The security and economy of the European Union as well as the well-being of its citizens depends on certain infrastructure and the services they provide. The destruction or disruption of infrastructure providing key services could entail the loss of lives, the loss of property, a collapse of public confidence and moral in the EU.
In order to counteract these potential vulnerabilities the European Council requested in 2004 the development of a European Programme for Critical Infrastructure Protection.
Since then, a comprehensive preparatory work was undertaken, which included the organisation of relevant seminars, the publication of a Green Paper, discussions with both public and private stakeholders and the financing of a pilot project.
With this in mind, on 12 December 2006, the Commission adopted the communication on a European Programme for Critical Infrastructure Protection (EPCIP), which set out an overall horizontal framework for critical infrastructure protection activities at EU level.
The proposed EU Programme on "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks" was adopted on 12 February 2007.
Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection set up a procedure for identifying and designating European critical infrastructures (ECIs).
At the same time, it provides a common approach for assessing these infrastructures, with a view to improving them to better protect the needs of citizens.
Finally, on 30 March 2009, the Commission adopted the communication on Critical Information Infrastructure Protection (CIIP) [COM(2009) 149], which gives details of the main challenges facing critical information infrastructures and proposes an action plan aimed at increasing their protection.
CloudCERT is co-financiated by the European Union (EU) following the specific program named "Prevention, Preparedness and Consequence Management of Terrorism and other Security-related risks", located within the "Security and Safeguarding Liberties" program.
This specific program is developed via annual work programmes. Project CloudCERT is the answer to one of the calls for proposal issued by the EU in 2010.
The Spanish National Institute of Cybersecurity (INCIBE), along with other beneficiaries, obtained the acceptance and co-financing from the EU for implementation.
As stated in EPCIP, stakeholders must share information on Critical Infraestructure Protection (CIP), particularly on measures concerning the security of critical infrastructure and protected systems, interdependency studies and CIP related vulnerability, threat and risk assessments. At the same time, there must be assurance that shared information of a proprietary, sensitive or personal nature is not publicly disclosed and that any personnel handling classified information will have an appropriate level of security vetting by their Member State.
To solve this real need, CloudCERT project aims at providing this secure information sharing testbed framework in order to exercise unified coordination using same communication protocol standards for improving visibility of common threat awareness, vulnerabilities, advisories and alerts specific to CIP.
In order to achieve this goal, an important work must be carried out based conceptual CSIRT communication modelling and architecture; definition of secure information sharing; information standards and protocol definition; design of the testbed platform and implementation; and finally pilot reality check based on user cases.
The main objectives are:
The short term impact has been to provide CIP bodies with a testbed platform designed to support the Member States' CIP information exchange, coordination and supervision.
In the midterm Cloud-CERT will enhance the cooperation through the platform implementation in a real production environment and it will contribute to the minimization of cooperation obstacles for CIP operators and protection authorities in different countries in Europe.
In the long term, it is expected to contribute to the establishment of an European Homeland Security environment for the protection of European CIs.
The main target groups and beneficiaries of this project are:
The Project started off at the beginning of 2012 with an estimated duration of 2 years, and has ended on December 31, 2013.
CloudCERT project has a remarked innovative nature. The technological solution developed make use of the more advanced techniques and tools in the following fields: