Skip to main content

European network of Cybersecurity centres and competence Hub for innovation and Operations

Periodic Reporting for period 1 - ECHO (European network of Cybersecurity centres and competence Hub for innovation and Operations)

Reporting period: 2019-03-01 to 2020-08-31

The European Commission has, under the H2020 Program, brought together specialist expertise to form four pilot projects with the objective of connecting and sharing knowledge across multiple domains to develop a common cybersecurity strategy for Europe.
The ECHO consortium consists of 30 partners from different fields and sectors including health, transport, manufacturing, ICT, education, research, telecom, energy, space, healthcare, defence & civil protection.
The main objective of ECHO is to strengthen the proactive cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector and multi-domain collaboration. The project is developing a European Cybersecurity ecosystem, to support secure cooperation and development of the European market, as well as to protect the citizens of the European Union against cyber threats and incidents.
Our Mission
Striving to put innovation, excellence and people at the center of European cybersecurity efforts by enhancing Europe’s technological sovereignty, providing a single market for cybersecurity technological solutions and delivering unique cybersecurity capabilities.
Our Vision
Establishing a Cybersecurity Competence Community to empower and ensure the continued safety of the European Digital Single Market and reinforce EU Strategic Autonomy.
Our Impact
Developing a robust, resilient and sustainable cybersecurity ecosystem to accelerate the advancement of cybersecurity capabilities and excellence in Europe.
The project started in February 2019, with a successful kick-off held at the end of that month. Technical activities started immediately, focusing on WP2 and its initial three tasks, given the tight guidelines. Communication and dissemination from WP9 were fastened, with a preliminary version of leaflets and website just before mid-February. A proper management structure has been put in place to support the overall development of the project. So far, the management control over the project has been deemed more than performant.

During M1-M18, a specific effort was made to define and conceptualize the idea of ‘ECHO Assets’: the main outputs of ECHO to be provided as technologies or services to the EU community. ECHO assets will be subject to market and exploitation analysis (this activity started in M18) and are monitored from an IPR perspective.
The Consortium identified the following as ECHO assets:
• ECHO Multisector Assessment Framework (E-MAF)
• ECHO Cybersecurity Certification Scheme (E-CCS)
• ECHO Cyberskills Framework (E-CSF)
• ECHO Governance Model (E-GM)
• ECHO Early Prototypes
• ECHO Cybersecurity Technology Roadmaps
• ECHO Early Warning System (E-EWS)
• ECHO Federated Cyber Range (E-FCR)

WP2 fosters an important part of the work carried out in WP4, WP5 and WP6: due to that, despite lasting the whole project, the first necessary results had to be produced by WP2 within the first 12 months. This has been a partial success for the Consortium, with the five necessary deliverables submitted (D2.1 D2.2 D2.3 D2.4 and D2.5) two approved by the EC, one to be revised and two waiting for review, since their due date was after the EC Review on 20 November 2019.
WP3 immediately started the analysis over possible information sharing models to be applied to the E-EWS with T3.2 while T3.1 proceeded with wide research of existing networks of organizations in order to derive possible alternatives for the development of the ECCC. T3.3 elicited multiple alternatives for the ECHO Network governance model in D3.2.
WP4 worked hard on the elicitation of cyber security challenges to be used to identify possible technology prototypes to be developed within the timeframe of the project. Seven prototypes have been put into development and several others are being evaluated for a second batch. Meanwhile, the development of technology roadmaps started, with the definition of the future roadmaps for the ECHO Early Warning System and the ECHO Federated Cyber Range.
The ECHO Early Warning System is in development phase and the activities are on schedule: architecture and requirements have been finalized, a set of plugins has been identified and the overall software implementation is progressing as planned. Two big tabletop exercises (to test and validate the platform and the CONOPS) have been performed and a bigger one is planned for end September 2020.
The ECHO Federated Cyber Range is in development phase and the activities are on schedule: architecture and requirements have been finalized, a Scenario Description language for cyber range scenarios has been developed and in general, the software development is proceeding as planned. The team counts to start publishing Services (to perform wider tests) by the end of 2020.
In general, most of the first 18 months objectives for each active WP have been fulfilled at M18 and the project appears to be in a very good shape, which was also confirmed by the successful review with the EC (performed 20 of November 2019), where only one out of 18 submitted deliverables has been marked for revision.
ECHO increased its presence in the social media and on the Internet and in the wider EU cyber-security community with multiple dissemination and communication initiatives, often in coordination with the other pilot projects (Concordia, Sparta, and Cybersec4Europe): the ECHO Network is ready to be enlarged and the ECCC piloting phase started at M13, with new partners considered to enter the network already from M16.
At M18, a first active ECHO Service has been released for the community: the ECHO Daily Bulletin (https://echonetwork.eu/daily-bulletin/) collecting relevant daily cyber security news, worldwide.
All the ECHO Assets are in development and several of them are advancing the state of the art:
• ECHO Multisector Assessment Framework (E-MAF)
• ECHO Cybersecurity Certification Scheme (E-CCS)
• ECHO Cyberskills Framework (E-CSF)
• ECHO Early Warning System (E-EWS)
• ECHO Federated Cyber Range (E-FCR)
ECHO intends to raise awareness of the need for cybersecurity amongst EU citizens and better-inform them of potential threats and best practices. The project will also provide innovative solutions to Governmental cyber issues, aid detection of cyberattacks, better combat them and improve response times in order to reduce their impact and ensure the safety of democratic decision-making. Industry will be educated on why and how to protect themselves and their customers against potential loss of data or money, helping to consolidate their reputation and position in the market. The main challenge faced by ECHO is to create a stable, effective, shared and durable network composed of governments, academic organizations and companies in order to pool the collective cybersecurity skills, resources and knowledge within the European territory, whilst also meeting the needs and structure defined in Regulation 630. Therefore, the visionary aim of ECHO is anchored on the project’s name itself: to establish a strong and resounding sustainable network of cybersecurity centres and competence for innovation within European Union, which will facilitate the sharing of knowledge, threats and cyber incidents for improving cybersecurity solutions, raise awareness of security and protection methods and establish best practices to reduce risk exposure.