Deploying Strategic Cyber Capabilities Across Europe

• Deployment of Artificial Intelligence and various AI-powered technologies as enablers for Cyber Hubs, CSIRTs, NCSCs, NIS SPOCs and others.
• Novel cybersecurity tools based on AI that have been developed, tested and validated in relevant conditions and made available to Cyber Hubs, CSIRTs, NCSCs, NIS SPOCs and others.
• Enhanced information sharing and collaboration amongst National and Cross-Border Cyber Hubs, CSIRTs, NCSCs, NIS SPOCs and others relevant stakeholders, supported by CTI produced by AI-powered tools.
• Tools for automation of cybersecurity processes such as the creation, analysis and processing of CTI, to enhance operations of the Cyber Hubs.
• Original European CTI feeds or services.
• Ensure that the most advanced and innovative secure AI solutions are developed and implemented for NIS sectors.
• Secure AI solutions and tools, complying with EU legislation. Promote the mitigation of risks associated with the misuse of AI by malicious actors, with a focus on AI ethics and secure deployment.
• Contribution to the standardisation and certification of cybersecure, trustworthy AI technologies.

This topic addresses AI-based technologies (including GenAI) for national authorities and competent authorities, including National and Cross-Border Cyber Hubs, CSIRTs, public bodies and private entities from the NIS 2 directive, NCCs¹, etc. They play a key role in providing central operational capacity to European cybersecurity ecosystems. They may also provide primary input data for AI/ML-based cybersecurity tools and solutions, which can strengthen such authorities’ capacity to analyse, detect and prevent cyber threats and incidents, and to support the production of high-quality intelligence on cyber threats. In particular, the adoption of generative AI² could be a challenge and an opportunity for cybersecurity³ processes and applications.

These enabling technologies should allow for more effective creation and analysis of Cyber Threat Intelligence (CTI), automation of large-scale processes, as well as faster and scalable processing of CTI and identification of patterns that allow for rapid detection and decision making.

The security of AI itself, especially for the systems in the learning phase, also needs to be addressed, including the misuse of AI by malicious actors. This includes carrying out risk assessments and mitigation of cybersecurity risks inherent to AI technologies, implementing supply chain security, etc., and complying with the AI Act, intellectual property legislation and the GDPR.

In addition to being secure, the AI technologies being developed should perform well, and be robust and trustworthy. In particular, having trustworthy AI solutions will help in the deployment phase, where social acceptance is essential.

¹If applicable and in line with individual national strategies.

²Cybersecurity in the age of generative AI, September 2023, available at: https://www.mckinsey.com/featured-insights/themes/cybersecurity-in-the-age-of-generative-ai.

³The Need For AI-Powered Cybersecurity to Tackle AI-Driven Cyberattacks, April 2024, available at: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2024/the-need-for-ai-powered-cybersecurity-to-tackle-ai-driven-cyberattacks.

Actions in this topic should develop and deploy systems and tools for cybersecurity¹, based on AI technologies², addressing aspects such as threat detection, vulnerability detection, threat mitigation, incident recovery through self-healing, data analysis and data sharing. These activities must also comply with intellectual property rights (IPR) and the GDPR, depending on the type of information handled. The AI solutions proposed should also be cybersecure.

Activities should include at least one of the following:

• Continuous detection of patterns and identification of anomalies that can potentially indicate emerging threats, recognising new attack vectors and enabling advanced detection in an evolving threat landscape, including in ICT or in Operational Technology infrastructures using open technologies.
• Creation of CTI based on novel threat detection capabilities.
• Enhancing speed of incident response through real-time monitoring of networks to identify security incidents and generating alerts or triggering automated responses.
• Mitigating malware threats by analysing code behaviour, network traffic, and file characteristics, reducing the window of opportunity for attackers to exploit malware.
• Identification of vulnerabilities and support for management considering multiple sources of information.
• Cybersecure tools and solutions that provide risk-reduction in the crossover between AI, IoT and smart grids or other manufacturing chains.
• Support for recovery from incidents through self-healing capacities.
• Reducing the chances of attacks and pre-emptively identifying weaknesses through automated vulnerability scanning and penetration testing.
• Protecting business sensitive data through the analysis of access patterns and detection of abnormal behaviour.
• Enabling organisations to leverage and share CTI and other actionable information for analysis and insights without compromising data security and privacy, through anonymisation.
• Tools and solutions that provide product security or cybersecurity by design/default in line with CRA requirements.
• Tool and service providers are welcome to apply for this topic, also when in a consortium with Cyber Hubs. Links with stakeholders in the area of High-Performance Computing should be made where appropriate, as well as activities to foster networking with such stakeholders. In well justified cases, access requests to the EuroHPC high performance computing infrastructure could be granted.
• The systems, tools and services developed under this topic will be made available for licensing to National and/or Cross-Border Cyber Hubs platforms, CSIRTs, competent authorities, and other relevant authorities under favourable market conditions.
• These actions aim at providing AI-powered cybersecurity capabilities for National and/or Cross-Border Cyber Hubs and for national authorities encompassing Cyber Hubs, CSIRTs, which occupy a central role in ensuring the cybersecurity of national authorities, providers of critical infrastructures and essential services. These entities are tasked with monitoring, understanding and proactively managing cybersecurity threats. In light of their crucial operative role in ensuring cybersecurity in the Union, the nature of the technologies involved as well as the sensitivity of the information handled, Cyber Hubs must be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt foreign influence and control.
• Tools to protect and secure AI solutions in line with the EU legislative framework and considering integration of requirements for robustness, performance, trust and balanced AI autonomy.
• Contribute to the cybersecurity certification of AI-driven cybersecurity solutions and systems. The primary objective of cybersecurity certification for AI systems within the EU is twofold: to mitigate cybersecurity risks inherent in AI technologies and to demonstrate compliance with the EU’s comprehensive legislative framework, including the AI Act. By establishing a standardised, transparent, and rigorous certification process, the EU seeks to foster trust in AI technologies among users, developers, and regulators alike.

¹ Multilayer Framework for Good Cybersecurity Practices for AI, ENISA, June 2023, available at: https://www.enisa.europa.eu/publications/multilayer-framework-for-good-cybersecurity-practices-for-ai.

²Cybersecurity of AI and Standardisation, ENISA, March 2023, available at: https://www.enisa.europa.eu/publications/cybersecurity-of-ai-and-standardisation.