A Technical Platform for Cybersecurity Experts and Stakeholders – CynAct

About

The European Union External Cyber Capacity Building Network – or the EU CyberNet, in short, is a project led by the Estonian Information System Authority (RIA) in a consortium with authorities from Germany and Luxembourg that aims to create a network of cyber experts and establish a community of stakeholders.

EU CyberNet’s online presence combines two things: the first and most visible part is their website (read more here ), and the second is their technical platform called CynAct for member experts and stakeholders. CynAct acts as a platform where information, experiences, and knowledge can be exchanged through Calls for Action (CFAs or missions) for the benefit of cyber capacity building in partner countries.

The idea

The idea for the platform was to create a collaboration network for cybersecurity experts and stakeholders and to make it secure enough for even them to use it.

The main features of CynAct, the Calls for Action (CFAs), are published by the stakeholders for various cybersecurity advisory missions, meetings, trainings, conferences, peer-reviews, etc. The CynAct platform also includes a unique classification of cybersecurity skills to best match experts to the calls for action by stakeholders. Experts and stakeholders can also update their profiles and see all CFAs listed in the community.

Process

Our mission was executed in two separate phases over 2021 (CynAct MVP) and 2022 (CynAct 2.0).

The initial goal was to create a CynAct MVP solution for the technical platform, which would support critical functions such as joining the network and browsing all relevant calls for actions listed by member stakeholders. The platform allows members to log in to manage their profile and either list calls for actions or show interest in them. 

The second phase goal (CynAct 2.0) was to build on top of the same system by adding some new functionalities. One of the bigger additions was creating an automatic notification system for members about different updates. What is more, we improved the process of creating CFAs by making the UI/UX easier to use and by applying an algorithm to create pre-matched suggestions between stakeholders and cyber experts based on the CFA needs and expert profiles.

The whole CynAct creation process followed similar principles as the  EU CyberNet’s website. In the CynAct MVP design phase, we started with the UX/UI, during which we interviewed stakeholders and experts to find out about their expectations and goals for the platform. We followed the process of mapping and designing the user journeys based on the feedback we got in the analysis phase. In the CynAct 2.0 phase, we used a similar flow of creating and collaborating with RIA.

For the development part in both CynAct MVP and CynAct 2.0, our front-end and back-end development process followed the RIA’s strict rules for cybersecurity with extensive penetration testing. The system uses Laravel API and ElasticSearch integrations to support the critical business functions. Everything was implemented through agile development and close collaboration with RIA.

Similar to the public website, the technical platform has two production environments – to the outside world, the public view for members is a static mirror of a dynamic site created by administrators in the internal network. In this way, all the potential security vulnerabilities in the Content Management System have been minimized.

In addition to this, there are separate authenticated views for stakeholders and cyber experts where they can navigate between creating CFAs, applying to participate in them, or inviting participants.

NB! Some parts of the images have been blurred for confidentiality reasons.