The Leuven-based organization LSEC is leading a new European project that aims to streamline cyber incident reporting for organizations across Europe.
LSEC will coordinate a new EU project for cyber incident reporting. It involves Incidentron: software that helps organizations understand which incidents they need to report and how. This should streamline incident reporting, which in turn can simplify the response from competent authorities.
LSEC (Leaders In Security) is a Belgian non-profit organization focused on information security and cybersecurity. The organization connects security experts and was founded by KU Leuven, with support from VLAIO, Horizon Europe and DIGITAL Europe.
Overview
Incidentron fits within the multitude of European regulations such as NIS2, DORA, GDPR, CER and the Cyber Resilience Act. These impose strict reporting obligations on organizations for cyber incidents. These obligations often differ per member state and per sector, and must be complied with within short deadlines.
read also
1 Year NIS2: where Do We Stand in Belgium?
Within the Incidentron project, the partners are developing a framework and an open source software tool that helps organizations quickly determine what they need to report, to whom and within what timeframe. The system takes into account sectoral requirements, national interpretations and different reporting criteria. This way, the parties behind Incidentron want to avoid duplication and confusion, especially in cases where incidents need to be reported in multiple countries simultaneously.
“The common framework we are developing with Incidentron will coordinate the European incident reporting process between reporting organizations, national authorities, cross-border networks and service providers,” says Ulrich Seldeslachts from project coordinator LSEC. “It will help handle small and large incidents more efficiently and better align overarching European legislation with different sectors.”
Simplified reporting
The project provides for integration with existing tools and will also be usable for external service providers that support organizations’ cybersecurity management. By working with standardized data structures and predefined reporting fields, the project aims to reduce the administrative workload of incident reporting.
Additionally, the project provides for the development of training materials and scenarios with which organizations can practice their reporting procedures. This preparation should reduce the chance of errors or delays during real incidents.
Incidentron is part of the European Commission’s Digital Europe Programme and receives funding from it. The VUB AI Lab provides AI capabilities for the project. The consortium further consists of partners from various EU member states. A commercial version of the software will follow at a later stage. It will run for three years.