Skip to main content

Cyber Security Network of Competence Centres for Europe

Periodic Reporting for period 1 - CyberSec4Europe (Cyber Security Network of Competence Centres for Europe)

Reporting period: 2019-02-01 to 2020-03-31

CyberSec4Europe is:

* a research-based consortium with 43 participants from 22 EU Member States and Associated Countries.
* testing and demonstrating potential governance structures for the network of competence centres considering the multi-stakeholder environment, utilizing the perspective of the European Parliament and various stake holders, and best practices from governance structures of successful cyber security knowledge centres like ECSO and research hubs like CERN.
* addressing key EU Directives and Regulations, such as the GDPR, PSD2, eIDAS, and ePrivacy, and helping to implement the EU Cybersecurity Act including, but not limited to supporting the development of the European skills base, the certification framework and the role of ENISA.
* composed of key players in cybersecurity competence and excellence in Europe with a comprehensive research and knowledge base, bringing together research expertise with experience in over 100 cybersecurity projects.

As a research project, CyberSec4Europe is working towards harmonising the journey from the development of software components that fit the requirements identified by a set of short- and long-term roadmaps, leading to a series of consequent recommendations. These are tied to the project’s real-world demonstration use cases that address cybersecurity challenges within the vertical sectors of digital infrastructure, finance, government and smart cities, healthcare, and transportation.

CyberSec4Europe’s main objective is to pilot the consolidation and future projection of the cybersecurity capabilities required to secure and maintain European democracy and the integrity of the Digital Single Market.
The work in CyberSec4Europe can be divided into four pillars and the related coordination and management: Pillar I is focusing on the design of a governance model for the future “Cyber Competence Network with a European Cybersecurity Research and Competence Centre”. Pillar II with WPs 3, 4, and 5 is responsible for defining common research and demonstration use cases, as well as a roadmap with important research areas. Pillar III with WPs 6, 7, and 8 is responsible for setting an education and training framework and related instruments as well as taking the path from tooling through infrastructures to standardisation. Finally, Pillar IV with WPs 9 and 10 is dedicated to disseminating the project’s findings, to engage key stakeholders in knowledge sharing, to launch an effective internal and external communications strategy, as well as to collaborate with the larger European cybersecurity community and cybersecurity ecosystem.

Pillar I: Governance, design and pilot (WP2)
• A bottom-up governance structure has been developed to address the cybersecurity challenges through capitalizing on community-derived capabilities and ensuring robust cooperation. This governance structure has been rooted in the plans of the European Parliament together with an overview of governance structures of successful cyber security knowledge-centres, and refined by surveying and interviewing key-stakeholders. The results have been evaluated in a small-scale pilot and are fed into a recursive evaluation and refinement structure, by now even being coordinated across multiple pilots.

Pillar II: From research and innovation to industry (WP3-WP4-WP5)
• WP3 has identified and grouped the CyberSec4Europe cybersecurity research and innovation through a collection of technology assets and its connection to a functional cybersecurity architecture.
• Based on the Stakeholder requirements and on the unique European Legal Framework, WP4 has identified the most important research directions in the area of Cyber Security for the years to come.
• WP5 identified the requirements and provided the blueprints of the demonstrator cases. The former helped WP3 and WP4 define their research roadmaps. The latter strengthened the relationship between WP3 and WP5 by leveraging WP3's assets to design the demonstrators' functionalities.

Pillar III: Education, training, and standardization (WP6-WP7-WP8)
• The goal of WP6 is to identify gaps and priorities in academic and professional education: the work of the first year, building on the direct feedback of more than 100 Directors of Studies of European universities tells where Europe is stronger and where it is weaker. Also, CyberSec4Europe has highlighted key quality criteria that are seldom met (such as on MOOCs for cyber-ranges).
• WP7 built the first components of a portable lightweight virtual lab environment for cybersecurity exercise engagement and efficient learning, enhanced several open tools for certification and validation, and reviewed the role of cybersecurity certification and its implementations.
• WP8 has mapped the standardisation work done by CyberSec4Europe partners and matched relevant cybersecurity standards and ongoing standards projects from ISO/IEC JTC 1/SC 27, CEN-CENELEC/JTC 13 and ETSI TC CYBER to the research challenges and verticals of CyberSec4Europe to enable a two-way knowledge transfer.

Pillar IV: Communication and community building (WP9-WP10)
• WP9 has communicated the progress of CyberSec4Europe through the different channels available, targeting a broad audience of specialists and non-specialists alike, and highlighting the multiple achievements of all partners.
• WP10 has contributed with a very positive impact upon the European cybersecurity community ecosystem. This includes effective contribution to and involvement in more than 129 cybersecurity events as well as active participation in all ECSO WGs, CEN/CENELEC, ISO/IEC, EOS, ENISA and IoT Forum among others. Another highlight has been the concertation event in November 2019 in Toulouse with ca. 150 participants resulting in detailed recommendations for strategic cybersecurity issues.

Project Coordination and Ethics Management (WP1, WP11)
WP1 provided the governance and coordination of CyberSec4Europe and set up and maintained its communication, control and reporting infrastructures. All processes were compliant with the ethics-related requirements identified by WP11.
Key achievements of CyberSec4Europe in Period 1:
• Created a vibrant pilot community:
• Bottom up
• Inclusive
• Decentralized
• Agile with regard to newly arising requirements and spontaneous requests by the EU
• Spearheaded the design of a distributed governance model
• Developed research roadmap and blueprint design based on real application requirements
• Progressed education, certification and standardization initiatives

CyberSec4Europe’s expected results are contributions to the long-term goal and vision of an EU with all the capabilities to secure and maintain a healthy democratic society, living according to European constitutional values, with regard to, e.g. privacy and data sharing, and being a world-leading digital economy.

The impact of CyberSec4Europe will be significant during the life of the project and beyond. Results will reach from the governance model through the strong link of real-world demonstration cases with research and technology and its roadmap to dissemination and exploitation. CyberSec4Europe will enhance Europe’s competitiveness while providing greater security for European citizens and society. Results will be economic growth for Europe, jobs for European citizens, and the expansion of global markets for European cybersecurity products and services.