research trends in europe - iscom · research trends in europe european cyber security organisation...

Research Trends in EuropeEuropean Cyber Security Organisation (ECSO)

contractual PPP on cybersecurity

Fabio Martinelli

(National Research Council of Italy)

ECSO-WG6 SRIA co-chair

About me• Fabio Martinelli is a research director of the Italian

National Research Council (CNR) where He is referentfor cyber security activities. His main research interestsinvolve security and privacy in cyber-physical systemsand foundations of security and trust. He usuallymanages R&D projects on information andcommunication security and in particular, He is currentlythe Project Coordinator of the EU Network on CyberSecurity (NeCS) and of the Collaborative informationsharing and analytics for cyber protection (C3ISP)project. He also serves as expert in the H2020Protection and Security Advisory Group (PASAG) andacts as First director in the Board of the European CyberSecurity Organization (ECSO). He is also member of theItalian Committee for Cyber Security Research (as CNRsecurity expert).

Outline

• ECSO cPPP

• ECSO WG6 SRIA

• Research topics for WP17-20

• Next visions

AIM1. Foster cooperation between public and private actors at early stages of the research and

innovation process in order to allow people in Europe to access innovative and trustworthyEuropean solutions (ICT products, services and software). These solutions take intoconsideration fundamental rights, such as the right for privacy.

2. Stimulate cybersecurity industry, by helping align the demand and supply sectors to allowindustry to elicit future requirements from end-users, as well as sectors that are importantcustomers of cybersecurity solutions (e.g. energy, health, transport, finance).

3. Coordinate digital security industrial resources in Europe.

LINKING RESEARCH AND CYBERSECURITY INDUSTRIAL POLICY1. The cPPP will focus on R&I, developing a SRIA ( Strategic Research and Innovation Agenda).

2. The ECSO Association will tackle other industry policy aspects.

3. ECSO supports the development of the European cybersecurity industry.

ABOUT THE CYBERSECURITY cPPP

BUDGET: 1. The EC will invest up to €450 million in this partnership, under its research and innovation

programme Horizon 2020 for the 2017-2020 calls (4 years).2. Cybersecurity market players are expected to invest €1350 million three times more (€1350

million: leverage factor = 3) for a total of €1800 million

REFERENCE DOCUMENTS 1. Industry proposal2. Strategic Research and Innovation Agenda (SRIA) proposal

ABOUT THE CYBERSECURITY cPPP

INDUSTRY PROPOSAL

Identifies industrial operational and strategic objectives

1. Protection of critical infrastructures from cyber threats.

2. Use of massive data collection to increase overall security.

3. Increased European digital autonomy.

4. Security and trust of the whole supply chain

5. Investments in areas where Europe has a clear leadership.

6. Leveraging upon the potential of SMEs.

7. Increase competitiveness.

ECSO: A UNIQUE PPP ASSOCIATION20

Security is a national prerogative.

Stronger participation in ECSO of representatives from the national administrations, also atdecision making level.

Interest from national Public Administrations: Representatives to the two ProgrammeCommittees + Ministries (Interior, Economy, etc.) + Regulatory Bodies + Public users.

Participation in Working Groups & Task Forces to bring a governmental perspective andoperational needs from the public administrations.

NAPAC : A National Public Authority representatives Committee (NAPAC), instead of traditional“mirror groups”.

ECSO membership overview

• Associations : 22

• Large companies and users: 70

• Public Administrations: 20 (+1)

AT, BE, CY, CZ, DE, EE, ES, FI, FR, IT, SK, FI, NL, NO, PL,UK, BG, SE, GR (+RO)

observers at NAPAC (DK, HU, IE, LT, LU, LV, PT, SI,MT, …)

• Regional clusters: 6

• RTO/Universities: 66 (+1)

• SMEs: 50 (+5)

AUSTRIA 7 ITALY 26

BELGIUM 13 LATVIA 1

BE - EU ASSOCIATIONS 9 LITHUANIA 1BULGARIA 2 LUXEMBOURG 4

CYPRUS 56 NORWAY 4CZECH REP. 3 POLAND 5DENMARK 5 PORTUGAL 2ESTONIA 7 ROMANIA 2FINLAND 8 SLOVAKIA 2

SLOVENIA 1FRANCE 26 SPAIN 32

GERMANY 24 SWEDEN 3GREECE 5 SWITZERLAND 6

HUNGARY 3 THE NETHERLANDS 17IRELAND 3 TURKEY 4ISRAEL 2 UNITED KINGDOM 8

132 founding members: now we are 241 organisations from 28 countries and counting

917 October 2018 Workshop on Resilient Manufacturing Environments

WORKING GROUPS & TASK FORCES

WG 1StandardisationCertification /

Labelling / Supply Chain Management

WG 2Market development /

Investments

WG 3Sectoral demand

(vertical market applications)

WG 4Support SME, coordination with countries (in particular

East EU) and regions

WG 5Education, training,

awareness, exercises

WG 6SRIA

Technical areasProducts

Services areas

Global overview of WGs activities

– WG1 (standards / certification / label / trusted supply chain): Initial suggestions were delivered to the European Commission with aplan of activities (continuous interactions at the technical level). State Of The Art (SOTA) document comprising an overview of existingcybersecurity standards and certification schemes relevant for the activities of WG1, and document analyzing the challenges and gapsrelevant for the industrial sector. Next steps: start discussions on standards in preparation of the CEN/CENELEC workshop andcooperation with ETSI.

– WG2 (market/ funds/ cPPP monitoring): WGstarted March 2017. Initial internal work on business models and funding programmes.

– WG3 (verticals: Industry 4.0; Energy; Transport; Finance / Bank; Public Admin / eGov; Health; Smart Cities): Priority and objectivesunder detailed definition with users: state of the art deliverable (Del 1) setting out key requirements, issues, threats for each vertical,leading to enablement needs. Last WG meeting on February 9th. Meetings on specific sectors (e.g. WG 3.2 on energy & smart grids withDG ENER and DG CNECT on February 8th; WG 3.3 on transport on February 10th

– WG4 (SMEs, Regions, East EU): Meeting on Regional aspects with "Regions" (ECSO members and beyond) on March 7th. Discussion onother forms of support to SMEs other than R&D (e.g. EU regional funds).

– WG5 (education, training, awareness, cyber ranges…): One of the main priorities for MT and EE Presidency of the EU in 2017. Nextmeeting on March 17th in Tallinn for SWG 5.1 on ‘cyber range environments and technical exercises’.

– WG6 (SRIA): SRIA delivered to the Commission and widely used in WP17-20. Contacts with other PPPs and similar EU activities (5G, IoT,Big Data, Smart Cities, Photonics, Robotics, etc..) going to be started to coordinate objectives.

2018: Cybersecurity has become a major global issue

• Cybersecurity is a growing issue at political (elections), societal (social media / privacy) and economic (digitalisationof the industry – Industry 4.0) level

• Cybersecurity is a global issue: cyber threats hit at local / regional / local / international level

• Digitalisation (including the massive introduction of IoT and IIoT, and autonomous decisions) is still a phenomenonnot well understood by the industrial sector (and in particular by SMEs): security of a digitalised society will be achallenge!

• IT (Information Technology) and OT (Operational Technology) are increasingly closer and interacting (cyber-physicalsystems) higher cyber resilience should be provided: optimisation needed, both to avoid vulnerabilities (lack ofsecurity of data for control of manufacturing operation can have disruptive impacts) and for reducing costs

• Current situation sees the use (when possible) of solutions / patches validated / certified wrt the presentunderstanding of threats, but threats are continuously evolvingwe need flexibility and scalability of systems

• Risk management is still a challenge to be correctly implemented in an industrial cycle, while considering potentialdisruptions and impact of cyber attacks

• Awareness is still limited in all kind of stakeholders

• The figure of CISO (Chief Information Security Officers) is increasing in companies, but CISOs still don’t get sufficientattention from companies’ Management Board and get adequate risk management measures implemented


4

ECSO vision for the development of aEuropean cybersecurity ecosystem

ECSO definition of EU Cybersecurity

European Cybersecurity is our common science, knowledge, trustworthy processes, products, services andinfrastructures to protect (in a sustainable way) our nations, industries / economies, citizens and institutionsagainst damaging cyber-attacks while respecting our European Values.

ECSO VISION for EU Cybersecurity in 2027

• Europe as global leader in cybersecurity, having developed a comprehensive EU cybersecurity strategy builtupon a “predict-prevention, protection, detection, respond” approach

• Strong, resilient and competitive European industrial (SMEs and European champions) and academic ecosystem

• Cybersecurity recognized as an industrial sector, sustained by an industrial policy for Europe, supported byadequate investments for increased EU competitiveness and digital autonomy

• Cybersecurity solutions effectively deployed at national, regional / local (city) level (driven by smartspecialisation)

• Well informed European citizens and decision makers and highly trained cybersecurity professional workforce


Lesson learnt• Coordination with cPPPs (on specific transversal technologies & verticals) is

important to ensure the SRIA presenting coordinated cyber security strategy in EU• Coordination with the EC Programme Committee and NAPAC R&I Group wrt

internal deadlines is key to guarantee high quality delivered when expected• Development of innovative cybersecurity technologies and validation of the

solutions in key infrastructures and applications

SRIA to identify the research priorities for 2018-2020A strategic vision is needed to demonstrate how industrial priorities contribute to the implementation of the strategy

Analysis of the Work Programme 2018-2020 and continuous advocacy of priorities good match and public & private priorities well aligned

EU Cybersecurity R&I Strategy to build a trustworthy ecosystem

1 European Ecosystem for the Cybersecurity2 Demonstrations for the society, economy, industry and vitalservices3 Collaborative intelligence to manage cyber threats and risks4 Remove trust barriers for data-driven applications and services5 Maintain a secure and trusted infrastructure in the long-term6 Intelligent approaches to eliminate security vulnerabilities insystems, services and applications7 From security components to security services

Continuous support cPPP implementation and H2020 cybersecurity projects

Update of 2020 priorities

ECSO SRIA: Where we started157 members with 250 experts

14

WG6: SRIA -Technical areas, Products, Services areas

Link to EU policiesActivities should be coordinated with the future activities envisaged by the E. Commission as announced in its Communication“Strengthening Europe's Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry”

Objectives

• Coordination of results and expectations from EC R&I projects

• Coordination of cybersecurity activities across cPPPs and EIT

• Support cPPP implementation and H2020 cybersecurity projects

• Detailed suggestions for the WorkProgramme 2018 - 2020 using an updated and focussed SRIA

ECSO STRATEGIC RESEARCH & INNOVATION AGENDA v1.2 cPPP SRIA v1.0 and industry proposal as initial guidelines Available on ECSO website: https://www.ecs-org.eu/documents/publications/59e615c9dd8f1.pdf


https://www.ecs-org.eu/documents/publications/59e615c9dd8f1.pdf

Initial WG6 SRIA: Segmentation SWG 6.1: Ecosystem (chairs: H. Debar (IMT), J. Lopez (UMA), V. Pevtschin (ENG))

6.1.1 Link across R&I projects6.1.2 Link with other cPPP / EC initiatives (5G, Cloud, IoT, Big Data, EIT etc.)

SWG 6.2: Vertical application domains (chairs: A. Fourati (EDF), Mari Kert (Guardtime))6.2.1 Energy, including smart grids6.2.2 Transport 6.2.3 Finance6.2.4 Healthcare6.2.5 Smart & Secure Cities6.2.6 Public Services / eGovernment6.2.7 Industrial Critical Systems / Industry 4.0

SWG 6.3: Trustworthy transversal infrastructures (chairs: A. Ayerbe (Tecnalia), P. Kearney (BT))6.3.1 Digital citizenships (including identity management)6.3.2 Risk management for managing SOC, increasing cyber risk preparedness plans for NIS etc.6.3.3 Information sharing and analytics for CERTs and ISACs (includes possibly trusted SIEM, cyber intelligence)6.3.4 Secure Networks and ICT (Secure and trusted Routers, Secure and Trusted Network IDS, Secure Integration, Open source OS).

SWG 6.4: Technical priority areas (chairs: F. Kirchner (CEA), E. Markatos (FORTH), P.H. Meland (SINTEF))6.4.1 Assurance / risk management and security / privacy by design6.4.2 Identity, access and trust management (including Identity and Access Management, Trust Management)6.4.3 Data security6.4.4 Protecting the ICT Infrastructure (including Cyber Threats Management, Network Security, System Security, Cloud Security,

Trusted hardware/ end point security/ mobile security)6.4.5 Security services

ECSO WG6 SRIA – Activities• Using the cPPP SRIA v1.0 and industry proposal as initial guidelines

• WG6: 140 ECSO members, almost 250 experts

• Two initial WG6 meetings in Brussels (Sept. 12 and 14 2016): more than 100 people (from many sectors)

• Brainstorming groups, supported by facilitators/editors (according to the WG segmentation in sub WG)

• Collection of material and initial synthesis in a first draft: work done in parallel by the editors with several contributors per subWGs with 2 synchroconf call per week

• Distribution of the various major versions of the document to all SRIA WG members (in particular v. 1.13 with initial budget distribution)

• First draft commented and finalised on Oct. 3 (in less than 3 weeks). Presentation to the partnership Board Oct. 6 and ECSO Board Oct. 7: feedbackand update, following PB and ECSO Board comments

• Presentation at preparatory PC meeting on Oct 20th: feedback for improvement

• Formal (ECSO approved) reccomendations sent to EC after the ECSO Board on Dec 15th

• Cooperation with the Commission to draft the WP

• Further improvements on the recommendations in January onwards and consolidated in the WG6 meeting in March 9th.

• Presentation to the Program Comittees of ICT/LEIT

• Cooperation with other WG (as WG3) for sectorial activities

• Cooperation with external organizations cPPPs

• Monitoring activities for KPIs

• Starting discussion for new vision document for ECSO WG6 SRIA

• Cooperation with all the stakeholders

• Focus on 2021-2017 (likely more 2021 ….)

CYBERSEC TECHNOLOGIES & SERVICES to protect Infrastructure / Applications and citizens’ privacy

- Encryption (key management, homomorphic, post quantum, …)

- ID and DLT (blockchain, …) security

- AAA: Authentication; Authorisation; Accounting

- Security / Resilience & Privacy by Design (GDPR, …)

- PET: Privacy Enhancing Technologies

- Information Sharing, Threat Detection and Intelligence (incl. sensors / probes for ICS, SIEMs and SOCs), Artificial Intelligence and Analytics

- Protection of innovative ICT infrastructure

- Risk Management, Response and Recovery

- Tamperproof communication protocols

STRATEGIC PRIORITIES- Cybersecurity Technologies & Services

- Infrastructure & Applications

- Cyber ecosystem

Pilots and validation of solutions in INFRASTRUCTURE (for use in all sectors) & APPLICATIONS (specific verticals)

- Industry 4.0 (FoF, Robotics, SPIRE, AIOTI, ECSEL)

- Energy (EdB; AIOTI)

- Transport (AIOTI, ECSEL)

- Finance (EU FI-ISAC)

- Public Administration (EU Cloud Initiative; FIWARE, HPC, BDV)

- Health (EIP AHA, AIOTI, ECSEL)

- Smart cities (Smart Cities and Communities; EIT Digital, EdB, AIOTI, ECSEL)

- Telecom (5G; AIOTI)

CYBER ECOSYSTEM: preparing the market to introduce and use innovations- Standardisation

- Validation / Labelling / Certification (end user awareness for implementation; different needs and different levels, flexibility for evolution)

- Trusted management of the supply chain: Assurance

- Education (cyber-Erasmus)

- Training/ simulation (certification of experts to help employment needs)

- Awareness of citizens, users (Cyber Hygiene) and decision makers (procurement, implementation and use);

- Legislation & Liability

- Investments – Funds / Economics - Business models / Insurances

- Support to SMEs

- Regional / local aspects

WG6: SRIA priorities for R&I

18

E

Vertical Application Domains

Transversal infrastructures

Basic technologies

Linking demand and supply

Ecosystem

Remove trust barriers for data-driven applications

and services

Maintain a secure and trusted ICT

infrastructure in the long-term

Collaborative intelligence to manage cyber threats and risks

IC S an

d

Ind

ustry 4

.0

Energy, in

lc. smart

grids

Transp

ort (sm

art cars, rail, aero

, …)

Smart &

secure

cities

E-services for

Pu

blic, fin

ance,

telco

Health

care

Demonstrations for the society, economy, industry and vital services

Edu

cati

on

and

trai

nin

gC

ertification

, stand

ardisatio

n,

Go

To M

arket, SMEs su

pp

ort

Main thematic priority areas

Intelligent approaches to eliminate security

vulnerabilities in systems, services and

applications

From security components to security

services

Detailed structure: 7 main thematic priority areas for WP17-20• 1 European Ecosystem for the Cybersecurity

• Cyber Range and simulation• Education and training• Certification and standardisation• Dedicated support to SMEs

• 2 Demonstrations for the society, economy, industry and vital services• Industry 4.0• Energy• Smart Buildings & Smart Cities• Transportation• Healthcare• E-services for public sector, finance, and telco

• 3 Collaborative intelligence to manage cyber threats and risks• GRC: Security Assessment and Risk Management• PROTECT: High-assurance prevention and protection• DETECT: Information Sharing, Security Analytics, and Cyber-threat Detection• RESPONSE and RECOVERY: Cyber threat management: response and recovery

• 4 Remove trust barriers for data-driven applications and services• Data security and privacy• ID and Distributed trust management (including DLT)• User centric security and privacy

• 5 Maintain a secure and trusted infrastructure in the long-term• ICT protection• Quantum resistant crypto

• 6 Intelligent approaches to eliminate security vulnerabilities in systems, services and applications• Trusted supply chain for resilient systems• Security and privacy by-design

• 7 From security components to security services

Current SRIA topics

Ecosystems

Challenges• Limited education at school and academic level,• Insufficient training of professionals and lack of sufficient number of technical experts,• Lack of awareness by decision makers of the potential impact of cyber threatsScope• EU cybersecurity academia and education at MS level• Development of cybersecurity programme at school level as part of a "Citizens Cyber Skills” curriculum.• Creation of programmes to educate students and professionals to grow the expert base• EU cybersecurity education programme: ERASMUS for cybersecurity• Creation of a EU network of national cybersecurity “academies”• Threats understanding / awareness by decision makers to consider implementation and use of cybersecurity solutions:

cybersecurity at the core of enterprise governance• Trans-European awareness campaigns around cybersecurity particularly dedicated to SMEs and citizensTargeted Users• Students, Professionals, Procurement managers & Decision Makers; CIOs, SMEs, CitizensExpected Impact• Linkage across EU between national / local training initiatives to educate and train a new generation of European ICT

security experts• Increase effective cooperation between academia and EU cybersecurity companies, in a clear carrier development

path• Agile, highly skilled workforce that can respond flexibly to dynamic requirements• Citizens more aware of cyber threats, appropriate adoption and use of innovative and secure ICT technologiesBudget/Time/Project:

Sub-topic: Education and training

3

Challenges• Need to educate and train the workforce• High complexity of some IT systems.• Unclear security costs• Security measurement is difficultScope• Cyber ranges, simulation, and training• Automated assessment, including systems updates, secure network rating• Cyber risk governance: safety vs security analyses, impact analysis, insuranceTargeted Users• Professionals, Decision Makers, CIOsExpected Impact• Security Assessment and Risk Management are closely related to the Security of Network Infrastructure• Data analysis based risk management should result in efficient risk management• Integrated methodologies for combined information security, cybersecurity, safety, and reliability • Enabled informed decisions on security-related investments at the corporate and national level.Budget/Time/Project:

Sub-topic: Simulation and Cyber Range

3

Specific challenge• Need for Trusted Products and Services in Europe. A European Trust Label is a possible means to it (as suggested in topic 110 of the EP

resolution of March 12th 2014).• The creation and operation of European Cybersecurity Labels and Seals plus a transparent certification mechanism involving third party

certification shall follow a defined set of criteria – based on minimum requirements.• Labels and Seals shall be built on best practices and internationally recognised existing certifications, based on industry and national

regulations requirements. The certification scheme for organizations should go a step beyond international standards and address specifictechnical and human requirements coming from the industrial experience.

Scope• Multi-Stakeholder dialogues with industry and society to define baseline requirements of security and privacy for trusted products, services

and organizations at European-level.• Definition of different levels of robustness of products, services and organisations starting with baseline requirements for security and

privacy.• Setup of validation and monitoring mechanism on compliance to the label requirements.• Set-up of one or more real-world system certification pilots based on the definition of different levels of robustness of products and services,

e.g. for an electronic, connected device with several security (privacy) building blocks such hardware, software, communication and PracticalPrivacy.

Targeted Users• Companies, Policy makers, certification and standardisation bodiesExpected impact• Facilitating the easy uptake of security products and services by generating trust and confidence based on security and privacy.• Set-up a trusted supply chain in Europe which favours market development and business among the industry (B2B) and with the society in

general (B2C).• Baseline requirements will lead to higher awareness of security in products and services of all stakeholders in each vertical segment along the

complete value chain.• Set-up of requirements of trusted products and services as basis for a EU Trust Label.• Measurable defragmentation of the European Security and Cybersecurity market.

Sub Topic: Certification, Standardisation

ChallengesSMEs are the backbone of the European economy and they are more and more dependable on ICT to support their competitiveness on the globalmarkets. As a consequence, cybersecurity poses for them ulterior and specific challenges, especially because of their limited economic andknowledge-specific resources. Conversely, SMEs which play an innovative role in the field of cybersecurity, face formidable difficulties in acquiringthe necessary visibility, due especially to the lack of marketing and branding investments and endorsement by authoritative stakeholders whichcould allow those innovative SMEs with a business cybersecurity solution, tool or application to showcase their innovations in a coordinated andstructured way.

ScopeThe envisaged ecosystem (ECSSH)include:• Awareness-raising infoservices, lowering communication barriers that SMEs are facing;• Market watch (National, pan-European and International) and trends to support strategic decisions and positioning among SMEs;• Catalogue of global cyber security research results• Access to finance• Certification schema for SMEs• Cybersecurity SME marketplace• Links establishment & maintaining and synergy development with main digital security initiatives• Global standardisation observatory

Targeted Users• SMEs

Expected Impact• Generate a self-sustained ecosystem (viz. the European Cyber Security Service Hub – ECSSH)• Increased cyber security-related services for ICT-intensive SMEs• Enhanced visibility and business opportunities for those European organisations that deliver research and solutions in the field of

cyber security.

Budget/Time/Project:

Sub-topic: Digital instrument for SMEs3

Sub-topics:• Industry 4.0 and ICS• Energy, including Smart Grids• Transportation: road, air, rail, sea• Finance and Insurance• Smart Cities & Smart Buildings• Public Services / eGovernment / Digital Citizenship• Healthcare• Telecom, Media, and Content


Topic: Demonstrators3

Challenges• Many deployed systems have no security whatsoever. • Safety and security often conflict • ICS components usually have a very long lifetime, sometimes remaining in the field for decades.• Constrained memory forces programmers to cut corners• Beyond customer privacy, the confidentiality of the different business processes, design models and manufacturing processes should be

considered

Scope• Secure transition of an existing industry• New approaches to Governance, Risk & Compliance Management that encompass both OT&IT ; tools allowing security assessment of

Industrial automation equipment• Adapted protection / detection & remediation capabilities• Tools and techniques enabling to continuously monitor the security & safety level of the industrial asset throughout the transformation

program should be delivered• Securing an advanced manufacturing lab

Targeted Users• Main European manufacturing industry (aeronautics, car manufacturing, etc.), innovative manufacturing SMEs, Main industrial systems

needing Supervisory Control And Data Acquisition Systems, …

Expected Impact• Technological impact: the project should boost the leadership of European actors in ICS security, security of advanced manufacturing

systems, convergence of safety and security tools and techniques• Societal impact: the project should demonstrate the ability of out coming developments to reach societal acceptance and effective adoption, • Economic impact: the project should propose new business models aiming to support a positive impact of industry modernization on

employment, reduction of drudgery, re-industrialization of European countries.Budget/Time/Project:

Sub-topic: Industry 4.0 and ICS3

Challenges• Provide an uninterrupted supply of energy while ensuring the safety and security of energy infrastructures;• Massive digitalization of energy infrastructures implying the increase of threats;• Increasing need for efficient and optimized use of energy through new services relying on smart devices (e.g. IoT);• Energy systems usually have a very long lifetime, sometimes remaining in the field for decades;• Highly distributed renewable generation occupy an increasingly important part of the global energy generation;• High level of complexity and very high volume of interconnected and interdependent components deployed at country/continent scale ;• Focus on decentralised (smart grids including smart home and renewable energy infrastructures) and centralised energy generation;

Scope• Tools to avoid a cascading effect when a large number of components are compromised.• Security schemes specific to resource constrained components widely deployed as smart devices (IoT).• Security solutions should fit all generations of technologies (legacy systems along with new technologies), and need to be evolving.• Control interdependencies between safety and security which are of great importance in the energy context.• Control and management of increased surface attacks over time, including the identification of the wide variety of threats and analysis of their

impacts, early detection and isolation of threats (e.g. DDoS attacks).• Response and notification tools (technical and organizational) to security alerts, and for disaster recovery techniques in case of incidents.• Advances logical and physical access control techniques managing multiple interveners having different roles (e.g. internal employees and external

personnel). Consider local and remote connections, as well as potential connections between IT and OT domains/networks.

Targeted Users• Energy operators (producers, transmitters, distributors)

Expected Impact• Technological impact: the project(s) should propose security tools and techniques more efficient and more suited to energy infrastructures needs

and constraints;• Societal impact: the project(s) should allow to increase trust in security and safety of energy infrastructures;• Economic impact: the project(s) should propose solutions with optimized costs for their effective use and aiming at supporting a positive impact of

industry modernization on employment.


Sub-topic: Energy, incl. Smart Grids3

Challenges (several challenges to be tackled in the different foreseen calls)• Connected / smart vehicles and Road-Side Infrastructure• Aeronautics and Unmanned Aerial Vehicles (UAV)• Railways and MaritimeScope• New standards are defined for the safety and security of the autonomous vehicle software stack• New technologies and innovative mechanisms are researched and developed to enforce the former• Transition from human guided to more autonomous and cooperative vessels• Maintain and improve navigation security & safety despite growing attack surfaces and increasing attack

sophisticationTargeted Users• Car manufacturers; Road exploitation companies; Aeronautics manufacturers; Railway companies; Sea Port and

Maritime companiesExpected Impact• Promote the development of advanced compliant technology in Europe.• Support densification of the legitimate UAVs fleet involved in security missions.• Mitigate extreme traffic situations through trustworthy cooperationBudget/Time/Project:

Sub-topic: Transportation: road, air, rail, sea3

Challenges

• Reducing systemic risk that covers the entire EU financial system • Increasing security for online payments and account access• Creating new insurance services covering cyber-risk• Increasing privacy, data protection and data integrity• Developing a cyber-secure supply chains management in critical infrastructure organisations• Addressing new technologies, i.e. eCurrency, blockchain and DLT• Creating a measuring system for Cyber Risk Exposure • Implementation of educational and training program Scope

• Enhancing the resilience of the financial industry, also through Infosharing and cyber crisis simulation • Fostering the understanding of cyber security and cyber risk• Adopting innovative solutions to enhance authentication and authorization tools• Leveraging also the Cyber Trustworthy Infrastructures to stress test cyber resilienceExpected Impact

• Increase the awareness around cyber-risks in the Financial industry• Increase the perception of “Single European Digital Financial Market” as Cyber Secure • Adopt cutting edge innovative solutions to foster Data Protection, Data Integrity and Privacy • Enlarge cyber-insurance market by easing the process of cyber insurance policy definitionBudget/Time/Project:

Sub-topic: Finance and Insurance

Challenges• Increased complexity of city's systems, their interdependencies, globally connected social, economic and political sub systems have increased

the vulnerability of a city's security• The smart city experience involves systems and objects interconnected through various technologies. • The amount of data generated by these systems can reach a considerable size. Big Data will need to be appropriately and centrally stored,

managed, analysed, and protected. • Smart buildings are a surrounding element for other infrastructure• Addressing side channels and covert communications in smart cities • Increasing inter-connectivity of smart systems• Complexity of threat landscape for Smart buildings and smart cities need to be understood and managed with real-life pilots.• Importance of safety: identification and control of interdependencies between safety and security;• Interconnectivity issues between different smart systems need to be understood and tested

Scope• Complex systems, integrating various types of infrastructure, including traffic light management, smart factories with industrial control systems

(ICS), interaction with surveillance• Simulation and detection of the additional security threats created through the inter-connection of smart systems• Delivering a cyber-security framework to ease the collaboration across all smart cities stakeholders• Supporting and implementing a common approach to securing and managing the data from all the systems of a smart city / smart building

Targeted Users• Cities and Regions; House and household manufacturers; Infrastructures operators in cities; Citizens

Expected Impact• Smart buildings and smart cities have a significantly longer lifespan. • High resilience, integrity, and availability;• Privacy concerns addressed (e.g. due to use of IoT);


Sub-topic: Smart Cities & Smart Buildings3

Challenges• Citizens expect public services and data to become more open • Mobile devices provide an ubiquitous entry point to services• Popularity and prevalence of social media• A trend to shift government services towards cloud-based infrastructure• Users have different security background (and many have none)• High demand for user-friendly data privacy and digital security• Requirements for decentralization of data• De-materialisation Scope• Data protection and sharing techniques• Protection of real local and public administration systems• Privacy metrics, economic value of data, combining data sources without breaking privacy regulations• Privacy-preserving technologies for data intensive applications• Runtime assurance and transparency on the use of personal data User empowerment. Identity management frameworks• Digital ID card and interoperability (eIDAS, …)• Distributed Trusted Chains for outsourced trust eServices infrastructure and decentralized data governanceTargeted Users• Public Administrations Services; Citizens; Companies exploiting large amount of personal dataExpected Impact• Open government• User-friendly, reliable and effective services• Increased trust in Governmental services• Improve quality of decision-making• Widely adopted identity maangement solutions at European level• Ownership of personal data through decentralisation and encryption technologies Budget/Time/Project:

Sub-topic: Public Services / eGovernment /Digital Citizenship

3

Challenges• The massive trend towards seamless system and data interconnection, mobile services, smart devices and

data analytics • It will be necessary to move towards a digitalisation of all the healthcare levels• The development of Assisted Living systems • The proliferation of new technology in healthcare is exploding. Scope• Involve as many stakeholders as possible• The integrity of healthcare data being distributed among these many actors• Involve different IP-enabled devices and mobile applications• Special focus on data integrity, privacy and interoperability• The human layer in healthcare must be properly considered and integrated with all the other security

layers.Targeted Users• Public Administrations; Healthcare equipment manufacturers; Hospitals & similar; CitizensExpected Impact• Improve the capability or eHealth services to automatically recover from cyberattacks, restoring the

eHealth service level to its nominal status• New secure design methodologies and new technological elements to enhance the current resilience level

of eHealth servicesBudget/Time/Project:

Sub-topic: Healthcare3

Challenges• Increased usage of mobile devices, content and media generated.• Increased number of heterogeneous devices and different standards and protocols• New legal requirements for traffic control (e.g. obligatory attack report)• Cross-border obstacles for collaborative protection.• Increased dependency on the Internet connection.Scope• Run-time traffic, media and content monitoring, threat and illegal content detection and analysis.• Timely reactions on detected threats and illegal content.• Cooperation in reducing security threats and illegal content• Interoperability of security• Sharing experience and means for collaboration on security issues.Targeted Users• Telecom operators, media and content providers, citizensExpected Impact• Reliable telecommunication services• Blocking attacks in the middle and at their initial point (e.g., spam sending)• Less illegal content and media available on-line• Cooperation of telecommunication providers on security issues.Budget/Time/Project:

Sub-topic: Telecom, Media and Content3

Transversal infrastructures

Collaborative intelligence to manage cyber threats and risks

Sub-topics:• Security Assessment and Risk Management• High-assurance prevention and protection• Information sharing, security analytics and cyber-threat detection• Cyber threat management: response and recovery

CSA:• Ensure consistency of approach and that results from sub-topics are interoperable

and integrate to form a cybersecurity infrastructure reference platform• Co-ordinate with Vertical demonstrator activities and relevant PPPs (e.g. 5GPPP)

Challenges• High complexity and inter-dependence of digital infrastructure• Evolving and escalating threat environment• Measuring (lack of) security and effectiveness of controls are both difficult• Need for dynamic risk assessment to allow timely decisions. Decision timescales shrinking

Scope• Ref. implementation of platform for risk-based oversight and co-ordination of cybersecurity operations• Ensure policies of the parent organisation are followed and legal obligations and commitments re

fulfilled. Assess overall risk exposure and ensure that it is in line with risk appetite.• Automated risk assessment, including impact analysis and calculation of secure network rating• Collaborative risk assessment, dynamic sharing of threat intelligence

Expected Impact• Support implementation of the NIS Directive • Increased cost-effectiveness of cybersecurity investment at the corporate and national levels• Improved cybersecurity co-operation at industry, national and European levels.


Sub Topic: Security Assessment andRisk Management

3

Challenges• Lack of trust and confidence in digital infrastructure is hindering ongoing digital revolution• Size, heterogeneity, dynamism and complexity of digital infrastructure increasing• Many new devices, applications and services not designed with security in mind• Vulnerabilities expose end-users to attack, eroding trust in digital services and infrastructure

Scope• Reference implementation of trustworthy digital infrastructure platform• Protect digital infrastructures and the applications that use them by preventing cyber-attacks being successful• Integrated, holistic approach including minimisation of attack surfaces, trusted and verifiable computation

systems, secure runtime environments, assurance, verification tools and secure-by-design methods.• Take into account technological and business innovation trends that are converging to revolutionise the nature

of digital infrastructure.

Targeted users• Technology and service providers, system integrators, critical infrastructure providers, certification authorities

Expected Impact• Increase the trustworthiness of European ICT services and products and competitiveness of industry


Sub Topic: High-assurance Prevention andProtection 3

Challenges• Not all attacks can be prevented so must assume systems penetrated and actively search for evidence• In 2015, the median time from penetration of a network by attackers to their discovery was 146 days (Mandiant)• Advanced attackers evolve techniques continually, so need to be able to detect novel attacks• Must share threat intelligence to learn collectively, but concerns over blame and leakage of sensitive information• How to extract actionable information from large amounts of heterogeneous low-level security data?

Scope• Ref. implementation of platform to anticipate, detect, diagnose and investigate actual and potential attacks. • Collection and analyse of data from appliances, logs, open source intelligence, etc. to extract knowledge• European network for collaborative threat intelligence and responses • Advanced means of detecting system anomalies and integrity violations. Intelligent, ‘Big data’ security analytics

Targeted Users• Cybersecurity product and service vendors, system integrators, infrastructure operators, CERTs

Expected Impact• Better identification of advanced attacks and responding more quickly and effectively to them• NIS Directive is enabled• Innovation opportunities for European cybersecurity product and service vendors


Sub Topic: Information Sharing, SecurityAnalytics and Cyber-threat Detection 3

Challenges• The information on which to base decisions is often incomplete, uncertain or conflicting.• The speed at which attacks take place is accelerating – automation is needed but cannot be trusted• Response and recovery actions require great care as mistakes can lead to higher damages than original attacks• Tools are often poorly integrated – human analysts are the integration layer• Attackers may modify their tactics depending on the response of defenders. Scope• Reference implementation of a Response and Recovery platform able to combat future threats• Risk- and cost-based approaches to response and recovery, supported by Threat Intelligence• Automated execution of SOC analysts’ high level decisions in terms of low level actions to combat attackers• Leverage virtualisation (SDN, etc.) to enable adaptive response (e.g. ‘moving target defence’) and recovery• Real-time predictive tracking of attacks, attack attribution, forensicsTargeted Users• Cybersecurity vendors, managed-service providers, ICT infrastructure providers, end-user organisationsExpected Impact• Interoperable or integrated response and recovery products and services available on the market, enabling robust, resilient, reliable

and trustworthy ICT services for end-user organisations• Respond to threats in a timely fashion, minimise the impact, and restore normal operation smoothly• Effective approaches and tools for Response and Recovery operations in cloud and hybrid infrastructuresBudget/Time/Project:

Sub-topic: Cyber threat management:response and recovery 3

Technological components

Sub-topics:• Data security and privacy• ID and Distributed trust management (including DLT)• User centric security and privacy


Topic:Remove trust barriers for data-drivenapplications and services

3

Challenges• Machine Learning is starting to dominate data-intensive applications in all domains• The value and sensitivity of data is increasing (“data as a currency”)• Data-intensive applications are seen as a threat due to uncertainty of who has access to which data• Operations using manipulated or biased data sets can lead to discriminating decision making • User data have repeatedly been abused / leaked Scope• Data protection techniques • Anonymisation-pseudonimisation for data-intensive applications• Meta data privacy, including query privacy• User empowermentTargeted Users• Technology providersExpected Impact• Secure and privacy aware data processing and storage• User friendly transparency and control • Balancing privacy needs and business demands• Facilitating the implementation of the regulatory contextBudget/Time/Project:

Sub-topic: Data security and privacy

Challenges• Single trust roots as single point of failure demand distributed solutions• Authentication-authorization needs to better protect the identity of users• Often the existing authentication tokens or credentials lead to over identificationScope• Distributed trust management solutions, e.g. Blockchain, formalise characteristics of such solutions that allow

the assessment of their feasibility in a specific context• Flexible authentication and authorisation, dynamic integration of different schemes, compatibility assessment

(Interoperability of authentication)• Partial identities (or identity diversification). Research is needed to build technologies that allow users to

separate their identities for different aspects of life.Targeted Users• Technology providersExpected Impact• Large adoption of distributed trust management frameworks• Further steps towards interoperable, scalable identity management schemes• Authentication operates in a distributed fashion without single points of failure on critical pathsBudget/Time/Project:

Sub-topic: ID and distributed trust management(including Distributed Ledger Technology - DLT) 3

Challenges• People are considered the weakest link in the chain of defence: social engineering, phishing, etc.• Difficulties for individuals to assess the risk involved in digital activities; need to understand the technology• Security should not become an obstacle potentially discriminating against certain people• Individual users lack the resources to configure their own security controls across applications• Increasingly close interactions between humans and machinesScope• Threat intelligence concerning the exploitation of human behaviour and human-system interaction characteristics• User-friendly and inclusive security mechanisms, also considering people with disabilities (e.g. alternative multi-

factor authentication)• Understanding human reactions when dealing with tools, applications, incidents, warning, or alerts• Understanding individual users’ needs and proposing solutions for protecting their digital assets• Producing easily consumable threat models and security reports• Legal, social and economic contextsTargeted Users• Citizens as users, technology developersExpected Impact• Increased awareness• Fewer cases of identity theft• Security and privacy as an implemented and not just claimed human right for everyone• Best practices in authentication are supported by usable technologies• User trust in the IoT worldBudget/Time/Project:

Sub-topic: User-centric security and privacy

3

Sub-topics:• ICT protection (Network and system security/Trusted execution environments)• Quantum resistant crypto


Topic:Maintain a secure and trustedinfrastructure in the long-term

3

Challenges• Critical reliance of society on ICT infrastructure demands high reliability and resilience, but technology is vulnerable• Convergence of technologies such as cloud, network virtualisation, mobility, IoT is radically reshaping ICT

infrastructure• ICT infrastructure is a complex collaboration between multiple parties using inhomogeneous and layered

technologies• Need interfaces to link security at application and infrastructure layers and allow monitoring, assurance and policy

controlScope• An architecture for security and resilience for the new converged ICT infrastructure• Network security: New protocols; Attribute-based encryption; Intrusion detection/tolerance; New trust models• Protocol transition / migration secure systems: Secure integration; Secure update “on the fly; Handling of legacy

systemsTargeted Users• Network operators, network infrastructure vendors, end user organisationsExpected Impact• Measurable higher security and resilience level of infrastructures• Facilitating the broad availability and use of trusted devices• Facilitating the easy uptake of security solutions and migration of legacy systems • Enabling competitive advantages for European infrastructure solutions, e.g. networks and public cloudsBudget/Time/Project:

Topic: Network and system security, migrationstrategies

Challenges• Critical reliance of society on ICT infrastructure demands high reliability and resilience, but technology is

vulnerable• Convergence of technologies such as cloud, network virtualisation, mobility, IoT is radically reshaping ICT

infrastructure• ICT infrastructure is a complex collaboration between multiple parties using inhomogeneous and layered

technologies• Need interfaces to link security at application and infrastructure layers and allow monitoring, assurance and policy

controlScope• Secure execution environments: Trustworthy hardware; Trustworthy containers / VMs / platforms / hypervisors;

Hardware security, tamper protection, hybrid software-hardware securityTargeted Users• Secure execution infrastructure vendors, hardware security solutions, technology providersExpected Impact• Measurable higher security and resilience level of infrastructures• Facilitating the broad availability and use of trusted devices• Facilitating the easy uptake of security solutions and migration of legacy systems• Enabling competitive advantages for European infrastructure solutions, e.g. networks and public cloudsBudget/Time/Project:

Topic:Trusted execution in a virtualised environment

Challenges• The migration of current technology will be costly and complex • Urgent need for a strategy to meet the challenges of quantum computing• Lack of standards for quantum-resistant cryptography• National security authorities have plans and solutions for countering the challenge of quantum computing;

private enterprise has none.Scope• Transition from present-day crypto systems to quantum-resistant cryptography • Further research on the usability of current suggestions for methods for post-quantum cryptography • Developing new quantum-safe crypto methods and algorithms• Research into short-term alternatives for the migration to post-quantum cryptography• Developing evaluation criteria for quantum-resistant public key cryptographic standardsTargeted Users• Technology providersExpected Impact• An industry well-prepared for the eventual appearance of quantum computers • Maintaining the lasting confidentiality for classified information• Reducing the relative "window" of unsafe cryptography as much as possible• Standardisation towards quantum-resistant cryptography with forward secrecyBudget/Time/Project:

Sub-topic: Quantum-resistant cryptography3

Sub-topics:• Trusted supply chain for resilient systems• Security-by-design


Topic:Intelligent approaches to eliminate securityvulnerabilities in systems, services and applications

3

Challenges• Increased use of 3rd party services, components and open source • No consumer control over development lifecycle, methods and tools• Diversity of individual development contexts and levels of maturity• Lack of trust in security qualities of components used• Cost effectiveness/low cost validations• Growing means of networked interactions; varied lifecycle schedules that generate highly dynamic behaviours in these systems• Complexity of heterogeneous collections of hardware and software componentsScope• Methods for developing resilient systems out of potentially insecure components• Composition: security assurance methodologies defining security claims for composed systems and certifying the security contributions of

components• Certification methods allowing harmonisation and mutual recognition based on evidence and not on trust• Open source security: Identifying and assessing vulnerabilities, understanding the source code (incl. slicing, impact analysis, dependency analyses)• Interplay between functional safety and security. Tackle degraded modes due to safety or security issues• Implementing ground security functions• Developing and giving access to secure runtime environments• Leveraging trust anchors and secure-by-design methods• Developing trusted and verifiable computation systems and environments.• Providing users with usable information on the trustworthiness of systems and environmentsTargeted Users• Decision Makers, System Architects, Insurances, Users of "sensitive applications", Procurement managersExpected Impact• Increased trust along the supply chain • Improved market opportunities for security component vendors• Stimulating the market for solutions with demonstrated security qualities, e.g. certified systems• Fostering standardisation and harmonisation of certificationBudget/Time/Project:

Sub-topic: Trusted Supply Chain for Resilient Systems

3

Challenges• Software and hardware must be designed with security and privacy in mind from the beginning• Efficiency and automation – A more sustainable spending on cyber security is needed to keep up with the

increasing cybercrime.• Cost and risk considerations – providing adequate security in constrained environment• Eliminate vulnerabilities by specific technological solutions• Providing security measurements and guarantees

Scope• Methods and tools for developing secure software and hardware• Security architectures• Metrics for secure development

Expected Impact• Measurable / demonstrable improved security and privacy level and efficiency gain• Market stimulus for secure / privacy-friendly by-design solutions• Increased trust by both developers, that use the components as well by end-users


Sub Topic: Security and privacy by-design

3

Challenges• Smaller entities (including SMEs and individuals) need to have access to security services that allow them to

exploit state-of-the-art security technology• Collaborative approach: by sharing data about security posture, threats, etc. stronger solutions can be offered

to the individual entities.

Scope• Business models for security services• Manged security services • Real-time risk assessment and management • Information sharing platform for security services

Targeted Users• Secure service providers

Expected Impact• Creating a dynamic and innovative European market in cyber security services• Design of easily consumable security services for the market• Deploying these services


Topic:Security Services 3

Horizon Europe 2021 – 2027

Towards a future cybersecure ecosystem

• What will be the global trends and key implications citizen life through 2027? What will be the main driver

(considering political, economic, social, and technological PEST aspects)?

• Identified the importance to align the strategy with the industry vision to sustain the digital transformation of thesociety and economy Foresight exercise for what do we want to achieve by the end of HorizonEurope

• Areas of interest are: Society and Citizen (Social Good); Data and economy; Artificial intelligence & DisruptiveTechnology; Digital Transformation in Verticals

• Analysis of impact of IoT technology

57

#EUBudget

The Multiannual Financial Framework for 2021-2027

Cyber security

Large scale development

to assist transition of broad public areas to the digital age

High Performance Computing and Data

Artificial intelligence

Advanced digital skills (training in advanced

digital technologies)

Cybersecurity

Digital Europe Programme

Some of the 2018 objectives

Identification of R&I needs on specific verticals to address new disruptive technologies – Working papers on new technology

drivers Artificial Intelligence, Internet of Things and Blockchain (impact on the different WG aspects and verticals to sustain theindustrial policy)

Identification of global trends, and key implications on strategy through 2027 (SRIA 2.0)

Initial priorities and challenges for HorizonEurope (2021)

• Society and Citizens (Social Good) Bring trust into the technology and in the Machine Economy

• Data and Economy Data as main ICT value and/or target and main driver for decision making

• Disruptive Technologies (e.g. Artificial Intelligence, Blockchain, Quantum-resistant crypto) Ensure asustainable and trustworthy ecosystem, including integrating M2M and M2H interaction and autonomoussystems as technical, ethical, safety issues

• Digital Transformation in Verticals Continuous evolving systems and integration of legacy systems with newtechnology, threat intelligence and information sharing, and ICT infrastructure protection

Define Strategic Research and Innovation Agenda (v2.0)

Link with relevant cPPPs to coordinate strategy for future EU cybersecurity R&I

Btw, for ECSO SRIA, where we are heading


Thanks!3

Contacts:

• www.cybersecuritycentre.it

• www.cybersecuritymaster.it

• www.cybersecurityosservatorio.it

http://www.cybersecuritycentre.it/

http://www.cybersecuritymaster.it/

http://www.cybersecurityosservatorio.it/

research trends in europe - iscom · research trends in europe european cyber security organisation...

Documents