Large-scale cyber incidents and crises require a collaborative-driven operational incident coordination. In Austria, multiple stakeholders are part of the cyber incident and crises management process and framework, which is also regulated in the national implementation (NIS Act) of the EU NIS Directive.
In Austria, national stakeholders establish cyber situational awareness (CSA) with a cyber incident and crises management process and framework across stakeholders. Currently, stakeholders deal with two main challenges for inter-organizational collaboration and information sharing. First, operational cyber common operating pictures (CCOP) are currently manually crafted (e.g., with documents) and do require a certain amount of resources (e.g., time and personnel) during regular national cyber incident management operations but require even more particularly during large-scale cyber incidents and crises. Second, establishing situational awareness with an operative CCOP requires often further information through inquiries to e.g., CSIRTs, Operators of essential Services (OeS), national regulatory authorities or Digital Service Providers (DSP). This is currently also a manual task using e.g., emails or phone calls to assess the status of entities. Automation of both complex tasks can reduce response times and enable faster situation assessment in the event of large-scale cyber incidents and crises.
The project AWAKE aims at creating a collaboration-driven CSA that enables multiple stakeholders to cooperate and share information on cyber incidents and crises at operational level. In the project two main pillars are developed that will reinforce the coordinated response:
1. Inter-organizational cyber security case management for shared CSA is developed that enables an automated operative CCOP at Member State level. AWAKE will integrate also ongoing activities (e.g., standard operating procedures) within the Cyber Crises Liaison Organisation Network (CyCLONe) and the CSIRT Network (CNW).
2. The collaboration and situation-dependent completion of the CCOP is implemented. Incident or crises coordinators (e.g., National Cyber Security Centers (NCSCs)) can direct inquiries (e.g., use of certain technology or protocols, distribution, impact), to certain communities (e.g., OeS, DSPs) and gather relevant information for operational CCOPs.
AWAKE will strengthen the joint preparedness by supporting multiple stakeholders to share and create an operative CCOPs using automation. The automated generation of the CCOP could decrease resources for generating the CCOP and shift them to the analysis and decision making. Furthermore, AWAKE will facilitate the collaboration between stakeholders during a coordinated response to cyber incidents. This project will contribute to increasing the resilience and sovereignty of Austria particularly in case of large-scale cyber incidents and crises.

• Partner: Bundeskanzleramt Österreich, Bundesministerium für Inneres, CERT.at Computer Emergency Response Team Austria
• Projektlaufzeit: 09/2021-08/2024
• Förderprogramm: CEF-TC-2020-2: Cybersecurity (EU)