SciTransfer
THREAT-ARREST · Project

Cybersecurity Training Platform That Simulates Real Attacks on Your Systems

digitalPilotedTRL 7
threat-arrest.eu

Imagine a flight simulator, but instead of training pilots, it trains your IT security team to handle cyberattacks. The platform creates realistic copies of your actual systems — power grids, hospital networks, shipping controls — and throws simulated attacks at them so your people can practice defending without any real risk. It uses serious games and real-time performance tracking to make sure training actually sticks, and it adapts the difficulty based on how well trainees are doing. The whole thing was tested on live systems in three industries: energy, healthcare, and shipping.

By the numbers
16
consortium partners
10
countries represented
11
industry partners in consortium
5
SMEs in consortium
69%
industry partner ratio
58
total project deliverables
22
demo deliverables with working tools
3
pilot sectors validated (energy, healthcare, shipping)
TRL-7
target technology readiness level
The business problem

What needed solving

Cyberattacks on critical infrastructure — energy grids, hospitals, shipping systems — are growing more sophisticated, but training security teams on live systems is dangerous and impractical. Most cybersecurity training relies on generic scenarios disconnected from the actual systems being defended, leaving teams underprepared when real attacks hit. Organizations need a way to train their people on realistic replicas of their own infrastructure without risking downtime or data loss.

The solution

What was built

A fully integrated cybersecurity training platform combining emulation, simulation, serious games, and visualization tools — validated at TRL-7. Key deliverables include: a final integrated platform prototype connected to real systems, synthetic event log generators, real-time trainee performance assessment tools, emulated and simulated component generators, serious games for engagement, CTTP (Cyber Threat and Training Preparation) model specification and adaptation tools, and visualization dashboards — 58 deliverables in total with 22 demonstrable tool modules.

Audience

Who needs this

Critical infrastructure operators (energy, water, transport) with mandatory cybersecurity training requirementsHospital networks and health IT departments facing ransomware and data breach threatsShipping companies and port authorities needing to secure vessel control and logistics systemsCybersecurity training providers looking to offer sector-specific simulation-based coursesLarge enterprises with in-house SOC teams needing realistic attack drill capabilities
Business applications

Who can put this to work

Energy & Utilities
enterprise
Target: Power grid operators and smart energy providers

If you are a smart energy provider dealing with rising cyber threats to your grid infrastructure — this project developed a training platform tested at TRL-7 on real smart energy systems that lets your security team practice defending against attacks in a simulated copy of your actual grid, with real-time performance tracking across 22 demonstrable tool modules. The platform adapts training programs based on individual performance.

Healthcare
enterprise
Target: Hospital networks and health IT providers

If you are a hospital network worried about ransomware and patient data breaches — this project built and piloted a cybersecurity training system on real healthcare infrastructure that combines emulation, simulation, and serious games to prepare your staff for advanced attacks. With 16 consortium partners across 10 countries contributing expertise, the platform covers everything from attack detection to incident response.

Maritime & Shipping
mid-size
Target: Shipping companies and port authorities

If you are a shipping company facing increasingly sophisticated cyber threats to your vessel and port systems — this project delivered a fully integrated training platform validated on real shipping cyber systems. It includes tools for generating realistic attack scenarios, monitoring trainee responses in real time, and automatically adjusting training difficulty, all backed by 58 project deliverables covering every component.

Frequently asked

Quick answers

What would this cost to implement?

Budget details are not available in the dataset. However, as an Innovation Action with 16 partners across 10 countries and 11 industry participants, this was a substantial EU investment. Licensing or deployment costs would need to be discussed directly with the consortium.

Can this scale to our organization size?

The platform was designed with a model-driven approach, meaning training programs are generated from threat models rather than manually built. This makes it adaptable to different organization sizes and sectors — it was validated across three different industries (smart energy, healthcare, shipping) with different infrastructure scales.

What about IP and licensing?

With 11 industry partners and 5 SMEs in the consortium, IP is likely distributed among multiple parties. The project website (threat-arrest.eu) and the coordinator FORTH in Greece would be the starting points for licensing discussions.

How does this integrate with our existing security tools?

The platform was built with interoperability in mind — 22 demo deliverables include dedicated IO modules, interoperability modules, and interlinking mechanisms for connecting emulated and simulated components. The final prototype was inter-connected with real cyber systems in the three pilot sectors.

Is there regulatory compliance value?

NIS2 Directive and sector-specific regulations increasingly require documented cybersecurity training. A platform validated at TRL-7 on real systems in energy, healthcare, and shipping provides evidence-based training records. The project also evaluated its approach from legal and business perspectives.

What is the technology readiness level?

The objective explicitly states TRL-7 validation — a prototype demonstrated in an operational environment. The project delivered both initial and final integrated platform prototypes, tested on real cyber systems across three pilot industries.

Does this include ongoing support or updates?

Based on available project data, the project ended in August 2021. Ongoing support would depend on which consortium partners have commercialized their components. The 5 SMEs in the consortium are the most likely candidates for continued product development and support.

Consortium

Who built it

This is a strong, industry-heavy consortium with 16 partners across 10 countries and a 69% industry ratio — well above average for EU projects. The 11 industry partners and 5 SMEs signal serious commercial intent, not just academic research. Coordinated by FORTH (Foundation for Research and Technology - Hellas) in Greece, the consortium spans Switzerland, Cyprus, Czech Republic, Germany, Greece, Spain, Ireland, Israel, Italy, and the UK — giving it broad European market access. The mix of 2 universities providing research depth and 11 industry players building deployable tools makes this a credible candidate for commercialization.

How to reach the team

Coordinator is FORTH (Idryma Technologias kai Erevnas) in Greece. Use SciTransfer's coordinator lookup service to get the right contact.

Order a report on this consortiumSee IDRYMA TECHNOLOGIAS KAI EREVNAS profile →
Next steps

Talk to the team behind this work.

Want to explore how THREAT-ARREST's cybersecurity training platform could work for your organization? SciTransfer can connect you directly with the development team and help assess fit for your sector.

Order a report on this topicMore in Digital & ICT
More in Digital & ICT
See all Digital & ICT projects
Affordable Satellite Communication Modules That Give SMEs Direct Access to Space Data
InnoSpaceComm
Open →
Home Dining Marketplace Connecting Travelers with Local Hosts Across Europe
ECINPERSON
Open →
AI-Powered 3D Art Creation That Cuts Production Time for Game and Film Studios
ArtomatixSuite
Open →