EC: Funding available to strengthen National SOCs

They will also, where possible, benefit from information and feeds from other SOCs in their countries and use the aggregated data and analysis to deliver early warnings to targeted critical infrastructures on a need-to-know basis.

National SOCs are public entities given the role at national level to act as clearinghouses for detecting, gathering and storing data on cybersecurity threats, analysing this data, and sharing and reporting Cyber Threat Intelligence (CTI), reviews and analyses. They provide a central operational capacity and support other SOCs at national level (e.g., by offering guidance or training, making available data or analysis of this data, coordinating joint detection and monitoring actions). They will play a central role at national level and can act as a hub within a context of SOCs in the different countries.

Objectives 

• The objective is to create or strengthen National SOCs, in particular with state-of-theart tools for monitoring, understanding and proactively managing cyber events, in close collaboration with relevant entities such as CSIRTs. They will also, where possible, benefit from information and feeds from other SOCs in their countries and use the aggregated data and analysis to deliver early warnings to targeted critical infrastructures on a need-to-know basis.

Scope 

• The aim is capacity building for new or existing National SOCs, e.g., equipment, tools, data feeds, as well as costs related to data analysis, interconnection with Cross-Border SOC platforms, etc. This can include for example automation, analysis and correlation tools and data feeds covering Cyber Threat Intelligence (CTI) at various levels ranging from field data to Security Information and Event Management (SIEM) data to higher level CTI. National SOCs should also leverage state of the art technology such as artificial intelligence and dynamic learning of the threat landscape and context.
• This also includes the use of shared cybersecurity information, to the extent possible based on existing taxonomies and/or ontologies, and hardware to ensure the secure exchange and storage of information. The operations should be built upon live network data. Where relevant, consideration should be given to SMEs as the ultimate recipients of cybersecurity operational information.
• A key element is the translation of advanced AI/ML, data analytics and other relevant cybersecurity tools from research results to operational tools, and further testing and validating them in real conditions in combination with access to supercomputing facilities (e.g., to boost the correlation and detection features of cross-border platforms).
• Another key role for National SOCs is knowledge transfer, such as training of cybersecurity analysts. For example, SOCs dealing with critical infrastructures play a key role and should benefit from the knowledge and experience acquired by or concentrated in National SOCs.
• National SOCs must share information with other stakeholders in a mutually beneficial exchange of information and commit to apply to participate in a cross-border SOC platform within the next 2 years, with a view to exchanging information with other National SOCs.

Funding Information

• National SOCs EUR 5.800.000.

Outcomes and Deliverables 

• World-class National SOCs across the Union, strengthened with state-of-the-art technology, acting as clearinghouses for detecting, gathering and storing data on cybersecurity threats, analysing this data, and sharing and reporting CTI, reviews and analyses.
• Threat intelligence and situational awareness capabilities and capacity building supporting strengthened collaboration between cybersecurity actors, including private and public actors.

Eligibility Criteria

• be legal entities (public or private bodies)
• be established in one of the eligible countries, i.e.:
  • EU Member States (including overseas countries and territories (OCTs))
  • EEA countries (Norway, Iceland, Liechtenstein)

For more information, visit EC.