RegSOC

The most important research area of the RegSOC project is to expand the sources of data about events occurring in the network and develop solutions to detect threats more effectively. To typically used methods, analysis of network traffic anomalies, analysis of public text sources and detection of spam campaigns will be added. In addition to technical solutions, the project focuses on sharing channels and defining rules of communication between regional and central level entities involved in building cybersecurity. This will allow for a higher level of security, the implementation of procedures that reduce the likelihood of adverse events and the development of ways to better protect against their effects. The project will enable the preparation of a model solution, which will then be adapted and extended to other regions of Poland.
Project detailed objectives:

• development of a hardware and software solution used at the client station - a place of connection of the entity's internal IT network to the public network (client - local part)
• development of an organisational system and software to operate regional cyber-security centres integrating client devices from a given area (regional part)
• development of mechanisms for integration of RegSOC regional centres with the central entity - CSIRT NASK and NPC (National Cyber Security Platform).

The project is carried out by the Consortium of following institutions:

• Wrocław University of Science and Technology (project leader)
• National Research Institute NASK (NASK-PIB)
• Institute of Innovative Technologies EMAG.

The implementation of the project was divided into a research phase and a phase of preparation for deployment, which include a total of 7 tasks.
Wrocław University of Science and Technology The institution is responsible for developing a solution for the region (platform, organisational and operational procedures), risk analysis and prototyping methods, and preparation for deployment.
NASK-PIB is responsible for developing integration mechanisms at the central level (procedural and technical) and participates in the development of regional solutions. It also provides support in communication and cooperation with NC Cyber, CERT Polska.
ITI EMAG is responsible for taking into account the requirements of non-public entities and participates in the development of risk analysis methods.

Project results
Technological solutions:

• digital and hardware client solution, dedicated to public institutions
• digital security monitoring platform for the needs of RegSOC
• organisational and procedural model of functioning of regional centres in cooperation with CSIRT NASK and internal software integrating of RegSOC with NPC.

Deployment results:

• a model RegSOC centre at the Wrocław University of Science and Technology with client components deployed at interested parties
• a report on the implementation of the project, indicating the technical and economic feasibility of a wide market deployment (including international) of the developed solution.

Benefits acquired by the the project development:

• savings achieved by replacing commercial solutions in the public sector with the system developed within this project
• improving the quality and reliability of digital public services and the possibility to provide more advanced forms of them
• savings acquired from avoiding administrative fines and compensation costs caused by data security breaches
• easier, more efficient and uninterrupted use of the range of digital public services available to citizens and businesses when interacting with e-government
• easier access to public administration services, improved image of the office.