View
8
Download
0
Category
Preview:
Citation preview
ECS cPPP Progress Monitoring Report 2018
European Cyber Security Organisation ECS cPPP Progress Monitoring Report 2018
22.10.2019 – Final Version
ECS cPPP Progress Monitoring Report 2018
i
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
ABOUT ECSO
The European Cyber Security Organisation (ECSO) ASBL is a fully self-financed non-for-profit organisation under the Belgian law, established in June 2016.
ECSO represents the contractual counterpart to the European Commission for the implementation of the Cyber Security contractual Public-Private Partnership (cPPP). ECSO members include a wide variety of stakeholders across EU Member States, EEA / EFTA Countries and H2020 associated countries, such as large companies, SMEs and Start-ups, research centres, universities, end-users, operators, clusters and association as well as European Member State’s local, regional and national administrations. More information about ECSO and its work can be found at www.ecs-org.eu.
Contact
For queries in relation to this document, please use wg2_secretariat@ecs-org.eu
Classification and Distribution
This document is classified as internal to ECSO for discussion with the EC.
Third-party sources are quoted as appropriate. ECSO is not responsible for the content of the external sources including external websites referenced in this publication.
Disclaimer
This document has been prepared by the European Cyber Security Organisation and it
reflects the views only of its authors.
Copyright Notice
© European Cyber Security Organisation (ECSO), 2019. Reproduction is not authorised.
ECS cPPP Progress Monitoring Report 2018
i
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
VERSION HISTORY
Version Date Status Editor(s) Changes
0.1 14 08 2019 Draft KPI Analysis to the EC for
review
ECSO Secretariat
0.2 21 08 2019 Draft KPI Analysis to the EC for
review
ECSO Secretariat Updates
0.3 10.09.2019 Complete Draft to EC
for review
ECSO Secretariat Update on cPPP perimeter (4 additional projects)
Executive summary,
Section 2.1 and Outlook & Lessons learnt section
0.4 01/10/2019 Final draft to EC
ECSO Secretariat Final additions & review
0.5 16/10/2019 Draft including EC
comments
ECSO Secretariat Mention to 31 cPPP project (instead of 30) and right
reference to total EC contribution (62 % of
450M€). Links to ECSO documents added in the
Annex. Annex II to Annex IV added
ECS cPPP Progress Monitoring Report 2018
ii
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
ECS cPPP Progress Monitoring Report 2018
iii
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
PERIMETER OF 2nd REPORTING PERIOD update after 5th September with DG CNECT:
SU-ICT-04-2019: Quantum Key Distribution testbed
SU-DS05-2018-2019: Digital security, privacy, data protection and accountability in critical sectors
(limited to the finance subtopic run on 2018)
SU-TDS-02-2018: Toolkit for assessing and reducing cyber risks in hospitals and care centres to
protect privacy/data/infrastructures
SU-TDS-03-2018: Raising awareness and developing training schemes on cybersecurity in
hospitals
SU-INFRA01-2018-2010-2020: Prevention, detection, response and mitigation of combined
physical and cyber threats to critical infrastructure in Europe (only 50% of the funding is considered)
SU-ICT-03-2018: Establishing and operating a pilot for a Cybersecurity Competence Network to
develop and implement a common Cybersecurity Research & Innovation Roadmap
SU-DS04-2018-2020: Cybersecurity in the Electrical Power and Energy System (EPES): an armour
against cyber and privacy attacks and data breaches
SU-DS01-2018: Cybersecurity preparedness - cyber range, simulation and economics
SU-ICT-01-2018: Dynamic countering of cyber-attacks
ECS cPPP Progress Monitoring Report 2018
iv
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
EXECUTIVE SUMMARY
Two years and a half since its signature in July 2016, the contractual Public Private Partnership continues on a good track. Bringing together the main European players spanning from large and SME pure players, the most innovative research centres and competitive clusters, national and regional public authorities, ECSO is not only delivering its Strategic Research & Innovation Agenda but going beyond the traditional cPPP objectives. This second yearly report is based on an online survey and phone interviews addressed to ECSO members and H2020 beneficiaries of projects started before 2019. In 2018, the European Commission funded 31 new projects (of which 2 started in 2018) under 9 dedicated Horizon 2020 calls, expanding the cPPP project portfolio from 20 to 50 projects. These new projects involve 580 organisations (of which 27 % are ECSO Members).19 of the funded projects under 2018 calls are Innovation Actions (IA), 11 are Research and Innovation Actions (RIA), and 1 is a Coordination and Support Action (CSA). With an initial indicative budget from the European Union of 450 M€ for the period 2017-2020, the European Cybersecurity cPPP has mobilised 1,75 B€ of private investment in developing and implementing innovations connected to the ECSO SRIA (522 M€ in 2017). In terms of creation of new skills and job profiles, the ECS cPPP is on track to surpass its contractual target (+10% growth rate of workforce). A survey to the European cybersecurity community reported that employment has grown between 2017 and 2018 by more than 30% in large companies and SMEs and 25% in RTOs. For the first time, the 2018 report elaborates a catalogue of existing job profiles to monitor a more in-depth evolution of the European cybersecurity workforce . cPPP projects and ECSO members are disseminating the knowledge they have gained: in 2018 they reported that they have hosted more than 200 dissemination events while the ECSO Secretariat strengthened and increased its position as a strong stakeholder in the European institutional landscape establishing, inter alia, several Memorandums of Understanding with European Bodies and other PPPs such as ETSI, CEN/CENELEC and 5G PPP to deepen collaborations on standards and cybersecurity in the implementation of 5G, respectively. At this stage, the major KPI issue remains the participation of technology SMEs in H2020 projects which is still lower than the target agreed in 2016. However, ECSO has put in place some countermeasures to give SMEs more visibility towards private investors. In particular, during 2018, the Association has contributed to the development of the cybersecurity ecosystem by organising its Investment Roadshow with local members. Four Investor Days brought together more than 80 selected start-ups and SMEs with 50 international investors. In addition, 2018 has been a year of careful planning and discussion with more than 40 stakeholders of the quadruple helix of five regions to design the Cyber Valleys project. This ECSO flagship aims to support local scaleups to achieve a critical mass, market the European Digital Market and initiate co-design technology partnerships with partners coming from other regions. With regards to the end-user participation, a positive trend has been observed in 2018; the increasing participation of end-users in H2020 projects. In particular with the dedicated calls for the energy and health sectors, electricity and hospital players have been active in projects, with an average of 5 end-users per project. Summing up all the results, this report shows that ECSO is continuing its successful development by promoting its R&D roadmap within both the H2020 framework and private investment, as well as consolidating activities on industrial policy.
ECS cPPP Progress Monitoring Report 2018
v
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
ECS cPPP Progress Monitoring Report 2018
vi
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
TABLE OF CONTENT
ABOUT ECSO ...................................................................................................................... i
EXECUTIVE SUMMARY ..................................................................................................... iv
TABLE OF CONTENT.......................................................................................................... vi
INTRODUCTION ................................................................................................................ 1
MAIN ACTIVITIES AND ACHIEVEMENTS in 2018 ................................................................. 3
2.1. Implementation of the relevant 2018 calls for proposal ................................................... 3
2.2. Mobilisation of stakeholders, outreach, success stories ................................................... 7
2.3. ECSO governance ........................................................................................................... 9
MONITORING OF THE OVERALL PROGRESS SINCE THE LAUNCH OF THE CPPP ................... 11
3.1 Progress achieved on KPIs ................................................................................................. 11
4. OUTLOOK AND LESSONS LEARNT ................................................................................. 38
Annex I – Report on industrial policy activities ................................................................. 39
Annex II – Common Priority Key Performance Indicators .................................................. 47
Annex III – Specific Key Performance Indicators for the cPPP............................................ 48
Annex IV – Contribution to Programme-Level KPI's .......................................................... 49
ECS cPPP Progress Monitoring Report 2018
1
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
INTRODUCTION
The European Cybersecurity contractual Public-Private Partnership started in 2016 and was
operationalised with a proposed SRIA elaborated by the Working Group 6 and the launch of a first
round of H2020 calls in 2017.
The ECS cPPP plays a central role in the implementation of the Digital Single Market strategy,
contributing to multiple pillars including fostering cybersecurity market development, job and wealth
creation in Europe and accelerating Europe’s innovation process. The European Cyber Security
Organisation is the European Association that works in cooperation with the European
Commission, member organisations and industry associations representing the entire value chain
of the cybersecurity landscape.
This report reviews the progress of ECS cPPP in 2018 in relation to these objectives under the
H2020 R&I programme, and in terms of the added value it provides to the European cybersecurity
landscape.
While supporting the implementation of the cPPP, ECSO has also closely followed and supported
the proposal and definition of several EU cybersecurity policies. This activity should be considered
as fundamental for the effective success of the cPPP as the development of the European
cybersecurity ecosystem is essential for the R&I results under H2020 to find a suitable place for
adoption and use by the market.
2018 saw the implementation of key EU legislations and regulations, such as GDPR and the NIS
Directive. The finalisation of the Cybersecurity Act is also important for the future impact of ongoing
developments in H2020 projects, especially as concerns the European certification framework and
the future certifications that will be requested to technologies, systems and services. These
legislations, once adopted / transposed at national level, will have a major impact on the design
and use of technologies, services and procedures developed in H2020 projects.
2018 also saw the first proposal for the future MFF, with important suggestions for investments in
cybersecurity, both at research level (in Horizon Europe) and at capacity building level (DEP –
Digital Europe Programme and CEF – Connecting Europe Facility). The deployment part, in
particular, can be considered as relevant for the present cPPP as future projects funded by these
instruments will also likely use solutions developed under H2020 cPPP projects.
Linked to these envisaged future programmes is the regulation on competence centres (also
proposed in 2018 and still under discussion). This envisaged regulation will have a major impact
on linking cybersecurity competence centres at European level, in order to benefit from synergies
across Europe for the use of different competences (also developed by the present H2020 / cPPP
approach) according to users’ needs.
In this context, while supporting the priorities for H2020 and the cPPP, ECSO has cooperated with
the European Commission, the Parliament and the Council to suggest the definition of the future
EU architecture and future EU programmes on cybersecurity, as this will have a major impact on
the effective success of results of the cPPP. For this reason, ECSO has also supported the 4
winning ICT-03 proposals in 2018 for pilots on network of cybersecurity competence centres, where
ECSO members represented almost 50% of the proposals’ consortia.
ECS cPPP Progress Monitoring Report 2018
2
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
ECS cPPP Progress Monitoring Report 2018
3
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
MAIN ACTIVITIES AND ACHIEVEMENTS in 2018
2.1. Implementation of the relevant 2018 calls for proposal
There are nine main calls for proposals that can be attributed to the cPPP’s activities:
• SU-ICT-01-2018: Dynamic countering of cyber-attacks (seven projects started between
end of first half and second half of 2019)
• SU-ICT-03-2018: Establishing and operating a pilot for a Cybersecurity Competence
Network to develop and implement a common Cybersecurity Research & Innovation
Roadmap (four projects started first half of 2019)
• SU-ICT-04-2019: Quantum Key Distribution testbed (one project started on September
2019)
• SU-DS01-2018: Cybersecurity preparedness - cyber range, simulation and economics (two
projects started on September 2019)
• SU-DS04-2018-2020: Cybersecurity in the Electrical Power and Energy System (EPES)
(three projects for the 2018 call started between end of first half and second half of 2019)
• SU-DS05-2018-2019: Digital security, privacy, data protection and accountability in critical
sectors (two projects for the subtopic funded for the 2018 call and started on July 2019)
• SU-TDS-02-2018: Toolkit for assessing and reducing cyber risks in hospitals and care
centres to protect privacy/data/infrastructures (seven projects started between December
2018 and January 2019)
• SU-TDS-03-2018: Raising awareness and developing training schemes on cybersecurity
in hospitals (one project started on December 2018)
• SU-INFRA01-2018-2019-2020: Prevention, detection, response and mitigation of
combined physical and cyber threats to critical infrastructure in Europe (three projects for
the call in 2018 started between May and June 2019)
The average Time-to-Grant is 240 days.
The successful launch of the first H2020 projects allowed the advancement of R&I goals defined in
the ECSO SRIA document and the identification of areas that will be covered by the results and
outcomes of the projects. An initial analysis of the topics identified possible areas of further
investment which were considered for the update of the Work Programme for the 2020 calls.
The analysis of the projects selected and funded for the 2018 calls is presented herein and is solely
based on the topics that will be addressed by the projects, as well as their potential impact on
strengthening the European cybersecurity ecosystem. As part of the contract and the ECS
partnership, the ESCO SRIA v1.2 contributed to the definition of the priorities of the calls indicated
in the European Commission Working Programme for 2018 – 2020. An overall analysis identified
a very good alignment between the priorities identified by the private sector and those present in
the EC Working Programme. In the following paragraphs we will present the analysis of both
ECS cPPP Progress Monitoring Report 2018
4
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
ongoing and recently granted projects, which are funded under the ECS cPPP framework. We will
also assess their relevance to the ECSO SRIA strategy.
The call SU-ICT-01-2018 addresses solutions for cyber-attack management, both in terms of
protection and response and recovery. GUARD and SIMARGL focus on the prevention side.
GUARD will develop an open and extensible platform for advanced assurance and protection of
trustworthy and reliable business chains, spanning multiple administrative domains and
heterogeneous infrastructures, by considering security-by-design principles with enhanced
inspection and detection techniques, raising situational awareness at different levels of the
companies’ structure. The SIMARGL project focuses on prevention with the intention to significantly
improve malware and stegomalware detection. The SOCCRATES project will develop and
implement a new security platform for Security Operation Centres (SOCs) and Computer Security
Incident Response Teams (CSIRTs) that will significantly improve an organisation’s capability to
quickly and effectively detect and respond to new cyber threats and ongoing attacks. CyberSane
addresses the management of cybersecurity incidents from warning to response, specifically
targeting European Critical Infrastructures. SAPPAN will provide a cyber threat intelligence system
by developing a platform for sharing and automation to enable privacy preserving and efficient
response and recovery utilising advanced data analysis and machine learning. The C4IIoT
addresses Industrial IoT and will build a unified IIoT cybersecurity framework for malicious and
anomalous behaviour anticipation, detection, mitigation, and end-user informing. The nIoVe project
targets the Internet-of-Vehicles (IoV), with emphasis on the Connected and Autonomous Vehicles
(CAVs) ecosystem, and focuses on all aspects linked to cyber threat intelligence, including
response and recovery activities.
The ECSO SRIA identifies the need to invest and focus on incorporating additional security-specific
components and processes into any system to make it more robust, resilient and secure. These
security sub-systems include prevention with the aim to prevent attacks in succeeding. It includes
processes to achieve security by design, reducing attack surfaces through appropriate
configuration of system elements and means of assisting the users in handling security-related
tasks (e.g., credentials management tools), vulnerability scanning, penetration testing, patching,
and also deployment and operation of protective/preventative controls such as firewalls, intrusion
protection systems, etc. The objective is to provide high-assurance prevention and protection. On
the other hand, other important aspects of secure sub-systems are response and recovery.
Response means to take appropriate and timely actions in response to detection of attacks or other
suspicious activity, in order to disrupt them, mitigate their impact, investigate their origins, etc.
Responses include the sharing of information with other organisations in order to prepare them for
similar attacks and to co-ordinate actions. Digital forensics technologies and activities are a part of
response and also provide key contributions to recovery operations planning. Recovery aims to
restore the system to normal operation following an attack. It may include measures to ensure that
similar attacks will not be successful in the future, or at least that they will have less detrimental
impact.
The projects under the call SU-ICT-03-2018 are expected to strengthen the EU's cybersecurity
capacity and tackle future cybersecurity challenges for a safer European Digital Single Market.
Establishing and operating a pilot for a Cybersecurity Competence Network to develop and
implement a common Cybersecurity Research & Innovation Roadmap. The 4 projects funded in
this call, CONCORDIA, ECHO, SPARTA and CyberSec4Europe look at aspects that ECSO has
recognised the importance of, not only in the SRIA but also in the Industry Proposal, such as
certification, cyber ranges, vertical domains and value chain, international cooperation, and skills.
ECS cPPP Progress Monitoring Report 2018
5
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
The call SU-ICT-04-2019 focuses on building an experimental platform to test and validate the
concept of end-to-end security, providing quantum key distribution as a service. The OPENQKD
project, recently started, aims to create and test a communication network infrastructure with a
built-in quantum element, using Quantum Key Distribution (QKD). The ECSO SRIA identifies
several areas of research and innovation linked to quantum computing and quantum
communication, such as migration to post-quantum cryptography, development of new quantum-
safe crypto methods and algorithms for both asymmetric and symmetric cryptography, including
their integration in security protocols, and evaluation criteria for quantum-resistant public key
cryptographic standards and implementations. In addition, the ECSO SRIA strategy indicates the
importance of designing quantum resistant crypto technologies with a smaller cyber innovation
cycle, enabling to meet the challenges of future threats and market opportunities in Europe.
The SU-DS01-2018 call is considered a continuation of the topic DS-07-2017, with the intent to
develop, test and validate highly customisable dynamic simulators serving as knowledge-based
platforms accompanied with mechanisms for real time interactions and information sharing,
feedback loops, developments and adjustments of exercises. The three projects funded under this
call address different domains. SPIDER addresses the 5G network and its services. The
FORESIGHT project aims to develop a federated cyber range solution that collaboratively brings
unique cyber security aspects from the aviation, smart grid and naval domains. The third project
Cyber-MAR focuses on the maritime logistics value chain.
The ECSO SRIA indicates the importance of developing new cyber ranges and simulation
techniques, including a strict focus on education and training. These actions are necessary if we
want to empower individuals and organisations for situational awareness and cyber threat
detection.
The call SU-DS04-2018-2020 focuses on the cybersecurity challenges in the Electrical Power and
Energy System (EPES). The objective is to make those systems more resilient to cyber-attacks
and reduce their exposure to potential vulnerabilities. The EnergyShield project will develop an
integrated toolkit covering the complete EPES value chain. The toolkit should include technologies
for vulnerability assessment, monitoring and protection, and learning and sharing. PHOENIX will
offer a cyber-shield armour to EPES infrastructure enabling cooperative detection of large scale,
cyber-human security and privacy incidents and attacks, guarantee the continuity of operations and
minimise cascading effects on the infrastructure itself, the environment, the citizens and the end-
users at a reasonable cost. The SDN-microSENSE project will focus on a set of secure, privacy-
enabled and resilient to cyberattacks tools to address the normal operation of EPES as well as the
integrity and the confidentiality of communications, thus looking at SDN-based technology.
The ECSO SRIA identifies the need to address the challenges of the following energy
infrastructures: smart energy grids, smart home, Distributed Energy Resources (DER) and
centralized energy generation. There is a need to develop new security solutions preventing
illegitimate access and covering control access mechanisms, addressing early detection of threats
including techniques to avoid their propagation, as well as response tools. Data protection and
privacy concerns should be considered mainly when sensitive data are collected from smart
devices such as sensors. New security approaches to detect and isolate the different threats early
are key for the energy systems as the wide variety of threats will have potentially large impacts on
the energy infrastructures and their components, from smart meters to relays, including software
components, as well as the SCADA systems. Impacts on safety mechanisms which are of major
importance in the energy context should also be covered. Solutions should provide response and
ECS cPPP Progress Monitoring Report 2018
6
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
notification tools (technical and organisational) to security alerts coming from intrusion detection
tools, as well as for disaster recovery techniques in case of incidents. Some of the main challenges
for energy systems are the mix between legacy systems and new technologies, interdependency
between safety and security, and highly distributed and resource constrained systems to control
and prevent cascading effects.
The call SU-DS05-2018-2019 addresses data security and protection for the critical sectors. The
2018 call focuses only on the financial sector and in particular addresses the need for technologies
for digital security, privacy and personal data protection. The SOTER project aims at increasing
cyber resilience by providing a comprehensive set of tools to increase the cybersecurity level. On
the other hand, the CRITICAL-CHAINS focuses on the integration of Cyber Physical Systems in
the financial sector by delivering a novel triangular accountability model and integrated framework
supporting accountable, effective, accessible, fast, secure and privacy-preserving financial
contracts and transactions to protect against illicit transactions, illegal money trafficking and fraud
on FinTech e-operations.
ECSO considers the finance sector as the backbone of economic development, identifying cyber
risk management as a top priority for the financial industry. The increasing number and frequency
of sophisticated cyber-attacks to the banking sector highlights the need to develop a
comprehensive cybersecurity framework to protect the integrated financial market and to combat
cyber fraud with the aim of enhancing the resilience of financial systems. This includes looking at
the management of cyber-secure supply chains, and aspects linked to privacy, data protection, and
data integrity.
The calls SU-TDS-02-2018 and SU-TDS-03-2018 focus on the health sector and in particular on
hospitals, with the aim to reduce the cyber risks to the former and to raise awareness and develop
training schemes for the latter. Under the SU-TDS-02-2018 call, the PANACEA project looks at
solutions for cybersecurity assessment and preparedness of Healthcare ICT infrastructures and
connected devices. ProTego will focus on advanced data protection measures to reduce the risks
in hospitals and care centres. CUREX will look into GDPR-compliant solutions for the secure and
private exchange of data, while SERUMS will focus on securing medical data to enhance personal
care solutions. FeatureCloud will look into solutions for minimising the potential of cyber-crime and
enabling first secure cross-border collaborative data mining endeavours. SPHINX will provide a
vulnerability assessment toolkit and ASCLEPIOS a secure cloud encrypted platform. The
SecureHospitals.eu project, funded under the SU-TDS-03-2018 call, aims to set up training
schemes and initiate training sessions for IT staff working in hospitals with the aim of improving the
knowledge of staff and in turn contribute to decreased vulnerabilities against cyber threats and
increased patient trust and safety.
ECSO considers the security of healthcare systems, services and applications as a major concern
due to the high privacy and confidentiality requirements of sensitive healthcare data. e-Health faces
many security challenges, most of them common to any critical infrastructure. Major specific
challenges include service resiliency against cyberattacks, prevention against data-leakage and
loss of patient data and identity theft. In particular, systems’ availability and business continuity are
the key components for providing seamless electronic healthcare services. Data security and
integrity represent another important challenge. The ECSO SRIA identifies the importance for
solutions to address patients, healthcare service providers, doctors and other professionals to
reduce the risk of cyber-attacks.
ECS cPPP Progress Monitoring Report 2018
7
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
The SU-INFRA01-2018-2019-2020 call addresses the prevention, detection, response and
mitigation of combined physical and cyber threats to critical infrastructure in Europe. SecureGas
focuses on the European Gas network covering the entire value chain from production to
distribution to the users, providing tools and guidelines to secure existing and incoming installations
and make them resilient to cyber-physical threats. In particular, the project will also look at the
interdependent and interconnected European Gas grids to understand the impacts and cascading
effects of cyber-physical attacks. InfraStress addresses cyber-physical security of Sensitive
Industrial Plants and Sites (SIPS) Critical Infrastructures (CI) in order to improve resilience and
protection capabilities of SIPS exposed to large scale threats and hazards, and guarantee
continuity of operations. SATIE will look at the air transport infrastructure with the aim to improve
cyber-physical correlations, forensics investigations and dynamic impact assessment at airports,
while guaranteeing the protection of critical systems, sensitive data and passengers.
The ECSO SRIA identifies the need to invest and focus on the protection of critical infrastructures.
For this, we need the analysis of the risk aspects of the evolving technology in relation to legacy
systems, as it will help to achieve an adequate level of protection and risk management. The ever-
increasing use of IoT and Cyber-Physical Systems (CPS) to achieve a higher degree of automation
exposes critical infrastructures to new types of attacks. Thus, monitoring and threat detection tools
become of primary importance when reacting quickly to threats with a strong degree of automation,
in order to enhance the resilience and high availability of the systems and critical infrastructures.
2.2. Mobilisation of stakeholders, outreach, success stories
It is paramount for an Association such as ECSO to reach out to and foster the participation of the
entire European cybersecurity ecosystem. Since December 2017, ECSO has continuously
intensified its efforts to reach out to and mobilise stakeholders from the wider European
cybersecurity community.
From a membership perspective, in 2018, ECSO welcomed 39 new members across 30 different
ECSO countries1 counting therefore a total of 249 members in its membership base in December
2018. ECSO is also reaching out to all the members of its 22 associations, which represents a
Community of more than 2000 bodies.
Repartition across ECSO countries as of December 2018
AUSTRIA 8 ITALY 27
BELGIUM 15 LATVIA 1
BE -EU ASSOCIATIONS
8 LITHUANIA 1
BULGARIA 2 LUXEMBOURG 4
CYPRUS 6 NORWAY 4
1 ECSO countries include: Member States, EEA/EFTA countries, H2020 associated countries.
ECS cPPP Progress Monitoring Report 2018
8
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
CZECH REP. 3 POLAND 6
DENMARK 5 PORTUGAL 4
ESTONIA 6 ROMANIA 2
FINLAND 8 SLOVAKIA 3
FRANCE 26 SLOVENIA 1
GERMANY 22 SPAIN 34
GREECE 5 SWEDEN 3
HUNGARY 3 SWITZERLAND 5
IRELAND 3 THE NETHERLANDS
17
ISRAEL 2 TURKEY 5
UNITED KINGDOM 8
In 2018, the ECSO Board of Directors approved the creation of a Communication Task Force to
boost the visibility of ECSO in 2018 though targeted communication campaigns, initiatives and
dissemination activities, as well as build stronger collaborations and synergies between members
and ECSO.
On 21st June, ECSO held its second General Assembly in Brussels, Belgium which was promptly
followed by a public event attended by 150 participants including ECSO members, partners,
potential new members, European Institutions representatives, agencies and associations. This
public session has become an annual gathering of cybersecurity stakeholders and allows ECSO
to not only present the evolution and the progress made in the framework of the cPPP and its
achievements, but also to promote other industrial policy initiatives such as those mentioned above.
ECSO participated and contributed to around 100 high-level European exhibition events,
workshops and conferences in 2018. ECSO further developed and established around 20 media
partnership proposals with well-known European events such as FIC (Lille), CYBERTECH Israel
9%
29%
9%2%
27%
24%
ECSO MEMBERSHIP BASE ACCORDING TO CATEGORY OF MEMBERS DECEMBER 2018
Associations Large companies and Users Public Administrations
Regions and Clusters RTO/Universities SMEs
ECS cPPP Progress Monitoring Report 2018
9
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
and CYBERTECH Europe, Cybersecurity Summit Command and Control (Munich), CYBERSEC
(Poland and Brussels), HIMSS EU – Health 2.0, IOT Week, ETSI Security Week, EID Forum in
Estonia, Cyber Security Nordic, IT-SA Nuremberg, and others.
In November 2018, ECSO became one of the first supporters of the Paris Call for Trust and Security
in Cyberspace, the high-level declaration on developing common principles for securing
cyberspace.
2.3. ECSO governance
The ECSO governance model, extensively presented in the Industrial Vision document2, is based
on the three bodies: Board of Directors, National Public Authority Representatives Committee and
Partnership Board (see the scheme below).
Figure 1 ECSO Governance
2 http://ecs-org.eu/documents/ecs-cppp-industry-proposal.pdf
ECS cPPP Progress Monitoring Report 2018
10
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
There are no major changes in the ECSO governance in 2018 (for the details of each body please
refer to the First Monitoring Report3). Philippe Vannier (EVP Atos) has been reappointed as ECSO
Chairperson and Luigi Rebuffi is the ECSO Secretary General.
ECSO Working Groups have found a stable configuration and working rules, thus allowing a higher
efficiency in cooperation across working groups (also supporting the definition of priorities for
H2020 and cPPP monitoring).
3 https://www.ecs-org.eu/documents/uploads/progress-monitoring-report-2016-2017.pdf
ECS cPPP Progress Monitoring Report 2018
11
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
MONITORING OF THE OVERALL PROGRESS SINCE THE LAUNCH OF THE CPPP
This section reviews the cPPP’s progress in 2018, based on data gathered from ECSO members
and H2020 beneficiaries via two separate questionnaires and targeted phone interviews. In
particular, we introduce the impact analysis of the seven KPIs, which include indicators specific
to the market relevant to the cPPP on cybersecurity as well as indicators relevant to all cPPPs.
3.1 Progress achieved on KPIs
KPI 1 – Assessing the cybersecurity R&I investment leverage factor
Community commitment: cybersecurity cPPP well on track in leveraging public investment by a
factor higher than 3
A major aim of the cybersecurity cPPP is to trigger common investment of the private and public
side in a jointly agreed Strategic Research and Innovation Agenda. In this respect, ECSO
presented the foundational guidelines for the setting up of the cPPP in its ECS SRIA document in
20164, which reflects the needs of the European cybersecurity industry. Accordingly, the ECSO
stakeholder community committed to increasing the level of EU funding allocated to R&I in
cybersecurity by a leverage factor of at least 3.
Already at this stage, where 62% of the expected funds have been allocated by the European
Commission, with most of the relevant projects still in their early stages and with a first
commercialisation and exploitation of the R&I project results not yet started, the ECSO community
can confirm the positive trend of the 1st period: the private counterpart of the cPPP is achieving and
exceeding the amount of investments foreseen when the cPPP was established in July 2016.
4 European Cybersecurity Strategic Research and Innovation Agenda (SRIA) for a contractual Public-Private-Partnership (cPPP) (2016), https://www.ecs-org.eu/documents/ecs-cppp-sria.pdf
ECS cPPP Progress Monitoring Report 2018
12
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Figure 1 EC investments in cPPP (mln €)
Update on the assessment methodology used in the second period
The progress monitoring methodology is composed of three steps, including:
• Survey & phone interviews. In order to calculate the common KPI as defined in the PPP contract and the agreed methodology with the EC Services, an online survey was carried out between February and March 2019. The questionnaire was addressed to both ECSO members and H2020 participants engaged in cybersecurity relevant activities within the Framework Programme. This year, in order to address the EC’s request for a higher response rate, the ECSO Secretariat carried out a series of targeted phone interviews to several of its members to increase the amount of data used for the estimation of the private investment. After 2 months of data collection, 92 responses were received, reaching a response rate of 33% and confirming the target of 30% achieved last year. Here we would like to stress some critical elements in collecting R&D data. Often the person participating in the cPPP doesn’t have access to all the needed data on R&D investment in cybersecurity. In addition, the geographic perimeter of the investment is sometimes difficult to define: the differentiation between what is spent on R&I investment in Europe and what is spent at global level could be tricky, in particular for large corporates. On the other hand, cybersecurity as a vertical sector could be confused with other activities such as cloud and other business lines. Another element to be improved is the participation of H2020 beneficiaries to the questionnaires (27 answers in 2018). For the next period, the ECSO Secretariat reiterates its commitment to get ECSO members engaged in responding to the survey. In particular, the Association plans to make more extensive use of phone interviews.
• Data analysis. The survey responses were organised in clusters corresponding to the ECSO membership categories. The analysis of the cumulative data for the different categories revealed the presence of potential outliers. Hence, to reduce the impact of the potential biases (e.g. over- or under- assessment of the private expenditure in research) to the final results of the analysis, we have inferred the average amount of investment for each type of organisation by computing the percentiles (5-th-95th; 10-th-90th; 15-th-85th; 25-th-75th). To highlight the potential outliners for the largest populations, the extreme values were eliminated from further analysis if an extreme deviation from the indicated investment average was found. The average investment was then recomputed and multiplied by the number of survey participants belonging to that category.
71,46
207
278,46
450
0
50
100
150
200
250
300
350
400
450
500
2016-2017 period 2018 period 2016-2018Cumulative period
Total cPPP period2020
EC Seed Investments in mln €
ECS cPPP Progress Monitoring Report 2018
13
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
• Qualitative data collection. The last step of the progress monitoring methodology is the qualitative data collection, based on the analysis of the organisations’ success stories and the real impact of investment on R&I projects.
The main biases from the methodology
When conducting the data analysis, we assume the presence of significant methodology biases
which can affect the results. The biases, such as the already discussed presence of potential
outliers, can easily alter the estimations of the private investment in R&I and the final calculations
of the leveraging factor.
As mentioned in the first periodic monitoring report, there are several reasons for such biases to
emerge. Firstly, R&I figures are often treated by companies as confidential information, which is
especially the case when dealing with the private R&I investments in cybersecurity. An
unwillingness to share specific data, even if it is an anonymous survey, reduces the response rates.
Among ECSO members, the highest response rate is from the Regions (57%), which is the smallest
category with 6 members (in 2018), from large companies (42%), and the RTO & Academia
category (40%). The response rate of SME’s can also be considered as significant (30%). We did
not receive any response from Associations, whose primary investment in R&I might be linked to
their participation in European projects and not significant for the estimation of the private
investment.
Secondly, ECSO membership categories contain many companies and organisations which are
different in size of cybersecurity R&I, as well as in types of business, ranging from B2B to B2C, to
B2G cybersecurity solution providers. Because of these differences, the estimated averages of
investments per category cannot be compared. In some cases, it might be difficult to differentiate
between the general R&I investments and cybersecurity specific R&I investments, or the
investments allocated to both business development and R&I units (especially in the case of
SMEs). For the 2018 period, ECSO also tried to collect data on the revenues of private
players in order to verify whether there is a correlation between the revenues and the R&D
spending amounts for each category, thus possibly inferring new data from public
information. Nevertheless, the analysis of the data did not reveal a specific trend between
R&D spending and annual revenues.
Even if the response rate of the survey is considered as sufficient by statistical means, some
answers do not meet the general assumptions and can be regarded as an underestimation of
investments received by the organisation. Figure 2 shows (on a logarithmic scale) the distribution
of the answers from each category and the median using all data points available. Only the
companies belonging to ‘Large companies’, ‘SMEs’ and ‘RTO’ categories have a significant enough
number of responses to plot the percentiles. The boxplots in Figure 2 depict the statistical data, in
particular, the maximum and minimum values, the median and the percentiles. The size of the data
points indicates the number of answers received per value.
ECS cPPP Progress Monitoring Report 2018
14
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
To reduce the potential bias in the estimation of the average, which is used to compute the 2018
leverage factor, the outliers are removed for the three above-mentioned categories based on the
plotted percentiles. The average private investments injected into the cybersecurity market per
category in the 2nd reporting period is estimated (see Figure 3) taking into account the different
values of percentiles to identify the outliers.
Figure 3. Estimated private investment in 2018
Figure 2. The size of the private investment by different types of organization (January 2018 – December 2018). The size of the data points indicates the number of answers received per value.
ECS cPPP Progress Monitoring Report 2018
15
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
In order to be conservative in terms of private investment and to limit the impact of the
potential biases inferred by the available data to compute the leverage factor, we consider
the 15th and 85th percentiles as the most likely values in our analysis and the impact market
growth rate on the estimation of 2018 private investment (see Figure 4).
The Direct leverage: cumulative financial contribution to all H2020 projects in the areas covered by
the cPPP strategic roadmap
The mobilised private investment in the context of the SRIA, and upon request of DG RTD, ECSO
has also continued to monitor other investments mobilised to support the execution of H2020
projects as a result of the initial investment from consortia partners. To calculate such amounts, a
specific question was addressed to all ECSO members participating in H2020 projects:
Please give an estimate of the overall additional contribution to all H2020 projects (e.g., additional
internal R&I funding and from innovation to the market) and in particular your indirect costs for the
project. This would take into account the overheads exceeding the 25% flat rate reimbursements
which are based on the reported direct costs and already available in the EU databases).
The total based on an aggregated 38 answers from ESCO members is 38,6 million euros. This
amount is considered as part of the overall R&D private investment. For the next year, upon
suggestion of the EC Services, ECSO will rephrase the question in order to better define the
perimeter of the direct leverage as part of the global investment.
The leverage factor assessment for 2018 and updated figure for 2017
Considering the 15th and 85th percentiles as the most likely values in our analysis, the investment
in R&I provided by the European cybersecurity industry in 2018 is estimated to be 1216 million
euros (see Figure 4) while the EC public investment from H2020 programmes related to
Figure 4. Private investment estimation for 2018 with corrected averages
ECS cPPP Progress Monitoring Report 2018
16
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
cybersecurity amounts to 207 million euros. Given the amount of investments from the private and
public sectors and the minimum target of the leverage factor of 3, the total amount of investments
reached about 1400 million euros by the end of 2018. As expected, the main contribution (almost
65% of the total investments) comes from large companies, followed by the end-users and
operators, and RTOs. An explanation of such a high level of investment is mainly that cybersecurity
is becoming a critical political and economic challenge for both governments and businesses in
Europe.
As for the 1st period, the estimated leverage factor for 2018 is higher than the one foreseen at the
signature of the cPPP on cybersecurity (Figure 5). Given the growing awareness of cyber threats,
we expect that the private investments in cybersecurity technologies and services will continue to
grow in the upcoming years. Recent cyber-attacks have significantly raised the interest in
cybersecurity among society, businesses and politicians at the national, European and international
level.
Figure 5 Overall 1st and 2nd cPPP period leverage factor
Conclusions on the leverage factor for the overall cPPP period
The amount of the private investment since the launch of the cPPP is estimated to be €1.700 million
euros (aggregating the figures reported for the1st period 534 mln € and for the 2nd period 1216 mln
€), which overstep the 2016 objective of €1350 million euros of “industry investment” for the four
year cPPP. This result is a valuable indication to confidently estimate that the ECSO stakeholder
community invests in cybersecurity, leveraging the public investment ratio, as well as creates new
market opportunities and strengthens the European cybersecurity market.
2018 Success Stories of ECSO Members
Because the quantitative data tells us only half of the story, we asked our members to share their
success stories and provide a qualitative assessment on the R&I investment: mainly, how the cPPP
has benefited them in building the cybersecurity ecosystem and facilitating market development.
This section provides information about the concrete initiatives taken by our members, which serve
ECS cPPP Progress Monitoring Report 2018
17
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
as a strong example of how the ECSO stakeholder community contributes to the development of
a competitive European cybersecurity technology ecosystem.
In terms of cybersecurity technology, ECSO members initiated several highly relevant projects.
S21sec, one of the main European pure cybersecurity players, developed in 2018 an internal R&D
project not directly funded through the H2020 programme and related to the “Development of a
module for phishing detection based on machine learning” (Project “PhisCheck”). The project is
highly aligned (directly and indirectly) with several of the areas and priorities highlighted in the
cPPP SRIA, including “Collaborative intelligence to manage cyber threats and risks”, “Remove trust
barriers for data-driven applications and services”, or “Intelligent approaches to eliminate security
vulnerabilities in systems, services and applications”. Within the “PhisCheck” project, S21sec
developed a module for the detection of phishing activities based only on proprietary technology.
For this development, S21sec’s internal team has researched and identified the most adequate
Machine Learning algorithms and the result was a module that processes over 5.000 entries per
minute, with a precision of 99%. By using machine learning algorithms, S21sec was able to
internally develop an advanced tool that is used to detect phishing activities with a precision of
99%. Being able to decrease the impact of these phishing activities within organisations is a quite
sought after capability by S21sec’s clients, since it contributes to tackle continuous threat exposure
by malware, reducing the potential impact of ransomware. As a result of this demand, S21sec
believes that the internal investment that was made on the R&I project “PhisCheck” will have a
direct return for the company, given its positive impact on the provision of services.
Among the RTO category, the Institute Information Technology at Jyväskylä University of
Applied Sciences continues its development of the RGCE Cyber Range (RGCE=Realistic Global
Cyber Environment) launched in 2013. RGCE is a closed environment that models the main
structures and services of the Internet, as well as the environments of various industries such as
financial operators, internet shops, telecom operators, internet service providers, road tunnel
operators and energy producers. The costs of the investment project are approximately 1,1 M€ and
they are totally covered by funding from national public organisations as well as from private
companies. With help of “Healthcare Cyber Range” –project during years 2019-2021, the RGCE
environment will be extended to the Healthcare sector, focusing on modelling of healthcare
systems and processes. As the result of the separate development project, the utilisation of the
Healthcare Cyber Range enabled the digital environment for healthcare to be explored and
developed in a dynamically changing field of operation. As an impact of these projects, the actors
in the healthcare sector will have improved capabilities to meet the constantly changing
cybersecurity requirements. Through the integration of cybersecurity expertise into the activities
and quality assurance of healthcare operators and industry players, the continuity and development
of the activities started during the project will be ensured.
As a result of an internal R&D research project, the Austrian SME Radar Services developed an
Automated Cyber Risk Detection for SMEs “Radar Smart Solution”. The project was pursued with
the goal of standardising and miniaturising Cyber Risk Detection capabilities into a small and
affordable format for SMEs, who don’t have the resources to fund a fully-fledged SOC/SIEM
solution. Based on its Enterprise technology built for larger organisation, RadarServices has thus
released a new product aimed at SMEs which provides full-scope cyber risk detection based on
network behaviour analysis, machine-learning based log correlation and vulnerability
management. This cloud-based service collects data by implementing a small sensor appliance in
the customers infrastructure and delivers all relevant information to a private European-Cloud
managed by RadarServices. There, automated analysis is performed by the machine learning
ECS cPPP Progress Monitoring Report 2018
18
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
components, Cyber risk detected is being shown in a Cockpit to provide unparalleled insight into
the SME's Cyber risk status.
ElevenPaths, Telefónica Cybersecurity unit, developed the Document Intelligent Analysis
Respecting Intimacy of the Owner (DIARIO) project. This project in line with two areas covered by
the cPPP SRIA (Security validation and Dynamic Risk assessment and management), aims to
develop a new malware detection concept which scans and analyses documents in a static way
while keeping user's content private. The expected outcome consists of a TRL 7 demonstrator
about the feasibility of the technology and the advantages of the ML analysis with the privacy
safekeeping. This platform will be tested as an open beta, granting access to the platform to specific
users, so that they can give feedback and make comments about DIARIO’s capabilities, usability
and results. In terms of foreseen impact, the innovative approach based on parameters other than
by-signature detection or heuristics represents a complement to the detection of traditional
frameworks that would make a more efficient identification possible. Moreover, privacy is important
when talking about PDF or Office Documents, so special attention should be given to this type of
potential malware. In that sense, Eleven Paths expects the market to be more receptive to its
innovative solution due to the protection of the user’s private content and sensitive information. At
this stage, DIARIO is in a beta state and is ready to be included within Telefonica’s cybersecurity
portfolio. This conversion will set out all the requirements to become a commercial product,
including pre and production scenarios, marketing plan, legal assurance, product roadmap and the
additional service plan to manage the lifecycle and support its development in the future.
With regards to awareness activities and skills development, the Technology Ireland ICT Skillnet
Cybersecurity Skills Initiative (CSI) was launched in October 2018. The project involved many
Triple Helix stakeholders and is funded by Skillnet Ireland and the Irish Department of Education
and Skills. In conjunction with the current training, two programmes were developed in 2019.The
first one is the Commercial Cyber Aptitude Test which assesses employees’ and candidates’
behavioural attributes and cognitive aptitude to acquire the technical knowledge required in a cyber
role. It identifies the behavioural traits required for cyber roles such as: Adaptability. Compliance,
Dependability, Energy, Learning Orientation & Resilience. The second one is the CRA-QMark-IRL
which is a fully integrated and end-to-end Governance, Risk & Compliance management
information system. This integrated software and training support system allows smaller firms to:
Understand Cybersecurity Risk Management Principles and the Risk Management Process,
Undertake a Risk Assessment using the CRA-QMark-IRL and update this regularly, Identify any
weakness in their cybersecurity defensive strategy and operational procedures and Maximise
effective defence against cyber attack and effective recovery from such attacks
ECS cPPP Progress Monitoring Report 2018
19
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
KPI 2 - New skills and job profiles
Cybersecurity jobs continue to be in high and growing demand in Europe5. In order to deliver fine-
grained insights on the workforce landscape, the ECSO Secretariat rephrased and completed the
questions related to the monitoring of KPI2.
In particular, following the recommendations of the European Commission to improve the
measurement of job creation in Europe, two main improvements should be highlighted here.
Firstly, the question on the existing workforce has been improved. In the 2017 exercise, we
noticed that the answer option “>100 employees” was misconceived and, in many cases, we were
not able to consider this answer, most likely because of the indefinite spectrum of the number of
employees. As such, for the 2018 period, we adapted the answer perimeter of the survey to allow
for more precise answers from participants.
As a result, we reviewed the 2016 baseline according to much more consistent data obtained in
2018 on the current workforce in Europe: we estimate that there were 140.000 employees working
on pure cybersecurity issues in 2016. We then proposed an updated figure for 2017 employees
(190.000) based on survey contributions received last year.
In 2018, the new version of the ECSO Survey on the creation of jobs highlights that the
partnership is on track comparing its target of yearly job growth of 10% growth rate of the
workforce. The data analysis shows that employment has grown between 2017 to 2018 by more
than 30% in large companies and SMEs and 25% in RTOs (fig.6). We can therefore estimate the
number of cybersecurity employees for 2018 at 280.000.
Figure 6 New skills and jobs creation in 2018
5 A study done (ISC)² found that there is a shortage of 2.93 million cybersecurity industry professionals in the word. In Europe and Middle East region this gap has been estimated at 142.000 professionals. Source: https://www.isc2.org/-/media/ISC2/Research/2018-ISC2-Cybersecurity-Workforce-Study.ashx?la=en&hash=4E09681D0FB51698D9BA6BF13EEABFA48BD17DB0
32,535,3
25
0
5
10
15
20
25
30
35
40
Large Companies SMEs RTO
Increase of employment in 2nd Period in %
ECS cPPP Progress Monitoring Report 2018
20
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
This means that, with regards to the number of people employed in the sector, the European
cybersecurity industry has shown an important overall growth of +100% compared to the 2016
exercise and +47% compared to 2017 (fig 7).
Figure 7 Overall number of cybersecurity employees in Europe
Secondly, for the 2018 exercise, the ECSO Secretariat elaborated a list of existing job profiles in
order to map the evolution based on specific categories. Based on the list elaborated by Working
Group 5 on Education, awareness, training, cyber ranges, the 2018 survey results report that about
23% of new positions are for secure software engineers and 14% for security consultants.
This shows that demand for those positions has grown in line with the increasing cybersecurity
demand in companies. As regards the rise for the security consultant profile, this demonstrates that
companies are taking this aspect more into account, in addition to traditional consultant roles.
Figure 9. 2018 Cybersecurity workforce breakdown
140000
190000
280000
2016 2017 2018
Overall number of cyber security employees in Europe
Number of employees
23%
8%
6%
4%12%
9%
4%
14%
5%3%
9%3%
Cyber security workforce - 2018 new positions breakdown
Secure SW engineer Cybersecurity Project manager
IoT cybersecurity specialist Cloud security expert/developer
Security architect Data scientist
Cybersecurity compliance manager Security consultant
AI specialist Privacy technologies specialist
Ethical hacker/penetration tester Security manager/officer
ECS cPPP Progress Monitoring Report 2018
21
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
In addition to developing jobs, cPPP projects and ECSO members were asked for the first time to
indicate emerging profiles of jobs created in 2018. For the 2018 exercise, new job profiles emerged:
behavioural analytics of cyber-attacks and social sciences experts. In order to monitor the market
trends of such new job profiles, we will enlarge the 2019 list of professional profiles with these new
identified profiles. Another relevant point to be mentioned here is that the graph of new positions
breakdown also shows the increasing trend of dividing functions between various lines of defences.
According to a report by the Global Technology Audit Guide (GTAG)6, one can distinguish between
three lines of defences when it comes to dividing the cybersecurity functions within an organisation.
The first line of defence refers to the owning and management of data, processes, risks, and
controls (this includes systems administrators and others responsible for safeguarding the assets
of the organisation). The second line of defence includes risk, control and compliance oversight
(these functions ensure that the first line processes and controls are in place and effectively
operating). Third line of defence refers to the internal audit activity which provides senior
management and boards with assurances on governance, risk management, and controls. The
ECSO Secretariat will continue to monitor the evolution of the job market for the 2019 period.
Developing skills for tomorrow’s European cybersecurity industry
As mentioned above, the European cybersecurity industry is growing rapidly. To support this
growth in the long term, we need to make sure that a growing and highly-skilled cybersecurity
workforce is available in Europe at all levels of technology development, from basic R&D to pilot
projects prior to market introduction, and all levels of production chain and hierarchy. In order to
keep up with the rapidly evolving nature of cybersecurity, it will also be increasingly important to
develop the workforce based on competencies rather than diplomas. The skills, knowledge and
competence of an individual should be the marker for whether they fit the requirements of a
particular job.
In 2018, ECSO working group 5 released two main documents.
- WG5 position paper on “Gaps in European Cyber Education and Professional Training”
In order to analyse existing academic education and professional training and how they address
different learning needs, and the opportunities for collaboration and knowledge transfer to bridge
the skill gaps, WG5 released a position paper in early 2018 on the gaps in education & professional
training. The paper highlights the changing nature of the field of education in that it may be expected
that the commercialisation of higher education, including the rising cost of education and growing
number of students, will lose students to affordable and widely accessible MOOCs, unless those
are effectively incorporated into the university teaching repertoire. Online courses scale better and
can sometimes offer the same level of knowledge at a cheaper price. However, institutions that
stick to strong academic values will find themselves equipped with a rich learning environment for
graduates of the information-age. Those institutions can discover the transformative potential of
modern technology, but the high quality of the institution will always have to come from inspired
teachers. The paper recommends that we find ways of retaining those teachers and strengthen
research excellence courses.
6 Global Technology Audit Guide (GTAG) (2016): “Assessing Cybersecurity Risk: Roles of the Three Lines of Defense”
ECS cPPP Progress Monitoring Report 2018
22
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
In order to deal with the fact that we are not producing enough skilled experts that the industry is
urgently looking for, the paper also stresses the urgent need for a “constructive transformation of
higher education” which must rapidly react to such needs for high growth. To satisfy the growing
demand for skilled cybersecurity professionals, the paper calls for an expansion of educational
opportunities at all levels; an increase in the number of qualified educators; synergies between
educational paths and training possibilities at a workplace; outreach to the skilled unemployed and
displaced workers (workers who are not happy with their current profession); and the creation of
fundamentals of lifelong learning in cybersecurity.
Finally, the paper also stresses the need to ensure gender diversity and inclusiveness of
cybersecurity education and training, to inform and encourage girls and women to engage into
cybersecurity careers.
Note: it is on the back of this that ECSO decided in 2018 to start developing its Women4Cyber
initiative.
In 2018, the EHR4CYBER Task Force7 released an analysis paper on “Information and Cyber
Security Professional Certification”. The paper analysed existing certification and competence
frameworks in Europe and internationally, and provided some recommendations:
1. A comprehensive market study into the age structure and career history of information and cybersecurity professionals in the European market, training paths and industry demand should be conducted. This would enable better understanding for the actual number and growth of information cybersecurity professionals, as well as their career development needs and drivers, both upon entering as well as leaving the information and cybersecurity profession.
2. ECSO should support ENISA and the European standardisation bodies in the development of one European-wide certification scheme and baseline requirements for certification schemes to be met under the purview of public procurement, cybersecurity and critical infrastructure regulation.
3. In addition to this and to support the certification scheme, ECSO should coordinate the development of one European-wide education framework for cybersecurity. This framework needs to support young professionals (via formal education), existing professionals, and professionals joining the cybersecurity field at a later stage (i.e. after completion of formal education).
4. In the development of the certification scheme as well as the education framework, representatives from existing initiatives at national level should be involved to make this a joint effort.
5. The education framework needs to be internationally recognised and accepted. Cooperation with other parties like NIST (US NICE framework) is recommended
7 ECSO’s European Human Resources Network for Cyber (EHR4CYBER) Task Force launched in 2018 creates awareness among decision makers (private companies, regional / local administrations, national / EU administrations) about the need to develop education and training measures which will address the demand in the cybersecurity field. The target is to increase public and private spending in the relevant field to foster more possibilities of such education and training that recruiters are looking for, both in private and public sectors. The network also works on a common benchmarking system in cybersecurity recruitment, foster collaboration through the exchange of best practices, look into harmonisation of education and training procedures across Europe, develop and harmonise certification for diploma and specialties, as well as support the recruitment process of cybersecurity specialists. Reference; https://www.ecs-org.eu/documents/publications/5c593f623e979.pdf
ECS cPPP Progress Monitoring Report 2018
23
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Based on this, EHR4CYBER organised a workshop with relevant stakeholders (CEN-CENELEC,
DG CNECT, ENISA, ISC²) in November 2018 in order to discuss the recommendations and
possible collaboration on this moving forward.
EHR4CYBER also started developing a mind map of job/competence profiles in cybersecurity in
order to map out the different possible career paths and required skills for a particular profile. The
aim is that this will provide the foundation for a common taxonomy on skills & competencies that
can be used by different stakeholders (and HR departments), in addition to the existing frameworks
(e-CF, NICE, etc.).
EHR4CYBER also started the analysis of the required functionalities for a job platform for
cybersecurity in Europe and is piloting these functionalities through the “human resources pillar” of
the hub set up by the Cyber Valleys project (link to regional policy and ECSO WG4 activities).
KPI 3 – The participation of SMEs in R&D projects
The cPPP on cybersecurity has a strategic objective (which is one of the common KPIs for all
cPPPs) – to ensure that at least 20% of the unique participants involved in cybersecurity calls
funded under the cPPP framework are SMEs, start-ups or high-growth (50+% increase in annual
revenue) companies specialised in cybersecurity. For that reason, the monitoring analysis of H2020
projects doesn’t take into account the SMEs specialised in consultancy, marketing and
communication, or coordination of R&D projects.
The results of the Monitoring Report 2018 show that 15% of unique participants in H2020 projects
are SMEs specialised in cybersecurity. This situation confirms the trend which already
emerged in 2017 and the causes of this drop need to be further analysed.
Upon suggestion of the EC Services during the May 2018 Partnership Board, we collected
information related to SME participation in H2020 proposals in order to monitor the % of SME’s
in proposals (not just winning projects)8. The results show that 24% of total applications are
coming from SME organisations requesting the 21% of the total EU contribution for H2020
projects. Nevertheless, the data available from the H2020 Dashboard are aggregates of SMEs
without any specific indication of the market category (pure cybersecurity or consulting companies).
As such, it is difficult to verify whether there exists a correlation between the winning consortia with
SMEs and eligible H2020 proposal. Moreover, it could be interesting to explore further and
understand the reasons for the decreasing participation of SMEs from the proposal to the winning
phase. A much more in depth analysis will require a cooperation between ECSO and EC Services
and in particular RTD services in charge of the public version of H2020 Dashboard: in order to get
more granularity, the list of SMEs participating to the proposal should be disclosed to provide a
better view and give an understanding of the data available on winning projects.
8 Source: H2020 Dashboard for proposals https://webgate.ec.europa.eu/dashboard
ECS cPPP Progress Monitoring Report 2018
24
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Figure 10. KPI 3 – Participation of cybersecurity SMEs in H2020
In order to respond to the general need of European SMEs for a stronger participation in
cybersecurity funding, the ECSO Secretariat is supporting two main initiatives that might result in
a stronger participation of SMEs to H2020 calls and more market visibility.
ECSO launched cybersecurity business matchmaking event series seeking private
investment for European SMEs
First, ECSO launched the cybersecurity business matchmaking event in 2017 in Tallinn and
continued in 2018 with three main events in Paris, Milan and Berlin. The aims of the ECSO
matchmaking event series are to raise awareness about the cybersecurity market within the
investor community, to support the cybersecurity industry in raising funds, and to ensure that
cybersecurity becomes a pillar of regional development. With the strategic objective to increase
the visibility of the European cybersecurity market players and reach out to different European
cybersecurity ecosystems, each edition of the event is organised in different European cities,
together with local partners. For the three events, we received more than 100 applications from
across several Member States.
In particular, the 2018 event in Milan was organised with the support of EIT-Digital which offered a
tailored training session for SMEs aimed at preparing cybersecurity entrepreneurs for pitching a
solid investment plan with investors.
These findings show the concrete benefits of coordinating the private investor community and
SMEs looking for investment through ECSO, insofar as it provides SMEs with a unique opportunity
to network with large enterprises and private investors and close potential rounds of investment.
18
1617
0
5
10
15
20
25
Pre cPPP (Baseline) 1st Period 2nd Period
Cybersecurity SMEs Participation in H2020 projects in %
Cyber security SMEs Participation in H2020 projects in % Participation in %
Cyber security SMEs Participation in H2020 projects in % Target 2020
ECS cPPP Progress Monitoring Report 2018
25
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
While it is difficult in general (if not impossible) to have a quantitative feedback of the investments
following our Roadshow for confidential / competition issues, we can mention the deal closed
between two companies which met for the first time in Berlin. Sweepatic, a Belgian cybersecurity
reconnaissance platform monitoring internet-facing assets to protect companies against cyber-
attacks, has secured 1 million EUR from eCAPITAL’s Cybersecurity Fund and eCAPITAL
Technologies IV Fund in a Series-A funding round. Sweepatic will use eCAPITAL’s investment to
boost its growth by strengthening management and accelerating the product development through
expanding the technical team with senior hires and further building the sales & marketing and
partner organisation.
Figure 2 SME participations to ECSO Investor Days in 2018
Linking the cybersecurity cPPP with regional Smart Specialisation Strategies (S³).
The second flagship dedicated to SMEs is the Cyber Valleys Project funded by DG REGIO under
the Pilot Action on Smart Specialisation Platform. Following the identification of regions with an
investment priority in cybersecurity in the Smart Specialisation Programme, the objective of the first
year of the Pilot Action was to set the proper conditions to build a European Interregional
acceleration programme to support local SMEs to access the European market in the framework
of the smart specialisation strategy of the European Commission as well as to initiate co-design
technology offering with SMEs coming from other regions.
The Brittany region (France) was selected to lead the newly created cybersecurity initiative
involving 5 regions in 2018: Estonia, Central Finland, Castilla y Leon, North Rhine Westphalia and
Brittany. A tangible result of the pilot action is the dynamic platform with a tool to search SMEs and
connect them to the broader quadruple helix community and cybersecurity stakeholders. So far,
460 players, including RTOs and SME have advertised their expertise and interest along the
cybersecurity value chain9.
99 The mapping of regional ecosystems is available on :http://tools.bdi.fr/annu_craft/cybersecurity.html?dashboard=1
ECS cPPP Progress Monitoring Report 2018
26
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
KPI 4 – Significant innovation
Regarding innovations, the second reporting period still cannot provide a full picture of the impact
achieved by the cPPP H2020 projects. This is due to the nature of the topic having a time to market
of solutions that could span from 1 to 3 years after the end of the project in some cases, and the
time span between the start of the projects and the release of their deliverables indicating the
innovation potential. The first H2020 projects falling under the scope of the cPPP on cybersecurity
started their activities only in mid-2017 and thus their results in terms of significant innovations
might not yet be fully available. The methodology that we use for the evaluation of the significance
of the innovation was presented in the first monitoring report and essentially relies on the Innovation
Radar10 which is based on two indicators: the innovation potential and capacity. The former
measures the commercial development of the innovation and its readiness to enter the market,
while the latter measures the capacity behind the innovations. Because the Innovation Radar
methodology provides a general framework, it can also be applied to analyse the results of
cybersecurity solutions and projects.
We also measure the significance of the innovation in terms of its impact on strengthening the
European cybersecurity ecosystem. The qualitative analysis demonstrates the importance and the
impact of the technology market in the short term, but also provide insights, even if less precise,
on its disruptive potential in the future (e.g. the impact of the innovations in a new cryptographic
library or secure protocol for communication). The report also takes into account both tangible and
intangible assets. The intangible assets do not have an immediate innovation on the market, but
they are relevant to understand how the know-how can be leveraged and exploited towards further
developing cybersecurity innovation and solutions.
The following tables (see below) provide the qualitative impact of the ECS cPPP for the projects
funded and reported during the first reporting period. The methodology leverages the analysis of
the existing cybersecurity ecosystem before the launch of the cPPP (pre-cPPP analysis) and
reported fully in the ECSO SRIA v1.2 (published in December 2017). The impact of the cPPP
projects funded under the H2020 framework programme will also be assessed qualitatively to
estimate the potential innovation of the projects. The innovation result uses public information
available on the project websites and the EC Cordis website, in addition to information collected by
the CSA Cyberwatching.eu on the market readiness levels of those projects that responded to their
survey (at the moment, only a few projects are among those in the cPPP calls). The tables will then
be updated with the information provided by the EC (see Annex III of the periodic activity report
template). Based on the information received by the EC, the following projects have overall
published 104 articles, of which 97 are peer-reviewed, and 1 patent was awarded.
10 European Commission. Innovation Radar: Identifying the maturity of innovations in EU-funded research and innovation projects. Available at https://ec.europa.eu/jrc/sites/jrcsh/files/booklet-a4_innovation_radar.pdf
ECS cPPP Progress Monitoring Report 2018
27
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
cPPP Topic Summary Pre-cPPP Analysis Name Project EU
Contribution Summary Project Expected Outcome Innovation results
DS-06-2017
Cyber security
PPP:
Cryptography
Foreseen solutions
that go beyond
homomorphic
encryption (for
processed data),
anonymisation and
obfuscation
(including
measurement of
information leakage),
lightweight crypto for
tiny battery powered
devices,
implementation of
hardware and
software crypto and
its usage, token-
based authentication
mechanisms for
payment schemes,
privacy preserving
mechanisms and
post quantum
cryptography.
In recent years, companies have paid more attention to
the need to have an overall encryption plan or strategy
that is applied consistently within the organisation to
face the need to protect both sensitive data against
known threats (e.g. company IPR but also personal
information) and the confidentiality and integrity of the
data increasingly used in automated decisions for the
digitisation of industrial sectors. At the core of the
implementation of cryptographic algorithms, there is the
need to design and implement random number
generators and physically unclonable functions with
demonstrable entropy guarantees, otherwise state of
the art cryptography could fail. A solution was
investigated by the HECTOR project that proposed to
demonstrate this and combine it with hardware
efficiency and flexibility, in particular for constrained
embedded devices.
If we zoom in on data encryption, we consider mainly
three specific needs: data in transit, data at rest, and
data during the computation. While for the first two
there are cryptographic solutions available, lately
attention has turned to the third, and in particular to the
applicability of known or design of new cryptographic
solutions, such as homomorphic encryption. For
instance, the HEAT project aimed to validate and define
a Somewhat Homomorphic Encryption based tool and
validate it in different scenarios.
It is also worth mentioning research projects in the area
of cloud computing and privacy where solutions related
to obfuscation and anonymisation have been
investigated for specific scopes (CLARUS project) or
cryptographic security primitives have been evaluated
for the confidentiality and integrity of data processing
(TREDISEC).
FENTEC:
Functional
Encryption
Technologies
4.223.141,25 €
FENTEC will
address functional
cryptography to
allow processing of
encrypted data to
obtain a partial view
of the message
plaintext.
The main outcome of the project will be
new functional encryption schemes,
cryptographic tools API, and 3 prototypes
demonstrating new functional encryption:
privacy-preserving digital currency;
anonymous data analytics enabling
computation of statistics over encrypted
data; secure key and content distribution
communication protocols for IOT devices.
As indicated on the project website, the
mission is “to make Functional
Encryption readily available for wide-
range applications, integrating the new
paradigm into ICT technologies as
naturally as classical encryption.”
The project has
reached the laboratory
testing phase for
some of the
components
developed. To be
provided by the EC
PROMETHEUS:
PRivacy
preserving pOst-
quantuM
systEms from
advanced
crypTograpHic
mEchanisms
Using latticeS
5.496.968,75 €
PROMETHEUS
focuses on the
design of new
security and privacy-
preserving primitives
and protocols for
post-quantum
computing.
New tools leading to the design of
practical advanced protocols, like
anonymous credentials, digital cash or
electronic voting, that maintain users'
privacy against quantum adversaries.
The project has
achieved some
significant scientific
results showing how
to secure a family of
quantum-resistant
signature schemes
against certain side-
channel leakages. To
be provided by the EC
PRIVILEDGE:
Privacy-
Enhancing
Cryptography in
Distributed
Ledgers
4.527.917,50 €
PRIViLEDGE will
focus on blockchain
and distributed
ledger technologies
supporting privacy
(protection of
sensitive data such
Blockchain and distributed ledger
technology will be demonstrated through
four ledger-based solutions: (1) verifiable
online voting; (2) contract validation and
execution for insurance; (3) university
diploma record ledger; and (4) update
mechanism for stake-based ledgers.
According to the
project website, “In
2018, the project work
was mainly focused
on 1) research in
ECS cPPP Progress Monitoring Report 2018
28
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Still in the cryptography area, past and current research
has focused on specific needs addressing quantum
computing. The SAFEcrypto project focuses on a new
generation of practical, robust and physically secure
post-quantum cryptographic schemes based on the
hardness of problems in lattices. In addition to public
key agreement and digital signatures, SAFEcrypto
addresses the need to develop schemes for identity-
based encryption (IBE) and attribute-based encryption
(ABE). The PQCRYPTO project proposes to design a
portfolio of high-security post-quantum public-key
systems, and improve the speed of these systems,
adapting to the different performance challenges of
mobile devices, the cloud, and the Internet of Things.
Finally, it is worth mentioning the recommendations of
the ECRYPT-CSA with respect to Algorithms, Key Size
and Protocols. The CSA has published several reports
highlighting the state of the art in cryptography while
pinpointing the new challenges and research directions.
In the definition of the priorities highlighted in the SRIA
v1.2, ECSO has considered the current technological
innovations in cryptography, their potential applicability
to address the needs of the vertical sectors and new
potential disruptive technologies to guarantee a
sustainable and reliable cybersecure ecosystem.
as trade secrets and
personal
information),
anonymity and
decentralised
consensus.
privacy-preserving
cryptography and
cryptographic
protocols, 2) research
in multi-party
computation and
development of the
first published toolkit,
and 3) specifying use
cases and the
corresponding
requirements for
each.” To be provided
by the EC
Future TPM:
Future Proofing
the Connected
World: A
Quantum-
Resistant Trusted
Platform Module
4.868.890,00 €
Future TPM will
design and develop
a quantum-resistant
trusted platform
module with
provably secure
algorithms. The
validation will be
performed in online
banking
environments.
The mission of FutureTPM is to provide a
new generation of TPM-based solutions
including hardware, software and
virtualisation environments, by
incorporating robust and physically
secured Quantum-Resistant
cryptographic primitives.
In a nutshell, the expected outcomes of
Future TPM are: robust and provably
secure QR algorithms for TPMs and
contributions to standardisation effort at
EU level.
This will allow long-term security, privacy
and operational assurance for future ICT
systems and services. FutureTPM
solutions aim to also improve the security
of Hardware Security Modules, Trusted
Execution Environments, Smart Cards,
and the Internet of Things.
To be provided by the
EC
Table 1. KPI 4 – The analysis of significant innovations for the call DS-06-2017
ECS cPPP Progress Monitoring Report 2018
29
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
cPPP Topic Summary Pre-cPPP Analysis Name Project EU
Contribution Summary Project Expected Outcome
Innovation
results
DS-07-2017:
Cybersecurity
PPP: Addressing
Advanced Cyber
Security Threats
and Threat
Actors
This call aims to address
situational awareness,
cyber security threats,
and their management.
The expected outcome
are techniques such as
anomaly detection,
visualisation tools, big
data analysis, threat
analysis, deep-packet
inspection, protocol
analysis, etc as well as
interdisciplinary research
to counter threat actors
and their methods.
Those techniques are
meant to improve the
response to advanced
cyber-attacks. The
solutions should be
developed respecting the
European fundamental
rights, such as privacy.
The call also set the
definition of cyber ranges
and simulation
environments for training
to prepare organisations
in case of cyber-attacks.
The ECSO SRIA indicates the importance of
developing new cyber ranges and simulation
techniques, including a strict focus on education
and training. These actions are necessary if we
want to empower individuals and organisations for
situational awareness and cyber-threat detection.
Cyber ranges are also used to experiment novel
technical tools and services within the exercise
frameworks prior to their actual uptake in
operational environments. Cyber range
environments are not yet adequately supported by
tools that capture the necessary data that can later
be used for developing new strategies, products,
frameworks etc.
Previous efforts in this area focus on defining
specific tools. Among those, COSSIM (A Novel,
Comprehensible, Ultra-Fast, Security-Aware CPS
Simulator) provides a simulator specifically
designed for Cyber Physical Systems which is not
designed to train people but to obtain fast and
accurate results of these systems. FORTISSIMO
and FORTISSIMO 2 “provide one-stop, pay-per-
use, on-demand access to advanced simulation and
modelling resources including software, hardware
and expertise”. However, it was not built under the
cybersecurity perspective needed for the
preparation of cybersecurity professionals and the
definition of cyber ranges.
SPEAR: Secure
and PrivatE smArt
gRid
2.965.569,14 €
SPEAR project aims to define
new technologies for the
Smart Grids which help to
detect threats and develop
appropriate security solutions,
including the collection of the
forensic information to provide
evidence of the possible
attacks.
The expected outcome of SPEAR is the
design of tools for the timely detection of
evolved security attacks using big data
analytics, advanced visual-aided anomaly
detection and embedded smart node trust
management. This will be supported by
an advanced forensic readiness
framework for the necessary legal
evidence and by a communication
channel for mitigating the lack of trust in
exchanging sensitive information about
cyber-attack incidents.
To be
provided
by the EC
ASTRID:
AddreSing ThReats
for virtualIseD
services
2.932.297,50 €
ASTRID project focuses on
the microservice architectures
and virtualised services with
the aim to develop new
opportunities in situational
awareness.
The project aims at building situational
awareness through orchestration by
designing and delivering a modular
framework suitable for software
orchestration. ASTRID will develop a
common approach easily portable to
different virtualisation scenarios and will
validate the technology in plain cloud
applications and Network Function
Virtualisation.
To be
provided
by the EC
CYBER-TRUST:
Advanced Cyber-
Threat Intelligence,
Detection, and
Mitigation Platform
for a Trusted
Internet of Things
2.996.182,50 €
CYBER-TRUST seeks to
address the security of IoT
devices with the intent to
develop a cyber intelligence
platform.
The CYBER-TRUST project aims to
develop an innovative cyber-threat
intelligence gathering, detection, and
mitigation platform to tackle the grand
challenges towards securing the
ecosystem of IoT devices.
To be
provided
by the EC
ECS cPPP Progress Monitoring Report 2018
30
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
In terms of situational awareness, the ongoing
PROTECTIVE H2020 project proposes to provide
greater cyber security capabilities.
From the analysis conducted before the publication
of the call, it was highlighted that the potential of
training remained largely under exploited, in terms
of catering to the actual needs of target trainees but
also as a source for new commercial offerings.
Analytics of environments require more automation
to enable better analysis, e.g. automate analysis of
situational awareness, risks and competences
profiling etc. The serious games environments are
also environments that can provide input to new
products development. Cyber ranges / serious
games environments are rarely used in educational
programmes to build practical, hands-on
competences of students.
CYBERWISER.EU:
Civil Cyber Range
Platform for a novel
approach to
cybersecurity
threats simulation
and professional
training
4.134.245,00 €
CYBERWISER.EU seeks to
develop an educational,
collaborative, real-time civil
cyber range platform.
The expected outcome will be a set of
innovative tools to generate highly
detailed exercise scenarios simulating
ICT infrastructures to be used for
cybersecurity professional training,
together with tools and solutions to
simulate cyberattacks and defensive
countermeasures and a set of highly
descriptive economic models for cyber
risk assessment and countermeasure
suggestion, to boost user training and
performance evaluation.
To be
provided
by the EC
REACT: REactively
Defending against
Advanced
Cybersecurity
Threats
2.726.461,25 €
REACT focuses on the
proactive measures to identify
and reach to potential attacks
and on the fortification
solutions to the potential
targets with passive and
active defence approaches.
The expected outcome of the project is a
mechanism that combines traditional
passive and active defence approaches
with new reactive modes of operation to
address software hardening and
immediately deliver effective patches by
selectively armouring the vulnerable part
of a programme.
To be
provided
by the EC
THREAT-
ARREST: Cyber
Security Threats
and Threat Actors
Training -
Assurance Driven
Multi-Layer, end-to-
end Simulation and
Training
4.988.837,5 €
THREAT-ARREST will
develop an advanced training
platform incorporating
emulation, simulation, serious
gaming and visualisation
capabilities to adequately
prepare stakeholders with
different types of responsibility
and levels of expertise in
defending high-risk cyber
systems and organisations to
counter advanced, known and
new cyber-attacks.
The THREAT-ARREST platform will
deliver security training, based on a
model-driven approach where cyber
threat and training preparation models,
specifying the potential attacks, the
security controls of cyber systems against
them, and the tools that may be used to
assess the effectiveness of these
controls, will drive the training process
and align it with operational cyber system
security assurance mechanisms to
ensure the relevance of training. The
platform will also support trainee
performance and programme evaluation
and adapt training programmes.
To be
provided
by the EC
Table 2. KPI 4 – The analysis of significant innovations for the call DS-07-2017
ECS cPPP Progress Monitoring Report 2018
31
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
cPPP Topic Summary Pre-cPPP Analysis Name Project EU Contribution Summary Project Expected Outcome Innovation
results
DS-08-2017:
Cybersecurity
PPP: Privacy,
Data Protection,
Digital Identities
The topic indicates
the need for new
solutions and tools
to support the
fundamental rights
in digital society
and, specifically, to
increase trust in
Europe’s digital
economy. Three
areas have been
identified and
addressed by the
funded projects:
privacy-enhancing
techniques (PETs),
GDPR in practice
and, finally, secure
digital identities.
Most of the funded
research activities
in the near future
will focus on GDPR
and its application
in practice.
Protecting identity is a top priority
for Europe, arguably more than
other regions in the world. On the
one hand, because identities and
user data are a key business
asset and, on the other hand,
because user privacy is a main
concern and sensitive data
should be protected. Offering the
technology to adequately handle
and protect identity would
position Europe at the peak of
innovation, besides guaranteeing
citizens’ rights and security – as
e.g. codified in the GDPR or the
Privacy-by-design provisions of
the eIDAS regulation.
Identity protection and privacy
are topics of general interest for
different markets since they are
transversal to several areas and
can be used for digital services.
Providing user-centric solutions
is very difficult. Nevertheless,
there are already projects that
deal with user-centric security
solutions, such as
SUPERCLOUD, COURAGE,
INSPECT2T, CASPER, etc.
Although the ECSO SRIA
strategy indicates the importance
of developing new privacy-
enhancing techniques, especially
in e-governance and public
administration, the funded
DEFeEND: Data
Governance for Supporting
GDPR
2.737.300,00 €
DEFeND seeks to develop a platform
to test GDPR compliance of
organisations.
DEFeND will deliver a platform which
empowers organisations in different sectors to
assess the compliance status, plan the
attainment of GDPR compliance and increase
their maturity in different aspects of GDPR.
The DEFeND platform will be tested focusing
on the GDPR compliance process for end-
users and on the GDPR implications for
external stakeholders in four different areas:
healthcare, banking, energy and local public
administrations.
To be
provided
by the EC
BPR4GDPR: Business
Process Re-engineering
and functional toolkit for
GDPR compliance
2.974.012,40 €
BPR4GDPR seeks to create the end-
to-end, GDPR compliant, intra- and
inter-organisational, ICT-enabled
processes at various scales, to
investigate PETs, and, ultimately, to
provide the Compliance-as-a-Service
(CaaS) solution.
The expected outcome of BPR4GDPR will be
a Business Process Re-engineering and
functional toolkit for GDPR compliance.
To be
provided
by the EC
PDP4E: Methods and tools
for GDPR compliance
through Privacy and Data
Protection Engineering
2.941.113,13 €
PDP4E plans to integrate privacy and
data protection techniques into existing
software tools so that the final products
will be GDPR compliant
The expected outcome of PDP4E will be tools
on data protection principles applications that
will empower developers to create products,
systems and services that better protect the
privacy and personal data of EU citizens. The
solutions will be demonstrated in connected
vehicles and big data on smart grid scenarios.
To be
provided
by the EC
PAPAYA: PlAtform for
PrivAcY preserving data
Analytics
2.949.417,50 €
PAPAYA focuses on untrusted third-
party data processors and the related
privacy concerns.
PAPAYA will design and develop dedicated
privacy preserving data analytics primitives
that will enable data owners to extract valuable
information from this protected data, while
being cost-effective and accurate. The
expected outcome is the deployment and
validation of “atomic” privacy preserving data
To be
provided
by the EC
ECS cPPP Progress Monitoring Report 2018
32
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
projects cover these aspects in a
limited way and mainly focus on
providing relevant tools to test
GPDR compliance and develop
new data protection awareness
services. Nevertheless, the
implementation of these projects
will help to strengthen European
market and guarantee the
fundamental rights of the EU
citizens.
analytics modules, the underlying
cryptographic primitives, and the platform. The
platform will be validated considering a
healthcare analytics and web & mobile data
analytics applications.
SMOOTH: GDPR
Compliance Cloud Platform
for Micro Enterprises
2.986.061,25 €
SMOOTH focuses on creating GDPR
awareness to micro-enterprises and
assisting them in becoming fully
compliant with the regulation.
SMOOTH will develop an advanced cloud-
based platform for validating the GDPR
compliance of their privacy policies,
databases, as well as their tracking elements
in websites and mobile applications. The
platform will inform micro businesses of the
elements needed to be revised to avoid
potential fines.
To be
provided
by the EC
OLYMPUS: Oblivious
identitY Management for
Private and User-friendly
Services
2.564.480,01 €
OLYMPUS seeks to address secure
digital identities – Intrusion Detection
and Prevention Systems (IDPs) in
particular – to allow users to maintain
un-linkable identities with different
service providers and to achieve a
secure and interoperable European
identity management framework.
The project will develop an interoperable
European identity management framework
based on novel cryptographic approaches
applied to currently deployed identity
management technologies.
To be
provided
by the EC
PoSeID-on: Protection and
control of Secured
Information by means of a
privacy enhanced
Dashboard
2.541.208,75 €
PoSeID seeks to develop a dashboard
for the monitoring of the personal data
protection and for the controlling the
privacy settings, with the ultimate goal
of supporting GDPR compliance of the
services and products.
The expected outcome is a scalable platform
aimed at safeguarding the rights of data
subjects. The platform will rely on smart
contracts and blockchain technology.
To be
provided
by the EC
Table 3. KPI 4 – The analysis of significant innovations for the call DS-08-2017
ECS cPPP Progress Monitoring Report 2018
33
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
cPPP Topic Summary Pre-cPPP Analysis Name Project EU
Contribution Summary Project Expected Outcome
Innovation
results
CIP-01-2016-17:
- Prevention,
detection,
response and
mitigation of the
combination of
physical and
cyber threats to
the critical
infrastructure of
Europe
The call CIP-01-2016-17
is dedicated to the
protection of critical
infrastructures, covering
both the physical and
cyber dimensions of
security. The objective is
to address the
challenges for one of the
following critical
infrastructures:
Communication
Infrastructure, Health
Services, Financial
Services. Water, energy
and transport critical
infrastructures were
covered in the 2016 call.
The ECSO SRIA identifies the need to invest and
focus on the protection of critical infrastructure. For
this, we need an analysis of the risk aspects of the
evolving technology in relation to legacy systems,
as it will help to achieve an adequate level of
protection and risk management. The ever-
increasing use of IoT and Cyber-Physical Systems
(CPS) to achieve a higher degree of automation
exposes critical infrastructures to new types of
attacks. Thus, monitoring and threat detection tools
become of utmost importance when reacting
quickly to threats with a strong degree of
automation, in order to enhance the resilience and
high availability of the systems and critical
infrastructures.
Several projects on ICT infrastructure protection
exist. Although a complete list is outside the scope
of this work, a partial list can be found on the SRIA
v1.2.
Critical infrastructures need solutions (i) to analyse
the risk aspects of the evolving technology
landscape, including migration to new and legacy
ICT systems, (ii) to propose risk mitigation
techniques to alleviate or prevent these risks, and
(iii) to ensure that the desired level of protection is
still available. Other aspects to consider are:
- The ability to deploy sophisticated patterns for ensuring that a deployed ICT system complies with a desired level of protection and risk management.
- The ability to deploy sophisticated trace, monitoring, and detection tools in order to rapidly detect existing and new threats and to verify that the risk profile and the protection measures are still pertinent.
RESISTO:
RESIlience
enhancement
and risk control
platform for
communication
infraSTructure
Operators
7.999.970,00 €
RESISTO addresses
Communication Critical
Infrastructures and will design
and develop tools, concepts,
and technologies for combatting
combined physical/cyber
threats. The solutions will be
validated across three verticals:
current, future (towards 5G) and
interconnected communication
infrastructures.
The expected outcome of RESISTO is
a platform for Communication
Infrastructure providing holistic
(cyber/physical) situation awareness
and enhanced resilience. The platform
should address the needs of operators
to take the best countermeasures and
reactive actions exploiting the
combined use of preparatory analyses
on risk and resilience, detection and
reaction technologies, applications and
processes, in the physical and cyber
domains.
To be
provided by
the EC
SAFECARE:
SAFEguard of
Critical heAlth
infrastructure
7.994.553,63 €
SAFECARE seeks to provide
solutions which aim to improve
physical and cybersecurity in
the health sector by developing
and promoting new technologies
to enhance threat prevention,
threat detection, incident
response and mitigation of
impact.
The expected outcome of the project
will be the definition of solutions to
address physical, cyber and cyber-
physical threats in concrete crisis
scenarios that will be tested in three
different hospitals. The goal is to create
a global protection system which will
cover threat prevention, detection,
response, and mitigation of impacts,
across infrastructures, populations and
environments.
To be
provided by
the EC
FINESEC:
Integrated
Framework for
Predictive and
Collaborative
Security of
Financial
Infrastructures
7.817.631,25 €
FINSEC aims to provide a
mature implementation of the
reference architecture (RA),
based on the enhancement and
integration of the novel solutions
from the partners (e.g. Anomaly
Detection, AI CCTV Analytics,
Risk Assessment Engines,
Collaborative Risk Analysis &
FINSEC addresses the financial sector and will design and implement a reference architecture for integrated physical and cybersecurity of critical infrastructures. The objective is to enable handling of dynamic, advanced and asymmetric attacks, while at the same time boosting financial organisations’ compliance to security standards and regulations. As a result, FINSEC will provide a blueprint for the next generation security systems for the
To be
provided by
the EC
ECS cPPP Progress Monitoring Report 2018
34
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
- The ability to quickly and accurately react to threats.
- The ability to provide more resilient environments, able through management, monitoring and mitigation to autonomously face threats and continue offering services.
Management, Compliance), in
order to strengthen the security
of the financial sector.
critical infrastructures of the financial sector. FINSEC platform will be tested in five pilots: the SWIFT network and its connected cyber & physical assets, buildings and ATM networks, peer-to-peer payment infrastructures, small financial institutes, and insurance and risk management in public critical infrastructures
Table 4. KPI 4 – The analysis of significant innovation
ECS cPPP Progress Monitoring Report 2018
35
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
KPI 5 – End-user participation
One of the main aims of the cPPP on cybersecurity is to promote a deeper involvement of end-
users in cPPP projects and thus to increase their participation to 15% in H2020 projects. For this
purpose, ECSO has established a Working Group 3 - Sectoral Demand, dealing with the market
applications according to eight sectors of activity and involving end-users in the discussion on the
SRIA-related topics.
Figure 12. KPI 5 - End-users participation in H2020 projects
The information about the 31 projects funded under the cPPP framework shows that 152 end-users
are among the 450 unique participants of cPPP H2020 projects with five end-users on average
representing different sectors11. These findings show a positive trend that could be attributed to the
rise of cyber risk as a priority for large companies and the publication of specific calls aiming to
develop tailored solutions to end-users needs and in particular critical infrastructures (e.g. SU-
INFRA01, SU-TDS-02 and SU-DS05) as well as the launch of the four ICT 03 Pilot Projects with a
strong orientation towards market applications of cybersecurity solutions.
KPI 6 – Dissemination and Communication
As mentioned above in 2018, the ECSO Board of Directors approved the creation of a
Communication Task Force to boost the visibility of ECSO in 2018 through targeted communication
campaigns, initiatives and dissemination activities as well as build stronger collaborations and
synergies between members and ECSO.
11 Please note that the information on SU-ICT-04-2019 are not yet available on Cordis/H2020 Dashboard.
12
10
22
0
5
10
15
20
25
Pre cPPP (Baseline) 1st Period 2nd Period
End-users participation in H2020 projects in %
End-Users Participation in H2020 projects in % Participation in %
End-Users Participation in H2020 projects in % Target 2020
ECS cPPP Progress Monitoring Report 2018
36
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
ECSO built its communication and dissemination campaigns around specific initiatives designed
and launched by ECSO Working Groups such as the Business Matchmaking Events between
SMEs and Investors, Cybersecurity Investors Days, Cybersecurity Market Radar. In parallel, in
view of strengthening and increasing its position as a strong stakeholder in the European
institutional landscape, ECSO also established several Memorandums of Understanding with
European Bodies and other PPPs such as ETSI, CEN/CENELEC and 5G PPP to deepen
collaborations on standards and cybersecurity in the implementation of 5G, respectively. As one of
the European “ecosystem builders” ECSO has continued to establish strong relations and
collaborations with other European Union agencies and bodies such as ENISA, EUROPOL, EDA,
EASA, EIT Digital, EIB, etc. ECSO has also continued to maintain strong synergies with other
cPPPs including Factories of the Future, Big Data Value, 5G IA, euRobotics, etc., with the aim
of addressing cybersecurity challenges and investigating possible cooperation opportunities
for a comprehensive and effective implementation of a European cybersecurity strategy.
In 2018, ECSO also supported the setup of the 4 European Pilot Projects in the framework of
the European Commission’s proposal on establishing a European Cyber Centre and a Network
of National Competence Centres. These Pilot projects are largely composed by ECSO
members (40%) and therefore facilitate the support and coordination with the cPPP on
cybersecurity.
During the reporting period, ECSO can confirm that its communication activity is in full flight. ECSO
appeared in the media 50 times (compared to 53 in 2017), not including appearances in press
releases. ECSO participated and contributed to around 100 high-level (comparing to 97 in 2017),
European exhibition events, workshops and conferences. This year, ECSO further developed and
established around 20 media partnership proposals with well-known European events such as FIC
(Lille), CYBERTECH Israel and CYBERTECH Europe, Cybersecurity Summit Command and
Control (Munich), CYBERSEC (Poland and Brussels), HIMSS EU – Health 2.0, IOT Week, ETSI
Security Week, EID Forum in Estonia, Cyber Security Nordic, IT-SA Nuremberg, and others.
KPI 7 – Openness
The cybersecurity cPPP is based on an open and transparent community involvement through
ECSO addressing more than 250 organisations from 28 countries and reaching out to all the
members of our associations and regional ecosystems (more than 2000 bodies).
In 2018, the European Commission funded 31 cybersecurity cPPP projects under the H2020
framework (as per end of December 2018). The amount of investments injected amounts to 201
million euros. The overview of the approved projects shows that about 75% of the H2020
programme beneficiaries are non-ECSO members. This result confirms the trend reported in 2017.
ECS cPPP Progress Monitoring Report 2018
37
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Figure 13. KPI 7 – Openness
Within the framework of 31 cPPP projects funded by the European Commission, the financial
support received by ECSO members lies around 35% with regards to the 27% of ECSO members
in projects, which can be explained by fact that some of these ECSO members are among the
largest and most influential RTO organisations and companies in the cybersecurity field.
Figure 12. EU Contribution to cPPP participants (2018)
ECSO 27%
NON ECSO 73%
TOTAL
68.552.110 (ECSO members)
111.056.070 (non ECSO)
0
20.000.000
40.000.000
60.000.000
80.000.000
100.000.000
120.000.000
140.000.000
160.000.000
180.000.000
200.000.000
EU Contribution in Mln €
cPPP EU Contribution to participants 2018
ECS cPPP Progress Monitoring Report 2018
38
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
4. OUTLOOK AND LESSONS LEARNT
Cybersecurity is a strategic domain for Europe and as such crucial for the current and future
competitiveness of European industries and life of citizens. By developing and providing the latest
cybersecurity technologies for the European society, the entire European ecosystem massively
supports the development and strengthening of Europe. This was the basic reason for the
European Commission to establish the ECS cPPP in 2016.
Over the last two years and a half, the main stakeholders of the European cybersecurity community
have been working together in ECSO to develop the Strategic Research & Innovation Agenda in
an open and transparent decision-making process and to promote its implementation in the
framework of Horizon 2020. The success achieved so far, even going beyond the R&D activities –
as highlighted above - underlines that we have struck the right path.
Europe will have to face huge challenges in the near future to protect the digitalisation of the
society, for instance on IoT security, or 5G security. Given the highly competitive cybersecurity
market, the coming years will be decisive for Europe to successfully overcome these challenges or
to avoid falling behind. In this context, the next European R&D framework will play an essential role
in promoting Europe’s strengths.
• ECSO is performing, is delivering and is having an effective impact on the European
cybersecurity ecosystem, also leveraging upon the cPPP initiative. The methodology jointly
defined with the EC Services in 2016 will continue to drive the monitoring of the cPPP.
Nevertheless, a more comprehensive analysis could be elaborated on the SME
participation and impact R&I investment if EC Services would be able to share some
operational information in their possession (e.g. data on innovation, new filter on type of
organisations).
• The ECSO governance is efficient and continues to have a high level involvement of
European stakeholders, involving end-users, cybersecurity providers as well local and
national public administrations.
• Analysis of SME participation would also benefit from the development of data availability
from the public version of the H2020 Dashboard for the purposes of benchmarking (that
reflect the type of SME), as well as more nuanced qualitative assessment of how European
SMEs benefit from and could contribute to the cPPP.
ECS cPPP Progress Monitoring Report 2018
39
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Annex I – Report on industrial policy activities
WG1 Standardisation, certification and labelling WG1
WG breakdown
Compared to the previous structure, WG1 has been re-organised into 3 different sub WGs to better reflect the activities:
• SWG 1.1 Self-assessment
• SWG 1.2 Third-party assessment
• SWG 1.3 Base Layer
No. of members subscribed to WG1: 141 organisations (329 experts/individuals)
WG meetings held: 4 general Face to Face meetings in 2018.
Main activities
Support to the Cybersecurity Act
After the publication of the Meta-scheme approach and the State of the Art Syllabus (SOTA)12,
ECSO WG1 has worked on the mapping between the assurance levels proposed in the Meta-
Scheme approach with those of the Cybersecurity Act13. ENISA and DG-CNECT were invited to
the ECSO WG1 meeting to discuss the topic extensively and potential synergies. The ECSO
secretariat was also invited to the European Parliament (ITRE committee) to discuss the
Cybersecurity Act with the rapporteurs and shadows of the ITRE and IMCO.
ECSO engaged in a continuous dialogue with the European Institutions and National Public
Administrations. Some conclusions that were drawn from the ECSO work and internal discussions
on the EU Cybersecurity Act can be summarised as follows:
• Experts from industry should be part of the decision process for the scheme selection and priority (The Union Rolling plan will be defined by the SCCG)
• Minimum common baseline security needs to be defined across sectors.
• Threat analysis and risk assessment as a source for security requirements.
• The scope of the certification should address the entire supply chain: what and how depends on the intended use.
• The level of assurance attained should consider the potential risk and the related impact of potential attacks linked with the product/service usage.
• Ethical hacking shall be legally allowed and enforced for high security; checklists are insufficient.
• There is a need for a common definition of the proposed assurance levels, i.e., assessment methodologies (evaluation) associated.
12 https://www.ecs-org.eu/documents/publications/5a60b8bf83f7c.pdf
13 https://www.ecs-org.eu/documents/publications/5a3112ec2c891.pdf
ECS cPPP Progress Monitoring Report 2018
40
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
• Centrally steered harmonisation across CABs, NABs and National Certification Supervisory Authorities (NCSA) is crucial.
Glossary
The ECSO WG1 worked on a Glossary with the aim of collecting definitions of terms related to the
activity of ECSO’s WG1. Particular terms which are more likely to often be referenced inside this
working group were specifically presented together with their definition and the source of the
definition. Other more general glossary lists (for example addressing general IT security
terminology) were referenced, together with links for quick access. The document is used internally
to ensure uniform language and common references.
Workstreams on different type of assessments
The ECSO WG1 created two different workstreams, Self-Assessment and Third-Party
Assessment, to work on the practical aspects of the Meta-Scheme approach. The two workstreams
looked into the different types of assessment with the aim of identifying the criteria to decide on the
fit-for-purpose type of assessment. The outcome of this activity has recently been published in an
ECSO deliverable.
Engagement with other entities
European Standard Organisations: WG1 has seen the need to engage with the European
Standards Developing Organisations, to work together towards a common objective of
strengthening cybersecurity in Europe. Towards this objective, ECSO has signed the Memorandum
of Understanding with ETSI and CEN-CENELEC to establish important synergies to provide the
lesson learnt in case there is a current gap in standardisation as identified by the exercise to map
the existing certification schemes and standards with the challenges identified by the industry.
ECSO WG1 has regularly been invited to contribute to workshops and events organised by CEN-
CENELEC in 2018. ECSO Meta-Scheme Approach and the activities of WG1 were presented at
the ETSI Security Week 2018.
DG-CNECT: Bilateral meetings have been organised to present the current status of the activities.
DG-CNECT was also invited to ECSO meetings to contribute to the discussions to support the
Cybersecurity Act. ECSO has also contributed to the workshop organised in 2018 to present the
view on the European Certification Framework.
ENISA: A running dialogue has been established with ENISA to avoid duplication of work on
certification and to reinforce cooperation and maximise resources for future actions and events.
European Parliament: ECSO was invited to the European Parliament (ITRE committee) to discuss
the Cybersecurity Act with the rapporteurs and shadow rapporteurs of the ITRE and IMCO
committees.
JRC: ECSO discussed a feasibility study on Industrial and Automated Control Systems (IACS) and
SCADA with the JRC. JRC was invited to present the current activities at an ECSO WG1 F2F
meeting and then invited to contribute to the pilot study as one of the stakeholders.
WG2 Market deployment / investments / international collaboration
The objective of the WG2 is to provide ECSO members with a market knowledge, to propose and
foster an EU model for investments in EU cybersecurity for technology, and to establish a dialogue
ECS cPPP Progress Monitoring Report 2018
41
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
with the main countries (US and Japan) and initialise a dialogue with developing countries. The
same WG oversees the cPPP monitoring.
WG breakdown
WG2 has been segmented into 4 different sub WGs:
• SWG 2.1 Market knowledge: market, products and stakeholders update
• SWG 2.2 Investments, innovative business models
• SWG 2.3 International cooperation, global competitiveness and support to export
• SWG 2.4 Dissemination & awareness; KPI monitoring
No. of members subscribed to WG2: 104 organisations (220 experts/individuals)
WG meetings held: 4 in 2018 (6 phone conference calls).
Main activities
Market Analysis
The aim of WG2 is not to start another market study from scratch, but to develop a common analysis
of the market moves – mainly in Europe. To do that, ECSO has supported the CIMA study led by
PWC and LSEC by organising national workshops with ECSO members. In addition, WG2 jointly
with WG4 has developed a common market taxonomy in order to design and deliver a market radar
of the existing cybersecurity solutions which should provide inputs to WG6 on a technological gap
analysis as well as investors on market opportunities. The first version of the Radar was released
on 6th November14.
Investments, innovative, business models
WG2 jointly organised the Investor Roadshow with WG4: ECSO Business Matchmaking events
aim to increase the visibility of the European cybersecurity market players and to foster the
European cybersecurity market consolidation. In order to reach out to different European
cybersecurity ecosystems, each edition of the event is organised in different European cities,
together with the local partners. The Chairs participated to the selection of start-ups and SMEs and
supported the running of the pitching sessions as well as the constitution of a unique investors’
community.
Monitoring methodology
WG2 first elaborated the monitoring methodology used in this report and then supported the analysis and data validation for drafting the monitoring report.
WG3 Sectoral Demand (market applications)
WG breakdown
14 https://www.ecs-org.eu/press-releases/the-latest-edition-of-the-ecso-cybersecurity-market-radar-is-out-now
ECS cPPP Progress Monitoring Report 2018
42
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
WG3 is segmented into 8 different sectors, each represented by its own sub WG:
• SWG 3.1 Industry 4.0 and ICS
• SWG 3.2 Energy Networks and Smart Grids
• SWG 3.3 Transportation (road, rail, air, sea, and space)
• SWG 3.4 Finance, ePayments, and Insurance
• SWG 3.5 Public Services, eGovernment, and Digital Citizenship
• SWG 3.6 Healthcare, eHealth
• SWG 3.7 Smart Cities and Smart Buildings (convergence of digital services for citizens) and other Utilities
No. of members subscribed to WG3: 138 organisations (345 experts/individuals)
WG meetings held: 3 in 2018 (2 general meetings and 1 brainstorming workshop)
SWG meetings held: 2 in 2018 (1 on SWG 3.2 and 1 on SWG 3.8)
Main activities
Sector reports
As part of the WG task to assess the needs from the sectors across four aspects (landscape, user
engagement, sector specificities, and market study), five sector reports were publicly released in
2018. Available on the ECSO website15, they aim to provide a view from ECSO members on what
are the essential cybersecurity needs and requirements from the demand side with
recommendations on how to reflect these in the overall ecosystem.
Sector-specific workshops
In 2018, WG3 held 2 sector-specific workshops: one for energy, and one for telecom, media &
content. The aim of these workshops is to bring together ECSO members and users, utilities,
sectoral associations and relevant DG’s to discuss the main priorities and actions for the sector in
question and to elicit feedback from external parties on the needs and requirements expressed by
ECSO members in the sector reports.
The workshop on energy served to continue ECSO’s collaboration with key stakeholders in the
domain as well as DG ENER. ECSO was also invited by DG ENER as observer to the NIS
Cooperation Group’s Energy Workstream meeting.
The workshop on telecom, media & content was the first contact with stakeholders in the domain
and served to frame the initial elements for the sector report.
User engagement & collaborations
User engagement and outreach is an important task for WG3 as this WG aims to provide demand-driven requirements to other ECSO WG’s and externally via relevant policy channels. In 2017, this was done through:
• Bilateral meetings with sectoral associations
15 https://www.ecs-org.eu/working-groups/wg3-sectoral-demand
ECS cPPP Progress Monitoring Report 2018
43
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
• Further building an internal database (excel) with the main users and associations for each sector
• Presenting ECSO at events and conferences with users as the main audience
Some key collaborations in 2018 include participation in the World Economic Forum’s Electricity
WG, attendance to EE-ISAC meetings, and a collaboration with Digital Europe on the transposition
of the NIS Directive (NIS Implementation Tracker).
ECSO also joined the HIMSS Partner Innovation Exchange (PIE) initiative in 2018. The HIMSS
Partners Innovation Exchange is an initiative to convene key digital health influencers to improve
healthcare through information and technology. Healthcare information technology is playing an
ever-expanding role in the transformation of healthcare delivery. Consequently, the digitisation of
healthcare has important security implications, and requires innovative cybersecurity solutions.
ISAC Position Paper
Having discussed the topic of European sector-specific ISAC’s and what should be done with
respect to these in terms of their setup, what they should achieve, and how to improve their
efficiency, a survey was conducted internally to analyse ECSO members’ assessment of the needs
and priorities for a European ISAC within their sector. The results of this survey were consolidated
and synthesised in a position paper, considering also the release of the ENISA study “Information
Sharing and Analysis Center (ISACs) - Cooperative models” released in February 2018.
Mapping of needs exercise
Based on the completed sector reports, WG3 also started a brainstorming exercise in 2018 on the
mapping of needs & requirements on a transversal level. The idea is to perform this as a continuous
exercise in order to cluster the different challenges to arrive at around 10 priority areas for the
verticals. The desired outcome would be a taxonomy of needs & priorities (from the demand side)
to feed into other ECSO WG’s (on standardisation, education, research, etc.) and EU policy
instruments.
Users’ Committee
In 2018, ECSO kicked off the activities of its Users’ Committee (UC) (linked to WG3). The UC has
been set up with the aim of gathering real Users/Operators from ECSO members (including large
companies that also have security needs), starting to build trust, attracting other Users/Operators
in the ECSO membership database (based on the trust reputation of the UC), providing
Users/Operators with a safe harbour to exchange sensitive information on cyberthreats and
possible solutions, and defining common needs to prevent/fight cyberthreats. A specific
governance and terms of reference for this group was set up. Being a member of ECSO is the first
guarantee to be part of the UC and candidacies must be sent to ECSO via an application that will
be forwarded to the UC Chairs for approval.
WG4 Support to SMEs and regions
The objective of WG4 is to focus on the following issues:
o Support the development of SMEs, start-ups and high growth companies
o Develop coordinated activities between clusters (both business oriented and triple helix), Regions and local bodies (for local implementation of solutions / educations)
ECS cPPP Progress Monitoring Report 2018
44
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
o Development of East and Central EU public and private sectors dealing with cybersecurity.
Segmentation:
• SWG4.1: SMEs, start-ups and high growth companies -
• SWG4.2: Coordination with activities in EU countries and regions -
• SWG4.3: Support to East and Central EU Members
No. of members subscribed to WG4: 112 organisations (233 experts/individuals)
WG meetings held: 6 in 2018
Main activities:
Support to SMEs
WG4 organised the Investor Days events jointly with WG2 which provide a unique forum for
European startups and scaleups, specialising in cybersecurity, to meet investors coming from
across Europe. In 2018, we organised 3 events gathering more than 70 startups/SMEs and 50
international investors.
SME Hub
WG4 elaborated the value proposition for design and setting of a SME Hub which is intended as a
market support and networking tool for European Cyber SMEs. It shall help SMEs to create more
market transparency and to reach out far beyond their traditional home markets, which are usually
nationally or regionally limited. The SME hub shall be a publicly accessible platform where SMEs
can register their company and define the services or products they offer in a predefined market
segmentation taxonomy. The Hub consists of three main functionalities: a Registry, a Label and a
Quadrant. The platform shall be open to all European Cyber SMEs, neutral and unbiased. It shall
be provided via a web platform which is easily accessible by potential customers. The governance
of structure, contents and criteria shall be done by a neutral governance body consisting of industry
participants, e.g. from ECSO WG4.
Support to regional Ecosystems/Smart specialisation on cybersecurity
Since its launch, ECSO has put a lot of effort into bringing in regions and regional players as key
stakeholders. In 2018, ECSO was in charge of the coordination of the Pilot Action on the Smart
Specialization Platform which gather 5 Regions (Brittany, North Rhine Westphalia, Estonia, Central
Finland and Castilla y Leon) The Cyber Valleys Pilot Action is an “Interregional innovation projects”
implemented within the framework of the Thematic Smart Specialisation Platforms (TSSP) and
funded by DG-REGIO. Through this pilot action the EC wants to accelerate the work done mostly
under the TSSP increasing the focus on bottlenecks to be removed to ensure the commercialisation
and scale-up of concrete investment projects among regions at the EU level.
Since 2017, ECSO is acting as the Single Partnership Coordinator of the Project led by Brittany
Region. The partnership is expected to deliver its recommendation on the use of the Component
V budget dedicated to the inter-regional cooperation by the end of 2019.
INTERREG CYBER for the strong European cybersecurity valleys (2018-2023)
ECS cPPP Progress Monitoring Report 2018
45
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
As an Advisory Partner, the European Cyber Security Organisation (ECSO) brings to the project
its expertise on regional cybersecurity industrial policies, acquired in its Working Group 4 focusing
on ‘support to SMEs and regional cooperation’. The Bretagne Development Innovation agency is
the leading partner in CYBER. The project involves seven European regional partners, including
Institute for Business Competitiveness of Castilla y León (Spain), Tuscan Region (Italy), Digital
Wallonia (Belgium), Brittany Region (France), and Kosice IT Valley (Slovakia), Chamber of
Commerce and Industry of Slovenia (Slovenia) and Estonian Information System Authority
(Estonia). Interreg Europe CYBER aims to boost the competitiveness of European cybersecurity
SMEs by creating synergies between European cybersecurity valleys.
WG5 Education, training, exercise, raising awareness
WG breakdown
WG5 is segmented into three sub WG’s:
• SWG 5.1 Cyber Ranges Environments and Technical Exercises
• SWG 5.2 Education & Training
• SWG 5.3 Awareness
A Task Force has also been set up, linked to SWG 5.2, for the development of a European Human Resources Network for Cyber (EHR4CYBER)
No. of members subscribed to WG5: 136 organisations (294 experts/individuals)
WG meetings held: 2 in 2018
Main activities
Position Paper: Gaps in European Cyber Education and Professional Training
In 2018, ECSO released a position paper on gaps in education & training highlighting the need to bridge gaps and strengthen synergies between higher education and professional training16. To satisfy the growing demand for skilled cybersecurity professionals, we need to expand educational opportunities at all levels; increase the number of qualified educators; create synergies between educational paths and training possibilities at a workplace; reach the skilled unemployed and displaced workers (workers who are not happy with their current profession); and create the fundamentals of lifelong learning in cybersecurity. We also need to ensure gender diversity and inclusiveness of cybersecurity education and training, to inform and encourage girls and women to engage into cybersecurity careers. To achieve this, a working cooperation is needed between academia and industry which utilises and combines their available resources to ultimately strengthen the cyber domain together.
EHR4CYBER Analysis Paper: Information and Cybersecurity Professional Certification
Last year, EHR4CYBER released its first output document, an analysis paper on information and cybersecurity professional certification17. The paper mainly addresses the established and recognised Information and Cybersecurity Professional Certification schemes that helps to develop human resources. The paper is not meant to be exhaustive but serves to give an overview of
16 https://www.ecs-org.eu/documents/publications/5bf7e01bf3ed0.pdf
17 https://www.ecs-org.eu/documents/publications/5bf7e0d81b347.pdf
ECS cPPP Progress Monitoring Report 2018
46
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
several existing certification schemes, both in Europe and internationally, to establish gaps and needed developments for the future. A follow up paper could be envisaged which would go deeper into the needs with possible concrete proposals (i.e. the establishment of an EU-wide certification and accreditation scheme as well as a European framework for professional development in cybersecurity). The paper does not deal with certification of products and services.
ECSO-Microsoft Cybersecurity Awareness Breakfast Series and subsequent Training Guide
In 2018, WG5 organised a breakfast awareness event series with its member Microsoft. The theme for week two of ENISA’s European Cyber Security Month in 2018 was “Expand your digital skills and education.” In line with this theme, ECSO and Microsoft collaborated to offer an in-person training to promote end-user education and improve cybersecurity literacy. The training took place over three 90-minute breakfast series and covered cyber threats, vulnerabilities and countermeasures unique to senior EU policy makers. Following the workshop series, a practical guide on cybersecurity awareness trainings was released by ECSO and Microsoft.
Workshop with EDA on the federation of cyber ranges
Having conducted an internal survey on cyber range capabilities and motivations towards a
federated approach, a cyber range workshop was organised in 2018 in collaboration with the
European Defence Agency (EDA) who have their own cyber range federation project. The aim of
the workshop was to align with EDA on cyber range approaches and agree on a baseline for
continued collaboration, focusing on opportunities and motivations for a federated approach. The
event established links between the private sector (industry and research) and EDA (Member
States), with around 50 attendees (33 from ECSO members). ECSO is in continuous dialogue with
EDA on this topic, also through its members that are part of the EDA project.
ECS cPPP Progress Monitoring Report 2018
47
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Annex II – Common Priority Key Performance Indicators
Key Performance Indicator (KPI)
Value in {2018} Baseline at the start of H2020 (latest available)
Target (for the cPPP) by the end of H2020 Comments
#1 Mobilised Private Investments 1216 million €
[estimation]
482 € million 1,8 billion € See the methodology for calculating private investment (p 11)
#2 New skills and/or job profiles + 32,5% for large companies
+35% for SMEs
+25% for RTOs
280.000 employees [estimation]
190.000 + 10% growth rate market
#3 Impact of a cPPP on SMEs 17% of participants of H2020 projects are SMEs specialized in cybers security
18% of participants of H2020 projects are SMEs specialized in cybers security
At least 20% of participants of the cyber security calls funded are SMEs, start-ups or high growth companies (50+% increase in annual revenue) specialized in cyber/ICT or users
#4 Significant Innovations 1 patent (awarded) 2 pending patent applications; 1utiliy model awarded
See the methodology for future comparison (p 26)
ECS cPPP Progress Monitoring Report 2018
48
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Annex III – Specific Key Performance Indicators for the cPPP
KPI domain Key Performance Indicator (KPI) Value in {2018} Baseline at the start oH2020 (latest available)
Target (for the cPPP) at the end of H2020
Comments
#5 User participation Monitor the participations of users in R&I activities
22% 12 % at least 15% of users / operators participating in cyber security projects funded by H2020.
#6 Dissemination and Communication
Number of dissemination and information actions for promoting the PPP activities to a broad range of public and private stakeholders.
80 17 events attended by the ECSO Secretariat and members in 2016 (estimation made by the ECSO secretariat)
30 events per year
#7 Openness Share of participation of ECSO members / non ECSO members in H2020 projects
27% of unique participants are ECSO members
30% 50% of ECSO members vs 50% non ECSO members
ECS cPPP Progress Monitoring Report 2018
49
European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium
Annex IV – Contribution to Programme-Level KPI's
Key Performance Indicator
Definition/Responding to question
Type of data required 2018 Data
[European Commission]
Baseline at the start of H2020 (latest available)
Target (for the cPPP) at the end of H2020
Comments
1 Patents Number of patent applications.
Number of patents awarded
1
2 patent applications
1 utility model awarded
2 Standardisation activities
(project level)
Contributions to new standards
(PPP level)
Number of activities leading to standardisation
Number of working items in European Standardisation Bodies.
Number of pre-normative research files – prEN - under consultation in ESBs
3 Operational performance
Time-to-grant
Time-to-drant(average)
240 days
4 H2020 - LEIT - Number of joint public-private publications
Number and share of joint public-private publications out of all LEIT publications.
Properly flagged publications data (DOI) from LEIT funded projects
104, of which peer reviewed: 97
Recommended