As state-of-the-art ICT technologies are increasingly used in military units and command structures, the impact of cyber threats and potential incidents on the Member States’ defence capabilities -both at tactical and strategic level- is constantly growing. It is thus no wonder that EU has identified Enabling Capabilities for Cyber Responsive Operations as one of its eleven development priorities.
In this context, the PANDORA project aims at contributing to EU cyber defence capacity building, by designing and implementing an open technical solution for real-time threat hunting and incident response, focusing on endpoint protection, as well as information sharing. The PANDORA system will be able to promptly detect and classify known and unknown threats, enforce policies on-the-fly to counter these threats, and also exchange threat intelligence information with third parties, at both national and international level.
The technical solution developed in PANDORA will be integrated and assessed in a pre-operational environment against two relevant use cases: warship security and military sensor network security.
PANDORA will be fully aligned with the scope and objectives of the PESCO project entitled “Cyber Threats and Incident Response Information Sharing Platform (CTISP)”.
In specific, the technical solutions developed in PANDORA will:
•Collect information (metrics, traffic, indicators of compromise etc.) from endpoints and network elements;
•Detect and classify security incidents, both known (based on signatures and IoCs) and unknown (based on inferred anomalies and suspicious behaviours), also leveraging Machine Learning techniques;
•Suggest mitigation actions and policies – and enforce them automatically upon confirmation;
•Import and export incident information and threat intelligence to/from national and international information sharing platforms;
•Expose interfaces, both graphical and programmatic, with role-based access control, to support Security Operations and allow in-depth investigations in case of an incident;