EU-funded project CyberSANE to transform security incident detection and handling systems

The 36-month project with approximate funding of € 5 million focuses on the development of cybersecurity solutions in the form of reliable, flexible, scalable, and efficient ICT components for Critical Infrastructures Information (CIIs).

Limassol. January 20, 2020. CyberSANE project has been funded by the European Commission as part of its H2020 Programme under the call SU-ICT-01-2019 and topic “Dynamic countering of Cyber-attacks”. The innovative proposal presented by the CyberSANE consortium foresees the development of a system addressing both technical and cognitive challenges related to the identification, prevention and protection against attacks on critical infrastructures through collecting, compiling, processing and fusing of all individual incident-related information for ensuring the integrity and validity of Infrastructures, helping decision-makers to understand the technical aspects of an attack and draw conclusions on how to respond.

According to a Ponemon Institute study[1], critical infrastructure providers have been overloaded by cyberattacks in the past two years, and 90% of them have been victims of cyberattacks since 2017, with half of the attacks resulting in downtime of operations. The survey included respondent from different regions and sectors such as utilities, energy, health and transport, which store highly sensitive information and are responsible for essential services.

CyberSANE will design an advanced, configurable and adaptable, security and privacy incident handling systems with the aim to improve, intensify and coordinate the overall security efforts for the effective and efficient identification of threats, and the investigation, mitigation and reporting of multi-dimensional attacks within the interconnected web of cyber assets involved in critical infrastructure information and security events. For this purpose, the CyberSANE system includes a series of tools and components:

  • LiveNet (Live Security Monitoring and Analysis): Capable of preventing and detecting threats, and in case of a declared attack, capable of mitigating its infection/intrusion effects.
  • DarkNet (Deep and Dark Web Mining and Intelligence): Allows the analyses of security, risks and threats related information embedded in User Generated Content (UGC) via darkweb and similar sources.
  • HybridNet (Data Fusion, Risk Evaluation, and Event Management): Provides the intelligence required to perform effective and efficient analysis of a security event based on information collected by the LiveNet and DarkNet components.
  • ShareNet (Intelligence and Information Sharing and Dissemination): Provides threat intelligence and information with sharing capabilities within CIIs and other involved parties to determine the trustworthiness of information sources as soon as the data is received.
  • PrivacyNet (Privacy & Data Protection Orchestrator): Manages and orchestrates the application of innovative privacy mechanisms. It also maximises achievable levels of confidentiality and data protection towards compliance with GDPR directives in the context of protecting sensitive incident-related information within and outside CIIs.

In order to validate the benefits and features of the CyberSANE approach, it will us three pilots covering different sectors identified as critical to security and financial. They are solar energy production, storage and distribution service operated by Lightsource Labs in Ireland, a container cargo transportation service managed by the Port of Valencia in Spain, and a real-time patient monitoring and treatment service provided by Klinikum Nuremberg in Germany.

The project is coordinated by PDMFC (Portugal) and involves 15 partners from several EU-Member States with different areas of expertise to address all the development of the CyberSANE System and the proper validation of the scenarios. The partners are Atos (Spain), Consiglio Nazionale Delle Ricerche (Italy), S2 Grupo (Spain), INRIA (France), Maggioli (Italy), Ubitech (Cyprus), Institut Jozef Stefan (Slovenia), Foundation for Research and Technology Hellas (Greece), Sphynx Technology (Switzerland), Katholieke Universiteit Leuven (Belgium), Sidroco Holdings (Cyprus), University of Brighton (UK), ValenciaPort (Spain), Lightsource Labs (Ireland), and Klinikum Nuremberg (Germany).


For more information please visit:

Follow CyberSANE project on Twitter and LinkedIn

[1] (Ponemon Institute LLC, 2019)