Cyber-attacks are becoming a clear obstacle for European economies to strive. It is decreasing trust of the users and slowing down the growth of the Digital Single Market. Damage is not only economical, but also has high societal impact, since attacking sensitive information and critical infrastructures that provide essential services for society that, in the most dramatic case, may lead to loss of human lives.
Cyber threats are evolving and becoming more sophisticated, what should compel organisations to be in a position of permanent surveillance, monitoring continuously each system. But in spite of the big risk, available solutions still keep weak. The lack of cyber risk awareness is becoming a very serious problem.
Enterprises and SMEs are not able to cope with the dynamicity and complexity of cyber risk which is putting them in a vulnerable position.

Besides, they often lack tools or qualified teams to support the decision-making process regarding the mitigating measures.
Cyber risk detection and assessment is usually a manual process, mainly performed  periodically  at  static points of time. In addition, current focus is on the ICT side, not considering  business  or  societal  impact. This perspective contrasts with the cyber risk dynamic nature that sometimes demands rapid ad-hoc mitigation measures.

Objectives

WISER  faces  this  changing  risk  landscape by focusing on areas that complement each other to make progresses beyond the state of the art:

1. Provide tools that enable continuous cyber risk monitoring solution, e.g. access to relevant freshly updated information, in order to feed module for continuous assessment of risks.
2. Multi-level risk assessment, focusing not only at ICT system (or combination of interdependent systems), but also considering the business processes or services that depend on it, and including also the implications of cyber disruptions at a wider level, considering all the societal impact (in public services, industrial capacity, resource availability for the functioning of societies and the economy, and in general well-being of the population).
3. Provide decision support tools to facilitate selection of optimal mitigation options based on integrated overall risk impact (IT, societal, business...).

Methodology and tools
To reach this new level in cyber security WISER will develop a methodology, based on best practices, with a set of taxonomies for cyber risk concepts, as well as a set of cyber risk checks and metrics. The cyber risk framework will have to reflect the changes in cyber threat climate, not only at the level of information systems but also at the level of business processes and services that run on top of these processes, as well as societal services and support functions depending on the given ICT system. It will provide decision support tools to facilitate selection of mitigation options based on dynamic and integrated risk impact assessment at different levels (qualitative and quantitative techniques for assessing the level of cyber risk exposure). Focus is on integrating technological advancements related to implementation of the continuous monitoring, assessment and mitigation mechanisms for cyber risk management in real time.

Focus on SMEs
WISER also has focus on SMEs needs that often do not have means to handle cyber risk with advances methodologies & tools. WISER will deliver a pre-packaged risk management solution for SMEs that combines sophistication of the solution with simplicity of use and adoption by the end-user. Among all the different goals defined in WISER, the most important one, having the highest priority, is to make cyber security affordable for SMEs.

WISER Pilots
From the very beginning of the project, WISER project will develop its activities in a market driven and market oriented manner. The goal is to make possible the early roll-out and application of WISER in different verticals. The project has started with the engagement of 10 different companies from a range of sectors. These companies will provide an overview of their business goals, their business processes and their current practice regarding cybersecurity in order to identify their emerging and future needs, and shape the product according to operational require-ments.
Besides, the definition of the project has also considered three different full-scale pilots carried out with the consortium partners, playing the role of early adopters. By doing this, valuable feedback will be obtained early in the project and the likelihood of successful marketability of WISER will be notably increased.

WISER Consortium
WISER is executed by a consortium of technology providers, risk management experts, market experts and service providers for piloting:

• ATOS (Spain)
• Trust-IT (UK),
• SINTEF (Norway)
• XLAB (Slovenia)
• AON (Italy)
• REXEL (France)

If you would like to know more about WISER please visit our website: www.cyberwiser.eu
WISER has received funding from the European Union’s Horizon 2020 research and innovation programme under the Grant Agreement no 653321

Authors

Elena González
Elena  González  is  Exploitation  and Dissemination Manager at Atos.
She is involved in the WISER  Project, in exploitation/ dissemination tasks.
Email: elena.gonzalez@atos.net

Antonio Álvarez
Antonio  Álvarez  is  Research  and Innovation Consultant at Atos.
He is involved in the WISER Project participating  in  technical,  dissemination and management tasks. 

Source: European CIIP Newsletter Current Issue 23 (Vol. 10 No. 1)