On May 28, CyberNEMO partners (Synelixis, Maggioli and Netcompany) attended and participated in the joint webinar “North America, Japan and Europe: Ensuring Trust in Global Energy Infrastructure”, organised by the European Energy Information Sharing and Analysis Centre (EE-ISAC), the Japanese ISAC (JE-ISAC), and the North American E-ISAC.

Aspects related to trust, threat intelligence sharing, and operational coordination were discussed. The webinar covered the current state and future direction of Cyber Threat Intelligence (CTI) sharing among ISACs and their members. The necessity for anonymisation, the adoption of TLP classification levels, the automation based on APIs and the role of STIX for structured threat information have been presented and discussed. The increasing presence of AI-driven threat campaigns and AI tools for in-depth threat analysis were also pointed out, while a challenging point has been the one-way incident reporting practices and the still-evolving automation of information flows between operators, C-SIRTs, ENISA, and ISACs.

CyberNEMO project coordinator discussed with EE-ISAC representative Thomas Krauhausen (https://www.ee-isac.eu/who-we-are/) on the information flow from an energy operator, through C-SIRT, ENISA, and ISAC structures, to other EU operators and the role of STIX to enable automation that accelerates NIS2-mandated steps while enriching the semantic quality of shared data. The discussion confirmed that STIX-based automation remains a priority direction.

The presentations and discussions validated pillars of the SAAM platform currently under development within CyberNEMO. The challenges reported by ISAC practitioners, fragmented communication flows, limited automation are aligned with SAAM objectives.