Putting AI into the EU Cyber Crisis Collaboration

Abstract:

<p>Artificial Intelligence (AI) is not something new. What is new is the pace within which information is disseminated in today&rsquo;s society and the amount of data produced that renders the use of advanced technologies like AI essential for organisations. AI systems have the potential to create competitive advantage and have been adopted by organisations both in operational and technical levels. Such systems are utilised to provide intelligence on the services which organisations offer, to distinguish behavioural aspects of systems and networks, and to help humans understand complex relationships between different entities of their working environment. In cybersecurity, AI systems have the ability to highlight anomalies on network traffic identifying invisible &ldquo;unknown unknown things&rdquo; in the systems, but also as an efficient classifier of vast amounts of data like in the case of threat intelligence.</p><p>In the EU cyber crisis cooperation context, most commonly referred as &lsquo;the Blueprint&rsquo;, AI uses are just beginning to emerge, mainly at the Open Source intelligence domain. The need for situational awareness, one of the Blueprint&rsquo;s main pillars, has driven ENISA to initiate the development of a project under the name &lsquo;Open Cyber Situational Awareness Machine &ndash; OpenCSAM) that attempts to address the need for accurate aggregation of relevant information and reporting. The project is using supervised learning and natural language processing to facilitate incident responders at all levels of administration in the drafting of situational awareness reports for the Blueprint.</p><p>This paper is included in the program of <a href="https://digilience.org">DIGILIENCE 2019</a>. The presentation slides are available at the link above.</p>