Skip to main content
Go to the home page of the European Commission (opens in new window)
English English
CORDIS - EU research results
CORDIS

Building Trust in Ecosystems and Ecosystem Components

Project description

DE EN ES FR IT PL

Helping companies manage cybersecurity risks of the fragmented ICT supply chain

Most companies developing ICT solutions require the integration or synergy of other ICT components developed by third parties. This can pose a high security risk, hampering the verification of potential vulnerabilities. The EU-funded BIECO project is working on a holistic framework that provides the necessary mechanisms to help companies understand and manage the cybersecurity risks and threats they are subject to when they become part of the ICT supply chain. The framework is composed of a set of tools and methodologies that will address the challenges related to vulnerability management, resilience and auditing of complex systems.

Objective

Nowadays most of the ICT solutions developed by companies require the integration or collaboration with other ICT components, which are typically developed by third parties. Even though this kind of procedures are key in order to maintain productivity and competitiveness, the fragmentation of the supply chain can pose a high risk regarding security, as in most of the cases there is no way to verify if these other solutions have vulnerabilities or if they have been built taking into account the best security practices.
In order to deal with these issues, it is important that companies make a change on their mindset, assuming an “untrusted by default” position. According to a recent study only 29% of IT business know that their ecosystem partners are compliant and resilient with regard to security. However, cybersecurity attacks have a high economic impact and it is not enough to rely only on trust. ICT components need to be able to provide verificable guarantees regarding their security and privacy properties. It is also imperative to detect more accurately vulnerabilities from ICT components and understand how they can propagate over the supply chain and impact on ICT ecosystems. However, it is well known that most of the vulnerabilities can remain undetected for years, so it is necessary to provide advanced tools for guaranteeing resilience and also better mitigation strategies, as cybersecurity incidents will happen. Finally, it is necessary to expand the horizons of the current risk assessment and auditing processes, taking into account a much wider threat landscape. BIECO is a holistic framework that will provide these mechanisms in order to help companies to understand and manage the cybersecurity risks and threats they are subject to when they become part of the ICT supply chain. The framework, composed by a set of tools and methodologies, will address the challenges related to vulnerability management, resilience, and auditing of complex systems.

Fields of science (EuroSciVoc)

CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: https://op.europa.eu/en/web/eu-vocabularies/euroscivoc.

You need to log in or register to use this function

Keywords

Programme(s)

Topic(s)

Funding Scheme

RIA - Research and Innovation action

Coordinator

UNINOVA-INSTITUTO DE DESENVOLVIMENTO DE NOVAS TECNOLOGIAS-ASSOCIACAO
Net EU contribution
€ 469 375,00
Address
CAMPUS DA CAPARICA QUINTA DA TORRE
2829-516 Caparica
Portugal

See on map
SME

The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.
Yes
Activity type
Research Organisations
Links
Total cost
€ 469 375,00

Participants (11)

Share this page Share this page on social networks

Download Download the content of the page

Last update: 1 July 2025

My Booklet

Permalink: https://cordis.europa.eu/project/id/952702

European Union, 2025

My booklet 0 0