Strategy Nord was sub-contracted to provide Cyber Framework Development services for a European Union agency. The overall goal of the project was intended to avoid the design and development by Member States of their own cyber defence systems in complete isolation, which would result in disjointed and uncoordinated systems, applications, services, standards, vocabularies and taxonomies.
Working closely with the contracted supplier, Strategy Nord led with the design and development of a Cyber Defence Framework based on EU Member States' best practices in addition to established frameworks including the NATO Architecture Framework and NIST Cybersecurity Framework (to name but a few). Specifically, our participation in the CyDRE project encompassed the following key activities:
- Key Stakeholder Engagement: Working with the contracted supplier, Strategy Nord led with the implementation of a series of key engagements with EU representatives and Member States to identify existing Cyber Defence processes and procedures.
- Needs Analysis: Through extensive interactions with EU Member States and associated military forces, Strategy Nord established a baseline understanding of their needs to maintain Cyberspace situational awareness, coordinate with partner cyber actors and conduct Defensive Cyber Operations including Internal Defensive Measures and Responsive Actions.
- Blueprint Development: Based on our research and findings, a comprehensive blueprint was developed to lay the foundations of the proposed Cyber Defence Framework.
- Framework Development: Following consultations and a review of the blueprint, Strategy Nord began developing the framework according to the needs of key stakeholders. The framework addressed the following capability architecture:
- Vulnerability Assessment
- Identity Management
- Configuration Management
- Cyber Ranges
- Incident Management
- Border Protection
- Network Packet Capture
- APT Detection
- Threat Hunting
Leading with the implementation of the Cyber Defence Framework, Strategy Nord contributed to greater interoperability between several EU agencies and Member States in the field of Cyber Defence. Our participation in the project further ensured that technical aspects to Cyber Defence were successfully integrated within the scope of the established Cyber Defence Framework.