Cyberspace plays a key role in modern societies and economies. Over the last decade Internet has changed the way we interact with Public Administrations, has given rise to new business and entertainment models and influenced the way we communicate. However, as acknowledged by the National Security Strategy, cyberspace is nowadays an open and uncontrolled space. The complexity and globalization of cyberattacks has increased very significantly in the last years, causing an important breach between the capabilities of attackers and defenders.
This project aims at strengthening our capabilities to prevent, detect, and respond to cyberattacks by developing techniques that improve situational awareness and cater for a dynamic threat management. To do so, we propose an interdisciplinary research program that tackles three important challenges in cybersecurity research. Firstly, interdependences among networks and information systems are forcing us to adopt cooperative strategies where entities of a very different nature exchange information about vulnerabilities, threats, actors, tactics, ongoing incidents, countermeasures, etc. However, organizations are extremely reluctant to openly share such information. This calls for models and technologies that facilitate sharing by determining what to share, when, with whom, as well as reasoning about the repercussions of sharing confidential data. Secondly, an improved defense capability requires a deeper and more intelligent analysis of all events that take place in the network. This requires to adapt, and develop where necessary, Big Data technologies to analyze massive amounts of security-related information. Finally, an effective threat management system needs to put in context available information, automatically derive dynamic risk levels for all systems, and support decisions about the selection and deployment of optimal countermeasures.