risk management and decision support capabilities aiming at enhancing the most suitable Courses of Action (CoA), which shall rely on simulating countermeasures, constructing what-if scenarios and instantiating catalogues of predefined policy-driven actuations;
- Knowledge acquisition from the discovered symptoms, anticipation of the next steps of the attackers, and projection of the damage spreading throughout the protected environment;
- Graphical visualization of sensors, actuations, cyber risks and missions courses. The commander’s view must provide any additional information for facilitating the acquisition of CSA, including CTI, geographical data, network status or risk level. It must display the suggested CoA and the predictions of the status of the monitoring environment.
Proposals could also include the development of small-scale testbeds for local validation and calibration of the capabilities to be developed. They include gathering up-to-date datasets and synthetic traffic/behaviours simulations.
Main high-level requirements
The following general requirements shall be fulfilled:
- The system shall implement modern and intuitive user interfaces supporting commanders and operators in all their operational, technical and training needs;
- Usability shall be the cornerstone of the system design, thus allowing rapid installation, administration, operation and training;
- Contributions shall be able to be reconfigured to be suitable to interface with different types of networks and to support different protocols;
- A foremost requirement to be developed is the security of the CSA capabilities themselves. The solution proposed shall present greater levels of availability, confidentiality and integrity than the protected environment;
- The selection of related technological solutions and standards shall have a strong focus on their obsolescence management and interoperability;
- The system shall be able to simultaneously operate on different security domains and to handle the information security requirements in order to properly control the information flows between these domains and external systems;
- The system shall provide dynamic, scalable and resilient solutions, which must be capable of easily integrating all the actors and nodes involved in each mission;
- The proposed solution shall be constructed and documented to satisfy minimum-security requirements according to NATO and EU security rules for processing classified information up to EU SECRET and equivalent NATO security level;
The system shall generate an audit trail for the following operations carried out by users:
- Security events on the system, like login attempts, successful logins, logouts, attacks detected (e.g. brute force attacks);
- Administration tasks;
- Security administration tasks.
- The proposed solution shall be adapted to the EU generated doctrine.
- Develop a critical enabler for CSDP (Common Security and Defence Policy) operations and missions;
- Improve situational awareness, resilience and security of EU and Member States operations;
- Support the development of Member States’ cyber defence capabilities;
- Facilitate defensive cyber operations in any operational context;
- Facilitate military decision-making;
- Manage cyber risks during the planning and conduct phases of an operation;
- Enable military commanders at all operational levels to understand and manage the risk of cyber attacks;
- Provide a clear understanding of the cyber threat landscape including system vulnerabilities and attack vectors.
Application Deadline: 29 August 2019 17:00:00 Brussels time
Source: European Commission
Illustration Photo: Senior Airman Anthony Deleon remotely controls a Micro Tactical Ground Robot (MTGR) during a training exercise utilizing the newer model robot at Tyndall Air Force Base, Fla (credits: U.S. Air Force photo/Staff Sgt. Andrew Lee / Flickr Creative Commons Attribution-NonCommercial 2.0 Generic (CC BY-NC 2.0))