SOC4Health project

Résumé
The SOC4Health project has the objective of strengthening the detection of cyberthreats by public healthcare organizations (HCO) and most notably Public University Hospitals by providing an interconnected infrastructure for sharing threat intelligence and data as well as producing a Security Operation Center toolkit that could be used by other public European HCOs wishing to deploy or develop their own internal or hybrid SOC.

The project aims to contribute at fulfilling the objective to support the creation and strengthening cyber detection capacity in the Healthcare sector by facilitating the creation and strengthening of Security Operation Centers.

The project is built on two separate but complementary initiatives:

  1. A Security Operation Center (SOC) development toolkit dedicated to public HCO that would include :
    • A complete set of documentation to set-up and operate an internal or hybrid Security Operation Center :
      • A configuration guide that will suggest a technical architecture for gathering and investigating security alerts and suspicious events 
      • A set of detection rules and sources of detection rules written in a vendor-neutral language (e.g. SIGMA, YARA…)
      • A set of procedures on how to operate a SOC in a hospital environment
    • This toolkit will be based on real-life experience of the HCL’s own SOC and will not be a theoretical toolkit. The HCL SOC will invest time and resources to write and validate the content of the toolkit by testing it in real conditions and will ensure that only realistic and efficient content is provided in the toolkit and that this toolkit is relevant to the specifics of public HCOs.

       
  2.  An infrastructure to contextualise, enhance and share cyberthreat intelligence amongst public HCOs. 
    • This infrastructure will be based on standard protocols (e.g. STIX) that will allow interconnection with other cyber intelligence infrastructure (existing or to be).
    • The HCL will both allow for partners HCOs to directly use its infrastructure (within to-be-defined volume limits) and will allow other HCOs to interconnect with it using their own cyber intelligence infrastructure providing that the latter follows standard cyber intelligence sharing standards
    • This will give the capability to small HCOs to have access to a repository where then can share and consume cyberthreat intelligence material while enabling more advanced actors to add another source of cyber intelligence material to their arsenal.
    • The design of the infrastructure will also be available to regional, national and European partners of the HCL (it will not be publicly available for security reason) but could be made available to other eligible entities so that it can be reproduced by others if need be.

Time plan

Document
planning SOC4HEALTH.pdf31.75 Ko

Eligible entities

The SOC4HEALTH datasharing infrastructure and toolkit is accessible – Free of Charge - to entities that are either:

-    A UE Member State Healthcare public entity (i.e. state funded) such as a public hospital

-    A Healthcare non-profit organization based in a UE Member State for which owners are also based in a UE Member

-    A company fully-owned and controlled by a UE Member State or by a public entity of a UE Member State

-    A Health Agency of an EU Member State or of the European Union

-    A Cybersecurity Agency of an EU Member State or of the European Union



Contact

•    Email : soc4health [at] chu-lyon.fr

•    PGP Key : F0D2ACD6F8BF7CE562E0052EA1B1D31541B8A1E2

Ressources and Dissemination

SOC4HEALTH Channel on Tchap (access by invitation only and restricted to eligible partners) : https://www.tchap.gouv.fr/

Github Repo (access by invitation only and restricted to eligible partners) : https://github.com/SOC-HCL/SOC4HEALTH 

News

  • 17/04/2024 Présentation du projet au groupe européen de cybersécurité en Santé (EH-ISAC)
    • Presentation of the project during an ECCC meeting in July 2024 in Brussels
    • Invited by the ECC to talk about the Grant Agreement process & the SOC4HEALTH project team experience
Image
  • 19/11/2024 Presentation of the project to the Auvergne Rhône-Alpes Regional Cybersecurity for Health working group
    • About 50 participants from the Auvergne Rhone Alpes French Region
    • 30 minutes presentation of the project, via a PowerPoint presentation that was then provided to all the participants at the end of the working group along with the rest of the day’s presentations. The presentation was in French.
    • Global feedback post presentation was positive and participants found the project interesting. 

       
  • 25/03/2025 Présentation de l’avancement du projet au groupe européen de cybersécurité en Santé (EH-ISAC)
    • About 20 participants from European Hospital or Health Agencies
    • 30 minutes presentation of the project, via a PowerPoint presentation that was then provided to all the participants at the end of the working group along with the rest of the day’s presentations. The presentation was in English
    • Global feedback post presentation was positive – Several members of the EH-ISAC have joined the SOC4HEALTH Project as Advisory Board members or Beta-testers

       
  • June 2025: First version of the datasharing infrastructure is live ! Members can now join it as part of its beta-testing

Next milestones

  • T4 2025: Release of the first version of the toolkit (Beta version)

     
Voir aussi
Dernière mise à jour le :
Blocs libres

  

Image
Logo HCL et SOC4Health
Logo du projet SOC4Health
Co-funded by the European Union and the ECC

  

Image
Logo Co-funded bu ther European Union

 

Image
ECCC logo

 

Voir aussi