TNO Launches Open Source Tool for Automated Cybersecurity

As cyber attacks increase in number, speed and ingenuity, it is increasingly difficult to detect, analyse and repel them early. This requires automation of cyber security operations. To that end TNO is launching an open source tool that enables companies and organisations to experiment with advanced technology for automatic protection against and recovery from cyber attacks. The tool plays a major role in two European projects, in which TNO and partners are conducting research to respond to cyber threats and cyber attacks as quickly and robustly as possible.

TNO reports: 'Many organisations need to take big steps in today's digital world to keep their cyber resilience at a sufficient level. Organisations providing vital services, including those managing physical infrastructure, are particularly vulnerable to cyber attacks.

With the growing digitalisation of our vital infrastructure, they too will soon have to adopt advanced cybersecurity tooling. Human action alone to repel these attacks is far from sufficient.

Interoperable

SOAR (Security Orchestration, Automation and Response) tools provide an end-to-end solution to automatically detect vulnerabilities and respond to them mostly without human intervention. They automatically execute so-called "security playbooks".

However, previous SOAR tools are less suitable for cutting-edge research on cyber security innovations because they are often either not fully interoperable or not available open source. In contrast, TNO's new SOARCA tool is open source, interoperable with other tools and follows the latest international standards. This opens the way for parties to be able to develop new innovative solutions according to these new standards.

Accelerating innovation

There is a great demand for open source solutions and open standards in government and industry, as it prevents them from being tied to one supplier, the so-called "vendor lock-in". Open source further promotes national and international cooperation between companies and research institutions and accelerates innovations that are much needed in the fight against cybercriminals. For example, the University of Oslo recently developed an open source playbook editor, for which TNO's new execution tool SOARCA is a welcome addition.

TNO expert Shari Finner: "The SOARCA tool is a strategic tool that allows us and our partners to easily experiment with state-of-the-art technology to make society safer. The tool helps companies with their own tech and cybersecurity team explore how to make their cybersecurity more standardised and automated.

Thus, we aim to create an open ecosystem to counter vendor lock-in while encouraging much-needed common standards. Everyone is therefore cordially invited, especially security professionals at the SOC, CERT and CTI level, to download the tool themselves and experiment with it."

International projects

The SOARCA tool is currently being further developed and applied in two major research projects funded by the European Union. In the Horizon Europe project eFort, the aim is to make European electricity networks resilient against cyber attacks, physical disruptions and privacy problems. The technological innovations being developed for this purpose will soon be demonstrated in existing power networks under as realistic conditions as possible.

In the Dutch network, TNO will apply and demonstrate the new SOARCA tool in cooperation with TU Delft, TenneT, ENCS and DNV. AInception is a European Defence Fund (EDF) project aiming to use AI in automated detection and response to cyber attacks, especially in military networks. One of TNO's contributions here is to translate the AI-generated response into machine-readable playbooks and implement them with SOARCA.'

Source: Dutch IT Leaders

Photo: Istock.com/metamorworks