Cyber Security Incident Handling, Warning and Response System for the European Critical Infrastructures


Critical Information Infrastructures (CIIs) rely on complex and robust ICT systems and infrastructures to achieve flexibility, scalability, and operational efficiency for the communication and coordination of advanced services. However, these systems are increasingly susceptible to the advanced and sophisticated activities of hackers and other perpetrators of cyber-related crime.


What problem is the project is addressing?

CyberSANE is an EU-funded project with the goal of developing an innovative and novel system to safeguard Critical Information Infrastructures (CIIs) from cybercriminals. The project is designed to address existing threats that could potentially impact the operations of infrastructures related to healthcare, energy, and transportation.

How is it solving the problem?

CyberSANE is developing a cutting-edge solution to enhance the detection and analysis of cyber-attacks and threats targeting Critical Information Infrastructures (CIIs). The project aims to advance the understanding of the current cyber threat landscape. Additionally, CyberSANE seeks to support human operators by enhancing preparedness, fostering cooperation among CII operators, and facilitating the adoption of appropriate measures to manage security risks, report incidents, and handle security incidents.

In this project, our focus is on the development of the DarkNet component, a software solution dedicated to searching and analysing communications among threat actors within dark web communities. Our project also includes automatic monitoring and aggregating of unstructured data from media articles, blog posts, and social media. CyberSANE enables cross-lingual analysis of the gathered content and provides business intelligence. This functionality aids end users in obtaining a comprehensive overview of global cybercrime and cybersecurity activities, contributing to heightened awareness of cyber incidents.

What is the logic of the data in the project?

CyberSANE platform utilises various data sources. The DarkNet component of the project is specifically designed for automatic collection, analysis and visualisation of unstructured data in different languages.

Who are the partners and what data are they providing?

The primary source of data is collected through our own tools. The DarkNet component acquires data by crawling the dark web, media articles, blog posts, and social media platforms. The data gathered from these sources forms a crucial foundation for the project’s efforts in enhancing cybersecurity and understanding the evolving landscape of cyber threats.

Tangible results

The CyberSANE Platform is currently undergoing active development and is slated for testing and validation through a series of large-scale pilots. These pilots will specifically address the requirements of Critical Information Infrastructures (CIIs) in the domains of maritime transport, healthcare, and energy.


International Research Centre
on Artificial Intelligence (IRCAI)
under the auspices of UNESCO 

Jožef Stefan Institute
Jamova cesta 39
SI-1000 Ljubljana


The designations employed and the presentation of material throughout this website do not imply the expression of any opinion whatsoever on the part of UNESCO concerning the legal status of any country, territory, city or area of its authorities, or concerning the delimitation of its frontiers or boundaries.

Design by Ana Fabjan