Periodic Reporting for period 1 - COBALT (Certification for Cybersecurity in EU ICT using Decentralized Digital Twinning)
Berichtszeitraum: 2023-11-01 bis 2025-04-30
The COBALT project—Certification for Cybersecurity in EU ICT using Decentralised Digital Twinning—is an ambitious initiative co-funded by the European Union that addresses the fragmentation of cybersecurity certification processes across diverse ICT sectors. The rise of Industry 4.0 Quantum Computing, and other advanced ICT domains has led to a fragmented certification environment, with overlapping or non-interoperable standards. This makes compliance resource-intensive and inconsistent. Moreover, European industries face inefficiencies due to multiple certifications of shared technologies. This underscores the need for a Common Certification Model (CCM) that supports a unified cybersecurity namespace applicable across sectors. In addition COBALT promotes Decentralised Digital Twinning as a paradigm to simulate, monitor, and certify systems in real-time. This includes extending the concept to sectors like Quantum Computing (QC) and AI in Industrial Applications, aiming to safeguard Europe’s digital infrastructure sovereignty. Finally COBALT aligns with emerging EU regulations such as the Cyber Resilience Act (CRA) and the Artificial Intelligence Act, positioning itself as a proactive contributor to standardization and policy shaping.
Main Objectives of the project are:
- Develop a Common Certification Model (CCM): COBALT defines and implements a standardized, scalable, and interoperable framework for cybersecurity certification across ICT sectors, integrating best practices from ISO/IEC, NIST, and ENISA.
- Introduce the Common Certification Language (CCL): The CCL complements the CCM by standardizing terminology and semantics used across certification activities, facilitating machine-readable, automated, and auditable certification flow.
- Leverage Security Digital Twins (SDTs): COBALT integrates Security Digital Twins to model and verify system behaviors, supporting continuous, real-time certification. These SDTs are part of workflows for system building, synchronization, and evidence collection.
- Empower Cross-Domain Use Cases: The project applies its models and tools in challenging domains:
- Industry 4.0 with AI-driven applications.
- Quantum Computing, including certification of Quantum Oracles
- Promote Decentralization and Trusted Data Sharing: It uses Inter-Distributed Ledger Technologies (Inter-DLT) and International Data Spaces (IDS) to support decentralized, cross-border certification and evidence management
- Support EU Standardization and Market Uptake: Through its deliverables, COBALT contributes to standardization bodies (e.g. ISO, CEN/CENELEC) and aligns with EU initiatives like the EUCS scheme, supporting legislative instruments such as the CRA.
- Develop a Common Certification Model (CCM): COBALT defines and implements a standardized, scalable, and interoperable framework for cybersecurity certification across ICT sectors, integrating best practices from ISO/IEC, NIST, and ENISA.
- Introduce the Common Certification Language (CCL): The CCL complements the CCM by standardizing terminology and semantics used across certification activities, facilitating machine-readable, automated, and auditable certification flow.
- Leverage Security Digital Twins (SDTs): COBALT integrates Security Digital Twins to model and verify system behaviors, supporting continuous, real-time certification. These SDTs are part of workflows for system building, synchronization, and evidence collection.
- Empower Cross-Domain Use Cases: The project applies its models and tools in challenging domains:
- Industry 4.0 with AI-driven applications.
- Quantum Computing, including certification of Quantum Oracles
- Promote Decentralization and Trusted Data Sharing: It uses Inter-Distributed Ledger Technologies (Inter-DLT) and International Data Spaces (IDS) to support decentralized, cross-border certification and evidence management
- Support EU Standardization and Market Uptake: Through its deliverables, COBALT contributes to standardization bodies (e.g. ISO, CEN/CENELEC) and aligns with EU initiatives like the EUCS scheme, supporting legislative instruments such as the CRA.
COBALT aims to serve as a blueprint for future EU-wide cybersecurity certification practices, offering:
- Trustworthy certification workflows
- Vendor-agnostic interoperability
- Reduced redundancy and certification costs
- Enhanced regulatory compliance and digital sovereignty
- Trustworthy certification workflows
- Vendor-agnostic interoperability
- Reduced redundancy and certification costs
- Enhanced regulatory compliance and digital sovereignty