Development and Deployment of Advanced Key Technologies

• Deployment of state-of-the-art technologies in the area of cybersecurity
• Tools for automated threat detection, monitoring of networks, data protection and incident response

Breakthroughs in Key Digital Technologies such as Artificial Intelligence (including generative AI and adversarial AI), Big Data Analytics, Quantum, Blockchain Technology, High Performance Computing and Software-Defined Networking, create new opportunities for advancing cybersecurity in the areas of vulnerability detection, threat detection and rapid response, reducing the window of opportunity for attackers to exploit these vulnerabilities. Furthermore, they may enable new possibilities to protect data security and privacy.

The objective is to enable European cybersecurity actors to take advantage of these new breakthroughs, improving detection and prevention capabilities, efficiency, scalability, and facilitating data sharing and regulatory compliance.

In particular innovative technologies should allow for the processing of larger amounts of data, automating real-time pattern recognition, log analysis, vulnerability scanning, while enabling security professionals to focus on higher level interpretation of data and response decisions. They should allow organisations to deploy solutions and larger scale, and in increasingly complex environments.

A priority is to create and strengthen capacity for original Cyber Threat Information (CTI), e.g., in the form of CTI feeds or services.

Activities should fortify cybersecurity capabilities using breakthrough technologies, encompassing various aspects of cybersecurity. This involves uptake and integration for the deployment of novel tools, systems and services for threat detection, incident response, malware defence, vulnerability management, data protection and so forth. In one or more of the following topics should be addressed:

• Real-time Monitoring and Incident Response: ensuring the swift identification and response to security incidents through continuous network monitoring, alert generation, and automated response mechanisms.
• Malware Defence and Analysis: mitigating malware threats by analysing code behaviour, scrutinizing network traffic, and assessing file characteristics, thereby reducing opportunities for attackers to exploit vulnerabilities.
• Proactive Vulnerability Management: identifying and addressing weaknesses proactively through automated vulnerability scanning and penetration testing to address potential threats before they can be exploited.
• Data Protection and Anomaly Detection: safeguarding sensitive data by scrutinizing access patterns and identifying abnormal behaviour to mitigate data breaches and protect critical information.
• Incident investigation to help uncover cause, scope and impact of security incidents or breaches that have occurred.
• Data Utilisation with Privacy: enabling organisations to harness data for analysis and insights while preserving data security and privacy through techniques such as anonymisation and de-identification.

By addressing such issues, the cybersecurity resilience of organisations should be enhanced, improving overall cybersecurity posture, encompassing various aspects such as threat detection, incident response, and vulnerability management.

In well justified cases, access requests to the EuroHPC high performance computing infrastructure could be granted.

The systems, tools and services developed under this topic, where relevant, will be made available for licencing to National and/or Cross-Border SOC platforms under favourable market conditions.

This action aims at the deployment of key technologies in cybersecurity, in particular also in the context of securing national authorities, providers of critical infrastructures and essential services. As this involves the handling of cyber incidents, malware and management of vulnerabilities that could be exploited by malicious actors, the deployment of such technologies must be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt foreign influence and control. As previously noted, participation of non-EU entities entails the risk of highly sensitive information about security infrastructure, risks and incidents being subject to legislation or pressure that obliges those non-EU entities to disclose this information to non-EU governments, with an unpredictable security risk. Therefore, based on the outlined security reasons, the actions relating to these technologies are subject to Article 12(5) of Regulation (EU) 2021/694.