Cyberspace plays a key role in modern societies and economies. Over the last decade Internet has changed the way we interact with Public Administrations, has given rise to new business and entertainment models and influenced the way we communicate. However, as acknowledged by the National Security Strategy, cyberspace is nowadays an open and uncontrolled space. The complexity and globalization of cyberattacks has increased very significantly in the last years, causing an important breach between the capabilities of attackers and defenders.
This project aims at strengthening our capabilities to prevent, detect, and respond to cyberattacks by developing techniques that improve situational awareness and cater for a dynamic threat management. To do so, we propose an interdisciplinary research program that tackles three important challenges in cybersecurity research. Firstly, interdependences among networks and information systems are forcing us to adopt cooperative strategies where entities of a very different nature exchange information about vulnerabilities, threats, actors, tactics, ongoing incidents, countermeasures, etc. However, organizations are extremely reluctant to openly share such information. This calls for models and technologies that facilitate sharing by determining what to share, when, with whom, as well as reasoning about the repercussions of sharing confidential data. Secondly, an improved defense capability requires a deeper and more intelligent analysis of all events that take place in the network. This requires to adapt, and develop where necessary, Big Data technologies to analyze massive amounts of security-related information. Finally, an effective threat management system needs to put in context available information, automatically derive dynamic risk levels for all systems, and support decisions about the selection and deployment of optimal countermeasures.
This scientific program is described in “ORDEN 3017/2014, de 24 de septiembre, de la Consejera de Educación, Juventud y Deporte” of Comunidad de Madrid.
The program reference is S2013/ICE-3095.
The project goals are aligned with the Spanish and European priorities for the development of secure environments, which aims at strengthening citizen’s rights and improving the competitiveness of our industries and our defense capabilities. Consequently, our expected results have a high technological relevance since they will provide tools for a more trustworthy cyberspace for citizens, companies, and Public Administrations.
Three main objectives have been defined for the CIBERDINE program:
- Sharing models for cybersecurity information
- Advanced data analysis for cyberdefense
- Dynamic Management of cybersecurity risks
This objectives corresponds with the three main lines:
- Cooperative cybersecurity
- massive analysis of network data
- Cybersecurity decision support systems