Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PHOENI2X -- A European Cyber Resilience Framework With Artificial-Intelligence-Assisted Orchestration, Automation and Response Capabilities for Business Continuity and Recovery, Incident Response, and Information Exchange

Konstantinos Fysarakis, Alexios Lekidis, Vasileios Mavroeidis, Konstantinos Lampropoulos, George Lyberopoulos, Ignasi Garcia-Milà Vidal, José Carles Terés i Casals, Eva Rodriguez Luna, Alejandro Antonio Moreno Sancho, Antonios Mavrelos, Marinos Tsantekidis, Sebastian Pape, Argyro Chatzopoulou, Christina Nanou, George Drivas, Vangelis Photiou, George Spanoudakis, Odysseas Koufopavlou

TL;DR

PHOENI2X proposes an AI-assisted Cyber Resilience Framework (CRF) implemented via Cyber Resilience Centres at Operators of Essential Services to enable business continuity, incident response, and information exchange across the EU. The framework integrates a baseline toolset, AI-driven situational awareness, Resilience ROAR playbooks (CACAO-based), realistic Cyber Ranges, and standardized alerting to support cross-border coordination and preparedness. Key innovations span UEBA with AutoML, AI-assisted categorisation/prediction, CTI analysis and contextualisation, risk-based prioritisation, and cyber-range-enabled training, all validated through energy, transport, and healthcare use cases. The work targets strengthened EU cyber resilience under NIS2, enhancing threat intelligence sharing, automated response, and decision-making under crisis conditions with measurable readiness improvements.

Abstract

As digital technologies become more pervasive in society and the economy, cybersecurity incidents become more frequent and impactful. According to the NIS and NIS2 Directives, EU Member States and their Operators of Essential Services must establish a minimum baseline set of cybersecurity capabilities and engage in cross-border coordination and cooperation. However, this is only a small step towards European cyber resilience. In this landscape, preparedness, shared situational awareness, and coordinated incident response are essential for effective cyber crisis management and resilience. Motivated by the above, this paper presents PHOENI2X, an EU-funded project aiming to design, develop, and deliver a Cyber Resilience Framework providing Artificial-Intelligence-assisted orchestration, automation and response capabilities for business continuity and recovery, incident response, and information exchange, tailored to the needs of Operators of Essential Services and the EU Member State authorities entrusted with cybersecurity.

PHOENI2X -- A European Cyber Resilience Framework With Artificial-Intelligence-Assisted Orchestration, Automation and Response Capabilities for Business Continuity and Recovery, Incident Response, and Information Exchange

TL;DR

PHOENI2X proposes an AI-assisted Cyber Resilience Framework (CRF) implemented via Cyber Resilience Centres at Operators of Essential Services to enable business continuity, incident response, and information exchange across the EU. The framework integrates a baseline toolset, AI-driven situational awareness, Resilience ROAR playbooks (CACAO-based), realistic Cyber Ranges, and standardized alerting to support cross-border coordination and preparedness. Key innovations span UEBA with AutoML, AI-assisted categorisation/prediction, CTI analysis and contextualisation, risk-based prioritisation, and cyber-range-enabled training, all validated through energy, transport, and healthcare use cases. The work targets strengthened EU cyber resilience under NIS2, enhancing threat intelligence sharing, automated response, and decision-making under crisis conditions with measurable readiness improvements.

Abstract

As digital technologies become more pervasive in society and the economy, cybersecurity incidents become more frequent and impactful. According to the NIS and NIS2 Directives, EU Member States and their Operators of Essential Services must establish a minimum baseline set of cybersecurity capabilities and engage in cross-border coordination and cooperation. However, this is only a small step towards European cyber resilience. In this landscape, preparedness, shared situational awareness, and coordinated incident response are essential for effective cyber crisis management and resilience. Motivated by the above, this paper presents PHOENI2X, an EU-funded project aiming to design, develop, and deliver a Cyber Resilience Framework providing Artificial-Intelligence-assisted orchestration, automation and response capabilities for business continuity and recovery, incident response, and information exchange, tailored to the needs of Operators of Essential Services and the EU Member State authorities entrusted with cybersecurity.
Paper Structure (23 sections, 4 figures)

This paper contains 23 sections, 4 figures.

Table of Contents

  1. Introduction
  2. The PHOENI2X Cyber Resilience Framework
  3. Baseline prevention, detection and response toolset
  4. AI-assisted situational awareness, prediction and response
  5. Resilience orchestration, automation and response (ROAR)
  6. Preparedness
  7. Alerting, reporting and information exchange
  8. Security assurance and certification
  9. Network infrastructure management and orchestration
  10. Key Innovation Areas and Research Challenges
  11. ML-based user and entity behaviour analytics (UEBA)
  12. AI-assisted categorisation, prediction and response
  13. ML-based discovery, extraction, and CTI analysis
  14. CTI - contextualization and threat hunting
  15. Risk assessment-based alert and response prioritization
  16. ...and 8 more sections

Figures (4)

  • Figure 1: PHOENI2X Conceptual Architecture
  • Figure 2: Typical AMI topology
  • Figure 3: Railway infrastructure monitoring/management services
  • Figure 4: General Health System high-level architecture