This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 833481 Call H2020-SU-ICT-2018 • Innovation Action • Start date: September 1st, 2019 Classification level: Public SOC & CSIRT Response to Attacks & Threats based on attack defence graphs Evaluation Systems D8.2 Dissemination plan Deliverable type: Report Contributing work packages: WP8 Dissemination Due date of deliverable: 30/11/2019 Submission date: 03/12/2019 Dissemination level: PU Responsible organisation: TNO Editor: Reinder Wolthuis Revision: 1.0 Abstract This document contains the approach, activities target groups, channels and high level planning for the dissemination of the SOCCRATES results to relevant stakeholders. Keywords: Dissemination, security, automation, exploita- tion.
27
Embed
D8.2 Dissemination plan - SOCCRATES€¦ · Dissemination plan Deliverable type: Report Contributing work packages: WP8 Dissemination Due date of deliverable: 30/11/2019 Submission
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
This project has received funding from the European Union’s Horizon 2020 research
and innovation programme under grant agreement no. 833481
zation, threat trend prediction, and automated analysis using attack defence graphs and business im-
pact modelling to aid human analysis and decision making on response actions, and enable the exe-
cution of defensive actions at machine-speed.
SOCCRATES has the following concrete project objectives:
1. Deliver the SOCCRATES platform consisting of an orchestration function and a unique inte-
gration of innovative background solutions that seamlessly work together.
2. Show that the SOCCRATES platform can improve SOC operations by evaluating the
SOCCRATES platform in two diverse real-life pilot environments.
3. Examine and illustrate the benefits of automation for selected SOC activities to help manage
the cyber security skills gap in organizations.
4. Prepare for successful exploitation by the SOCCRATES partners of the individual innovated
components and the integrated SOCCRATES platform in commercial products that are of-
fered to the market and are available for the European (business) community.
Please see www.SOCCRATES.eu for more information on the SOCCRATES project.
EU H2020 project SOCCRATES | GA 833481
D8.2 SOCCRATES Dissemination plan Page 6 of 27
Classification level: Public
1.2 This deliverable This document is the dissemination plan for the SOCCRATES project (deliverable D8.2). The Dissemi-
nation Plan (DP) describes the approach of SOCCRATES regarding dissemination objectives, plans, ac-
tivities target audience and results.
1.3 Structure of this deliverable Section 2 describes the dissemination strategy and measurable dissemination objectives, while sec-
tion 3 identifies the SOCCRATES stakeholders and the target audience for the dissemination activi-
ties, considering their specific information needs.
Section 4 provides details on the organization of the dissemination activities and the specific scope of
the activities. Section 5 lists the channels and media that SOCCRATES intends to utilize in the dissemi-
nation activities, including a detailed list of messages and hints tailored according to the category of
the audiences and stakeholder groups, in terms of content, format, style and support. Also, in section
5 are the projects, organizations and standardization activities that SOCCRATES aims to liaise with.
Chapter 6 briefly summarizes the exploitation approach, which will be laid down in a separate exploi-
tation plan (D8.6). Finally, in chapter 7, the work plan is laid down, describing the planning for all dis-
semination activities and their intended results.
2 Dissemination strategy and objectives
2.1 Dissemination strategy Given the importance of security across all industrial sectors and, indeed, to the public, dissemina-
tion and communication activities will be critical for ensuring that the best practice guidelines and
new technologies developed by the consortium reach a wide audience.
To achieve our ambitious objectives, we implement a three-strand approach to manage the dissemi-
nation of results internally and externally.
• The internal strand comprises an ongoing proactive review process for project deliverables, and other significant milestones, whereby such results are allocated specific dissemination ob-jectives and indicators of success. The aim is to ensure that project deliverables and results do not fade into the background after completion, but instead continue to be live assets to the project which are actively pursued to provide impact. The WP8 leader will ensure that a dis-semination session will be held at each face-to-face plenary meeting, to agree dissemination objectives, and to review previous efforts.
• The second strand of the dissemination plan is a set of dissemination objectives and schedule of events to engage directly with stakeholders, to achieve a high visibility of the SOCCRATES platform and encourage and enable adoption of SOCCRATES results. Organizations that main-tain a SOC, CSIRTs and MSSPs are a major focus of this dissemination strand. In line with the expected impacts of the project, the project will target the European CSIRT Network. Our dis-semination activities therefore focus on engaging with these stakeholders.
• The third strand for disseminating and validating the quality of the project results will be active engagement with academic and industrial peers through publications at conferences, organi-sation of special sessions and research workshops, and publication in high impact scientific journals. These events will provide a direct dissemination opportunity and promote the visibil-ity of SOCCRATES at an international level.
EU H2020 project SOCCRATES | GA 833481
D8.2 SOCCRATES Dissemination plan Page 7 of 27
Classification level: Public
The following points represent the main categories of project results that SOCCRATES intends to dis-
seminate to stakeholders:
1. Prototype technologies that have been validated in the project’s piloting activities;
2. Guidance on the use of these technologies by SOCs and CSIRTs, highlighting their potential benefits;
3. Materials, such as published articles, that highlight the technological innovations from the pro-ject that can be built upon by the community; and
4. APIs and public data sets, e.g., from SHS, that can be used to support enhanced SOC and CSIRT operations and enable the wider community to develop novel cyber security solutions.
2.2 The SOCCRATES dissemination objectives SOCCRATES adopted the following dissemination objectives that support the SOCCRATES objectives
(see paragraph 1.1):
• To raise awareness among all relevant stakeholders (e.g. policy makers, regulatory bodies, service providers, end users and vendors) on how to improve SOC/CSIRT operations with SOCCRATES re-sults;
• To develop the SOCCRATES SOC/CSIRT white paper composed of project results specifically tar-geted to raise awareness among higher management of stakeholders;
• To disseminate project results to relevant target groups and potential users of the SOCCRATES Platform and components;
• To identify and execute opportunities for contributions to standards based on SOCCRATES results.
• To develop and implement an interactive and user-friendly web site to inform the public and rele-vant stakeholders about the project;
• To produce an exploitation plan which will include a list of opportunities that arise from the pro-ject’s achievements and a detailed analysis of benefit and impact.
2.3 Sensitive information Where relevant, dissemination information (such as papers, demonstrations, presentations) will be
assessed by the SOCCRATES Security Advisory Board (SAB) to make sure that no security or privacy
sensitive information is published. The SOCCRATES SAB has drawn up procedures to this end.
3 Target audience and stakeholders We anticipate that SOCCRATES results will be applicable across a range of stakeholders. Although we
welcome engagement with all interested stakeholders, we will focus on building strong relationships
with SOC and CSIRT teams in Europe. The strong involvement of security solution providers in the con-
sortium (MNM, FRS, SHS, and FSC) and end-user VTF provides us with an exceptional insight into the
key needs of the industry, end users, and potential commercial customers, and enables us to shape
our message in the most effective way to reach and exert influence on external stakeholders, such as
those in the Stakeholder Group. SOCCRATES has identified a comprehensive set of target groups that
will be elaborated in the following paragraphs.
3.1 MSSPs offering SOC and CSIRT services This group of Managed Security Service Providers (MSSPs) is highly relevant for SOCCRATES and of-
fers SOC and CSIRT services to end users that do not have the capacity, size or ambition to have their
own SOC and CSIRT organization.
We aim to reach this group by including as many as possible of these operators in our stakeholder
group, invite them to demonstrations, workshops and webinars and communicate to them by the
EU H2020 project SOCCRATES | GA 833481
D8.2 SOCCRATES Dissemination plan Page 8 of 27
Classification level: Public
SOCCRATES video, blogposts on our website and through social media. We will also distribute the
white paper to this group.
Measurable outcome:
• Number of MSSPs in stakeholder group [>10]
• Number of MSSPs contacted about SOCCRATES [>25]
3.2 End users operating their own SOC/CSIRT End users are specific SMEs or large companies identified as potential end-users of SOCCRATES tech-
nology. Of course, they are also highly relevant for SOCCRATES both for delivering input to the devel-
opment and receivers of the exploitation activities of the project.
We aim to reach this group by including as many as possible of these end users in our stakeholder
group, invite them to demonstrations, workshops and webinars and communicate to them by the
SOCCRATES video, blogposts on our website and through social media. We will also distribute the
white paper to this group.
Measurable outcome:
• Number of end users in stakeholder group [>10]
• Number of end users contacted about SOCCRATES [>25]
3.3 National CERTs National CERTs also are a highly relevant target group for SOCCRATES, because they could be a user
of SOCCRATES developed technology, but they also need to understand the potential of automated
security and the impact it will have on their cooperation with SOCs and CSIRTs end users and MSSPs.
We aim to reach this group by including some national CERTs in our stakeholder group, invite them
to demonstrations, workshops and webinars and communicate to them by the SOCCRATES video,
blogposts on our website and through social media. We will also distribute the white paper to this
group.
Measurable outcome:
• Number of National CERTs in stakeholder group [>2]
• Number of national CERTs contacted about SOCCRATES [>5]
3.4 Vendors Vendors of products that relate to the SOCCRATES platform can benefit of the knowledge gained by
the project and are therefore a relevant target group.
We aim to reach this group by including interested vendors in our stakeholder group, invite them to
demonstrations, workshops and webinars and communicate to them by the SOCCRATES video, blog-
posts on our website and through social media. We will also distribute the white paper to this group.
Measurable outcome:
• Number of vendors in stakeholder group [>5]
• Number of vendors contacted about SOCCRATES [>10]
EU H2020 project SOCCRATES | GA 833481
D8.2 SOCCRATES Dissemination plan Page 9 of 27
Classification level: Public
3.5 Industry platforms & standardization bodies Industry Platforms and Associations, Standardisation Bodies (e.g., cPPP on cyber security, appropri-
ate ECSO working groups) are a relevant target group to use the knowledge that is developed in
SOCCRATES as input for their work.
We aim to reach this group by engaging with them, invite them to demonstrations, workshops and
webinars and communicate to them by the SOCCRATES video, blogposts on our website and through
social media. We will also distribute the white paper to this group.
Measurable outcome:
• Participation at industry bodies' events [6]
• Contributions to policy and standards, e.g. citations of SOCCRATES results [2]
• New relationships with appropriate bodies [2]
3.6 Policy professionals Policy Professionals (e.g., Europol EC3, national stakeholder (ministries), ENISA, …) are a relevant
group for SOCCRATES because they need to know the impact of security automation and use the out-
put of SOCCRATES to update policies where necessary.
We aim to reach this group by engaging with them, invite them to demonstrations, workshops and
webinars and communicate to them by the SOCCRATES video, blogposts on our website and through
social media. We will also distribute the white paper to this group.
Measurable outcome:
• References to results in policy [2]
• Position papers (e.g. to ECSO WG6 (research) or WG5 (education)) [3]
3.7 Security research community The international security research community (academic and industry) is an important target group
both to provide input to SOCCRATES but also discuss the (scientific) SOCCRATES results.
We aim to reach this group by attending and presenting at (scientific) conferences and seminars, in-
vite them to demonstrations, workshops and webinars and communicate to them by the SOCCRATES
video, blogposts on our website and through social media. We will also distribute the white paper to
this group.
Measurable outcome:
• Publication downloads [100+]
• Citations during project [50+]
• Invited talks by consortium members [7].
3.8 (EU) security automation innovation projects It is important to liaise with other innovation projects that deal with security and security automa-
tion. Knowledge can be shared and dissemination activities can be organized more effectively and
efficiently.
EU H2020 project SOCCRATES | GA 833481
D8.2 SOCCRATES Dissemination plan Page 10 of 27
Classification level: Public
We aim to reach this group by sharing knowledge and liaise with other projects, co-organize events,
invite them to demonstrations, workshops and webinars and communicate to them by the
SOCCRATES video, blogposts on our website and through social media. We will also distribute the
white paper to this group.
Measurable outcome:
• Exchange of information with other projects [>10]
• Liaison with other projects [>2]
• Co-hosted workshops [2].
3.9 General public The public is not a direct target group for SOCCRATES, as the results are meant for end users and
MSSPs. We will however make sure that SOCCCRATES also brings forward the general goal of the
project and the benefit for society to the public.
We aim to reach this group by making sure that our website contains some clear information that is
understandable for the public.
4 Dissemination organisation and scope TNO is the coordinator of the dissemination activities, which are managed in WP8, and all partners
are involved. The activities are distributed among the SOCCRATES project partners, but each partner
will have a specific focus. E.g. the focus of the KTH, IMT and TNO will be more towards the scientific
community, while the focus of mnemonic and Vattenfall will be more towards MSSPs and the end-
user community.
The other work packages of SOCCRATES provide input for the dissemination activities, see Figure 2.
Figure 2 - Overview of WPs and dependencies
EU H2020 project SOCCRATES | GA 833481
D8.2 SOCCRATES Dissemination plan Page 11 of 27
Classification level: Public
Work package 8 is organized according to the following tasks:
• T8.1 Develop and maintenance of the SOCCRATES web site
• T8.2 Develop the SOCCRATES white paper
• T8.3 Targeted dissemination and standardisation activities
• T8.4 Preparation and realisation of SOCCRATES workshops
• T8.5 Exploitation
And will deliver the following results:
Table 1 - WP8 results
Deliv-
erable
num-
ber
Deliverable title Dissemi-
nation
level
Delivery
date
D8.1 SOCCRATES public website
The project website (easily accessible) that contains
actual information regarding the project and its events
and where deliverables can be downloaded.
PU M03
D8.2 Dissemination plan
Contains all plans of SOCCRATES for dissemination at
events and to stakeholders.
PU M03
D8.3 Intermediate report on dissemination and standardi-
zation activities
Contains the progress of dissemination activities and
standardization activities.
PU M18
D8.4 SOCCRATES white paper
High quality and attractive deliverable containing the
SOCCRATES results and experiences in an easily acces-
sible way, suitable for policy makers and higher man-
agement of stakeholders. It will be available on-line
and in printed version.
PU M30
D8.5 Final report on dissemination and standardization ac-
tivities
Contains the overview and results of all dissemination
activities and standardization activities that have been
undertaken in the SOCCRATES project.
PU M36
D8.6 SOCCRATES Exploitation plan
Contains the plans for exploitation of the expected
project results.
PU M36
EU H2020 project SOCCRATES | GA 833481
D8.2 SOCCRATES Dissemination plan Page 12 of 27
Classification level: Public
5 Communication Channels, liaison, means and media SOCCRATES utilizes several channels and media to reach the ambitious dissemination goals. This
chapter highlights these channels and media.
5.1 SOCCRATES Advisory Board (SOCAB) The SOCCRATES Advisory Board (SOCAB) forms an independent review group of external (non-
funded) experts within the areas of CSIRT organizations, academia, industry and regulations. SOCAB
members provide external reflection on the operational and strategic direction of the project and are
invited to project events, will contribute to the requirements, and should review project results,
which will include both software and written deliverables. The SOCAB does not have a direct govern-
ing role in the project but may be consulted by any of the other project roles or governing bodies.
The composition of the SOCAB at the time of delivery of this document is:
• Andy de Petter, Head of cyber security intelligence & incident response, Proximus (BE),
• Frode Hommedal, subject matter lead CERT and SOC, PwC (NO)
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable
specifications. SCAP is a standardized form for expression and reporting of secu-
rity content. The specifications were initially setup towards vulnerability man-
agement application. Nowadays it is viewed broader and include: compliance,
remediation, and network monitoring.
• CPE - CPE is a structured naming scheme for information technology sys-tems, software, and packages. MITRE developed the Common Platform Enumeration (CPE). NIST holds operational responsibility.
• OVAL - Open Vulnerability and Assessment Language (OVAL) includes representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerabil-ity, configuration, patch state, etc.); and reporting the results of this as-sessment.
• XCCDF - The Extensible Configuration Checklist Description Format (SCCDF) is a specification language for writing security checklists, bench-marks, and related kinds of documents.
NIST is currently working on SCAP 2.0. The work is related to IETF SACM.
ISO JTC1 SC27 ISO JTC1 SC27 is the committee that develops standards for the protection of
information and ICT. The focus is on Information security, cybersecurity and pri-
vacy protection. SC27 has the following working groups:
• WG1 – Information security management systems
• WG2 – Cryptography and security mechanisms
• WG3 – Security evaluation, testing and specification
• WG4 – Security controls and services
• WG5 – Identity management and privacy technologies https://www.iso.org/committee/45306.html
CEN JTC13 New European standardisation group that develops standards for data protec-
tion, information protection and security techniques.
ITU-T SG17 Study Group 17 of ITU-T is tasked with Cyber Security standardisation.
6 Exploitation The SOCCRATES partners all will strive to maximally exploit the SOCCRATES results. These results will
be exploited by all individual partners, after the project. The way of exploitation will be addressed in
the exploitation plan (D8.6), that will be made in the last phase of the project. The exploitation plan
will identify and capture the commercial exploitation of SOCCRATES results by each of the consor-
tium partners and by others. It identifies the scientific and technical knowledge, products and ser-
vices (deliverables) of the project susceptible to be exploited, classification of these according to
their commercial potential, while foreseeing potential barriers for the exploitation. It includes high
level assessment, of the expected impact of the knowledge and technology generated and the fac-
tors that would influence their exploitation (such as standardisation, regulatory aspects, etc.). It in-
cludes an IPR protection strategy according to the interest of partners and stated in the Consortium
Agreement, assessment of future feasibility of the project results in the respective marketplaces and
a technology implementation plan developed for the future commercial deployment of the results.
7 Dissemination Work Plan This section provides a comprehensive plan for the SOCCRATES dissemination activities. These activi-
ties can be divided in three categories:
• Ongoing activities – these are activities that will be ongoing during project lifetime, such as maintaining the website
• Planned activities – these are activities that can be planned beforehand, either at a spe-cific date or in a timeframe (e.g. Q4 of 2016)
• To-be planned activities these are activities that cannot be planned at this moment. They will be listed and where possible, the activities are planned at specific dates during the project, but not every activity can be planned beforehand.
After each year, a concise report of the SOCCRATES dissemination activities will be made.
7.1 Ongoing dissemination activities A number of dissemination activities are ongoing and are listed in