Skip to main content

European network of Cybersecurity centres and competence Hub for innovation and Operations

Periodic Reporting for period 2 - ECHO (European network of Cybersecurity centres and competence Hub for innovation and Operations)

Reporting period: 2020-08-01 to 2022-01-31

The European Commission has, under the H2020 Program, brought together specialist expertise to form four pilot projects with the objective of connecting and sharing knowledge across multiple domains to develop a common cybersecurity strategy for Europe.
The ECHO consortium consists of 30 partners from different fields and sectors including health, transport, manufacturing, ICT, education, research, telecom, energy, space, healthcare, defence & civil protection.
The main objective of ECHO is to strengthen the proactive cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector and multi-domain collaboration. The project is developing a European Cybersecurity ecosystem, to support secure cooperation and development of the European market, as well as to protect the citizens of the European Union against cyber threats and incidents.
Our Mission
Striving to put innovation, excellence and people at the center of European cybersecurity efforts by enhancing Europe’s technological sovereignty, providing a single market for cybersecurity technological solutions and delivering unique cybersecurity capabilities.
Our Vision
Establishing a Cybersecurity Competence Community to empower and ensure the continued safety of the European Digital Single Market and reinforce EU Strategic Autonomy.
Our Impact
Developing a robust, resilient and sustainable cybersecurity ecosystem to accelerate the advancement of cybersecurity capabilities and excellence in Europe.
The project started in February 2019, with a successful kick-off held at the end of that month. Technical activities started immediately, focusing on WP2 and its initial three tasks, given the tight guidelines. Communication and dissemination from WP9 were fastened, with a preliminary version of leaflets and website just before mid-February. A proper management structure has been put in place to support the overall development of the project. So far, the management control over the project has been deemed more than performant.

During M1-M36, a specific effort was made to define, conceptualize and implement the of ‘ECHO Assets’: the main outputs of ECHO to be provided as technologies or services to the EU community. ECHO assets will be subject to market and exploitation analysis (this activity started in M18) and are monitored from an IPR perspective.
The Consortium identified the following as ECHO assets:
• ECHO Multisector Assessment Framework (E-MAF)
• ECHO Cybersecurity Certification Scheme (E-CCS)
• ECHO Cyberskills Framework (E-CSF)
• ECHO Governance Model (E-GM)
• ECHO Early Prototypes
• ECHO Cybersecurity Technology Roadmaps
• ECHO Early Warning System (E-EWS)
• ECHO Federated Cyber Range (E-FCR)

WP2 fosters an important part of the work carried out in WP4, WP5 and WP6: due to that, despite lasting the whole project, the first necessary results had to be produced by WP2 within the first 12 months.
WP3 immediately started the analysis over possible information sharing models to be applied to the E-EWS with T3.2 while T3.1 proceeded with wide research of existing networks of organizations in order to derive possible alternatives for the development of the ECCC. T3.3 elicited multiple alternatives for the ECHO Network governance model in D3.2.
WP4 worked hard on the elicitation of cyber security challenges to be used to identify possible technology prototypes to be developed within the timeframe of the project. Fourteen prototypes have been developed in two batches. Meanwhile, the development of technology roadmaps proceeded, with the definition of the future roadmaps for the ECHO Early Warning System and the ECHO Federated Cyber Range and other four roadmaps as planned.

The ECHO Early Warning System is in final validation phase and the activities are on schedule: architecture and requirements have been finalized, a set of plugins has been identified and the overall software implementation is concluded as planned. Seven big tabletop exercises (to test and validate the platform and the CONOPS) have been performed, very useful to test the technology and foster users' feedback.

The ECHO Federated Cyber Range is in final validation phase and the activities are on schedule: architecture and requirements have been finalized, a Service Description Language for cyber range scenarios has been developed and in general, the software development concluded as planned. The asset is ready to be used within the Demonstration Cases organized by WP8.

In general, most of the first 36 months objectives for each active WP have been fulfilled at M36 and the project appears to be in a good shape, which was also confirmed by three successful reviews with the EC (performed 20 of November 2019 , 13 October 2020 and 15 October 2021), where all submitted deliverables have been accepted by the EC with a single exception (D9.9) which has been resubmitted.

ECHO increased its presence in the social media and on the Internet and in the wider EU cyber-security community with multiple dissemination and communication initiatives, often in coordination with the other pilot projects (Concordia, Sparta, and Cybersec4Europe): the ECHO Network is ready to be enlarged and the ECCC piloting phase started at M13, with 14 new partners entered in the network as of M36.
At M18, a first active ECHO Service has been released for the community: the ECHO Daily Bulletin ( collecting relevant daily cyber security news, worldwide.
All the ECHO Assets are in final development and validation and several of them are advancing the state of the art:
• ECHO Multisector Assessment Framework (E-MAF)
• ECHO Cybersecurity Certification Scheme (E-CCS)
• ECHO Cyberskills Framework (E-CSF)
• ECHO Early Warning System (E-EWS)
• ECHO Federated Cyber Range (E-FCR)
ECHO intends to raise awareness of the need for cybersecurity amongst EU citizens and better-inform them of potential threats and best practices. The project will also provide innovative solutions to Governmental cyber issues, aid detection of cyberattacks, better combat them and improve response times in order to reduce their impact and ensure the safety of democratic decision-making. Industry will be educated on why and how to protect themselves and their customers against potential loss of data or money, helping to consolidate their reputation and position in the market. The main challenge faced by ECHO is to create a stable, effective, shared and durable network composed of governments, academic organizations and companies in order to pool the collective cybersecurity skills, resources and knowledge within the European territory, whilst also meeting the needs and structure defined in Regulation 630. Therefore, the visionary aim of ECHO is anchored on the project’s name itself: to establish a strong and resounding sustainable network of cybersecurity centres and competence for innovation within European Union, which will facilitate the sharing of knowledge, threats and cyber incidents for improving cybersecurity solutions, raise awareness of security and protection methods and establish best practices to reduce risk exposure.