INCIDENTRON will develop a platform that simplifies incident reporting, reduces administrative burdens, and enhances collaboration between MSSPs, National CSIRTS, and Member State & European authorities.  The envisioned incident reporting framework will be fully open-source and will include a taxonomy for incident classification and reporting, allowing organizations and developers to adopt, adapt, and contribute to its evolution, and as such, promoting transparency, collaboration and widespread adoption, while creating opportunities for related European cybersecurity and compliance providers to expand and promote their portfolio. In addition, the platform will include a Methodology for Responsible Disclosure on PDEs to suppliers and market surveillance authorities (CRA); and support best practices and preparedness for collaborations with LEAs and artifact analysis, integrating critical entities’ reporting requirements on criminal offenses under the Directive on Attacks against Information Systems.

INCIDENTRON adapts to its platform users and NOT the other way around: The platform defines roles instead of entities & ‘written in stone’ workflows, supports cross- organization incident approval, contribution and transfer, enables both full- and semi automation and data ingestion from systems as well as manual entries; and distinct minimal requirements to deliver on its core purpose and voluntary sharing to the benefit of the community. It will be designed to scale and adapt to the needs of diverse stakeholders. Autoscaling capabilities ensure optimal performance during peak usage periods, while the modular design allows for the addition of new features or workflows without disrupting existing functionality. This flexibility will ensure that INCIDENTRON can evolve to meet future regulatory and operational requirements. The INCIDENTRON framework will also promote transparency by allowing users to inspect the code, safeguarding there are no hidden processes or vulnerabilities and that the framework adheres to security and compliance best practices.

To keep the project manageable but scalable, INCIDENTRON initially will focus on important and essential entities subjected to NIS2 and DORA, with reporting obligations under NIS2, DORA, CER and GDPR, responsible disclosure on incidents involving products with digital elements (PDEs) under the Cyber Resilient Act (CRA).

The architecture of INCIDENTRON will be built on a foundation of modularity, scalability, and security. Designed to meet diverse needs of stakeholders including reporting entities, competent authorities, and regulatory bodies; the platform will be structured into three main layers, each serving a distinct purpose: Frontend and API for reporting entities, back-office logical processes, and frontend and API for competent authorities.

Additionally, the platform’s architecture will include the following key components that enhance its functionality and usability:

• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS) to ensure confidentiality and integrity.

• API Management: Embedded API management ensures secure communication between the platform and external systems.

• CIRCL MISP Integration: INCIDENTRON integrates with CIRCL MISP to disseminate Indicators of Compromise (IOCs) and Methods of Operation (MOs) to subscribed channels.

• Automation and Scheduling: Event-driven and scheduled actions automate routine tasks, such as notifications and report generation.

ITML’s role in the project

In the INCIDENTRON project, ITML is a key contributor to the project technical development as it will lead “WP2: INCIDENTRON Requirements Analysis and Incident Reporting Architecture and Framework Design” by conducting in-depth requirement analysis on incident reporting solutions and challenges as well as design and deliver a methodological framework and a set of best practices for optimized incident reporting framework.  ITML will also lead “Task 4.4: Methodology for responsible disclosure on PDEs to suppliers and market surveillance authorities” task by facilitating the deployment of a thorough methodological framework that will support Responsible Disclosure on PDEs to suppliers and market surveillance authorities. It will provide valuable contribution to the rest of technical work packages (WP3, WP4 and WP5) and actively participate and promote the project’s dissemination and communication activities.