A rapid response to cyberattacks is one of the main interests of European defence as it strongly affects stability inside and outside of Europe as well as the wealth and safety of society in general. Cyber situational awareness and defensive cyber technologies are essential to countering cybersecurity threats faced by member states.

Today’s world is more interconnected than ever before, making society vulnerable to cyberattacks on an unprecedented scale. Even national means of protection might not be sufficient in the face of this growing threat.

According to the European Parliament Research Service (EPRS), cyberattacks are the fastest-growing form of crime worldwide, also growing in scale and sophistication, with ransomware damage costs 57 times higher in 2017 than in 2015, and companies facing a cyberattack every 11 seconds in 2021, compared to every 40 seconds in 2016.

“Cyberattacks affect not only public administrations and businesses but also citizens, with the last being the most vulnerable group. Our economy – public transport, banking, health, energy, digital commerce, the public services sector – has become increasingly dependent on digital technologies, bringing the benefit of new services and opportunities on the one hand, while exposing us to cyberattacks on the other. The vast majority of commercial and public institutions are currently prepared to face cyber threats within their networks, and EU member states can provide adequate support at the national level,” says Dr. Tomas Žalandauskas, CEO of the Baltic Institute of Advanced Technology (BPTI), pointing out that cyber resilience and collective response can be significantly transformed by the PESCO initiative and related projects as well as the innovations developed during them.

Cyber Rapid Response Teams (CRRTs) from eight participating EU member states – Belgium, Croatia, Estonia, Lithuania, the Netherlands, Poland, Romania and Slovenia – allow member states to help each other ensure a higher level of cyber resilience and collectively respond to cyber incidents. CRRTs are equipped with jointly developed deployable cyber toolkits designed to detect, recognise and mitigate cyber threats. Teams would be able to assist with training, vulnerability assessments and other requested support. In practical terms, this could mean support in monitoring the threat landscape, detecting and mitigating cyberattacks or supporting the further investigation of cyberattacks.

Launched under the European Defence Industrial Development Programme (EDIDP), the project “Cyber Rapid Response Toolbox for Defence Use” (CYBER4DE) went one step further and took on the challenge of developing an easily deployable, modular, and scalable solution for managing cyber incidents in different complex national and international scenarios.

According to Robertas Petravičius, Cyber-security Programme Manager at BPTI and the coordinator of the CYBER4DE project, the CYBER4DE toolbox is a unique and universal solution that covers different advanced features. “The toolbox concept is based on four principal parts: Workplace, Sensors, Back-Office, and Cloud Services. They provide specific functionalities for managing cyber incidents (detecting, investigating and remedying hostile activities) and are integrated into a highly sophisticated, flexible, and scalable solution that is easily configurable and deployable to meet the specific circumstances of a wide range of deployed cyber crisis operations. State-of-the-art and open technologies, including artificial intelligence enhancements, will ensure the toolbox remains effective and upgradable over the years,” explains Robertas Petravičius. He also points out that a unique feature of the toolbox is its ability to adapt to various scenarios and cyber-security incident response patterns, making it a perfect tool for teams providing support to a diverse set of institutions.

The CYBER4DE toolbox also aims to enhance the processes and practices of Cyber Rapid Response Teams for a faster uptake of new tools and increased effectiveness in the operating domain, thus reducing training effort and adaptation time for new team members, considerably lowering the entry threshold for new Cyber Rapid Response Teams members. Although fast-forming CRRT initiatives may provide a necessary response to emerging cyber threats, these teams can only operate in common enterprise environments, have limited capabilities for specialized systems, or are dedicated to working only on a single organisation’s internal networks. Additional capabilities must be developed and made available for such teams, ensuring situational awareness and fast information flow from the technical to the decision-making level and vice versa.

Tomas Žalandauskas hints that in the future the CYBER4DE toolbox can also be widely adapted to various industries and domains of operation. “Some elements of the toolbox are defence-specific, e.g., network protocols, procedures and tools, but the main idea of the system is its ability to work in various networks and sectors. The toolbox will aid cyber-security incident responders operating in various international and national sectors – finance, banking, healthcare, public services and e-commerce – making it more than just a solution tailored for the defence sector. But that is the long-term perspective. For now, the CYBER4DE project is strongly committed to further cooperation with the Cyber Rapid Response Teams initiative,” he says.

The toolbox was presented to the Cyber Rapid Response Teams at the Annual CRRT new rotation’s celebratory meeting in Croatia at the end of March 2023. The toolbox is set to be completed in 2024.

CYBER4DE is the first Lithuanian-coordinated project funded by the European Defence Industrial Development Program (EDIDP). The Lithuanian Ministry of National Defence is directly responsible for managing the project, and the Baltic Institute of Advanced Technology (BPTI) serves as the coordinator of a consortium of industrial companies.