The outbreak of the war in Ukraine in 2022 brought heightened cyber threats to Ukraine's allies. As a result, many European countries began rethinking their cyber defenses.
Belgium was one of them, with the country’s Prime Minister, Alexander De Croo, launching a new project aimed at strengthening national cyber defenses and leveling up the government’s cyber support to Belgian organizations in 2022.
This initiative, called the Leonidas project, was entrusted to the country’s national cyber agency, the Centre for Cybersecurity Belgium (CCB), and its Cyber Threat Research and Intelligence Sharing (CyTRIS).
During Recorded Future’s Predict 2024 event in London, Sandro Manzo, a team leader at CyTRIS, shared how this initiative has boosted Belgium’s national cyber resilience.
Decoding the CCB’s ‘Spear Warning’ Strategy
Before sharing details about the Leonidas project, Manzo described the CCB-run service that the project relies on, known as the ‘Spear Warning’ service.
Spear Warning is a proactive cyber defense strategy developed by the CCB, in which the agency directly informs each vulnerable organization in Belgium about any critical cyber issue it experiences.
“Our goal with our Spear Warning tactic is to make sure that whoever received the phishing email or clicked the malicious link understands exactly what they need to do,” Manzo continued.
Every other week, staff members from the CCB run a meeting to define which exploited vulnerabilities, credential leaks, potential pre-ransomware malicious activity or any cyber issues to prioritize over the next two weeks. The CCB then collects information about these issues, both internally and with external partners, including in the private sector.
Read more: Beyond Disclosure – Transforming Vulnerability Data Into Actionable Security
When the CCB detects a new cyber threat it considers a priority, it notifies the vulnerable organization through one of three channels: an email, a physical letter to the leadership team or the CEO and/or a phone call.
“You might think it is an aggressive approach and that security leaders don’t take it well that we contact their CEO, but actually, many system administrators thanked us for contacting their CEO, saying it helped them convince their leadership team about how crucial it was to patch the system quickly,” Manzo added.
The CCB also provides each Spear Warning beneficiary access to a personalized dashboard to track the issues they need to solve in priority.
Unpacking the Leonidas Project
In 2022, the outbreak of the war in Ukraine prompted Belgium’s Prime Minister Alexander De Croo to launch a cyber protection project.
“The project had to be 100% related to the war in Ukraine and the PM wanted us to start quickly,” said Manzo.
The CCB developed the Leonidas project in collaboration with law enforcement agencies, other national computer security and response teams (CSIRTs) and private cybersecurity providers like Recorded Future and Arctic Security.
The project pursues several objectives, including:
- Protecting Belgian companies against targeted cyber-attacks
- Protecting Belgian organizations against distributed denial-of-service (DDoS) attacks performed by Russian-aligned hacktivists
- Following the geopolitical situation in Ukraine
- Keeping an eye on dark web activity
The project is made up of several pillars:
- A national vulnerability management project based on the CCB’s Spear Warning service
- A national attack service management project
- An anti-DDoS feature
- Geopolitical monitoring
- Dark web monitoring
- Threat landscape reporting
“As part of the Leonidas project, we scan vulnerabilities every other week until we have a success rate of them being patched across Belgian organizations of 75%,” Manzo added.
The CCB sends thousands of Spear Warnings each year, with 16,000 single warnings in 2024 alone. The agency has seen a drop in the number of Belgium-based hosts vulnerable to critical vulnerabilities since the project started.
Lessons Learned from the Leonidas Experience
Manzo shared lessons he and the CCB learned from over two years of running the Leonidas project and Speak Warnings effort.
“The main takeaway for me is that the public and private sectors might seem different, but they have a lot in common,” he said. “They share a common enemy and a common. Working together increases our impact.”
He emphasized the role of private companies in quickly building a framework for the Leonidas project, as the Belgian Prime Minister requested, and in delivering rapidly actionable results, “when processes can take a long time in the public sector.”
Read more: Behind the Jersey Cyber Security Centre's Proactive Cyber Defense Mission