Cybersecurity is one of today's most challenging security problems for commercial companies, NGOs, governmental institutions as well as individuals. Reaching beyond the technology focused boundaries of classical information technology (IT) security, cybersecurity includes organizational and behavioural aspects of IT systems and also needs to comply to the currently actively developing legal and regulatory framework for cybersecurity. For example, the European Union recently passed the Network and Information Security (NIS) directive that obliges member states to get in line with the EU strategy. While large corporations might have the resources to follow those developments and bring their IT infrastructure and services in line with the requirements, the burden for smaller organizations like local public administration will be substantial and the required resources might not be available. New and innovative solutions that will help local public administration to ease the burden of being in line with cybersecurity requirements are needed. For example, cooperation and coordination is one of the major aspects of the NIS and EU cybersecurity strategy. An enabling technology for cooperation and coordination is cyber situational awareness and information sharing of cyber incidents. In this project we propose a cybersecurity situational awareness solution for local public administrations that, based on an analysis of the context provides automatic incident detection and visualization, and enables information exchange with relevant national and EU level NIS authorities like CERTs. Advanced features like system self-healing based on the situational awareness technologies, and multi-lingual semantics support to account for language barriers in the EU context, are part of the solution.

CS-AWARE-NEXT aims to provide improved cybersecurity management capabilities to organizations and local/regional supply networks. Such organisations and networks operate in a highly dynamic cybersecurity environment, and are required to comply with prevailing European legislation such as the network and information security (NIS) directive. The way such organizations approach cybersecurity increasingly needs to be more dynamic and more collaborative, building on a shared situational awareness of potential cybersecurity issues relevant to the organisations and networks in question. To achieve this, CS-AWARE-NEXT has identified several focus areas to be addressed: (a) Improved organisational policy support to enable organizations to deal better with the dynamic nature of cybersecurity. (b) Greatly enhanced cooperation/collaboration within the organization and with external actors, such as those comprising the local/regional supply chain. (c) Better integration of threat intelligence in operational cybersecurity management using innovative AI approaches and techniques. (d) Much improved disaster recovery/business continuity, integrated in operational cybersecurity management. (e) Elevated evidence collection and information sharing with relevant actors on the multi-level European cybersecurity framework. (f) Improved capacity for enabling organizations to assess their security status in comparison with other relevant actors through benchmarking and profiling. CS-AWARE-NEXT builds on the awareness, cybersecurity information sharing, and system self-healing capabilities of the CS-AWARE platform developed during the H2020 project of the same name. The integration of the advanced capabilities of CS-AWARE-NEXT will enable organizations and dependent supply networks to be much more effective and efficient in their use of cybersecurity platforms like CS-AWARE, supporting their day-to-day cybersecurity risk and incident management operations.