EU calls upon select entities in member states to host, operate cross-border cyber threat detection platforms

The European Commission, in coordination with the European Cybersecurity Competence Centre (ECCC), launched a call for expression of interest to select entities in member states, who will host and operate cross-border cyber threat detection platforms, each bringing together relevant public entities from several member states, and private entities.

These platforms are expected to enable and stimulate the exchange and fusion of large amounts of data on cybersecurity threats from multiple sources, producing high-quality, actionable intelligence for their participants through expert analysis and the use of tools and infrastructures. The approach should serve to improve detection capabilities and prevention and response to cyber threats and incidents.

Following its announcement of the EU cybersecurity strategy in December 2020, the Commission allocated €110 million in the cybersecurity work program (WP) 2021-2022 to ‘Capacity Building of Security Operation Centres.’ One of the key envisaged actions is the setting up of ‘cross-border platforms for pooling data on cybersecurity threats between several Member States.’ 

Cross-border security operations centers will procure cyber threat detection tools and services together with the European Cybersecurity Competence Centre, which will initially contribute EUR 30 million under the Digital Europe program. The program will also fund up to EUR 72,5 million in grants for cyber threat detection, following a recently opened call for proposals. Centres or platforms may also apply for such grants, with the aim to complement the investment resulting from joint procurement with the European Cybersecurity Competence Centre.

“The purpose of this Call for Expression of Interest (CfEl) is to select entities in EU Member States and other eligible countries, willing to deploy and manage cross-border SOC platforms,” the Commission outlined in a document released Thursday. “The selected consortia will engage in joint procurement with the ECCC to purchase the necessary tools and infrastructures to establish the cross-border SOC platforms. For each joint procurement, the EU will contribute up to 75% of the purchasing costs. The number of joint procurements to be conducted will depend on the needs identified under this CfEl The budget for procurement will consist of up to €30 million.”

The document added that separately, a platform could receive a grant to complement the joint procurement(s). “The related grant would be awarded if the relevant requirements in the separate call for proposals are met. It would cover up to 50% of eligible costs, such as staff costs or other eligible costs for setting up and running the cross-border platform, with the exception of those tools and infrastructures that will be purchased through the joint procurement(s). The grant funding for the eligible costs of the cross-border platforms will come from the call for proposals on Security Operation Centres (SOCs), having a total amount of €72,5 million,” it added.

Commenting on the European Commission’s Call for Expression of Interest, Margrethe Vestager, executive vice president for a Europe Fit for the Digital Age, said in a statement, “secure cyberspace is the foundation of our digital lives, the digital economy, and the EU’s sovereignty. This new European infrastructure is indispensable to build the foundation, and thanks to the future solidarity mechanism, it will be deployed on an even larger scale.”

“Detection speed is a key factor in responding to cyber threats,” Thierry Breton, Commissioner for Internal Market, said. “With the deployment of a European SOC infrastructure, we are improving response times and facilitating cooperation to achieve a true European cyber shield.”

The Call for Expression of Interest document identified that the deployment of these cross-border platforms is a pivotal component in a wider strategy and set of actions aimed at stepping up monitoring and detection capabilities and improving situational awareness at national, cross-border, and EU level, and at paving the way for building a collaborative, interoperable and sustainable pan-European infrastructure. 

“The infrastructure will link SOCs entities at national level forming several cross-border SOC platforms that will be able to build up shared capacities and exchange information among themselves,” the document said. “Such platforms would together constitute a pan-European infrastructure.”

Cooperation and exchange of information will be encouraged among the various entities at all levels through the procurement of common equipment, software, and services, the development of cooperation frameworks as well as specific conditions aimed at ensuring a high level of interoperability among the supported projects and infrastructures, which will fit into a common, high-level blueprint architecture.

The platforms should act as a central point allowing for broader pooling of relevant data and cyber threat intelligence (CTI), enabling the spreading of threat information on a large scale and among a large and diverse set of stakeholders such as CERTs/CSIRTs, ISACs, and operators of critical infrastructures.

Cross-border SOC platforms will contribute to enhancing and consolidating collective situational awareness and capabilities in detection and CTI, supporting the development of better-performing data analytics, detection, and response tools, through the pooling of larger amounts of data, including new data generated internally by the consortia members.

The Call for Expression of Interest intends to select one or more multi-country consortia led by competent authorities from at least three member states that would come together to create cross-border SOC platforms. More specifically, it aims at selecting consortia composed of multiple national SOCs which will set up and manage cross-border SOC platforms. Members of a consortium must sign a consortium agreement among themselves outlining their various responsibilities.

One or more of the National SOCs that participate in a consortium will take on the responsibility for the hosting of the cross-border SOC platform infrastructure. One of them shall be designated as ‘coordinator’ for the Call for Expression of Interest. Hosting and usage agreements will be signed between the coordinators of the selected consortia and the ECCC to decide on the operation and maintenance of the platforms’ tools and infrastructure.

As this Call for Expression of Interest can be viewed as a first phase, it may be necessary to evolve the platform(s) in a subsequent phase, with the aim of better achieving the objectives. It should also be possible for additional national SOCs to join the consortia in subsequent phases, based on an agreement with the existing partners, to increase and reinforce the capabilities of the platforms. Participation from defense entities should be allowed.

Consortia willing to host and manage cross-border SOC platforms will be selected through this Call for Expression of Interest. Successful consortia will engage in joint procurement with the ECCC to purchase the necessary tools and infrastructures to establish those platforms.

For the joint procurement(s), the EU financial contribution is estimated at a maximum of €30 million for all cross-border SOC platforms. The EU contribution would cover up to 75 percent of the purchasing costs of the tools and infrastructures. The remaining procurement costs would be covered by member states participating in each cross-border SOC platform. The EU contribution can only be used for jointly purchased goods and services. Additionally, the consortia can apply for a grant to cover other costs through a separate call for grants.

The deadline to submit expressions of interest to set up cross-border SOC platforms and request for complementary grants under call DIGITAL-ECCC-2022-CYBER-03-SOC is Feb.15, next year, with the finalization of assessment of expressions of interest and grant application to be completed by the middle of March. By the second quarter, the signature joint procurement/hosting and usage agreement is scheduled for, apart from working with experts to draft technical specs of joint procurement(s) call for tender and publishing the joint procurement(s) call for tender by ECCC and cross-border SOC platforms. In the second half of next year, the signing of procurement contracts with selected vendors is scheduled.

The Expressions of Interest must be sent electronically no later than the DATE+TIME Brussels time at the functional mailbox ‘[email protected].’ They must be submitted using the Submission Form, and completed in the English language, in the correct form, duly completed, and dated.

Earlier this month, the EU Commission and the High Representative proposed a joint communication on an EU Cyber Defence policy and an Action Plan on Military Mobility 2.0. The EU Policy on Cyber Defence works on ​​enhancing the EU’s ability to prevent, detect, deter and defend against cyberattacks aimed at the Commission and its member states using all means available.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.