Innovating Works
EDIDP-CSAMN-EDICT-2020
EDIDP-CSAMN-EDICT-2020: Easily deployable and interconnected cyber toolbox for defence use
Specific Challenge:The main challenge is to create a new generation of mobile cyber toolbox to be used by cyber rapid response teams (CRRTs) to manage cyber incidents (detect, investigate and remedy hostile activities) in defence field, as well as government environment and critical information infrastructure.
Sólo fondo perdido 0 €
Europeo
Esta convocatoria está cerrada Esta línea ya está cerrada por lo que no puedes aplicar. Cerró el pasado día 01-12-2020.
Hace más de 51 mes(es) del cierre y aún no tenemos información sobre los proyectos financiados, no parece que se vaya a publicar esta información.
Presentación: Consorcio Consorcio: Esta ayuda está diseñada para aplicar a ella en formato consorcio..
Esta ayuda financia Proyectos: Objetivo del proyecto:

Specific Challenge:The main challenge is to create a new generation of mobile cyber toolbox to be used by cyber rapid response teams (CRRTs) to manage cyber incidents (detect, investigate and remedy hostile activities) in defence field, as well as government environment and critical information infrastructure.

Usually, CRRTs are deployed as mobile teams to deal with cyber incidents on its premises or from remote locations, possibly with limited access to secure communication means. In the modern environment, the dependency also for military operations from civilian infrastructure (including industrial systems) and civilian solutions is growing rapidly with emerging technologies such as 5G and IoT (Internet of Things).

Although there are many rapid response initiatives and many rapid response teams formed both in civilian and military organizations, they have limitations. These teams are usually able to operate only in common enterprise environments (e.g. Microsoft and Linux based environments), have limited capabilities for specialized systems, or are dedicated to work only in organizations’ internal networks. Therefore, these teams lack skills and tools... ver más

Specific Challenge:The main challenge is to create a new generation of mobile cyber toolbox to be used by cyber rapid response teams (CRRTs) to manage cyber incidents (detect, investigate and remedy hostile activities) in defence field, as well as government environment and critical information infrastructure.

Usually, CRRTs are deployed as mobile teams to deal with cyber incidents on its premises or from remote locations, possibly with limited access to secure communication means. In the modern environment, the dependency also for military operations from civilian infrastructure (including industrial systems) and civilian solutions is growing rapidly with emerging technologies such as 5G and IoT (Internet of Things).

Although there are many rapid response initiatives and many rapid response teams formed both in civilian and military organizations, they have limitations. These teams are usually able to operate only in common enterprise environments (e.g. Microsoft and Linux based environments), have limited capabilities for specialized systems, or are dedicated to work only in organizations’ internal networks. Therefore, these teams lack skills and tools to operate in multi-site and multi-organization environments. On the other hand, they are restricted to work in their own networks by legal constraints and technological means.

Currently, a number of home-grown and relatively well-established tools and training – both commercial and open source- are available. Large companies active in cybersecurity have also built cyber toolboxes for internal and external use.

These toolsets are, however, best suited to relatively conventional scenarios and may not be convenient to use or highly effective in transnational military and government environments.

Some of the limitations include:

the packaging and architecture of such solutions, the integration with back-office investigation capabilities and the ability to face narrow network bandwidth; the stealthiness of the deployed tools on potentially compromised networks; the ability to face other, non-traditional types of systems, such as industrial control systems and SCADA (Supervisory control and data acquisition).
Scope:The proposals must address the development of capabilities for CRRTs to manage effectively cyber incidents in the various above-mentioned environments and fields.

These capabilities (hardware and software) must be integrated smoothly and comprehensively in an easily deployable (including via commercial airlines) cyber toolbox.

The toolbox must address the following areas:

Data collection, reporting, and reach back

Stealthy data collection tools on potentially affected systems;Ticketing system;Communication platform;Big data exchange platform;IoC (Indicator of compromise) sharing platform. Monitoring, log aggregation

Firewalls, IDS (Intrusion detection system)/IPS (Intrusion prevention system), including required network interface adapters, duplicators, taps, etc.;Data collections tools and SIEM (Security information and event management);Operating systems scanning, including deep and proven boot sanity checks of various Windows, Mac OS and Linux distributions, including in the virtualized environment;Firmware scanning (USB, Ethernet, and WiFi-based) Analysis and forensics capability

Analysis of the deployable tool output, including the analysis of acquired images and network traffic;Fast, configurable data lake for logs and network activity analysis;Connection with cyber threat intelligence. ICS/SCADA capability

Tools required for data collection and analysis in industrial environments, addressing the most common ICS/SCADA elements’ manufacturers, protocols, interfaces, etc.; Vulnerability assessments and penetration testing capability

Tools (hardware and software) for vulnerability assessment and penetration testing. Targeted activities

The proposals must cover the study, design, prototyping and testing of the cyber toolbox, not excluding downstream activities.

The targeted activities must in particular include:

the review of the typical current capability of a CRRT, the activities such team performs, and the types of automated support that such a team needs. This must consider, among other things: the possible functional gaps in current toolsets;the impact of virtualized/cloud type environments on tool deployment and scalability;the extent to which integration of different tools might simplify operator tasks and improve the effectiveness of a deployment;the definition of a process to manage the evolution of the tools among many participating entities. the review of the implications of operating in widely distributed and interoperable environments, in particular, considering how CRRTs operate in constrained environments such as the military deployed environment;the review of the advanced team operating models that enable collaborative distributed activity, critically necessary to contain or manage large scale attacks enabling mission assurance, taking into account the questions of need-to-know/need-to-share and communications with command and control systems;based on these analyses, identification of specific enhancements that must be made to current generation toolsets, processes and practices;the design, prototyping and testing of a new generation toolset implementing these enhancements;exercises to inform operating processes and practices across the full operating domain;collective exercises (i.e. across multiple sites/systems/teams) to further develop operating processes and practices. Main high-level requirements

The toolbox should consist of four principal parts:

1) Workplace. Laptops with the appropriate software.

2) Sensors. Deployable network sensors, including data collection interfaces.

3) Back-office infrastructure. Back-office infrastructure and services.

4) Cloud. Cloud services, SaaS tools, commercial data feeds.

1. Workplace

The workplace should consist of a set of identically prepared laptops, provided together with additional accessories, like external hard drives, taps, duplicators, interfaces, cables, adaptors, also specific forensic tools (such as Tableau hardware);Laptops should contain all required software for identified CRRT tasks, including, but not limited to, incident handling, monitoring, forensics, vulnerability assessment, penetration testing, back-office communication;Software for monitoring, log collection, and analysis of ICS (Industrial control system)/ SCADA environments, covering at least the 20 most popular ICS/SCADA protocols should be provided;A virtualization environment should be installed for running virtual machines. If specific applications need Linux or other OS, they should be prepared inside appropriate virtual machines. 2. Sensors

Deployable sensors should be provided for collecting network traffic;A sensor should be composed of one or more servers, routers, switches, duplicators, taps, adapters, interfaces, and other hardware accessories for connecting to various networks and infrastructures; Everything should be fitted into an easily transportable, ruggedized box/frame. The box weight and dimensions should allow it to be transportable by commercial airlines;The toolbox should contain two identical sensors (for redundancy, training, and testing). 3. Back-office infrastructure

The back-office infrastructure consists of one or more servers and data storage to be installed in a central (home) location. It is meant to provide required services for the CRRT: IoC (Indicators of compromise) sharing platform (e.g. MISP (Malware information sharing platform);Ticketing system (e.g. RTIR (Request tracker for incident response);Communication platform (e.g. MatterMost);Big data exchange platform (e.g. NextCloud);Collaboration platform (e.g. GitLab, Confluence);Git repository (e.g. GitLab); Infrastructure should support the ability to install other required tools and services. 4. Cloud

Cloud should be understood as a set of cloud services and commercial SaaS tools. This should at a minimum include: commercial data feeds;commercial signatures for sensors;threat intelligence platform. Other common requirements for the toolbox

Modular structure. Components should be able to work independently and to be removed or replaced;The toolbox should be based on open standards and common best practices to facilitate interoperability with existing national cybersecurity systems, including, but not limited to, cyber situation awareness, cyber threat intelligence, and command and control platforms. This means using common open import/export formats, existing interfaces, and the use of APIs throughout individual tools;Deployable tools on a potentially compromised network and systems should be stealthy and auditable; Analysis of collected data should be able to be done both manually and automatically; The proposed solution should consist of necessary hardware and software for online and offline investigation;The toolbox should be able to provide the analysts with an autonomous capability (analyse the collected data on a deployable system), while being able to interconnect with back-office in different network availability conditions, to get threat intelligence, send analysis results, etc.;The proposed solution should provide dynamic, scalable, and resilient solutions, capable of easily integrating all the actors and nodes involved in each mission;The proposed solution should allow rapid installation (for example – on new servers or new laptops), restoring/reverting, administration and operation;Toolbox (workplaces, sensors) should be easily deployable overseas, including via commercial airlines;The proposed solution should include training materials sized for not less than 120 hours of appropriate training;Delivery of the project – a fully functioning, ready to use toolbox.
Expected Impact: Developing new generation tools and procedures for defensive cyber operations in any operational context; Improving readiness and response capability for unconventional cyber-attacks in the Member States; Improve cyber incident prevention, mitigation, investigation and reporting capabilities in the Member States for large scale cyber-attacks impacting both civilian as well as military environment; Support the development of Member State’s cyber defence capabilities and decision-making in cyber emergencies.
ver menos

Temáticas Obligatorias del proyecto: Temática principal:

Características del consorcio

Ámbito Europeo : La ayuda es de ámbito europeo, puede aplicar a esta linea cualquier empresa que forme parte de la Comunidad Europea.
Tipo y tamaño de organizaciones: El diseño de consorcio necesario para la tramitación de esta ayuda necesita de:

Características del Proyecto

Requisitos de diseño: Duración:
Requisitos técnicos: Specific Challenge:The main challenge is to create a new generation of mobile cyber toolbox to be used by cyber rapid response teams (CRRTs) to manage cyber incidents (detect, investigate and remedy hostile activities) in defence field, as well as government environment and critical information infrastructure. Specific Challenge:The main challenge is to create a new generation of mobile cyber toolbox to be used by cyber rapid response teams (CRRTs) to manage cyber incidents (detect, investigate and remedy hostile activities) in defence field, as well as government environment and critical information infrastructure.
Capítulos financiables: Los capítulos de gastos financiables para esta línea son:
Personnel costs.
Los costes de personal subvencionables cubren las horas de trabajo efectivo de las personas directamente dedicadas a la ejecución de la acción. Los propietarios de pequeñas y medianas empresas que no perciban salario y otras personas físicas que no perciban salario podrán imputar los costes de personal sobre la base de una escala de costes unitarios
Purchase costs.
Los otros costes directos se dividen en los siguientes apartados: Viajes, amortizaciones, equipamiento y otros bienes y servicios. Se financia la amortización de equipos, permitiendo incluir la amortización de equipos adquiridos antes del proyecto si se registra durante su ejecución. En el apartado de otros bienes y servicios se incluyen los diferentes bienes y servicios comprados por los beneficiarios a proveedores externos para poder llevar a cabo sus tareas
Subcontracting costs.
La subcontratación en ayudas europeas no debe tratarse del core de actividades de I+D del proyecto. El contratista debe ser seleccionado por el beneficiario de acuerdo con el principio de mejor relación calidad-precio bajo las condiciones de transparencia e igualdad (en ningún caso consistirá en solicitar menos de 3 ofertas). En el caso de entidades públicas, para la subcontratación se deberán de seguir las leyes que rijan en el país al que pertenezca el contratante
Amortizaciones.
Activos.
Otros Gastos.
Madurez tecnológica: La tramitación de esta ayuda requiere de un nivel tecnológico mínimo en el proyecto de TRL 5:. Los componentes se integran de forma que la configuración del sistema coincida con la aplicación final en casi todos los aspectos. Se prueba el rendimiento en un entorno operativo simulado. La diferencia principal con el TRL 4 es el aumento a una fidelidad media y la aplicación al entorno real. + info.
TRL esperado:

Características de la financiación

Intensidad de la ayuda: Sólo fondo perdido + info
Fondo perdido:
0% 25% 50% 75% 100%
1. List of eligible countries: Described in section 3 of the call document.
2. Eligibility and admissibility conditions: Described in section 3 of the call document.
3. Evaluation criteria & process:
Operational and financial capacity: Described in section 3 of the call document.
Exclusion criteria: Described in section 3 of the call document.
Award criteria, scoring and thresholds: Described in section 3 of the call document. 
Submission and evaluation procedure: Described in section 3 of the call document.
 4. Proposal page limits and layout: 60 (Part B - Section 6 & 7) 
 
 5. Additional requirements
Operational and financial capacity: Described in section 3 of the call document.
Exclusion criteria: Described in section 3 of the call document.
Members of consortium are required to conclude a consortium agreement, in principle prior to the signature of the grant agreement.
 6. Planning for evaluation and grant agreement: Described in section 3 of the call document. 
 7.     Proposal forms, Model Grant Agreement:
Submission form
Annex 1 – SMEs and mid-caps participation
Annex 2 – Budget table – Actual costs
Annex 3 – Declaration of honour
Annex 4 – Agreement on pre-existing information (background information)
Annex...
1. List of eligible countries: Described in section 3 of the call document.
2. Eligibility and admissibility conditions: Described in section 3 of the call document.
3. Evaluation criteria & process:
Operational and financial capacity: Described in section 3 of the call document.
Exclusion criteria: Described in section 3 of the call document.
Award criteria, scoring and thresholds: Described in section 3 of the call document. 
Submission and evaluation procedure: Described in section 3 of the call document.
 4. Proposal page limits and layout: 60 (Part B - Section 6 & 7) 
 
 5. Additional requirements
Operational and financial capacity: Described in section 3 of the call document.
Exclusion criteria: Described in section 3 of the call document.
Members of consortium are required to conclude a consortium agreement, in principle prior to the signature of the grant agreement.
 6. Planning for evaluation and grant agreement: Described in section 3 of the call document. 
 7.     Proposal forms, Model Grant Agreement:
Submission form
Annex 1 – SMEs and mid-caps participation
Annex 2 – Budget table – Actual costs
Annex 3 – Declaration of honour
Annex 4 – Agreement on pre-existing information (background information)
Annex 5 – Statistical information
Annex 6 – Declaration of Ownership and Control
Annex 7 – Description of operational capacity
Annex 8 – Mid-cap self-assessment form
Model Grant Agreement (MultI and Mono)
            MGA - Annex 2
            MGA - Annex 4
8. Additional documents: To be communicated
Work programme 2019-2020
Call texts 2020
Guide for applicants
Generic Programme Security Instructions
Garantías:
No exige Garantías
No existen condiciones financieras para el beneficiario.

Información adicional de la convocatoria

Efecto incentivador: Esta ayuda tiene efecto incentivador, por lo que el proyecto no puede haberse iniciado antes de la presentación de la solicitud de ayuda. + info.
Respuesta Organismo: Se calcula que aproximadamente, la respuesta del organismo una vez tramitada la ayuda es de:
Meses de respuesta:
Muy Competitiva:
No Competitiva Competitiva Muy Competitiva
No conocemos el presupuesto total de la línea
Minimis: Esta línea de financiación NO considera una “ayuda de minimis”. Puedes consultar la normativa aquí.

Otras ventajas

Sello PYME: Tramitar esta ayuda con éxito permite conseguir el sello de calidad de “sello pyme innovadora”. Que permite ciertas ventajas fiscales.
EDIDP-CSAMN-2020 Easily deployable and interconnected cyber toolbox for defence use Specific Challenge:The main challenge is to create a new generation of mobile cyber toolbox to be used by cyber rapid response teams (CRRTs)...
Sin info.
EDIDP-CSAMN-EDICT-2020 Easily deployable and interconnected cyber toolbox for defence use
en consorcio: Specific Challenge:The main challenge is to create a new generation of mobile cyber toolbox to be used by cyber rapid response teams (CRRTs)...
Cerrada hace 4 años | Próxima convocatoria prevista para el mes de