Enhancing Cybersecurity Services for the Luxembourgish Research and Education community (LuCySe4RE)

Challenges

Attacks on IT systems, data breaches and the manipulation of information are only some of the IT security events that companies and institutions need to guard against in the digital sphere. If such events are not detected, analysed and resolved, they can compromise infrastructures, systems and data. To address this problem, integrating an IT system managing security event right at the heart of companies and institutions is a formidable weapon.

In Luxembourg, IT security services have been set up specifically for research and education institutions in Luxembourg, as well as in the health, culture and national administration sectors. These services are provided by the Restena Foundation. As part of this mission, Restena observed a very uneven level of maturity in terms of awareness and preparation for IT security. Therefore, it is essential to improve the level of security in research and education institutions, and to prepare them to meet their protection needs

Ambition

With LuCySe4RE, Restena intends to set up a security event management platform dedicated to institutions in the research and education community in Luxembourg. Each institution will feed the platform with the IT security events it encounters. The Restena's Computer Security Incident Response Team (CSIRT) will then analyse those shared events. The CSIRT will then be able to inform all its constituents in real time about best practices and the appropriate countermeasures to be implemented to deal with events and protect themselves as effectively as possible. Ultimately, the platform will enhance the catalogue of so-called proactive services, i.e. services designed to prevent incidents and reduce their impact when they arise.

The project team also intends to pave the way for the Luxembourg research and education institutions to comply with new European directives, such as the Cyber Resilience Act (CRA), Critical Entities' Resilience (CER) and the Network and Information Systems Security 2 Act (NIS 2), which will be an asset for the sector. To this end, the level of security preparation of the sector's institutions will be assessed. A maturity model developed at the European level and tailored to the specific needs of the research and education sectors will be used. Known as the Security Maturity Model for NRENs, this model, which has been tried and tested in several countries, has been set up by the European association GÉANT, specifically for National Research and Education Networks (NRENs), represented in Luxembourg by the Restena Foundation.

In addition to IT teams, the project team aims to raise awareness among all staff, researchers and students in research and education institutions of the relevant threats, measures and tools in the cybersecurity area. Awareness-raising and prevention materials, training courses and conferences on IT security issues will be set up.

Implication

Restena is the initiator and manager of the project. Throughout the project, use cases will be set up and tested with institutions representing the research and education community, namely the University of Luxembourg, the Centre de gestion informatique de l'éducation (CGIE) and the Luxembourg Institute of Health (LIH).