- CACAO v3.0: Enhancing Interoperable Cybersecurity Playbooks for EU-wide Response
Cybersecurity/Network and Information security
The development of CACAO v3.0 directly benefits European SMEs by reducing technical and financial barriers to adopting advanced cybersecurity practices. The standard’s open and vendor-neutral design allows smaller organizations to integrate automated playbooks into their operations without relying on costly, proprietary tools. This strengthens their incident response capabilities and helps them meet the security and reporting obligations set out in the NIS2 Directive and the Cyber Solidarity Act. Beyond SMEs, CACAO v3.0 enhances resilience across European digital infrastructure by enabling harmonized, machine-readable playbooks that support faster, coordinated responses to incidents affecting critical services such as energy, healthcare, and public administration.
The fellowship directly supports Europe’s goals for cyber resilience, digital sovereignty, and trust in critical infrastructure. By improving CACAO’s technical maturity and usability, the work enables more organizations—especially SMEs and public-sector entities—to adopt standardized, automated cybersecurity playbooks without reliance on proprietary technologies. The resulting CACAO v3.0, with better schematics and semantics specification, offers easier, more coordinated responses to cyber incidents, reducing disruption to essential services such as healthcare, energy, and transport. It also reinforces cross-border cooperation and preparedness through machine-readable, reusable response procedures, enabling Member States and operators of essential services to collaborate under shared frameworks like NIS2 and the Cyber Solidarity Act. Ultimately, this work enhances Europe’s capacity to defend against complex threats while fostering open collaboration, transparency, and interoperability—key enablers of a secure and digitally independent European society
Value of Research
The fellowship addressed key limitations found in version 2.0 of the OASIS Collaborative Automated Course of Action Operations (CACAO) standard. While CACAO v2.0 introduced the first machine-readable format for cybersecurity playbooks, real-world use revealed gaps that limited interoperability and automation. The most critical issues included ambiguous schema elements, unclear execution semantics, and limited support for graphical and modular representations needed to visualize and exchange playbooks. From a European standpoint, these shortcomings directly affected operations.
