Overview

Resilmesh  aims at addressing major challenges for security teams, namely an increase in digital infrastructure attack surfaces and their complexity and sophistication, combined with a slow adaptation of organisations’ security systems regarding their security architectures, practices and infrastructure. To this end, Resilmesh will help organisations achieve higher levels of security and resilience by providing them with methods and tools to better manage the complexity of their digital infrastructures and services, combat advanced persistent threats.

Resilmesh will specify two competitive open calls for third parties to augment the scope and range of the platform. The first call will be open to cybersecurity application and software developers to provide new platform components e.g. new anomaly detection or correlation algorithms, while the second call will be reserved for use-cases which will be selected to ensure use of the platform in new critical infrastructure domains.

The programme will select four proposals, each addressing one of the challenges defined providing a maximum contribution of 90K€, to be paid in form of lump sums at the end of each sprint (30%+40%+30%).

Applications to the Open Call will be accepted from August 7th, 2024, until October 16th, 2024. After the selection is completed, the SMEs will be invited to sign the sub-grant agreement and enter the Resilmesh Programme.

The Resilmesh Open Call has a duration of 9 months. During this phase the SMEs will have the support of one mentor to monitor project progress and facilitate communication with technical partners.

Eligibility criteria

  • Legal entities or consortia of legal entities, which can be either mid-caps, SMEs or research organisations (RTOs or academia).
  • In the case of consortium-type applications, the leading partner will be responsible for the technical developments, the other member will be an end user responsible to validate the technical developments.
  • All legal entities established and based in one of the EU Member or a Horizon Europe Associated country are eligible.

Scope

The Resilmesh project aims to extend the capabilities of the Resilmesh platform by selecting systems actors/innovators (mid-caps, SMEs start-ups, and researchers) that are developing technologies that can extend the capabilities of Resilmesh in the following domains:

  1. Extension to new domains and systems, to extend i) the detection capabilities of Resilmesh to new OT domains and/or ii) the interoperability of  Resilmesh third party security controls and tools. Examples include:
  • Novel OT/IT Datasets
  • Extension of the Asset Management functions through Integration of new device types to ISIM + new applications based on ISIM/CASM.
  1. New Analytic Algorithms and Architectures

User and Entity Behaviour Analytics (UEBA) shifts the focus of detection from Indicator of Compromise (IoC) approaches to focus on higher level Indicators of Behaviour (IoB). UEBA can apply to both endpoint and network traffic behaviours. One approach here could be to extend the Resilmesh NDR functional component with network behaviour analytics such as those identified in the Network Traffic Analysis category in the Mitre D3FEND taxonomy (https://d3fend.mitre.org/). UEBA analytics for IIoT/OT infrastructure in particular are of interest.

Novel edge AI AD architectures: The deployment of edge-based AI opens many possibilities for experimenting with different algorithms and architectures, taking into consideration the needs of the domain and the data. Some possible approaches might be:

  • User Ensemble methods
  • Distributed deep learning
  • Incremental learning
  • Edge-to-Edge Collaborative Anomaly Detection
  1. Stream Processing of Security Events

Data processing pipelines based on platforms such as SPARK, KAFKA Streams, Esper can be used to for many purposes including the processing of security data ‘on the fly’ in real time.

Complex Event Processing (CEP) is a generalisation of traditional stream processing for aggregating, processing, and analysing data streams in order to gain real-time insights from events as they occur.

Stream processing may be facilitated by the use of Integration of a data lakehouseA data lakehouse is a centralised storage repository capable of accommodating structured and unstructured data at virtually any scale.

  1. Security Operations

This category addresses potential expansion to Resilmesh functional components on the Security Control Plane. The goal is to demonstrate the use of Resilmesh mitigation orchestration and enforcement capabilities in OT domains. Some possibilities include:

  • Novel mitigation playbooks for handling response for new attack types. This may require the development accompanying dataset for attack detection.
  • Development of novel software actuators tailored for enforcing actions in OT networks and systems, such as for instance,  enablers for controlling SCADA systems
  • Enhancement of Resilmesh XDR capabilities through integration with existing EDR (Endpoint Detection and Response) systems to improve the range of attack mitigation and response controls.

Important dates

Submission ends 16/10/2024 17:00 CET

Webinars

Stay tuned for the Resilmesh Open Call Webinars for Open Call applicants.

Relevant Links and Contacts

Project website: https://Resilmesh.eu/

Open call application form: https://www.f6s.com/resilmesh-open-call-1

Helpdesk: support@resilmesh.eu

Reference Material

The Open Call is the competitive process by which legal entities apply to have access to the Resilmesh programme. The project will select four proposal providing a maximum contribution of 90K€, to be paid in form of lump sums.

Legal entities or consortia of legal entities, which can be either mid-caps, SMEs or research organisations (RTOs or academia). In the case of consortium-type applications, the leading partner will be responsible for the technical developments, the other member will be an end user responsible to validate the technical developments.

Any legal entity established and based in one of the EU Member or a Horizon Europe Associated country.

The Resilmesh Project will select four proposals to be funded.

  • Direct funding (FSTP) of up to €90.000 in the form of lump sum
  • Technical support from the consortium to facilitate integration with Resilmesh technical infrastructure.
  • A dedicated Mentor to monitor project progress
  • One application per applicant will be accepted. In case an applicant submits more than one proposal, only the application submitted first will be considered.

Any selected proposer will sign a dedicated Sub-Grantee Funding Agreement with the Resilmesh consortium. The funds attached to the Sub-Grantee Funding Agreement come directly from the funds of the European Project Resilmesh funded itself by the European Commission.

The F6S platform is the entry point for all applications, available at Apply to Resilmesh – Open Call #1 | F6S.

Remember to read the ResilMesh_OpenCall1_Guide For Applicants before submitting your application to get all the necessary information.

Submission ends 16/10/2024 17:00 CET. After this time, all applications will be automatically discarded.

  1. Extension to new domains and systems
    1. Extension of he detection capabilities of Resilmesh to new OT domains.
    2. the interoperability of Resilmesh third party security controls and tools.
  2. New Analytic Algorithms and Architectures
User and Entity Behaviour Analytics (UEBA) shifts the focus of detection from Indicator of Compromise (IoC) approaches to focus on higher level Indicators of Behaviour (IoB). UEBA can apply to both endpoint and network traffic behaviours. One approach here could be to extend the Resilmesh NDR functional component with network behaviour analytics such as those identified in the Network Traffic Analysis category in the Mitre D3FEND taxonomy.  
  1. Stream Processing of Security Events
This involves the real-time handling of data, where computation occurs directly as data is generated or received.
  1. Data processing pipelines.
  2. Complex Event Processing
  1. Security Operations
This category addresses potential expansion to Resilmesh functional components on the Security Control Plane. The goal is to demonstrate the use of Resilmesh mitigation orchestration and enforcement capabilities in OT domains. Some possibilities include:
  • Novel mitigation playbooks for handling response for new attack types.
  • Development of novel software actuators tailored for enforcing actions in OT networks and systems
  • Enhancement of Resilmesh XDR capabilities through integration with existing EDR (Endpoint Detection and Response) systems