CyberExchange (2017-EU-IA-0118)

image

The EU-supported CyberExchange project is like Erasmus for CERTs/CSIRTs in the EU. CERT staff can join other participating CERTs three days to two weeks and enhance the relations as well as facilitate the know how exchange. Two different types of exchanges are possible: In "Fellowships" an employee is sent to another participating CERT/CSIRT to gain new skills and experience and relays them at the home organization to colleagues. The other visit type is a "Technical Assistance Visit" where one person travels to another CERT/CSIRT to bringing knowledge about a specific tool or process. CERT.at was both a sending and a receiving party

The Covid-19 pandemic hit the project hard, we had to cancel two planned visits to Luxembourg and Zagreb, respectively. Even though the project was extended, a resumption of travel activities is still unclear. Thus CERT.at left the project in the summer of 2021.

“MeliCERTes” (SMART-2018-2014)

MeliCERTes1 aims at creating and developing a toolbox for CERTs/CSIRTs, primarily focusing on national CERTs/CSIRTs which are part of the CSIRTs network according to the EU NIS directive. The use of Open Source tools is emphasised to guarantee transparency of software functionality, reduce costs and ensure constant development of the tools. The final goal is a software platform which enhances communication and increases data and knowledge exchange within the CSIRTs network.

For example, MeliCERTes financed new interfaces between tools like IntelMQ, MISP, and others. These efforts strenghtens the CERT/CSIRT community as well as the IT security community as a whole.

Software and documentation created during the project are published on https://github.com/melicertes/.

Thus, MeliCERTes creates an inventory of what is currently used by national CERTs/CSIRTs within the EU and adds new items to it. This "blue print" can be used by new CERTs/CSIRTs; not only to get operational very quickly but also to make sure that they implement solutions for which extensive knowledge already exists within the CSIRTs network so they can ask their peers if problems arise.

MeliCERTes is currently developed by a consortium consisting of CERT.at, CERT.EE, CERT.pl, CIRCL, SK-CERT, and Deloitte.

SMART-2018-2014 is the follow-up project to SMART 2015/1089 which was tendered in 2015 and won 2016 by a consortium consisting of Capgemini, S-Cure, and Intrasoft International. Details about the initial call for tenders can be found here. The one for the current project is accessible at https://ec.europa.eu/digital-single-market/en/news/call-tender-advance-melicertes-facility-used-csirts-eu-cooperate-and-exchange-information.

Constituency-Portal NG („tuency“)

This project is partly funded by CEF 2018-AT-IA-0111 (see above).

image

The “Constituency-Portal” is a contact data management tool featuring self-service functionality and is directly integrated with the authentication solution Keycloak. This allows us to use the contact data for authentication in other linked applications. The software further enhances and extends our possibilities to better address and configure our daily e-mail notifications for network owners regarding issues in their networks.

The software “tuency” is currently being developed by our partner Intevation GmbH (located in Osnabrück, Germany) as Free Software. The code can be found at gitlab.

AWAKE (2020-AT-IA-0254)

image

This project deals with the topic of situational awareness: how to assess of the current state of security and how to communicate this knowledge. In one dimension, it is about the three levels in the EU's cybersecurity setup. We, CERT.at, are the technical layer; we deal with the (technical) threats, what is currently being exploited and what is vulnerable. In Austria, the operational level is the corresponding NIS authority in the Ministry of the Interior (until December 2021, the CSC in the BVT had this role, afterwards the NIS office moved to Section IV) where the primary concern is the impact dimension. We exchange information on a case-by-case basis and on regular basis within the framework of the OpKoord (see NIS law). We want to improve this information sharing with this project. The other dimension is the sharing at the same layer, but between different geographical scales. We think that it should also be possible to aggregate information from EU member states at EU level.

On one hand, it is about the preparation of the data already available in the CERT, which is distributed over various systems. For example, information on a DDoS campaign could be found in the ticket system, OSINT, national and international IM systems and MISP. A central search across all of these systems should help to answer the question "What do we know about topic X?". Automation-supported clustering can then lead to a functional user interface in which our analyst can compile a case file and add a manually written summary. This can then be shared with the operational level via a bidirectional interface.

On the other hand, it is also about actively collecting status reports through surveys. Here we can rely heavily on the preparatory work from the ACCSA project. The Koord tool developed there can do just that: a permanently running web survey, in which the questions and answers may change over time, and where a current summary of the results is generated.

JTAN (2020-EU-IA-0260)

image

The "Joint Threat Analysis Network" is large collaboration by multiple EU CSIRTs. Our participation is the development of a risk metrik for domains. The bulk of the work is done by the nic.at R&D team.

Participation in research projects

We will start with two new research projects (SHIFT and CYBERMONOLOG) soon.


  1. The name is derived from the ancient Greek deity Melicertes (gr. Μελικέρτης) who helped ships to safely arrive in the harbour.