TNO launches open source tool for automated cyber security

Many organisations need to take major steps in today's digital world to maintain their cyber resilience at a sufficient level. Organisations providing vital services, including those managing physical infrastructure, are particularly vulnerable to cyber attacks.

With the growing digitalisation of our critical infrastructure, they too will soon have to adopt advanced cyber security tooling. Human action alone is no longer sufficient to repel these attacks.

Interoperable

SOAR (Security Orchestration, Automation, and Response) tools provide an end-to-end solution to automate the analysis and response to newly detected threats, vulnerabilities, and cyber-attacks (mostly) without human intervention. They automatically execute what are called ‘security playbooks’.

However, earlier SOAR tools are less suitable for advanced research on cyber security innovations, because they are often either not fully interoperable or not open source-available. In contrast, TNO’s new SOARCA tool is open-source, interoperable with other tools, and meets the latest international standards. This opens the way for parties to develop new innovative solutions according to these new standards.

Accelerating innovations

In government and industry, there is a great need for open-source solutions and open standards, as they are then not subject to the ‘vendor lock-in’, i.e. not tied to one supplier. Open source further facilitates national and international collaboration between companies and research institutions, and accelerates innovations that are sorely needed in the fight against cyber criminals. For example, the University of Oslo has recently developed an open-source playbook editor, for which TNO's new implementation tool SOARCA is a welcome addition.

TNO expert Shari Finner says: "The SOARCA tool is a strategic resource that enables us and our partners to experiment easily with state-of-the-art technology to make society safer. The tool helps companies with in-house tech and cyber security teams explore how to make their cyber security more standardised and automated.

We are working to create an open ecosystem to counter vendor lock-in, while encouraging much-needed common standards. We therefore invite in particular security professionals at the SOC, CERT, and CTI level to download the tool for themselves and experiment with it."

International projects

The SOARCA tool is currently being further developed and applied in two major research projects funded by the European Union. The Horizon Europe project eFort aims to make Europe's power grids resilient to cyber attacks, physical disruptions, and privacy problems. The technological innovations being developed for this purpose will later be demonstrated in the existing energy networks under conditions that are as realistic as possible.

In the Dutch network, TNO will apply and demonstrate the new SOARCA tool in collaboration with Delft University of Technology, TenneT, ENCS, and DNV. AInception is a European Defence Fund (EDF) project with the aim of using AI in automated detection and response to cyber attacks, particularly in military networks. One of TNO's contributions here is to translate AI-generated responses into machine-readable playbooks and implement them with SOARCA.