cybersecurity in horizon 2020 - ffgcybersecurity in horizon 2020 2 evolving threat landscape in...
TRANSCRIPT
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
CYBERSECURITY IN HORIZON 2020
Vienna, July 6th, 2018
David Kolman | NCP Future & Emerging Technologies
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
CYBERSECURITY IN HORIZON 2020
2
EVOLVING THREAT LANDSCAPE IN CYBERSECURITY
Proliferation of (poorly secured)
IoT devices
Blurring lines between state and non-state
actors
Hybrid attacks on western democracies
Fake news
Evolving cyber crime business models
Cyber espionage on the rise
Dependence on foreign security technologies
Persisting critical infrastructure vulnerabilities
Attempts to promote new internet governance
model
Vulnerabilities of third countries
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
POLICY CONTEXT
CYBERSECURITY IN HORIZON 2020
3
• Digital Single Market Strategy
• European Agenda for Security
• NIS Directive on security of network and information systems
• eIDAS Regulation on electronic identification for electronic transactions
• General Data Protection Regulation (GDPR)
• e-Privacy Regulation (proposed)
• EC Communication (2016) “Strengthening Europe's Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry"
• Cybersecurity Package 2017 on EU Cybersecurity Agency
Aim: competitive, trustworthy Digital Single Market
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
PUBLIC PRIVATE PARTNERSHIP ON CYBERSECURITY
CYBERSECURITY IN HORIZON 2020
4
• Partnership between the European Commission and the European Cyber Security Organisation (ECSO), https://ecs-org.eu/cppp
• Objectives & activities:
• to foster cooperation between public and private actors at early stages of the R&I process to develop innovative and trustworthy European digital solutions
• specifically, the cPPP develops a Strategic Research & Innovation Agenda which provides the most important input for the cybersecurity calls in H2020
• Members of the ECSO: industry, RTOs, public administrations,users, operators… in AT: BKA
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
CYBERSECURITY IN H2020
CYBERSECURITY IN HORIZON 2020
5
Cybersecurity element of almost any call dealing with digital tools/technologies:
• Main calls – to be presented today:
• within part Information & Communication Technologies:H2020-SU-ICT-2018-2020
• within Societal Challenge Secure Societies (SC7):H2020-SU-DS-2018-2019-2020
• Digital Security Inducement Prize:OnlineSecurityPrize-01-2017
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
OPEN ICT CYBERSECURITY CALLS 2018
CYBERSECURITY IN HORIZON 2020
6
Call Cybersecurity
H2020-SU-ICT-2018-2019-2020
55 Mio €
28. August 2018
SU-ICT-01-2018: Dynamic countering of cyber-attacks
SU-ICT-04-2019: Quantum Key Distribution testbed
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
SU-ICT-01-2018: DYNAMIC COUNTERING OF CYBER-ATTACKS
CYBERSECURITY IN HORIZON 2020
7
4 – 5 Mio € (∑ 2018: 40 Mio. €)Innovation Action: Outcome: TRL 6
Challenge: Prevention of and the protection against attacks on modern complex ICT systems incl. IoT, detection of suspicious activities in net …while keeping privacy and confidentiality
Scope: Two possible subtopics to choose from (or both):
a) Cyber-attacks management – advanced assurance and protection
b) Cyber-attacks management – advanced response and recovery
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
a) Advanced assurance and protection
Scope:
Develop innovative, integrated and holistic approaches for minimizing attacks… through proper system configuration, secure runtime environment, assurance and verification tools, secure-by-design methods…may include also behavioural, social and human aspects
Explore how recent progress in AI/DL can provide breakthroughs in (i) anticipation of and (ii) fight against cyber-attacks
Provide mechanisms for: (i) informing users on their security/privacy levels, (ii) providing warnings and (iii) assisting in handling security and privacy incidents
Proposals may cover secure execution environments, including mechanisms ensuring an adequate level of security, privacy and accountability
(cf. SRIA cPPP Cybersecurity, Chapter 7.3)
SU-ICT-01-2018: DYNAMIC COUNTERING OF CYBER-ATTACKS
CYBERSECURITY IN HORIZON 2020
8
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
b) Advanced response and recovery
Scope:
Develop capabilites to support response professionals incl. (i) assessment about attack propagation and(ii) measures to be applied
Address sharing threat intelligence with relevant parties
Explore forensics, penetration testing, investigation and attack attribution services to achieve proper identification and better protection against future attacks and zero-day vulnerabilities… Approaches can include combination of massive data (incl. from social networks) and diverse logs collections
Consider efficient handling of encrypted network traffic, dynamic evidence based security and privacy risk assessment, and management tools targeting emerging technologies (IoT…)
Provide mechanisms for: informing users on their security/privacy levels, providing warnings and assisting in handling security and privacy related incidents
(cf. SRIA cPPP Cybersecurity, Chapter 7.5)
SU-ICT-01-2018: DYNAMIC COUNTERING OF CYBER-ATTACKS
CYBERSECURITY IN HORIZON 2020
9
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Outcome to reach TRL 6*
Impact:
Short/medium term:
• Enhanced protection against novel advanced threats
• Advanced technologies and services to manage complex cyber-attacks and to reduce the impact of breaches
• Technological and operational enablers will contribute to the development of the CSIRT Network** across the EU.
Long term:
• Robust, transversal and scalable ICT infrastructures resilient to cyber-attacks, which can underpin relevant domain specific ICT systems
* Technology demonstrated in relevant environment (could be a simulated environment)
** Cyber Security Incident Response Team
SU-ICT-01-2018: DYNAMIC COUNTERING OF CYBER-ATTACKS
CYBERSECURITY IN HORIZON 2020
10
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
≤ 15 Mio € (∑ 2018: 15 Mio. €)Innovation Action: Outcome: ~ TRL 7Challenge:
• Confidentiality of data and communications, authentication & long-term integrity of stored data have to be guaranteed for Europe's digital infrastructures, services and data integrity… even in the advent of quantum computers.
• Introducing Quantum Key Distribution (QKD) in underlying infrastructures has the potential to maintain end-to-end security in the long-term.
Scope:
• Building an experimental platform to test and validate* the concept of end-to-end security with QKD as a service
• Development of an open, robust, reliable and fully monitored metropolitan area testbed network
* Where necessary, R&D activities can be addressed
SU-ICT-04-2018: QUANTUM KEY DISTRIBUTION TESTBED
CYBERSECURITY IN HORIZON 2020
11
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Scope (2):
• Proposal should integrate equipment, components, protocols and network technologies with QKD systems and current digital security and communication networks
• The testbed should be modular, to test different components, configurations and approaches from multiple suppliers and benchmark the different approaches against overall performance
• The proposed solutions should demonstrate resistance against known hacking techniques, including quantum hacking
• The testbed should make use as much as possible of existing network infrastructure, provide a quantum key exchange rate compatible with concrete application requirements over metropolitan distances
• The testbed should demonstrate different applications and use-cases of QKD optimizing end-to-endsecurity rather than the security of individual elements
• Proposals should include an economical justification of applications and use-cases selected
• Proposals should bring together relevant stakeholders such as telco equipment manufacturers, users, network operators, QKD equipment providers, digital security professionals and scientists
SU-ICT-04-2018: QUANTUM KEY DISTRIBUTION TESTBED
CYBERSECURITY IN HORIZON 2020
12
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Impact:
• Demonstrating the feasibility of quantum communication networks
• Validation of quantum network technologies, architectures, protocols, including broader cryptographicservices based on QKD infrastructure
• Demonstrate interoperability of quantum and classical networks, as well as multi-vendor interoperability
• Contribute to development of standards for QKD components, equipment and protocols
Suggestion: Check and/or relate to the projects running under the QT Flagship (e.g. AIT-lead project UNIQORN)
SU-ICT-04-2018: QUANTUM KEY DISTRIBUTION TESTBED
CYBERSECURITY IN HORIZON 2020
13
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
OPEN SC7 CYBERSECURITY CALLS 2018
CYBERSECURITY IN HORIZON 2020
14
Call Digital Security
H2020-SU-DS-2018-2019-2020
44,5 Mio €
23. August 2018
SU-DS01-2018: Cybersecurity preparedness – cyber range, simulation and economics
SU-DS04-2018-2020: Cybersecurity in the Electrical Power and Energy System (EPES): an armour against cyber and privacy attacks and data breaches
SU-DS05-2018-2019: Digital security, privacy, data protection and accountability in critical sectors
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
5 – 6 Mio € (∑ 2018: 16 Mio. €)Innovation Action: Outcome: TRL 7*
Challenge:
• Trustworthy digital infrastructure resilient against novel cyber-attacks
• Impact of cyber-risk vs. investment in cybersecurity
• Up-to-date security officers, operators, developers, integrators, administrators and end-users
Scope:
• Continuation of topic DS-07-2017 "Addressing advanced cyber security threats and threat actors“
• This call: Extending the capabilities of cyber ranges… incl. their networking or domain-specificities(e.g. cyber range for IoT…)
* System prototype demonstration in operational environment
(cf. SRIA cPPP Cybersecurity, Chapter 5.2)
SU-DS01-2018: CYBERSECURITY PREPAREDNESS - CYBER RANGE, SIMULATION AND ECONOMICS
CYBERSECURITY IN HORIZON 2020
15
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Scope (2):
• Develop, test and validate highly customizable dynamic simulators
• Express and transform user needs into actual experiments
• Develop/integrate/parameterise appropriate tools and methods for evidence-based simulations
• Validate the proposed cyber range model across one critical economic sector
• Develop, test and validate operational ways to continuously analyse the information collected by CERTs/CSIRTs and relevant cybersecurity data
• Feed analysis results into econometric models in order to contribute to identifying affordable security controls and policies
• Delivery of specific social aspects of digital security hands-on training at all actor levels
* SME participation strongly encouraged
SU-DS01-2018: CYBERSECURITY PREPAREDNESS - CYBER RANGE, SIMULATION AND ECONOMICS
CYBERSECURITY IN HORIZON 2020
16
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Outcome to reach TRL 7
Impact:
Short/medium term:
• Professionals better prepared to detect, block and mitigate emerging cyberattacks
• End-users better express actual needs to developers/vendors, through cyber range and simulation
• More organized collaboration between a network of cyber ranges and Europe-wide initiatives
• Improved risks analysis models to be used by public/private organisations
• Appropriate econometric models able to learn from cyber incident data on a wide scale
• Improved knowledge on how to make the right investment to secure operations against cyber-attacks
Long term:
• Improved resilience of ICT systems/infrastructures; reduced time and cost for training users…
SU-DS01-2018: CYBERSECURITY PREPAREDNESS - CYBER RANGE, SIMULATION AND ECONOMICS
CYBERSECURITY IN HORIZON 2020
17
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
6 – 8 Mio € (∑ 2018: 20 Mio. €)Innovation Action: Outcome: TRL 7
Challenge:
• Increased digitalisation in energy systems, growing number of smart devices, older technologies in legacy (control) systems => higher risks and vulnerabilities
Scope:
• Assessing vulnerabilities and threats of an actual EPES system… consider different attack scenarios
• Designing adequate security measures… measures for new as well as existing (under-protected) equipment
• Implementing both organisational and technical measures in a demonstrator
• Demonstrating the effectiveness of the measures with a cost-benefit analysis
SU-DS04-2018-2020: CYBERSECURITY IN THE ELECTRICAL POWER AND ENERGY SYSTEM (EPES)
CYBERSECURITY IN HORIZON 2020
18
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Demonstrator:
• At large scale level (e.g. neighbourhood, city, regional level) involving generators, one primary substation, secondary substations and end-users
• Include (i) standardisation and certification at different levels and (ii) recommendation on EU information exchange
Consortium:
• Include Transmission system operator (TSO) Distribution system operator (DSO), Electricity generators, Utilities, Equipment manufacturers, Aggregators, Energy retailers, Technology providers
* Foresee clustering with similar projects incl. the BRIDGE initiative
SU-DS04-2018-2020: CYBERSECURITY IN THE ELECTRICAL POWER AND ENERGY SYSTEM (EPES)
CYBERSECURITY IN HORIZON 2020
19
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Outcome to reach TRL 7
Impact:
• Built/increased resilience
• Contribute to the implementation of NIS directive
• Cybersecurity certification of components, systems and processes
• Cyber-protection policy design at all levels
• Better accountability and transparency from manufacturers
SU-DS04-2018-2020: CYBERSECURITY IN THE ELECTRICAL POWER AND ENERGY SYSTEM (EPES)
CYBERSECURITY IN HORIZON 2020
20
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
3 – 4 Mio € (∑ 2018: 8,5 Mio. €)Innovation Action: Outcome: TRL 7
c) [2018]: Digital security, privacy and personal data protection in finance
Challenge:
• Increased digitization and growing complexity of cyber-attacks,
• Defining and providing sector-specific common requirements
• Ensuring personal data integrity and confidentiality
Scope:
• Treat generic aspects for at least two of the critical sectors of the NIS Directive*, by (i) identifying common threats and attacks; and (ii) developing proof of concepts for managing cybersecurity and privacy risks
• Treat specific aspects for critical sector “Finance”
* Energy, Transport, Banking, Financial markets, Health care, Water supply, Digital infrastructure
(cf. SRIA cPPP Cybersecurity, Chapter 8.3)
SU-DS05-2018-2019: DIGITAL SECURITY, PRIVACY, DATA PROTECTION AND ACCOUNTABILITY IN CRITICAL SECTORS
CYBERSECURITY IN HORIZON 2020
21
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Scope (2):
Specifically for sector „Finance“:
• Identify specific vulnerabilities, propagation effects and counter measures
• Develop and testing cyber innovation-based solutions
• Validate the solutions in pilots/demonstrators
Tackle at least one of the following items:
• Development of resilience enhancing technologies
• Development of new/enhanced, parameterized, automated and collaborative ICT tools for insurance companies
• Standardization to allow the quick adoption of cybersecurity best practices in the domain
Pilots/demonstrators should use relevant transversal cyber infrastructures and capabilities from other projects
Delivery of specific social aspects of digital security hands-on training at all actor levels
* Foresee activities and envisage resources for clustering with other projects
SU-DS05-2018-2019: DIGITAL SECURITY, PRIVACY, DATA PROTECTION AND ACCOUNTABILITY IN CRITICAL SECTORS
CYBERSECURITY IN HORIZON 2020
22
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Impact:
Technological and operational enablers will contribute to the development of the CSIRT Network* across the EU
For the selected sectors**:
• Identified relevant generic and specific aspects related to cybersecurity and digital privacy
• Advanced holistic systems and innovative proof concepts for managing cybersecurity and privacy risks
• Advances in the state-of-the-art analysis of specific aspects, such as related cyber threats, attacks and vulnerabilities
• Sound analysis of cascading effects of specific related cyber threats within the supply chain
• Improved cybersecurity information sharing and collaboration among stakeholders and with CERTs/CSIRTs
• More targeted and acceptable security management solutions addressing specificities of the sectors
• Trigger the fast adoption of cybersecurity/privacy/personal data protection best practices…
* Cyber Security Incident Response Team** In this case, financial sector specific
SU-DS05-2018-2019: DIGITAL SECURITY, PRIVACY, DATA PROTECTION AND ACCOUNTABILITY IN CRITICAL SECTORS
CYBERSECURITY IN HORIZON 2020
23
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
INDUCEMENT PRIZE: SEAMLESS PERSONAL AUTHENTICATION
CYBERSECURITY IN HORIZON 2020
24
Challenge:
• Propose an ICT solution that enables citizens to seamless authenticate themselves across a wide range of applications and devices.
Deadline: 27 September 2018
Prize Amount:
• Total Budget: 4 M€:
• 2.8 M€ for the winner
• 0.7 M€ for the first runner-up
• 0.5 M€ for the second runner-up
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
INDUCEMENT PRIZE: SEAMLESS PERSONAL AUTHENTICATION
CYBERSECURITY IN HORIZON 2020
25
Scoring matrix:
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
OTHER OPEN CALLS WITH CYBER SECURITY ASPECTS
CYBERSECURITY IN HORIZON 2020
26
Examples of cybersecurity aspects being part of other open calls:
• DT-TDS-01-2019: Smart and healthy living at home, Deadline 14 November 2018
• SU-INFRA01-2018-2019-2020: Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructureDeadline 23 August 2018
• PADR-EDT-02-2018: SoC/SiP for defense applications underPreparatory Action for Defense Research, Deadline 28 June 2018
• CEF-TC-2018-3: Capability Development under CEF Telecom Cyber Security Call,Deadline 22 November 2018
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
FUTURE CALLS WITH CYBER SECURITY ASPECTS IN ICT
CYBERSECURITY IN HORIZON 2020
27
With deadline 28 March 2019:
• ICT-08-2019: Security and resilience for collaborative manufacturing
• ICT-09-2019-2020: Robotics in Application Areas
• ICT-10-2019-2020: Robotics Core Technology
• ICT-13-2018-2019: Supporting the emergence of data markets and the data economy
• ICT-20-2019-2020: 5G Long Term Evolution
With deadline in 2020:
• ICT-26-2018-2020: Artificial Intelligence
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
FUTURE CALLS WITH CYBER SECURITY ASPECTS IN SC7
CYBERSECURITY IN HORIZON 2020
28
With deadline 22 August 2019:
• SU-DS03-2019-2020: Digital Security and privacy for citizens and Small and Medium Enterprises and Micro Enterprises
• SU-DS05-2018-2019: Digital security, privacy, data protection and accountability in critical sectors
• SU-INFRA01-2018-2019-2020: Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure
• SU-INFRA02-2019: Security for smart and safe cities, including for public spaces
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
FINANCED PROJECTS
CYBERSECURITY IN HORIZON 2020
29
• https://cordis.europa.eu/projects
• cPPP Cybersecurity Strategic Research & Innovation Agenda
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
AUSTRIAN EU PRESIDENCY JULY - DECEMBER 2018
30
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
EU PRESIDENCY >> FTI-VERANSTALTUNGEN (AUSWAHL)
31
September 18 Oktober 18
13. September, WienFFG FORUM 2018mit ua EU-Kommissar Carlos Moedas
19. - 20. September, Wien10 Years Joint Programming (BMVIT, BMBWF) Achievements and the Way Forward
01. - 02. Oktober, WienMarie Skłodowska-Curie (BMBWF)
Actions beyond 2020
November 18 Dezember 18
4. - 6. Dezember, Wien Imagine Digital - Connect Europe (BMVIT)
(ICT 2018)23. - 25. Oktober, WienEnterprise Europe Network (BMDW)
Jahreskonferenz
30. - 31. Oktober, WienIndustrial Technologies 2018 (BMVIT)innovative industries for smart growth
05. - 06. November, Graz Space Conference (BMVIT)
06. - 08. November, Wien COST CSO-Meeting & Awareness Day (BMVIT)
21. - 22. November, Wien Innovative Enterprise Vienna 2018 (BMDW)
28. - 29. November, Wien Impact of Social Sciences and Humanities (BMBWF)
Dezember 18
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
ICT CONFERENCE 2018, 4.-6. DECEMBER, VIENNA
https://ec.europa.eu/digital-single-market/en/events/ict-2018-imagine-digital-connect-europe
• Konferenz zur europäischen digitalen Forschungs- und Innovationspolitik• Spannende Keynotes, Workshops, Ausstellung und Vernetzungsmöglichkeiten,
Innovations- und Startup-Forum• Weitere Informationen und Registrierung sofort möglich unter:
32
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
CYBER SECURITY CONFERENCE, 3.-4. DECEMBER, VIENNA
33
The purpose of the conference is
• to take stock of the developments and achievements of the Cybersecurity work programme of the Trio Presidency (Estonia-Bulgaria-Austria), and
• to raise awareness of cybersecurity in Europe and at the level of decision-makers in technical and political terms.
https://www.eu2018.at/calendar-events/political-events/BKA-2018-12-03-Cybersec-Conference.html
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
FURTHER SUPPORT
34
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
• Informationsveranstaltungen
• Webinare, z.B.
• Individuelle Beratungen:
• Einstiegscheck für Projektideen
• Proposalcheck
• Trainings der FFG-Akademie, z.B.
• https://www.ffg.at/Europa/FFG-Serviceangebot
FFG SERVICES FOR YOU
35
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
FULL PROPOSAL CHECK FOR CYBERSECURITY CALLS 2018
36
• Organized by Idealist NCP network, www.ideal-ist.eu
• With real evaluators
• Remote - via skype - or on-site
• Paris, 24. July 2018
• Typically, coordinators represents the project
• A plausible first draft has to be submited
• Deadline for registration: 19. July 2018https://docs.google.com/forms/d/e/1FAIpQLSdndqB87tkb3PUY78UxlSmrO0_m5bYqEnYD_Xy7XOlQMCdwKQ/viewform
• More info: [email protected]
• The event is free of charge; slots are limited.
© FFG I Österreichische Forschungsförderungsgesellschaft I www.ffg.at
Österreichische Forschungsförderungsgesellschaft FFGSensengasse 1, A-1090 Wien
[email protected]/sicherheit
[email protected]/ausschreibungen/horizon2020_ict