How the European project JCOP adds actual value to Cybersecurity Authorities
Author: Greek National Cyber Security Authority (NCSA)
The Hellenic National Cyber Security Authority (NCSA) is the national competent authority for cybersecurity in Greece, according to the EU Network and Information Security Directive (NIS Directive - 2016/1148)1 and National Law 4577/20182. NCSA operates under the Ministry of Digital Governance3 and functions as a General Directorate covering the areas of cybersecurity strategic planning, prevention and protection, business continuity and coordination. It comprises public sector officials, including cybersecurity experts, IT engineers, legal experts and public management officials. NCSA has established strong collaborations with the Governmental CERT, the National CSIRT, as well as other national competent authorities. Furthermore, the authority collaborates with EU agencies, authorities, and organisations, such as the NIS Cooperation Group4, ENISA5 and the EU CSIRT Network6, and participates in the relevant discussions and works. Finally, the authority is engaged in international collaborations and European-funded projects, like JCOP.
NCSA's high-level mission is described as follows:
- Supervision of national cybersecurity policy.
- Supporting national efforts in incident handling & threat response.
- Coordination of national cybersecurity stakeholders.
- Cooperation with national and international actors.
- Promotion of a cyber-secure culture in Greece.
Figure 1: National Cybersecurity Strategic Objectives7.
JCOP is a European project driven by the EU's Cybersecurity Strategy and guidelines, which aspires to facilitate shared situational awareness, preparedness and coordinated incident response with the cybersecurity structures and mechanisms established under the NIS Directive.
Figure 2: Capacity Pillars of JCOP.
A summary of JCOP regarding its drivers, scope, and objectives is presented below:
Drivers:- EU's Cybersecurity Strategy8 (adopted in December 2020) focuses on collective resilience against cyber threats.
- “Cyber Blueprint”9 of European Commission Recommendation on Coordinated Response to Large Scale Cybersecurity Incidents and Crises.
- EU Cyber Crisis Liaison Organisation Network (CyCLONe)10, which supports the coordinated management of cross-border large-scale incidents at the operational level and ensures the exchange of information among Member States and EU bodies.
- Design, develop and deliver a Joint Cybersecurity Operations Platform (JCOP) tailored to the needs of EU Member State authorities entrusted with cybersecurity, providing a holistic cybersecurity operations solution.
- Create a model Southeast Europe Coordinated Response Cluster, encompassing the authorities of Greece and Cyprus, with validation from the Norwegian National Security Authority (NSM11).
- Demonstrate in practice the capacity and coordination-building impact of JCOP at the national (between national JCOP instances) and the EU level (between JCOP instances and EU cybersecurity bodies, such as the CSIRTs network, CERT-EU, and ENISA).
- Establish JCOP as a prototypical implementation of the “Cyber Blueprint” and a reference that can be applied to additional Member States.
Given the vision and the goals of the National Cyber Security Strategy of Greece for the period 2020-202512 (Figure 1), it becomes apparent that a European project like JCOP is not only facilitating part of NCSA's mission as a means of collaboration with other European countries, academia and research centres, but it also supports various national strategic objectives. Thus, before even getting into further analysis, it is self-evident that the potential added value of participating in European projects is directly linked with NCSA's mission and objectives.
Moving forward with a more specific benefits estimation, we will describe the three capacity pillars of JCOP, in addition to the acquisition of equipment as part of the JCOP implementation process and demonstrate how they relate to NCSA's mission and the national objectives.
Cyber Threat Intelligence (CTI)
- CTI is a crucial enabler in understanding the complex and evolving threat landscape and is inseparable from a national authority's cybersecurity strategic planning and security awareness policies. JCOP includes technical sessions regarding CTI sharing models (e.g., STIX & MISP), tracking of tactical, operational and strategic intelligence sources, both open source and proprietary, and implementation and training on a common CTI platform.
Alerting & Incident Response (AIR)
- NIS Cooperation Group, CyCLONe, ENISA and other international and European collaboration groups rely heavily on information sharing and common approaches for incident response procedures. Incident management optimisation through international/ European collaborations is a critical national strategic objective. JCOP is analysing the associated Standard Operating Procedures (SOPs) and the underlying EU ecosystem, and subsequently will review and optimise relevant information templates and communication lines, aiming at the development of a proper Alert & Incident Response (AIR) toolbox.
Cybersecurity Operations training
- COT is not just an internal issue but is also driven by the EU's Cybersecurity strategy and the Council's recommendations for achieving collective resilience against cyber threats (namely, the Coordinated Response to Large Scale Cybersecurity Incidents and Crises13). To achieve the EU's guidelines, capacity building and security awareness are elevated from local national matters to global international/ European collaboration fields. JCOP, as a cooperation platform, defines specific training scenarios and provides a useful collaborative training tool (i.e., cyber range) according to the EU's directions.
State of the Art Equipment
- The addition of new technical infrastructure in the premises of national competent authorities is part of the Action's outputs, thus enhancing their cybersecurity capabilities. After consultation among the involved parties, a new video wall control system with advanced management capabilities is added to NCSA's infrastructure, together with proper hosting equipment for the JCOP portal. In particular, the video wall control system is placed between the JCOP hosting and administration systems (Server & Workstations) and the video wall TV screens to provide the ability to manage incoming visual information from JCOP instances/dashboards and distribute them to any preferred layout to the video wall.
Optimally, JCOP and the introduced equipment will be able to:
- fully integrate with the existing monitoring infrastructure of NCSA,
- provide NCSA access to state-of-the-art equipment for usage and further evaluation,
- ensure the addition of JCOP instances to current monitoring and evaluating activities.
Summarising and based on the above, European projects like JCOP are a key instrument for National Cybersecurity Authorities to achieve their mission and goals, enriching capabilities and improving the effectiveness and efficiency of their daily cybersecurity operations, including cooperation at the EU level.
Resources- Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC
- National Gazette 199/2018, https://www.et.gr/api/DownloadFeksApi/?fek_pdf=20180100199
- Hellenic Republic - Ministry of Digital Governance, https://mindigital.gr
- NIS Cooperation Group, https://digital-strategy.ec.europa.eu/en/policies/nis-cooperation-group
- EU Agency for Cybersecurity, https://www.enisa.europa.eu
- EU CSIRTs Network, https://csirtsnetwork.eu
- See National Cyber Security Strategy of Greece 2020-2025, https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive-map?selected=Greece
- The EU Cybersecurity Strategy, European Commission, 2022 - https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-strategy
- Commission Recommendation (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises - https://eur-lex.europa.eu/eli/reco/2017/1584/oj
- Article 14, Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 - https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020PC0823&qid=1610720363291
- The Norwegian National Security Authority, https://nsm.no
- National Cyber Security Strategy of Greece 2020-2025, https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive-map?selected=Greece
- The EU Cybersecurity Strategy, European Commission, 2022 - https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-strategy