CORDIS - EU research results
CORDIS

Agile conformance assessment for cybersecurity CERTIFication enhanced by Artificial Intelligence

Project description

AI-powered ICT certification

In a world where cyberattacks cost an estimated EUR 5.5 trillion annually, the need for robust cybersecurity has never been more critical. The EU-funded CERTIFAI project is rising to the challenge. Traditional conformity assessments fall short in today's fast-paced tech landscape, leaving products vulnerable to evolving cyber threats. CERTIFAI aims to revolutionise this approach with an open software framework that employs AI-driven continuous assessment and re-certification for ICT products and services. Leveraging the EU Cybersecurity Act’s requirements and standards, CERTIFAI ensures that certified products remain compliant throughout their lifecycle. This groundbreaking project promises a more secure and trustworthy digital landscape within the European Union, safeguarding both users and businesses from the ever-present cyber risks.

Objective

According to the EU Cyber Resilience Act, “hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of EUR 5.5 trillion by 2021”. This is due to a low level of cybersecurity, reflected by widespread vulnerabilities and inadequate approaches for identifying and mitigating the rapidly and constantly evolving cyber threats and vulnerabilities, as well as ensuring continuous compliance with regulations, industry standards, and best practices. To reduce the impact of cyberattacks and increase the resilience of digital technologies, it is essential to assess the conformity to security standards of ICT products, services, and processes throughout their life cycle. However, the traditional conformity assessment process is predominantly a static and expensive one-time assurance activity that does not cater to the needs of agile product delivery, which promotes continuous product updates and upgrades, and often changes in requirements. Each such update opens doors to product vulnerabilities, and consequently poses cyber risks for product users and companies’ reputation. To avoid these issues, it is essential to enable a partial and continuous lean re-certification of ICT products, services, and processes, to empower manufacturers to prevent, detect, counter and quickly respond to cyber threats.
In response to these challenges, the CERTIFAI project will develop an open software framework for cost-effective AI-driven continuous assessment and (re-)certification of ICT products and services, paving the way for a more secure and trustworthy EU’s digital world. Building on the EU Cybersecurity Act, CERTIFAI will leverage the established cybersecurity requirements, standards, and technical specifications to deliver an efficient approach for ensuring that a product, once certified, will continue to be compliant with relevant standards throughout its life cycle.

Coordinator

FUNDACION TECNALIA RESEARCH & INNOVATION
Net EU contribution
€ 629 337,50
Address
PARQUE CIENTIFICO Y TECNOLOGICO DE GIPUZKOA, PASEO MIKELETEGI 2
20009 DONOSTIA-SAN SEBASTIAN (GIPUZKOA)
Spain

See on map

Region
Noreste País Vasco Gipuzkoa
Activity type
Research Organisations
Links
Total cost
€ 629 337,50

Participants (10)