Strengthening the SOC Ecosystem

• Events, workshops, stakeholder consultations, architectural designs and white papers on technical coordination and interconnection support platforms.
• Stronger links between public sector and industry SOCs
• Technical frameworks to allow for information exchange between SOC platforms
• A blueprint for the use of HPC facilities for the benefit of SOCs

This topic complements other actions in this and the previous Work Programme, which are building up National SOCs and Cross-Border SOC platforms. It will empower SOCs which are linked to National SOCs, and to a stronger collaboration between local SOCs, National SOCs and Cross-Border SOC platforms, leading to an increased data sharing and better detection capability for cyber threats. This should in particular foster interoperability, identifying what data can be shared, how this is shared and in what format, requirements and sharing agreements, and ways to enable better exchange. Links to the actions funded under the Cybersecurity Skills Academy (in the main Digital Europe work programme) can also be envisaged.

These actions should lead to increased engagement, including from the private sector, and to a better collaboration towards a common EU cyber threat knowledge base and technological independence.

Additionally, Cross-Border SOC Platforms will develop a comprehensive governance framework, with for example enrolment conditions and vetting procedures. The aim is to foster discussion between such platforms, sharing best practices and identifying opportunities for collaboration.

One Coordination and support action will be selected, bringing together the largest possible network of National and Cross-Border SOC platforms.

Actions should address one or more of the following:

• Activities and technical frameworks that foster the collaboration and interconnection between Cross-Border SOC platforms and National SOCs, as well as fostering the link between National SOCs and other SOCs at national level.
• Actions that support the cooperation and coordination of Cross-Border SOC platforms, both between different Cross-Border SOC platforms, and with relation to national SOCs and other SOCs.
• Actions to foster links between public sector and industry, and stimulate mutually beneficial exchange of information, tools and data as well as exchange of knowledge and training opportunities.
• Actions to foster links between SOCs and industrial stakeholders in artificial intelligence and in other enabling technologies, fostering the adoption of such technologies, including AI techniques and tools rand facilitating getting acquainted with existing state of the art tools (such as for example those developed in Action 1.1.4 of this work programme) and knowledge exchange.
• Actions to engage stakeholders from the HPC stakeholder community and practitioners of breakthrough AI technologies, to develop a blueprint for the requirements of AI models that necessitate access to large or smaller HPC facilities, and next steps to make this happen, as well as raising awareness of this in the wider SOC community.

These actions aim at creating or strengthening national and/or cross-border SOCs, which occupy a central role in ensuring the (cyber-)security of national authorities, providers of critical infrastructures and essential services. SOCs are tasked with monitoring, understanding and proactively managing cybersecurity threats. In light of the crucial operative role of SOCs for ensuring cybersecurity in the Union, the nature of the technologies involved as well as the sensitivity of the information handled, SOCs must be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt foreign influence and control. As previously noted, participation of non-EU entities entails the risk of highly sensitive information about security infrastructure, risks and incidents being subject to legislation or pressure that obliges those non-EU entities to disclose this information to non-EU governments, with an unpredictable security risk. Therefore, based on the outlined security reasons, the actions relating to SOCs are subject to Article 12(5) of Regulation (EU) 2021/694.