Periodic Reporting for period 3 - ECHO (European network of Cybersecurity centres and competence Hub for innovation and Operations)
Berichtszeitraum: 2022-02-01 bis 2023-02-28
The European Commission has, under the H2020 Program, brought together specialist expertise to form four pilot projects with the objective of connecting and sharing knowledge across multiple domains to develop a common cybersecurity strategy for Europe.
The ECHO consortium consists of 30 partners from different fields and sectors including health, transport, manufacturing, ICT, education, research, telecom, energy, space, healthcare, defence & civil protection.
The main objective of ECHO is to strengthen the proactive cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector and multi-domain collaboration. The project is developing a European Cybersecurity ecosystem, to support secure cooperation and development of the European market, as well as to protect the citizens of the European Union against cyber threats and incidents.
Our Mission
Striving to put innovation, excellence and people at the center of European cybersecurity efforts by enhancing Europe’s technological sovereignty, providing a single market for cybersecurity technological solutions and delivering unique cybersecurity capabilities.
Our Vision
Establishing a Cybersecurity Competence Community to empower and ensure the continued safety of the European Digital Single Market and reinforce EU Strategic Autonomy.
Our Impact
Developing a robust, resilient and sustainable cybersecurity ecosystem to accelerate the advancement of cybersecurity capabilities and excellence in Europe.
The ECHO consortium consists of 30 partners from different fields and sectors including health, transport, manufacturing, ICT, education, research, telecom, energy, space, healthcare, defence & civil protection.
The main objective of ECHO is to strengthen the proactive cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector and multi-domain collaboration. The project is developing a European Cybersecurity ecosystem, to support secure cooperation and development of the European market, as well as to protect the citizens of the European Union against cyber threats and incidents.
Our Mission
Striving to put innovation, excellence and people at the center of European cybersecurity efforts by enhancing Europe’s technological sovereignty, providing a single market for cybersecurity technological solutions and delivering unique cybersecurity capabilities.
Our Vision
Establishing a Cybersecurity Competence Community to empower and ensure the continued safety of the European Digital Single Market and reinforce EU Strategic Autonomy.
Our Impact
Developing a robust, resilient and sustainable cybersecurity ecosystem to accelerate the advancement of cybersecurity capabilities and excellence in Europe.
The project started in February 2019, with a successful kick-off held at the end of that month. Technical activities started immediately, focusing on WP2 and its initial three tasks, given the tight guidelines. Communication and dissemination from WP9 were fastened, with a preliminary version of leaflets and website just before mid-February. A proper management structure has been put in place to support the overall development of the project. So far, the management control over the project has been deemed more than performant.
During 2022, the team was focused on the Demonstration Cases, with the main goal to validate the technologies and framework created during the project. Upon request of the Commission during the Review in 2022, an additional Demonstration Case (DC7) was introduced in the project, and carried out in December 2022.
During 2022, also the scientific activities carried out by WP2, WP3 and WP4 concluded with a substantial review and update of the main deliverables.
WP2 fosters an important part of the work carried out in WP4, WP5 and WP6: due to that, despite lasting the whole project, the first necessary results had to be produced by WP2 within the first 12 months.
WP3 immediately started the analysis of possible information sharing models to be applied to the E-EWS with T3.2 while T3.1 proceeded with wide research of existing networks of organizations in order to derive possible alternatives for the development of the ECCC. T3.3 elicited multiple alternatives for the ECHO Network governance model in D3.2. An intense campaign to recruit new partners has been performed within T3.5 with 16 new partners onboarded as of M49.
WP4 worked hard on the elicitation of cyber security challenges to be used to identify possible technology prototypes to be developed within the timeframe of the project. 14 prototypes (significantly more than the minimal baseline promised in the [GA] – which was 6) have been designed, developed and tested (https://echonetwork.eu/prototypes/ ). Development and verification activities concluded at M36 (January 2022). Meanwhile, the development of technology roadmaps progressed, with the definition of possible future roadmaps for the ECHO Early Warning System and the ECHO Federated Cyber Range and two additional technology roadmaps.
The ECHO Early Warning System concluded its first development phase at M24, with all activities on schedule: architecture and requirements have been finalized, a set of plugins has been identified and the overall software implementation progressed as planned. Six big tabletop exercises (to test and validate the platform and the CONOPS) have been performed to test the application and the information sharing process. After the verification and validation activities in WP7 and WP8, E-EWS now reached TRL8
The ECHO Federated Cyber Range concluded its first development phase at M25: architecture and requirements have been finalized, a Scenario Description language for cyber range scenarios has been developed and the software development proceeded as planned, with only one month of delay. After the verification and validation activities in WP7 and WP8, E-FCR now reached TRL8.
WP8 started in January 2021 with the difficult task of preparing and implementing the ECHO Demonstration Cases, a complex endeavour with the goal of demonstrating all ECHO assets in an organized and interdependent setup. As of M49, 7 ECHO Demonstration Cases have been completed and were summarized into presentation workshops between M39 and M45.
Discussions related to the exploitation of the ECHO Assets, in coordination with the possible future ECHO Network Governance Model, started at M18 (August 2020) and proceeded up to M49.
In general, most of the forth year objectives for each active WP (please check the sections below for details of the progression of each WP) have been fulfilled at M49, and the project was conducted efficiently, which was also confirmed by the last successful review with the EC (performed in April 2022), where all submitted deliverables have been accepted.
During 2022, the team was focused on the Demonstration Cases, with the main goal to validate the technologies and framework created during the project. Upon request of the Commission during the Review in 2022, an additional Demonstration Case (DC7) was introduced in the project, and carried out in December 2022.
During 2022, also the scientific activities carried out by WP2, WP3 and WP4 concluded with a substantial review and update of the main deliverables.
WP2 fosters an important part of the work carried out in WP4, WP5 and WP6: due to that, despite lasting the whole project, the first necessary results had to be produced by WP2 within the first 12 months.
WP3 immediately started the analysis of possible information sharing models to be applied to the E-EWS with T3.2 while T3.1 proceeded with wide research of existing networks of organizations in order to derive possible alternatives for the development of the ECCC. T3.3 elicited multiple alternatives for the ECHO Network governance model in D3.2. An intense campaign to recruit new partners has been performed within T3.5 with 16 new partners onboarded as of M49.
WP4 worked hard on the elicitation of cyber security challenges to be used to identify possible technology prototypes to be developed within the timeframe of the project. 14 prototypes (significantly more than the minimal baseline promised in the [GA] – which was 6) have been designed, developed and tested (https://echonetwork.eu/prototypes/ ). Development and verification activities concluded at M36 (January 2022). Meanwhile, the development of technology roadmaps progressed, with the definition of possible future roadmaps for the ECHO Early Warning System and the ECHO Federated Cyber Range and two additional technology roadmaps.
The ECHO Early Warning System concluded its first development phase at M24, with all activities on schedule: architecture and requirements have been finalized, a set of plugins has been identified and the overall software implementation progressed as planned. Six big tabletop exercises (to test and validate the platform and the CONOPS) have been performed to test the application and the information sharing process. After the verification and validation activities in WP7 and WP8, E-EWS now reached TRL8
The ECHO Federated Cyber Range concluded its first development phase at M25: architecture and requirements have been finalized, a Scenario Description language for cyber range scenarios has been developed and the software development proceeded as planned, with only one month of delay. After the verification and validation activities in WP7 and WP8, E-FCR now reached TRL8.
WP8 started in January 2021 with the difficult task of preparing and implementing the ECHO Demonstration Cases, a complex endeavour with the goal of demonstrating all ECHO assets in an organized and interdependent setup. As of M49, 7 ECHO Demonstration Cases have been completed and were summarized into presentation workshops between M39 and M45.
Discussions related to the exploitation of the ECHO Assets, in coordination with the possible future ECHO Network Governance Model, started at M18 (August 2020) and proceeded up to M49.
In general, most of the forth year objectives for each active WP (please check the sections below for details of the progression of each WP) have been fulfilled at M49, and the project was conducted efficiently, which was also confirmed by the last successful review with the EC (performed in April 2022), where all submitted deliverables have been accepted.
All the ECHO Assets have been released and several of them are advancing the state of the art:
• ECHO Multisector Assessment Framework (E-MAF)
• ECHO Cybersecurity Certification Scheme (E-CCS)
• ECHO Cyberskills Framework (E-CSF)
• ECHO Early Warning System (E-EWS)
• ECHO Federated Cyber Range (E-FCR)
ECHO intends to raise awareness of the need for cybersecurity amongst EU citizens and better-inform them of potential threats and best practices. The project provides innovative solutions to Governmental cyber issues, aid detection of cyberattacks, better combat them and improve response times in order to reduce their impact and ensure the safety of democratic decision-making. Industry was educated on why and how to protect themselves and their customers against potential loss of data or money, helping to consolidate their reputation and position in the market.
The main challenge faced by ECHO is to create a stable, effective, shared and durable network composed of governments, academic organizations and companies in order to pool the collective cybersecurity skills, resources and knowledge within the European territory, whilst also meeting the needs and structure defined in Regulation 630. Therefore, the visionary aim of ECHO is anchored on the project’s name itself: to establish a strong and resounding sustainable network of cybersecurity centres and competence for innovation within European Union, which will facilitate the sharing of knowledge, threats and cyber incidents for improving cybersecurity solutions, raise awareness of security and protection methods and establish best practices to reduce risk exposure.
• ECHO Multisector Assessment Framework (E-MAF)
• ECHO Cybersecurity Certification Scheme (E-CCS)
• ECHO Cyberskills Framework (E-CSF)
• ECHO Early Warning System (E-EWS)
• ECHO Federated Cyber Range (E-FCR)
ECHO intends to raise awareness of the need for cybersecurity amongst EU citizens and better-inform them of potential threats and best practices. The project provides innovative solutions to Governmental cyber issues, aid detection of cyberattacks, better combat them and improve response times in order to reduce their impact and ensure the safety of democratic decision-making. Industry was educated on why and how to protect themselves and their customers against potential loss of data or money, helping to consolidate their reputation and position in the market.
The main challenge faced by ECHO is to create a stable, effective, shared and durable network composed of governments, academic organizations and companies in order to pool the collective cybersecurity skills, resources and knowledge within the European territory, whilst also meeting the needs and structure defined in Regulation 630. Therefore, the visionary aim of ECHO is anchored on the project’s name itself: to establish a strong and resounding sustainable network of cybersecurity centres and competence for innovation within European Union, which will facilitate the sharing of knowledge, threats and cyber incidents for improving cybersecurity solutions, raise awareness of security and protection methods and establish best practices to reduce risk exposure.