ECYSAP EYE | Intelligence and Dominance in Cyberspace for European Defence

European Cyber Situational Awareness Platform

ECYSAP, which ended in February 2025, is the previous project, with EDIDP-CSAMN-SSC-2019-022-ECYSAP project code. It aims to develop and implement innovative theoretical foundations, methods, and research prototypes integrated towards providing a European operational platform for enabling real-time Cyber Situational Awareness (CSA) with rapid-response defensive capabilities and decision-making support for military end-users. An integrated and modular platform for National/European security purposes and military expeditionary operations will be developed, which shall become a real-time defensive system with cyber response capabilities, automated and deployable in areas of operations (National/European) interconnected between intelligent nodes.

Monitoring and Analytic Capabilities

ECYSAP shall produce capabilities for taking charge of the impact of cyber threats at mission level, and of potential future threats.

Simulation and Prediction

ECYSAP shall produce artefacts for managing the whole CoA decision life-cycle at both cyber and mission levels, up till their enforcement.

CoA at both Cyber and Mission levels

Views shall offer a whole operational picture based on conventional military symbols and also present CONcept of OPerationS (CONOPS).

Concept and Approach

The main objective of ECYSAP is to develop and implement of innovative theoretical foundations, methods and research prototypes integrated towards providing a European operational platform for enabling real-time Cyber Situational Awareness (CSA) with rapid-response defensive capabilities and decision-making support for military end-users. An integrated and modular platform for National/European security purposes and military expeditionary operations will be developed, which shall become a real-time defensive system with cyber response capabilities, automated and deployable in areas of operations (National/European) interconnected between intelligent nodes.

Project Highlights

1. ECYSAP will design, implement and validate a toolset of analytical enablers to support risk identification, assessment and project its propagation estimation at both CIS and mission levels. ECYSAP supports the activities engaged in reactive/proactive responses, including the identification, selection, planning and enforcement of Courses of Action (CoAs) at CIS/Mission level, performing also simulations and predictions of the operational environment and CoAs at different time horizons (short-term, mid-term, high-term scopes).

2. ECYSAP will design, develop and validate capabilities facilitating information sharing and reporting at technical or mission level and between both. They will allow to share threat information and impacts on missions, offering user-friendly ways to access relevant and clear information. This will enable stakeholders to share all kinds of information (incidents, threats, risks, impacts, analysis...) and to make decisions in a collaborative and synchronized way according to predefined workflows.

3. ECYSAP platform and its subcomponents' abilities for operating with effectiveness in real operational domain will be corroborated by exhaustive validation tests and demonstrations on real use cases directly supported by compromised EU Member States. The validation activities will be conducted on virtual labs, testbeds, including white/grey/black box scenarios against both automated adversarial actions and read teams.

4. ECYSAP will be carried out with the aim of creating an intrinsically secure platform. To this end, the security by design approach will be adopted across the project lifecycle, which evolution will be documented aiming on facilitating future certification. This approach therefore brings the safety requirements in the design, development and testing phases including the verification of the robustness and safety requirements. Resilience of communication means is a major concern. It will be managed by the integration of audit and self-protection functions and by hardening the ECYSAP system.

Objectives

Provide advanced monitoring and analytic capabilities for enabling fast identification of attacks and threats on the cyberspace at military operations.

Develop dynamic mission impact assessment capabilities based on correlating incidents in the cyberspace with their impact on ongoing or planned missions.

Design, implement and integrate advanced analytic, simulation and prediction capabilities able to support decision-making and facilitate the enforcement of anticipatory CoAs.

Integrate subsystems for identifying, selecting, planning and enforcing the most suitable CoA at both cyber and mission levels.

Bring comprehensible views and configuration capabilities for allowing commanders to understand the status of the operational environment.

Integrate evidence management, notification and information sharing systems able to share the acquired operational picture on coalition and/or collaborative operations.

Provide a cyber situational awareness platform auditable, secure and ready for certification.

Validate and demonstrate the project effectiveness at test environments and relevant uses cases supported by different compromised EU Member States.

Partners

Indra Sistemas S.A. (Coordinator) is one of the leading global technology and consulting companies and the technological partner for core business operations of its customers world-wide, with operations in over 140 countries.

Airbus CyberSecurity is a fully owned subsidiary of Airbus Defense and Space, providing reliable cyber security products and services. Its mission is to protect governments, militaries, organisations and critical national infrastructure from cyber threats, in compliance with the full range of measures required by national cyber agencies.

Leonardo is a global high-tech player in the Aerospace, Defence and Security. It designs and develops products, services, and integrated dual-use solutions for governments, Armed Forces and institutions, covering every possible operating scenario: air and land, naval and maritime, space and cyberspace.

Universidad Politécnica de Madrid (UPM) was founded in 1971 with the creation, development, transmission and criticism of science, technology, and culture in mind. UPM holds double recognition as a Campus of International Excellence.

Cybernetica is an R&D intensive ICT company with ca. 120 employees. It researches, develops and manufactures software solutions, maritime surveillance and radio communications systems; investigates and applies the theoretical and practical.

Universidad Carlos III de Madrid (UC3M) is represented by the Computer Security (COSEC) Lab, a research group in the Department of Computer Science at UC3M. The Lab was founded in 1995 and is currently headed by Professor Juan Tapiador.

CY4GATE was founded in 2014 to meet an unconventional demand for cybersecurity. Listed on AIM since June 2020, CY4GATE was conceived to design, develop and produce technologies and products, systems and services.

Universidad Politécnica de Valencia (UPV) is represented by the Distributed Real-Time Systems Lab (DRTSL), which belongs to the Communications Department (CD), the most important one within the UPV in terms of research projects development.

S2 Grupo de Innovación en Procesos Oorganizativos S.L.U is the benchmark company in Europe and Latin America, Cyber Intelligence and mission critical systems operations.

INNOTEC SYSTEM SL is specialized in cybersecurity, intelligence and risk management and prevention since 2002, we have a staff of more than 400 highly qualified professionals.