This work package includes all activities that are related to the general management of the project, according to the Grant Agreement and the Project Coordination Agreement. The coordinator will manage the implementation of the work plan of the project as per contractual obligations of all partners. The main objective is to manage the administrative and financial issues of the project attaching to the rules of the European Commission and the H2020 initiative, ensuring the coordination of efforts among all the partners to guarantee the effective operation of the project and timely delivery of the results.
D1.1 Consortium operating
D1.2 Technical Progress
D1.3 Technical Progress
D1.4 Technical Progress
D1.5 Technical Report
The main objective of this WP is to capture the requirements of users, develop a model that is capable of describing the workflow and operations of CSIRTs, and design the architecture. It will incorporate feedback and performance assessments back into the model and the design. Requirements includes both technical challenges as well as social (people) challenges which CSIRTs face in maintaining situational awareness. The model is a conceptual model that that is capable of describing the workflow and operations of CSIRTs, in particular use case scenarios in information sharing and sense-making for situational awareness. The conceptual model is in place in order to describe the operational aspects necessary in PROTECTIVE, which care usually very difficult to describe in conventional system specifications. Once a good understanding of requirements, specifications and use cases has been established, we will design the architecture in-depth to support them. These preliminary results will be distributed and communicated to the whole team to ensure all aspects are implemented correctly. During the pilot execution, performance assessments are fed back into the model and design (requirements, specification and architecture.
This work package allows for the model and tool to:
D2.3 Updated Conceptual Model v2
D2.4 Data Management Plan v1
D2.4 Data Management Plan v2
The main purpose of this work package is to construct mechanisms that will allow correlation and prioritisation of incoming alerts (including alerts from other NRENs received via the XChange platform – WP5) so that more important incidents will take priority over less urgent ones. This task requires research and development on decision support techniques as well as data correlation methods. The solution will be implemented as a two stage approach. The first stage will aim to reduce and filter incoming events – this includes removing or aggregating redundant or duplicated ones and validating against false positives. The aggregated or filtered alerts will constitute so called meta-alerts. Meta-alerts will be further enriched using various external and internal security feeds and inventory data including input from the context awareness platform (WP4). Each of the meta-alerts will be described by a vector of standardised attributes. In the second stage meta-alerts will be prioritised by means of multi criteria decision analysis (MCDA) techniques.
D3.3 Correlation and Prioritisation Platform Component v1
D3.4 Correlation and Prioritisation Platform Component v2
D3.5 Correlation and Prioritisation Platform Component v3
The main purpose of this work package is to make the organisation’s mission and constituency(assets) factors visible to the risk calculation and management process to enable effective incident management. This entails associating a mission importance with each asset through assigning a ‘criticality value’ to each asset as well as providing information on other factors that can influence the threat calculation, including vulnerability severity. It improves situational awareness (e.g. viewing the asset criticality across different organisational units).
Key objectives include:
D4.2 Context Awareness Platform v1
D4.3 Context Awareness Platform v2
D4.4 Context Awareness Platform v3
D4.5 CSA Visualisation v1
D4.6 CSA Visualisation v2
The main objective of this WP is to support threat intelligence sharing within the CSIRT community. This WP covers the implementation of the PROTECTIVE XChange, a framework contributing to the components TI Distribution, Trust, Admin, and Analytics.
This WP complements WP3 and WP4 with means of inter-CSIRT communication (TI Distribution). To improve the CSIRT workflows identified in WP2, PROTECTIVE will make extensive use of (semi-) automated trust & quality assessments (TI Trust). This will be achieved by identifying quality properties most relevant to CSIRT operators, and by implementing appropriate means to measure, exchange, and evaluate those properties automatically. To control TI Distribution, PROTECTIVE will provide means of source management and access control (TI Management). Furthermore, PROTECTIVE will correlate the TI feeds in order to improve the alert processing for the CSIRT operators (TI Analytics).
D5.2 Threat intelligence community v1
D5.3 Threat intelligence community v2
D5.4 Threat intelligence community v3
The main goal of this work package is to create and deliver a robust PROTECTIVE system. It will do this by integrating and testing the subsystem delivered from the technology work packages – WP3, WP4 and WP5. The WP will develop common framework services that may be required, as well as platform integration support to enable a common information exchange between the overall system components. This will require definition of a unified data exchange format, adaptation of tools, identification of data and control flows. The implementation framework will follow the architecture developed in WP2.
The detailed objectives are:
D6.2 PROTECTIVE Framework implementation v1
D6.3 PROTECTIVE Framework implementation v2
D6.4 Testplan v1
D6.5 Testplan v2
D6.6 Testbed v1
D6.7 Testbed v2
D6.8 PROTECTIVE System – v1
D6.9 PROTECTIVE System – v2
D6.10 PROTECTIVE System – v3
The main goal of WP7 is to demonstrate and evaluate the full range of the PROTECTIVE functionalities by managing the planning and implementation of the pilot activities. The pilot partners will receive strategic and technical support from the overall team. During the implementation and at pilot finalisation the activities will be thoroughly evaluated in line with the requirements set-out in WP2.
D7.1 Detailed Pilots Plan v1
D7.2 Detailed Pilots Plan v2
D7.3 Pilots Evaluation Report v1
D7.4 Pilots Evaluation Report v2
This work package will cover the tasks and activities that are crucial to properly exploit and disseminate the project results. As the sustainability has to be taken into account from the beginning of the project, one of the first deliveries of this WP will be a business and marketing plan. The marketing plan shall give a good basis for the continuous monitoring of the market and the implementation of sustainable and successful business exploitation. The marketing plan shall be supported by an appropriate communication plan, on which the dissemination and marketing activities will be based, maintaining pro-active communication and raising awareness of the project. Given that parts of the system will be based on open-source licenses, an important enabler for the future business exploitation of the project products is the right management of IPR issues. Therefore this WP shall tackle IPR issues identified in the scope of the project. As the achieving market for solutions requires a proper technical implementation of the needs required by the users, this task shall stay in close cooperation with WP2 (requirement gathering) as well as WP7, where pilot deployments shall provide the means for verification of true market-value of the solutions.
Summarising the objectives of this task are to:
D8.1 Business, Marketing and Innovation Plan v1
D8.2 Business, Marketing and Innovation Plan v2
D8.3 Business, Marketing and Innovation Plan v3
D8.4 Communication Plan v1
D8.5 Communication Plan v2
D8.6 Website and Dissemination Material v1
D8.7 Website and Dissemination Material v2
D8.8 Summary of dissemination efforts v1
D8.9 Summary of Dissemination Efforts v2