Project Structure

WP1 Project Management

This work package includes all activities that are related to the general management of the project, according to the Grant Agreement and the Project Coordination Agreement. The coordinator will manage the implementation of the work plan of the project as per contractual obligations of all partners. The main objective is to manage the administrative and financial issues of the project attaching to the rules of the European Commission and the H2020 initiative, ensuring the coordination of efforts among all the partners to guarantee the effective operation of the project and timely delivery of the results.

  • WP1 Deliverables

    D1.1 Consortium operating

    D1.2 Technical Progress

    D1.3 Technical Progress

    D1.4 Technical Progress

    D1.5 Technical Report

WP2 Requirements, Scenarios and Architecture

The main objective of this WP is to capture the requirements of users, develop a model that is capable of describing the workflow and operations of CSIRTs, and design the architecture. It will incorporate feedback and performance assessments back into the model and the design. Requirements includes both technical challenges as well as social (people) challenges which CSIRTs face in maintaining situational awareness. The model is a conceptual model that that is capable of describing the workflow and operations of CSIRTs, in particular use case scenarios in information sharing and sense-making for situational awareness. The conceptual model is in place in order to describe the operational aspects necessary in PROTECTIVE, which care usually very difficult to describe in conventional system specifications. Once a good understanding of requirements, specifications and use cases has been established, we will design the architecture in-depth to support them. These preliminary results will be distributed and communicated to the whole team to ensure all aspects are implemented correctly. During the pilot execution, performance assessments are fed back into the model and design (requirements, specification and architecture.

This work package allows for the model and tool to:

  • be designed from best-practices and existing literature – we have outlined the basic design in this document, and will continue to enhance the design.
  • accommodate both social and technical needs of CSIRTs – a substantial amount of work in the situational awareness space assumes that understanding and communicating about threats and attacks is fundamentally a technical challenge, when usability and social issues are required to be solved as well.
  • have the design be continuously updated based on performance assessments and feedback – we believe we have developed a good understanding to this point, but for the tool to excel continual interaction with the state of the art and end-users will be necessary.
  • ensure all social and technical implementation aspects are integrated best possible based on the design and model

WP3 Correlation and Prioritisation

The main purpose of this work package is to construct mechanisms that will allow correlation and prioritisation of incoming alerts (including alerts from other NRENs received via the XChange platform – WP5) so that more important incidents will take priority over less urgent ones. This task requires research and development on decision support techniques as well as data correlation methods. The solution will be implemented as a two stage approach. The first stage will aim to reduce and filter incoming events – this includes removing or aggregating redundant or duplicated ones and validating against false positives. The aggregated or filtered alerts will constitute so called meta-alerts. Meta-alerts will be further enriched using various external and internal security feeds and inventory data including input from the context awareness platform (WP4). Each of the meta-alerts will be described by a vector of standardised attributes. In the second stage meta-alerts will be prioritised by means of multi criteria decision analysis (MCDA) techniques.

WP4 Context Awareness

The main purpose of this work package is to make the organisation’s mission and constituency(assets) factors visible to the risk calculation and management process to enable effective incident management. This entails associating a mission importance with each asset through assigning a ‘criticality value’ to each asset as well as providing information on other factors that can influence the threat calculation, including vulnerability severity. It improves situational awareness (e.g. viewing the asset criticality across different organisational units).


Key objectives include:

  • to design a scheme to model an organisation’s asset and mission (e.g. business units) structure
  • to develop a software toolset to encapsulate the above design
  • to provide an interface to existing inventory tools to retrieve organisational and asset information
  • to provide support for automated vulnerability processing
  • to provide support for vulnerability remediation

WP5 Threat Intelligence Sharing

The main objective of this WP is to support threat intelligence sharing within the CSIRT community. This WP covers the implementation of the PROTECTIVE XChange, a framework contributing to the components TI Distribution, Trust, Admin, and Analytics.


This WP complements WP3 and WP4 with means of inter-CSIRT communication (TI Distribution). To improve the CSIRT workflows identified in WP2, PROTECTIVE will make extensive use of (semi-) automated trust & quality assessments (TI Trust). This will be achieved by identifying quality properties most relevant to CSIRT operators, and by implementing appropriate means to measure, exchange, and evaluate those properties automatically. To control TI Distribution, PROTECTIVE will provide means of source management and access control (TI Management). Furthermore, PROTECTIVE will correlate the TI feeds in order to improve the alert processing for the CSIRT operators (TI Analytics).

WP6 Framework Development, Integration and System Test

The main goal of this work package is to create and deliver a robust PROTECTIVE system. It will do this by integrating and testing the subsystem delivered from the technology work packages – WP3, WP4 and WP5. The WP will develop common framework services that may be required, as well as platform integration support to enable a common information exchange between the overall system components. This will require definition of a unified data exchange format, adaptation of tools, identification of data and control flows. The implementation framework will follow the architecture developed in WP2.


The detailed objectives are:

  • development of the overall system test plan and system testbed,
  • identification and provisioning of test data to drive testing,
  • identification and development of framework services and integration software,
  • integration of all technology subsystems,
  • system test of the integrated PROTECTIVE system,
  • delivery of a functioning system to the pilots (WP7).
  • WP6 Deliverables

    D6.2 PROTECTIVE Framework implementation v1

    D6.3 PROTECTIVE Framework implementation v2

    D6.4 Testplan v1

    D6.5 Testplan v2

    D6.6 Testbed v1

    D6.7 Testbed v2

    D6.8 PROTECTIVE System – v1

    D6.9 PROTECTIVE System – v2

    D6.10 PROTECTIVE System – v3

WP7 Pilots Management and Execution

The main goal of WP7 is to demonstrate and evaluate the full range of the PROTECTIVE functionalities by managing the planning and implementation of the pilot activities. The pilot partners will receive strategic and technical support from the overall team. During the implementation and at pilot finalisation the activities will be thoroughly evaluated in line with the requirements set-out in WP2.

  • WP7 Deliverables

    D7.1 Detailed Pilots Plan v1

    D7.2 Detailed Pilots Plan v2

    D7.3 Pilots Evaluation Report v1

    D7.4 Pilots Evaluation Report v2

WP8 Business Planning, Exploitation and Dissemination

This work package will cover the tasks and activities that are crucial to properly exploit and disseminate the project results. As the sustainability has to be taken into account from the beginning of the project, one of the first deliveries of this WP will be a business and marketing plan. The marketing plan shall give a good basis for the continuous monitoring of the market and the implementation of sustainable and successful business exploitation. The marketing plan shall be supported by an appropriate communication plan, on which the dissemination and marketing activities will be based, maintaining pro-active communication and raising awareness of the project. Given that parts of the system will be based on open-source licenses, an important enabler for the future business exploitation of the project products is the right management of IPR issues. Therefore this WP shall tackle IPR issues identified in the scope of the project. As the achieving market for solutions requires a proper technical implementation of the needs required by the users, this task shall stay in close cooperation with WP2 (requirement gathering) as well as WP7, where pilot deployments shall provide the means for verification of true market-value of the solutions.


Summarising the objectives of this task are to:

  • Define the PROTECTIVE Business and Marketing Plan
  • Tackle any Intellectual Property Rights issues,
  • Provide continuous monitoring of the market, competition and rising opportunities
  • Sustain viable commercial business exploitation
  • Disseminate and communicate the project results
  • Perform standardisation efforts
  • WP8 Deliverables

    D8.1 Business, Marketing and Innovation Plan v1

    D8.2 Business, Marketing and Innovation Plan v2

    D8.3 Business, Marketing and Innovation Plan v3

    D8.4 Communication Plan v1

    D8.5 Communication Plan v2

    D8.6 Website and Dissemination Material v1

    D8.7 Website and Dissemination Material v2

    D8.8 Summary of dissemination efforts v1

    D8.9 Summary of Dissemination Efforts v2