Improving Red Teaming for Critical Infrastructure Protection: A Comprehensive Approach

By Aurora García, a journalist and consultant specializing in security and cybersecurity.

In the world of cybersecurity, the term “Red Team” traditionally refers to simulated adversaries tasked with testing a system’s defenses. However, as the threat landscape becomes increasingly sophisticated and multifaceted, the approach to Red Team operations must evolve. Protecting critical infrastructure is no longer just about technological defenses; it requires a holistic approach that encompasses both technical and human aspects.
A true Red Team operation must go beyond conventional penetration tests and vulnerability assessments. It needs to integrate every aspect of an organization’s security posture, involving not only IT departments but also human, operational, and strategic layers of the organization. Cybersecurity is not only about firewalls, encryption, and penetration tests. It’s about understanding the vulnerabilities that extend to organizational processes, behaviors, and decision-making. When it comes to critical infrastructure, these vulnerabilities can have far-reaching consequences beyond the digital realm.
Understanding the Full Scope of Red Teaming
When executed correctly, Red Team missions simulate real-world threats by evaluating not only the technology but also the behaviors, processes, and policies that could be exploited by adversaries. We live in an era where social engineering, misinformation, and internal threats are increasingly common tactics used by attackers. The human factor, whether intentional or not, remains the most significant vulnerability in any cybersecurity strategy. From spear-phishing to poorly implemented security protocols, organizations are often their own worst enemies.
In the context of critical infrastructure, where the stakes are particularly high, Red Team engagements must go beyond identifying technical flaws. Effective Red Teams must operate with the understanding that human vulnerabilities, communication breakdowns, and organizational inertia can be just as dangerous as any exploited firewall or malware. For this reason, a successful Red Team mission should include training and simulations at all levels of the organization, ensuring that the response to cyber threats is unified and well-coordinated.
Example of Planets: An Integrated Model for Critical Infrastructure
To illustrate how a comprehensive approach can be effectively applied, we can refer to the Planets system, which I developed specifically for protecting critical infrastructure in a bank. Planets is a system based on the TIBER-EU framework, designed to overcome the limitations of conventional Red Team missions.
The model consists of several “planets” that work in coordination, covering all aspects of protection. Épsilon, the first planet, is made up of a multidisciplinary team that conducts a thorough risk assessment of the bank, considering not only technological threats but also criminal trends and operational characteristics of the client. The next step is the Gamma planet, which prepares the infrastructure for Alpha to identify vulnerabilities before the real attack takes place. Finally, Omega executes the simulated attack in its final phase, while Delta focuses on threat prospecting, anticipating potential criminal products and developing strategies to stay one step ahead of attackers.
This integrated approach allows Red Team teams to not only assess threats but also act proactively, incorporating both human and technological elements into a much more realistic simulation.
Beyond the Screen: Incorporating Human Elements into Red Team Missions
When designing Red Team missions, it’s essential to think of them as real-world scenarios. Cyberattacks rarely occur in isolation; they are often part of a broader strategy designed to exploit both technology and human systems. A Red Team should consider how an attacker might use social engineering tactics, internal threats, and even the media to manipulate situations to their advantage. The key to success is not just understanding how to penetrate a network, but anticipating how an adversary might exploit a weak link within the organization’s human framework.
At its core, Red Teaming is about creating the most accurate and complete model possible of the adversary’s potential behavior. By integrating human intelligence into the process, Red Teams can simulate more realistic threats that go beyond traditional technical penetration tests. The result is not only identifying vulnerabilities but better preparing the organization for a coordinated and multifaceted attack.
Adapting Red Teaming to the Evolving Threat Landscape
The global cybersecurity environment is rapidly changing, and the protection of critical infrastructure is no longer a passive activity. Organizations must anticipate and stay ahead of evolving threats. By leveraging intelligence-driven Red Team operations, companies can design security strategies that are adaptive and proactive.
The next step in the evolution of Red Teaming is not simply improving technical capabilities but developing a deeper understanding of how adversaries operate on all fronts. Red Team members should come from diverse fields, not just cybersecurity professionals, but also behavioral analysts, communication experts, and even crisis management specialists. Only through a multidisciplinary approach can Red Team missions provide the most realistic and insightful assessments of critical infrastructure defenses.
In the face of increasingly complex threats, Red Teams must embrace both the technical and human aspects of cybersecurity. The goal is not merely to simulate attacks but to understand how vulnerabilities can be exploited across a wide spectrum of organizational activities.
By focusing on the integration of both technical and human elements, Red Teams can help organizations transition from a reactive security posture to a proactive one, ensuring that critical infrastructures remain secure and resilient in the face of evolving threats.

ITU and ESA agree on optimising satellite communications

The International Telecommunication Union (ITU) and the European Space Agency (ESA) have announced a collaborative effort to improve mitigation measures against harmful interference in satellite systems.

The joint initiative, reflecting United Nations objectives under the 2030 Agenda for Sustainable Development, aims to ensure the sustainable and efficient use of limited space-based communication resources.

Both organisations recognise growing complexities in managing finite spectrum and orbital resources. An agreement signed in Barcelona, Spain, formalises their plans for closer cooperation on key issues for global digital communications.

Under the agreement, ITU and ESA will work together on:

  • Sustainable and efficient spectrum use: Ensuring that radio frequency spectrum for satellite systems is utilised in a responsible and effective manner.
  • Development of space-based monitoring technologies: Exploring and potentially developing advanced technologies for monitoring the use of radio frequencies to identify and geolocate sources of harmful interference.
  • Exchange of information and expertise: Facilitating knowledge-sharing between the two organisations to enhance space communication systems and regulatory frameworks.

Space-based communication technologies are increasingly crucial for global connectivity, scientific research, and emergency response systems. At the same time, growing numbers of satellites and increasing risks of signal interference necessitate innovative, increasingly complex, and highly coordinated spectrum management solutions.

“Innovation and regulations are key to facilitate and preserve access to spectrum-orbit resources free from harmful interference,” said Mario Maniewicz, Director of ITU Radiocommunications Bureau. “This agreement is the first step towards a series of joint ESA-ITU efforts to ensure sustainability of space radio-communications systems.”

Preserving radio waves for all

ITU, as the UN specialised agency for information and communication technologies, has long been at the forefront of coordination among countries and regions on radio frequencies and satellite orbits worldwide. ITU Resolution 189 (Rev. Bucharest, 2022) emphasises the importance of transparency and confidence-building in outer space activities.

ESA, an intergovernmental organisation established in 1975, supports space research and technology development for peaceful and scientific purposes. Together, ITU and ESA aim to strengthen international efforts in satellite monitoring and interference mitigation, ensuring reliable and sustainable access to satellite communication services worldwide.

“Promoting the responsible use of spectrum and preserving it from interferences is key to ensure the viability of our operators and ultimately the service delivered to their customers,” said Laurent Jaffart, ESA’s Director of Connectivity and Secure Communications. “Together with ITU, we will promote the importance of ensuring the sustainability of this limited and valuable resource and will collaborate towards establishing good practices for its responsible use for the benefit of society and businesses.”

A step towards a sustainable digital future

By combining their expertise and resources, ITU and ESA could set a precedent for enhanced cooperation in the field of satellite communications.

“The shared commitment to responsible spectrum management and technological innovation marks a significant step toward a sustainable digital future for everyone,” said Mr Maniewicz. “This initiative underscores the importance of international collaboration in addressing the challenges and opportunities presented by space technologies.”

Maniewicz and Jaffart signed for their respective organisations at the Mobile World Congress (MWC2025 Barcelona).

As the demand for satellite-based services continues to grow, partnerships like this will help maintain the integrity and accessibility of global communication networks.

ITU and ESA have reaffirmed their dedication to a future where space technologies contribute positively to societal progress and sustainable development.

Major Nuclear Repository Adopts New Fully Searchable Digital Platform

The IAEA’s International Nuclear Information System, a multi-million strong digital library, has been further strengthened with the addition of a modern repository platform.

Founded in 1970, the International Nuclear Information System (INIS) Repository hosts a massive library of nearly five million reports, books, scientific articles, conference papers and other knowledge products covering topics in nuclear science, reactor technology, materials science, medical applications, decommissioning, and all other areas the IAEA is involved in.

Using Invenio, an open-source platform developed by the European Organization for Nuclear Research (CERN) and tailoring it to its own needs the Agency was to make advancements in automation and accessibility as well as a major increase in capacity for handling new knowledge product entries in INIS. The new functionalities built with the platform allow INIS to connect with other repositories, facilitating the sharing of content and expanding the utility of all participating databases. INIS will be the first large repository to implement full-text search with Invenio – searching both the metadata and the text of a PDF.

“In today’s knowledge-based economy, information is considered one of the most valuable resources. It is critical for research, innovation, decision making, efficiency and productivity, knowledge sharing and continuous learning,” said Dibuleng Mohlakwana, Head of the IAEA’s Nuclear Information Section. “This new platform will help INIS expand its role as a global player in open science improving its capabilities as an information hub that facilitates the pursuit of nuclear science for peaceful purposes.”

INIS relies on contributions from more than 130 countries and 11 international organizations, with well over 100 000 new knowledge products being added each year.  INIS staff supplement national contributions by harvesting information from some of the largest publishers, including Elsevier, Nature-Springer and the Institute of Physics.

The landscape of scientific publishing has changed greatly in the years since INIS was founded, with an increasing emphasis on open access. Publishers are providing more information and making it freely available, while repositories such as arXiv, the Directory of Open Access Journals, PubMed, etc. have made scientific knowledge more accessible than ever before.

“One of the great things about this platform is that whatever we develop here can be shared with all the other organizations. So not only are we sharing scientific information with the world, but we’re also sharing what we develop with Invenio,” said Astrit Ademaj, Nuclear Systems Support Analyst and Project Manager for the implementation of Invenio. INIS is the first large repository to implement full-text search – searching both the metadata and the text of a PDF.

Knowledge products entered into Invenio will be automatically categorized and tagged with descriptors. This had previously been done manually in what had been a highly time-consuming endeavour. This work will now primarily be handled by NADIA (Nuclear Artificial intelligence for Document Indexing and Analysis), an AI tool developed by the IAEA. Previously, contributors sent their entries using a unique language and format. Now a user-friendly form is provided, so specialized knowledge and training are no longer necessary.

"Many of the items available on INIS are quite fascinating," said Brian Bales, INIS Coordinator. “One of the most popular recent additions is the Prospective Study Bluebook on Nuclear Energy to Support Low Carbon – a cooperative effort between nuclear companies in China and France to address the challenges of climate change. Over the last 5 years, we’ve added over 600 000 such knowledge products.”

California Strengthens Resiliency with Adoption of 2024 International Wildland-Urban Interface Code

The State of California adopted the 2024 International Wildland-Urban Interface Code® (IWUIC®) as the basis for Title 24, Part 7, 2025 California Wildland-Urban Interface Code to address escalating wildfire risks, enhance fire resilience with science-based standards, and set the benchmark for safer, more sustainable communities in fire-prone areas.

California’s adoption of the 2024 IWUIC is the result of a multi-year collaboration between the CAL FIRE Office of the State Fire Marshal, the California Fire Prevention Officers (CAL FPOs), California Building Officials (CALBO), the International Code Council (ICC), the California Building Industry Association (CBIA), and wildfire stakeholders culminating with rulemaking by the California Building Standards Commission (CBSC).

“Today marks a milestone that represents the hard work of many to update and modernize Wildland-Urban Interface building codes,” said California State Fire Marshal Daniel Berlant. “While these aren’t necessarily new requirements, it’s a reorganization of many sections into a singular code with the goal of making it easier for local officials to ensure that new homes and buildings built in wildfire-prone areas have an increased chance of surviving a wildfire.”

“With the help of expert volunteers, CAL FIRE’s Office of the State Fire Marshal has shifted the basis of Title-24’s Wildland Urban Interface standards to a nationally developed model code. The IWUIC is developed though the collaborative efforts of the foremost experts in the field of wildland construction safety from across our country. By utilizing this model code, California will benefit from the continual code development cycle that the Code Council uses to ensure that all its codes are the best in the world,” said Code Council Immediate Past President Stuart D. Tom, P.E., CBO, FIAE – Superintendent of Building and Fire, Pasadena, California.

“The adoption of the California Wildland-Urban Interface Code as Part 7 of Title 24 marks a significant milestone in protecting communities from the devastating impacts of wildfires. This accomplishment highlights the dedication and collaboration of the CAL FPOs and the California Office of the State Fire Marshal in adapting the IWUIC to address California’s unique challenges. Our members remain dedicated in their commitment to enhancing fire prevention, improving life safety measures and developing codes that safeguard our homes and neighborhoods,” said Tim Spears, Fire Marshal, CAL FPOs North Division President and Joe Morelli, Fire Marshal, CAL FPOs South Division President.

This decision comes after careful consideration and is a testament to the state’s commitment to upholding the highest standards in wildfire resiliency and mitigation.

“There has never been a more essential time for collaboration in the name of public safety, and the newly approved use of the Code Council’s IWUIC is a testament to this shared effort.  California’s building, fire and code professionals came together to work in concert with the California State Fire Marshal to usher in a new era of fire-safe development standards and defensible space provisions that will enhance fire safety in the built environment.  With the definitive actions of the Building Standards Commission, CALBO looks forward to enforcing the IWUIC and its model provisions into the future,” said Jeff Janes, President of California Building Officials.

“While CBIA was initially concerned with this effort, we are now pleased to strongly support the California State Fire Marshal’s plan to use the Code Council’s IWUIC as the basis for California’s new stand-alone Wildland-Urban Interface fire safety code. This new document will combine three fire safety measures (building standards, defensible space provisions and fire-safe development standards) and publish them all under one cover,” said Christopher E. Ochoa, Esq., CBIA Senior Counsel – Codes, Regulatory and Legislative Affairs.

The European Union Agency for Cybersecurity’s first NIS360 report identifies areas for improvement and tracking of progress across NIS2 Directive sectors

The NIS360 is a new product by the EU Agency for Cybersecurity, ENISA, that assesses the maturity and criticality of NIS2 sectors, providing both a comparative and a more in-depth analysis.
The goal of the NIS360 is to help national authorities and cybersecurity agencies in the Member States tasked with the implementation of the NIS2, (1) to understand the overall picture, (2) to help them with prioritisation, (3) to highlight areas for improvement, and (4) to facilitate monitoring of sectors’ progress. The NIS360 also aims to support policy makers at national and EU level, to give input on policy and strategy development, and initiatives to build up cyber resilience.
The report sets out three main priorities. 
Firstly, it recommends that collaboration, within and between sectors is strengthened, through community-building events and cooperation at sector, national and EU level.
Secondly, within this NIS2 transposition period, it is becoming more of a priority to develop sector-specific guidance on how to implement the key NIS2 requirements in each sector. The report notes that national sectorial authorities are stepping up to implement the NIS2. While investments are increasing across sectors, further upskilling is required.
Thirdly, the NIS360 emphasises the need for both alignment of requirements across borders in each NIS sector, and for cross-border collaboration.
The EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, highlighted: “ENISA is working closely with the EU Member States to implement the NIS2 Directive by providing expertise and guidance. The ENISA NIS360 gives valuable insight into the overall maturity of NIS sectors and the challenges of individual sectors. It explains where we stand, and how to move forward."
Key Findings at a Glance
Main findings include the following:
- Electricity, telecoms and banking are the three most critical and most mature sectors that stand out above the rest. These sectors have benefited from significant regulatory oversight, funding and investments, political focus, and overall a robust public-private partnership.
- Digital infrastructures, which includes critical services like internet exchanges, top-level domains, data centres, and cloud services, are a step below in terms of maturity. This NIS sector is very heterogeneous in terms of maturity of entities, and has a strong cross-border nature which complicates supervision, information sharing and collaboration.
- Six NIS sectors fall within the NIS360 risk zone, suggesting that there is room for improvement in their maturity relative to their criticality.
- ICT service management: The sector faces key challenges due to its cross-border nature and diverse entities. Strengthening its resilience requires close cooperation between authorities, reduced regulatory burdens for entities subject to both NIS2 and other legislation, and close cooperation in cross-border supervision.
- Space: Stakeholders’ limited cybersecurity knowledge and its heavy reliance on commercial off-the-shelf components present challenges for the sector. Enhancing its resilience requires better cybersecurity awareness, clear guidelines for pre-integration testing of components, and stronger collaboration with other sectors.
- Public administrations: Being very diverse, it is challenging for the sector to achieve a higher common level of maturity. The sector lacks the support and experience seen in more mature sectors. Being a prime target for hacktivism and state-nexus operations, the sector should aim to strengthen its cybersecurity capabilities leveraging the EU Cyber Solidarity Act and exploring shared service models among sector entities on common areas e.g., digital wallets.
- Maritime: The sector continues to face challenges with Operational Technology (OT) and could benefit from tailored cybersecurity risk management guidance that focuses on minimising sector-specific risks, as well as an EU-level cybersecurity exercise to enhance coordination and preparedness in both sectorial and multi-modal crisis management.
- Health: The health sector with an expanded coverage under NIS2, continues to face challenges such as the reliance on complex supply chains, legacy systems, and poorly secured medical devices. Strengthening its resilience requires the development of practical procurement guidelines to help organisations acquire secure services and products, tailored guidance to help overcome common issues, and staff awareness campaigns.
- Gas: The sector needs to continue working towards developing its incident readiness and response capabilities, through the development and testing of incident response plans at national and EU levels but also through enhanced collaboration with the electricity and manufacturing sectors.
The report is based on data from national authorities with a horizontal or sectorial mandate, on self-assessment by companies within the NIS2 sectors, and on EU data sources such as Eurostat. In the ENISA NIS360, the strengths, sectorial challenges, gaps are identified, and recommendations are made to improve sectorial maturity and resilience across the Union.

The future of risk communications is community engagement

Risk communication is about empowering people and communities to build resilience and take lifesaving actions. From yellow traffic lights to tornado sirens, we encounter risk messages every day; however, when it comes to urging community preparedness for threats, we must move away from a “one size fits all” messaging approach to affect meaningful changes.
Hazards, such as heavy rain and wind, only become disasters when they meet unprepared and vulnerable communities. We must urgently address the barriers that limit individual and community preparedness and lead to disasters, such as language barriers, the inability to identify and question rumors, and lack of resources needed to build preparedness. Strategic risk communications can bridge the gap between threat awareness and action. When culturally competent messaging is paired with robust and purposeful community engagement, they become powerful tools to inspire resilience building.
Our communities can only take steps to prepare and recovery quicky from disasters if they feel empowered in their decision making. That begins with information presented in the right way, at the right time, and through trusted channels. Engagement with communities begins by asking questions and listening through two-way communication. Through active listening we learn about a communities’ culture and history, we can tailor methods and messaging that helps communities make informed decisions.
True strategic risk communication reaches the whole community, ensuring that everyone, including the most vulnerable populations, are equipped with the knowledge and resources needed to respond effectively. Developing targeted communications for specific populations means creating messages that are delivered in the right languages, reflective of the historical context of the place and the people, and aligned to the unique risks of the community.
For communities with language barriers, access to simple, clear, and accessible information is imperative for building understanding. Word-for-word translations are insufficient because words can have multiple or different meanings across dialects. By engaging a community, communicators can learn which languages are needed and identify partners to support translation and message sharing. This is work that FEMA is doing to meet people where they are and is an approach that UNDRR advocates.
The messenger is just as important as the message in determining whether community members are willing to trust and act upon the information. Effective community engagement involves building partnerships with community organizations to amplify messages. Through these partnerships, communicators can identify community leaders, including business professionals, religious leaders, and teachers. Identifying those critical trusted messengers coupled with finding trusted sources of information can reduce misconceptions and build messaging coalitions.
For the last several years, FEMA’s National Preparedness Month campaigns have enlisted community partners to help amplify preparedness messaging—including Howard University, a historically-black university, to help develop and deliver preparedness messaging to Black and African American communities; the Rosalynn Carter Institute for Caregivers, to reach older adult communities—specifically those with limited resources, disabilities, living in rural areas; and, most recently, signed an Memorandum of Understanding with the National Council on Asian Pacific Americans to advance preparedness messaging in Asian American, Native Hawaiian and Pacific Islander communities. FEMA even maintains a valuable partnership with the National Football League to get preparedness messaging into the hands of sports fans.
Finding and leveraging community networks to gather and convey information can develop credibility and trust before disasters strike. Communicators can build on these to express empathy, expertise, and honesty to address people’s desire for clarity in uncertain times and meet the moment with trusted information.
For those moments when we move from preparedness into imminent hazard warning—where we must reach a lot of people all at once—the United Nation’s Early Warnings for All (EW4All) initiative uses multiple tools to support early warning systems that are inclusive, effective and accessible to children so that no one is left behind. These systems provide safety alerts and actions directly to people. Messages as simple as “get to high ground” can save lives during a tsunami. Ideally, the combination of technology and existing relationships will get lifesaving information to people in the moments they truly need to know what to do end to end.
In today’s busy news environment, with more and more channels and platforms for information, it can be difficult to help communities tune out the noise and zero in on the right information. As we have seen during the most recent federal responses to Hurricanes Helene and Milton, we are facing a more contentious information environment during disasters.
False and misleading information is being generated at historic levels to sow distrust, making positive and collaborative community relationships essential to overcome the falsehoods. Communicators are increasingly finding allies in local news outlets, community social media, and nonprofit partners. Even in schools, partnerships are critical in promoting a culture of disaster prevention and preparedness from a young age.
Local journalists play a crucial role in risk communication, as they are uniquely positioned to understand and reflect the concerns of their communities. Their deep connections allow them to rapidly disseminate critical information during crises, ensuring that messages are timely, accurate, culturally relevant and help combat information that is wrong and being used to hurt people. All disasters start and end at the local-level, and all communicators need to remember that and shift strategies accordingly. A recent Pew Research report  finds 85% of U.S. adults say local news outlets are important to the well-being of their communities, and 70% of Americans rank local journalists as being in touch with their communities.
At the end of the day, risk communication is about meeting people where they are, as FEMA Administrator Deanne Criswell has said since the very first day she ran the agency.
There is a renewed urgency to know our communities, and a need to leverage community partners and build a trusted messenger network. With climate-driven disasters becoming more frequent and severe, there is no time to waste.
The time is now to invest in relationship building, and for communicators, community leaders, and local news outlets to join forces and save lives. By forging stronger bonds today, we lay the foundation for a more resilient tomorrow.
Saskia Carusi is Deputy Chief of the United Nations Office for Disaster Risk Reduction (UNDRR) – Regional Office for the Americas and the Caribbean.

Financial institutions and law enforcement enhance their cooperation

Europol and its private partners in the financial sector have issued the EFIPPP Practical Guide for Operational Cooperation between Investigative Authorities and Financial Institutions. This newly-issued Practical Guide saw contributions from numerous EFIPPP public and private sector members, observers, and other experts. The guide provides best practices and lessons learned, drawing from the EFIPPP’s experience as a successful partnership and from other existing cooperative mechanisms. It addresses policymakers, investigative authorities and private stakeholders, providing suggestions to advance operational cooperation from a legal and a practical perspective.
The Europol Financial Intelligence Public Private Partnership (EFIPPP) provides a collaborative mechanism between more than 90 private stakeholders, Financial Intelligence Units (FIUs) and law enforcement agencies to address structured threat information across the community. The EFIPPP secretariat is located within the European Financial and Economic Crime Centre (EFECC) at Europol.
The drafting of the Practical Guide was based on existing operational cooperative mechanisms in Denmark, Ireland, Latvia, Sweden, the Netherlands and the UK. Taking a practical approach, the Practical Guide highlights that successful collaboration relies on trust between public and private stakeholders. Providing an outline of the building blocks required for successful collaboration, it recommends starting small with realistic expectations, and providing leadership by example.
As well as offering hands-on guidance to investigative authorities and financial institutions in shaping their cooperation, the Practical Guide provides inspiration for policymakers in areas where there is not yet an enabling legal environment. With this guide, the EFIPPP delivers on the call made by the European Commission in its EU roadmap to fight drug trafficking and organised crime.

CISA and Partners Release Advisory on Ghost (Cring) Ransomware

CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.
Ghost actors conduct these widespread attacks targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207.
CISA encourages network defenders to review this advisory and apply the recommended mitigations. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response.

Are we getting the deserved return-on-investment from the EU research on critical infrastructure resilience?

By October 17, 2024, the EU member states were supposed to notify the European Commission that the transposition of the Critical Entities Resilience (CER) Directive into respective national laws had been accomplished. Only two (out of 27) member states managed to meet that deadline.
Could the EU research projects in the area of critical infrastructure/entities (CI/CE) resilience have helped more to mitigate this delay? Could that mitigation be part of a more optimal return on investment (RoI)? Was the investment in recent years (e.g., over 4.5 b€ in digital transformation initiatives, or 450 M€ for cybersecurity projects and civil security ) not adequate? Could it have produced more convincing answers to claims like “Europe’s critical infrastructure is becoming dangerously vulnerable” ? Especially in the context of new and evolving challenges or the “European CIs under continuous attacks” ?
There is a general agreement about the need to reach better RoI or, in the same context, Return on Research Investment (RoRI). But the agreement about how to do it practically is still to be achieved. Leaving the extreme positions aside, like “the only real RoI is the commercially measurable use of project results”, on one side, and “any use of project results represents RoI”, on the other side, one can opt for the middle ground and assume that “an evident use leading to tangible benefits represents an RoI”. For the CI/CE-related research, that can include, e.g., resilience standards, broadly adopted guidelines or evidence provided as inputs for the new EU and national policies. Applying such a definition, however, when searching for RoI-relevant results in the repositories of the EU project results such as CORDIS, Innovation Radar, or Dealflow, yields hardly any convincing evidence. The reported RoI-relevant results are often only vaguely described, not quantified, often out of date, and almost regularly lacking examples of real use or quantified benefits. As an example, the search for the results mentioning the CER Directive in the EU Dealflow tool provides no entries (January 2025). Similarly, the search for “resilience and infrastructure” among approx. 14,000 entries in the EU Innovation Radar, yields only 44 matches.
The reasons for the above can be numerous. E.g., the difficulty in aligning the needs and interests of industrial security and openness required by public research. Or, the lack of full-scale industry involvement (e.g., not participating with departments directly involved in production or marketing). Or, in the area of standardization, the rules and timing of standardization bodies being incompatible with the rules and timing of the EU projects. Or, the project results are simply not reported in the tools. Or, the main motivation of the researchers in the projects being to get new, follow-up projects, not necessarily to exploit the results of the finished ones. Many of these reasons are mentioned and explained in the recommendations of the evaluation reports made during the transition from one EU Framework Programme (FP) to another  , but less often implemented afterward. The fact that EU projects legally and practically do not exist after their final date, certainly also does not contribute to the sustainability of accessibility to project results and achieving good RoI.
In addition, imposing a too broad spectrum of (sometimes contradictory) goals, or the need to balance between breakthrough technology research and market success, on one side, and political constraints on the other side, can be very challenging for a good RoI. The latter is especially true and applicable to the area of CI/CE resilience, nowadays at the very top of the EU priorities . Their final results in many cases “never cross the chasm to the market, even if they achieved technological goals set in the project proposal”   (exceptions available, of course). Even worse, on the researchers’ side, the difficulties of meeting too many different or too highly set goals can lead to unrealistic or deceiving reporting, nowadays potentially worsened by the possible indiscriminate and unreported use of AI. On the EU side, limiting resources for monitoring the achievement of multiple goals, lower the threshold to clientelism.
How could the situation be improved? Generic, top-down, solutions suggested so far are generally well-aligned and present in the recommendations: strengthening and leveraging existing platforms (ERNCIP, Hubs, Radars…), better integration of research with industry and standardization, introducing mechanisms that support project continuity beyond formal completion, strong involvement of industry stakeholders, rewarding genuine success and penalizing exploitative practices, promoting monitoring and accountability, to mention just some of them. But, looking at the past decades of EU research, it seems that many suggested solutions have not been implemented as recommended.
Hence, the bottom-up solutions should be tried. Among them, establishing measurable indicators of success and robust evaluation systems is certainly at the top of the priority list. The data collection for the indicators such as those in the EUR 27314 EN should become mandatory and the indicators better known and understood, possibly including also the non-self-declared indicators of successful exploitation (which could be used for monitoring and stress-testing, too – e.g., in combination with standards like DIN 91461). The key research-to-market transfer RoI indicators, quantifying effectiveness, efficiency, and transformation are generally available, but not used because data are missing, and the mandates and obligations are not well defined, especially not at the EU level. The prerequisite for such a system is a joint EU strategy, e.g., similar to the recent US strategy documents  specifying both the overall framework and the need to “prioritize measurement”. A future extension of the CER Directive?
To conclude, the EU research on critical infrastructure resilience and researchers should be further encouraged and incentivized to deliver more tangible RoI, including results directly usable and useful for the application of the CER Directive and the overall EU resilience, thus helping in meeting both the deadlines like the “October 17, 2024” one and the top level goals like the ones declared by the EU7. The push should include also the readiness and courage to openly name and address the real issues, avoid the “newspeak”, and undertake efficiently the actions needed.
A. Jovanovi, Steinbeis European Risk & Resilience Institute, Germany

Indra leads the European SMAUG Project to improve underwater threat detection at ports and maritime borders

With the aim of improving and reinforcing the security of ports and their entry routes, Indra has launched the European SMAUG (Smart Maritime and Underwater Guardian) RDI project, as part of the European Union’s Horizon Europe program. The company heads the consortium of entities from seven European countries that will work together to improve the underwater detection of threats and illicit trafficking.
Over 80% of world trade is conducted by sea, and the continuous movement of vessels requires port security processes to be robust and effective, especially for monitoring and detecting legal and illegal activities at ports, in coastal areas and on borders. Geopolitical tensions are also turning the bottom of the oceans into sensitive terrain that needs to be protected.

Within this context, the SMAUG project seeks to detect, track and monitor potentially illegal and harmful movements and products entering EU ports and coasts by means of an integrated system based on Indra’s iSIM solution, which combines security management, advanced underwater detection systems and surveillance vessels.

More specifically, underwater threats are detected and located using four main methods. The first method is acoustic detection, in which a series of hydrophones listen for sounds emitted by small autonomous underwater vehicles. Secondly, a sonar performs a quick scan of the hull and the bottom of the harbor. The third method of underwater detection is high-resolution sonar inspection, which is used to inspect objects in water with poor visibility. Finally, collective autonomous location is employed, whereby a coordinated swarm of autonomous underwater vehicles act cooperatively.

These systems, supported by artificial intelligence, can more effectively detect unlawful and dangerous goods and/or threats hidden beneath the surface of the water. SMAUG will thus make a significant contribution to maritime security by improving the protection of infrastructures and vessels and the detection of vessels, including narco-submarines, suspected of conducting illegal or potentially dangerous activities.

As the leader of the SMAUG project, Indra brings its expertise in developing advanced algorithms for processing underwater sound and images, applying artificial intelligence for early detection of objects and threats. Additionally, it contributes its capabilities in the field of security for port infrastructure and maritime transport, providing solutions that enhance protection in complex maritime environments.

Its iSIM solution acts as a core for integration and analysis, unifying and processing data from physical security systems such as hydrophones, underwater scanners, drone swarms, and autonomous vehicles, along with satellite surveillance systems. It also takes information from port management systems, enabling a global and interoperable view that optimizes security, operational efficiency, and real-time decision-making.

International cooperation

Juan Román Martínez, the head of Indra’s SMAUG project, emphasized that ”this project means significant progress in maritime security, as it reinforces safety and promotes international cooperation in the fight against illicit activities in the maritime environment”.

With a budget of almost six million euros, the SMAUG RDI project involves a highly experienced consortium made up of 22 partners, including universities, research centers, SMEs, law enforcement agencies, public authorities, coast and border guards and private organizations from seven EU countries (Estonia, France, Germany, Greece, Italy, Norway and Spain).

Among its capabilities, SMAUG is being prepared to achieve interoperability with the Common Information Sharing Environment (CISE), in order to help create a political, cultural, legal and technical environment that allows exchanges of information between the surveillance systems of the member States of the European Union (EU) and the European Economic Area (EEA). Thus, all of the authorities from the different sectors involved in port and maritime settings could have access to any additional classified and unclassified information required to perform missions at sea.

Indra will continue to drive a more secure, connected and sustainable future with this project, placing technology at the service of the safety and well-being of citizens in keeping with its motto:'Tech for Trust'. With innovation at the core of its business and unique experience going back over 30 years, the company boasts a comprehensive portfolio of pioneering solutions designed on an ad hoc basis to address all kinds of citizen security threats that have been implemented in countries all around the world.

1 2 3 4 5 57