building cyber bridges

about

The European Union External Cyber Capacity Building Network – or the EU CyberNet, in short, is a project led by the Estonian Information System Authority (RIA) in a consortium with authorities from Germany and Luxembourg that aims to create a network of cyber experts and establish a community of stakeholders.

The online presence of EU CyberNet consists of two key components. First, there is their website (read more here), which serves as the primary interface for users. Second, there is a technical platform called CynAct designed explicitly for member experts and stakeholders. CynAct is a hub where individuals can exchange valuable information, share experiences, and contribute knowledge through Calls for Action (CFAs or missions). These missions aim to enhance cyber capacity-building in partner countries.

In a nutshell, EU CyberNet brings together experts and stakeholders from across Europe to collaborate and support cyber capacity-building initiatives. Their website and the CynAct platform are crucial in facilitating communication, knowledge sharing, and collaborative efforts in this domain.

concept

CynAct aims to provide a collaboration platform that even cybersecurity professionals can trust and use comfortably.

At the heart of CynAct are the Calls for Action (CFAs), which are posted by stakeholders for various cybersecurity activities such as advisory missions, meetings, trainings, conferences, peer reviews, etc. The platform also features a unique classification system for cybersecurity skills, allowing for better matching of experts to the CFAs posted by stakeholders. Additionally, experts and stakeholders can easily update their profiles and access a comprehensive list of all CFAs available in the community.

In a nutshell, CynAct’s idea was to foster a supportive and inclusive atmosphere for cybersecurity professionals to collaborate, share knowledge, and contribute to the field without unnecessary formality.

PROcess

Our mission was executed in two separate phases over 2021 (CynAct MVP) and 2022 (CynAct 2.0).

Initially, our goal was to develop a CynAct MVP solution for the technical platform, which would support essential functions such as access to the cyber security collaboration network and the chance to browse CFAs posted by member stakeholders. The platform enables members to log in to manage their profiles, and either list Calls for Actions or express interest in them.

In the second phase, CynAct 2.0, we built upon the existing system by adding new functionalities. One significant addition was the implementation of an automatic notification system to update members about various updates. Furthermore, we improved the process of creating Calls for Actions by enhancing the UX/UI, and implemented an algorithm to suggest pre-matched connections between stakeholders and cyber experts based on their CFA needs and expert profiles.

In both, CynAct MVP and CynAct 2.0, our front-end and back-end development processes followed the RIA’s strict rules for cybersecurity with extensive penetration testing. The system uses Laravel API and ElasticSearch integrations to support critical business functions. Agile development methodologies were employed, ensuring continuous collaboration with RIA.

Similar to the public website, the technical platform had two production environments. To the outside world, the public view appeared as a static mirror of the dynamic site created by administrators within the internal network. This approach minimized potential security vulnerabilities in the Content Management System.

Additionally, there are separate authenticated views for stakeholders and cyber experts, allowing them to navigate between creating CFAs, applying to participate in them, or inviting participants.

Overall, the development process of CynAct aimed to create an effective and user-friendly platform while prioritizing cybersecurity and maintaining close collaboration with stakeholders and experts.