Skip to main content

Cyber Security Network of Competence Centres for Europe

Periodic Reporting for period 2 - CyberSec4Europe (Cyber Security Network of Competence Centres for Europe)

Reporting period: 2020-04-01 to 2021-05-31

CyberSec4Europe pilots the planned European Cybersecurity Competence Centre in Bucharest and the related competence network.
Its 43 participants from 22 EU Member States and Associated Countries, are addressing key cybersecurity domains, critical technology/application elements and several key vertical sectors, including finance, education, smart cities, healthcare, finance and maritime transport.
CyberSec4Europe participants and its growing number of Associates and Friends are making a major contribution to the security of European citizens and businesses. This demonstrates how industry, academia and policymakers can successfully collaborate.
CyberSec4Europe is working towards harmonising the journey from the development of software components that fit the requirements identified by a set of short- and long-term roadmaps, leading to a series of recommendations. These are tied to the project’s real-world demonstration use cases that address cybersecurity challenges within the key vertical sectors.
CyberSec4Europe's work is divided into 4 pillars:

Pillar I: Governance, design and pilot
• WP2:
• Period 1 (P1): WP2 developed a bottom-up governance structure to address the cybersecurity challenges through capitalising on community-derived capabilities and ensuring robust cooperation. It is rooted in the plans of the EP together with an overview of governance structures of successful cybersecurity knowledge centres and refined by input from key-stakeholders. The results were evaluated in a small-scale pilot and fed into a recursive evaluation and refinement structure.
• Period 2 (P2): WP2 validated the assumptions on the governance structure and improved the governance model. Also WP2 carried out case studies on establishing CHECKs (in France and Spain) and on developing the European cybersecurity ecosystem. This is facilitating and coordinating different types of CHECKs, ranging from those rooted in a sound business model to those supported by the public administration.

Pillar II: From research and innovation to industry
• WP3:
• P1: WP3 identified and grouped the CyberSec4Europe cybersecurity research and innovation through a collection of technology assets and the related functional cybersecurity architecture.
• P2: WP3 focused on privacy-preserving IdM, strong AAA, and secure and private communications, as well as the usability aspects of security assets. Further topics are the certification frameworks and continuous monitoring, the automated tools for verification and enforcement of security policies in software and GDPR compliance for SMEs and a methodology for the individualised evaluation of requirements.
• WP4:
• P1: Based on stakeholder requirements and on the unique European legal framework, WP4 identified the most important research directions in the area of cybersecurity.
• P2: WP4 created a roadmap for research for the project’s vertical application demonstrators and explained how the roadmap contributes to European Digital Sovereignty. Opportunities and threats were identified through a comprehensive SWOT analysis.
• WP5:
• P1: WP5 identified the requirements and provided the blueprints of the demonstrator use cases. The former helped WP3 and WP4 define their research activities and roadmaps. The latter strengthened the relationship between WP3 and WP5 by leveraging WP3's assets to design the demonstrators' functionalities.
• P2: WP5 continued on the demonstrators and published blueprints, validation strategies and results and refined the set of use cases.

Pillar III: Education, training, and standardisation
• WP6:
• P1: Building on the direct feedback of more than 100 Directors of Studies at European universities, WP6 indicated Europe’s strengths and weaknesses and highlighted key quality criteria such as on MOOCs for cyber ranges.
• P2: WP6 designed an education and professional framework: 4 specific use cases with 12 scenarios helped to build 18 relevant job profiles.
• WP7:
• P1: WP7 built the first components of a portable lightweight virtual lab environment for cybersecurity exercise engagement and efficient learning, enhanced several open tools for certification and validation, and reviewed the role of cybersecurity certification and its implementations.
• P2: The Cyber Sandbox Creator (a lightweight virtual lab environment for cybersecurity education, testing, and certification) was provided as a fully open-source environment.
• WP8:
• P1: WP8 mapped the standardisation work done by CyberSec4Europe and matched the relevant standards and ongoing projects from ISO/IEC JTC 1/SC 27, CEN-CENELEC/JTC 13 and ETSI TC CYBER to the research challenges and verticals of CyberSec4Europe to enable a two-way knowledge transfer.
• P2: WP8 established the liaison with WGs 2 and 5 in ISO/IEC JTC 1/SC 27 and updated the participants’ standardisation engagement plans.

Pillar IV: Communication and community building
• WP9:
• P1: WP9 communicated the progress of CyberSec4Europe, targeting a broad audience and highlighting the achievements.
• P2: WP9 managed the website and social media accounts, including weekly news postings and a series of video interviews. One focus was on further brand development for CyberSec4Europe and the four pilot CyberCompetenceNetwork as well as the CONVERGENCE event. In terms of events and interaction, WP9 also ran the Insights series of webinars.
• WP10:
• P1: WP10 reported on the impact CyberSec4Europe participants had on the European cybersecurity community ecosystem. This included more than 129 events and active participation in ECSO, CEN/CENELEC, ISO/IEC, EOS, ENISA and IoT Forum among others. Another highlight was the 2019 concertation event with about 150 attendees resulting in detailed recommendations for strategic cybersecurity issues.
• P2: WP10 organised and hosted CONVERGENCE, the 2nd concertation event, in 2020. CONVERGENCE featured among others the 4 pilots, all focus groups, ECSO, the EP, the EC, the European Council, the EDPS and ENISA. Around 550 people registered from all over Europe and beyond, including governments, knowledge institutions, industry and SMEs.
• A vibrant pilot community: Bottom up, inclusive, decentralised and agile wrt new requirements and spontaneous requests from the EU
• The design of a distributed governance model
• A research roadmap and blueprint design based on real application requirements
• Education, certification and standardisation initiatives
• Integration of all pilots, ECSO and focus groups in a single comprehensive event, CONVERGENCE
• Implementation of principles in practice, e.g. GDPR compliant open-source web conferencing
CyberSec4Europe’s results contribute to the goal and vision of an EU with the capabilities to secure and maintain a healthy democratic society according to European constitutional values, wrt, e.g. privacy and data sharing and being a world-leading digital economy.
Its impact will be significant resulting from the governance model, through the strong links between the real-world demonstration cases, research and technology and the roadmap, to dissemination, outreach and exploitation. CyberSec4Europe will enhance Europe’s competitiveness while providing greater security for European citizens and society which in turn will result in economic growth for Europe, jobs for European citizens, and the expansion of global markets for European cybersecurity products and services.