european cyber security organisation · ecs cppp progress monitoring report 2018 i european cyber...

ECS cPPP Progress Monitoring Report 2018

European Cyber Security Organisation ECS cPPP Progress Monitoring Report 2018

22.10.2019 – Final Version


i

European Cyber Security Organisation (ECSO) • www.ecs-org.eu Rue Montoyer, 10, 1000 Brussels Belgium

ABOUT ECSO

The European Cyber Security Organisation (ECSO) ASBL is a fully self-financed non-for-profit organisation under the Belgian law, established in June 2016.

ECSO represents the contractual counterpart to the European Commission for the implementation of the Cyber Security contractual Public-Private Partnership (cPPP). ECSO members include a wide variety of stakeholders across EU Member States, EEA / EFTA Countries and H2020 associated countries, such as large companies, SMEs and Start-ups, research centres, universities, end-users, operators, clusters and association as well as European Member State’s local, regional and national administrations. More information about ECSO and its work can be found at www.ecs-org.eu.

Contact

For queries in relation to this document, please use [email protected]

Classification and Distribution

This document is classified as internal to ECSO for discussion with the EC.

Third-party sources are quoted as appropriate. ECSO is not responsible for the content of the external sources including external websites referenced in this publication.

Disclaimer

This document has been prepared by the European Cyber Security Organisation and it

reflects the views only of its authors.

Copyright Notice

© European Cyber Security Organisation (ECSO), 2019. Reproduction is not authorised.


i


VERSION HISTORY

Version Date Status Editor(s) Changes

0.1 14 08 2019 Draft KPI Analysis to the EC for

review

ECSO Secretariat

0.2 21 08 2019 Draft KPI Analysis to the EC for

review

ECSO Secretariat Updates

0.3 10.09.2019 Complete Draft to EC

for review

ECSO Secretariat Update on cPPP perimeter (4 additional projects)

Executive summary,

Section 2.1 and Outlook & Lessons learnt section

0.4 01/10/2019 Final draft to EC

ECSO Secretariat Final additions & review

0.5 16/10/2019 Draft including EC

comments

ECSO Secretariat Mention to 31 cPPP project (instead of 30) and right

reference to total EC contribution (62 % of

450M€). Links to ECSO documents added in the

Annex. Annex II to Annex IV added


ii



iii


PERIMETER OF 2nd REPORTING PERIOD update after 5th September with DG CNECT:

SU-ICT-04-2019: Quantum Key Distribution testbed

SU-DS05-2018-2019: Digital security, privacy, data protection and accountability in critical sectors

(limited to the finance subtopic run on 2018)

SU-TDS-02-2018: Toolkit for assessing and reducing cyber risks in hospitals and care centres to

protect privacy/data/infrastructures

SU-TDS-03-2018: Raising awareness and developing training schemes on cybersecurity in

hospitals

SU-INFRA01-2018-2010-2020: Prevention, detection, response and mitigation of combined

physical and cyber threats to critical infrastructure in Europe (only 50% of the funding is considered)

SU-ICT-03-2018: Establishing and operating a pilot for a Cybersecurity Competence Network to

develop and implement a common Cybersecurity Research & Innovation Roadmap

SU-DS04-2018-2020: Cybersecurity in the Electrical Power and Energy System (EPES): an armour

against cyber and privacy attacks and data breaches

SU-DS01-2018: Cybersecurity preparedness - cyber range, simulation and economics

SU-ICT-01-2018: Dynamic countering of cyber-attacks


iv


EXECUTIVE SUMMARY

Two years and a half since its signature in July 2016, the contractual Public Private Partnership continues on a good track. Bringing together the main European players spanning from large and SME pure players, the most innovative research centres and competitive clusters, national and regional public authorities, ECSO is not only delivering its Strategic Research & Innovation Agenda but going beyond the traditional cPPP objectives. This second yearly report is based on an online survey and phone interviews addressed to ECSO members and H2020 beneficiaries of projects started before 2019. In 2018, the European Commission funded 31 new projects (of which 2 started in 2018) under 9 dedicated Horizon 2020 calls, expanding the cPPP project portfolio from 20 to 50 projects. These new projects involve 580 organisations (of which 27 % are ECSO Members).19 of the funded projects under 2018 calls are Innovation Actions (IA), 11 are Research and Innovation Actions (RIA), and 1 is a Coordination and Support Action (CSA). With an initial indicative budget from the European Union of 450 M€ for the period 2017-2020, the European Cybersecurity cPPP has mobilised 1,75 B€ of private investment in developing and implementing innovations connected to the ECSO SRIA (522 M€ in 2017). In terms of creation of new skills and job profiles, the ECS cPPP is on track to surpass its contractual target (+10% growth rate of workforce). A survey to the European cybersecurity community reported that employment has grown between 2017 and 2018 by more than 30% in large companies and SMEs and 25% in RTOs. For the first time, the 2018 report elaborates a catalogue of existing job profiles to monitor a more in-depth evolution of the European cybersecurity workforce . cPPP projects and ECSO members are disseminating the knowledge they have gained: in 2018 they reported that they have hosted more than 200 dissemination events while the ECSO Secretariat strengthened and increased its position as a strong stakeholder in the European institutional landscape establishing, inter alia, several Memorandums of Understanding with European Bodies and other PPPs such as ETSI, CEN/CENELEC and 5G PPP to deepen collaborations on standards and cybersecurity in the implementation of 5G, respectively. At this stage, the major KPI issue remains the participation of technology SMEs in H2020 projects which is still lower than the target agreed in 2016. However, ECSO has put in place some countermeasures to give SMEs more visibility towards private investors. In particular, during 2018, the Association has contributed to the development of the cybersecurity ecosystem by organising its Investment Roadshow with local members. Four Investor Days brought together more than 80 selected start-ups and SMEs with 50 international investors. In addition, 2018 has been a year of careful planning and discussion with more than 40 stakeholders of the quadruple helix of five regions to design the Cyber Valleys project. This ECSO flagship aims to support local scaleups to achieve a critical mass, market the European Digital Market and initiate co-design technology partnerships with partners coming from other regions. With regards to the end-user participation, a positive trend has been observed in 2018; the increasing participation of end-users in H2020 projects. In particular with the dedicated calls for the energy and health sectors, electricity and hospital players have been active in projects, with an average of 5 end-users per project. Summing up all the results, this report shows that ECSO is continuing its successful development by promoting its R&D roadmap within both the H2020 framework and private investment, as well as consolidating activities on industrial policy.


v



vi


TABLE OF CONTENT

ABOUT ECSO ...................................................................................................................... i

EXECUTIVE SUMMARY ..................................................................................................... iv

TABLE OF CONTENT.......................................................................................................... vi

INTRODUCTION ................................................................................................................ 1

MAIN ACTIVITIES AND ACHIEVEMENTS in 2018 ................................................................. 3

2.1. Implementation of the relevant 2018 calls for proposal ................................................... 3

2.2. Mobilisation of stakeholders, outreach, success stories ................................................... 7

2.3. ECSO governance ........................................................................................................... 9

MONITORING OF THE OVERALL PROGRESS SINCE THE LAUNCH OF THE CPPP ................... 11

3.1 Progress achieved on KPIs ................................................................................................. 11

4. OUTLOOK AND LESSONS LEARNT ................................................................................. 38

Annex I – Report on industrial policy activities ................................................................. 39

Annex II – Common Priority Key Performance Indicators .................................................. 47

Annex III – Specific Key Performance Indicators for the cPPP............................................ 48

Annex IV – Contribution to Programme-Level KPI's .......................................................... 49


1


INTRODUCTION

The European Cybersecurity contractual Public-Private Partnership started in 2016 and was

operationalised with a proposed SRIA elaborated by the Working Group 6 and the launch of a first

round of H2020 calls in 2017.

The ECS cPPP plays a central role in the implementation of the Digital Single Market strategy,

contributing to multiple pillars including fostering cybersecurity market development, job and wealth

creation in Europe and accelerating Europe’s innovation process. The European Cyber Security

Organisation is the European Association that works in cooperation with the European

Commission, member organisations and industry associations representing the entire value chain

of the cybersecurity landscape.

This report reviews the progress of ECS cPPP in 2018 in relation to these objectives under the

H2020 R&I programme, and in terms of the added value it provides to the European cybersecurity

landscape.

While supporting the implementation of the cPPP, ECSO has also closely followed and supported

the proposal and definition of several EU cybersecurity policies. This activity should be considered

as fundamental for the effective success of the cPPP as the development of the European

cybersecurity ecosystem is essential for the R&I results under H2020 to find a suitable place for

adoption and use by the market.

2018 saw the implementation of key EU legislations and regulations, such as GDPR and the NIS

Directive. The finalisation of the Cybersecurity Act is also important for the future impact of ongoing

developments in H2020 projects, especially as concerns the European certification framework and

the future certifications that will be requested to technologies, systems and services. These

legislations, once adopted / transposed at national level, will have a major impact on the design

and use of technologies, services and procedures developed in H2020 projects.

2018 also saw the first proposal for the future MFF, with important suggestions for investments in

cybersecurity, both at research level (in Horizon Europe) and at capacity building level (DEP –

Digital Europe Programme and CEF – Connecting Europe Facility). The deployment part, in

particular, can be considered as relevant for the present cPPP as future projects funded by these

instruments will also likely use solutions developed under H2020 cPPP projects.

Linked to these envisaged future programmes is the regulation on competence centres (also

proposed in 2018 and still under discussion). This envisaged regulation will have a major impact

on linking cybersecurity competence centres at European level, in order to benefit from synergies

across Europe for the use of different competences (also developed by the present H2020 / cPPP

approach) according to users’ needs.

In this context, while supporting the priorities for H2020 and the cPPP, ECSO has cooperated with

the European Commission, the Parliament and the Council to suggest the definition of the future

EU architecture and future EU programmes on cybersecurity, as this will have a major impact on

the effective success of results of the cPPP. For this reason, ECSO has also supported the 4

winning ICT-03 proposals in 2018 for pilots on network of cybersecurity competence centres, where

ECSO members represented almost 50% of the proposals’ consortia.


2



3


MAIN ACTIVITIES AND ACHIEVEMENTS in 2018

2.1. Implementation of the relevant 2018 calls for proposal

There are nine main calls for proposals that can be attributed to the cPPP’s activities:

• SU-ICT-01-2018: Dynamic countering of cyber-attacks (seven projects started between

end of first half and second half of 2019)

• SU-ICT-03-2018: Establishing and operating a pilot for a Cybersecurity Competence

Network to develop and implement a common Cybersecurity Research & Innovation

Roadmap (four projects started first half of 2019)

• SU-ICT-04-2019: Quantum Key Distribution testbed (one project started on September

2019)

• SU-DS01-2018: Cybersecurity preparedness - cyber range, simulation and economics (two

projects started on September 2019)

• SU-DS04-2018-2020: Cybersecurity in the Electrical Power and Energy System (EPES)

(three projects for the 2018 call started between end of first half and second half of 2019)

• SU-DS05-2018-2019: Digital security, privacy, data protection and accountability in critical

sectors (two projects for the subtopic funded for the 2018 call and started on July 2019)

• SU-TDS-02-2018: Toolkit for assessing and reducing cyber risks in hospitals and care

centres to protect privacy/data/infrastructures (seven projects started between December

2018 and January 2019)

• SU-TDS-03-2018: Raising awareness and developing training schemes on cybersecurity

in hospitals (one project started on December 2018)

• SU-INFRA01-2018-2019-2020: Prevention, detection, response and mitigation of

combined physical and cyber threats to critical infrastructure in Europe (three projects for

the call in 2018 started between May and June 2019)

The average Time-to-Grant is 240 days.

The successful launch of the first H2020 projects allowed the advancement of R&I goals defined in

the ECSO SRIA document and the identification of areas that will be covered by the results and

outcomes of the projects. An initial analysis of the topics identified possible areas of further

investment which were considered for the update of the Work Programme for the 2020 calls.

The analysis of the projects selected and funded for the 2018 calls is presented herein and is solely

based on the topics that will be addressed by the projects, as well as their potential impact on

strengthening the European cybersecurity ecosystem. As part of the contract and the ECS

partnership, the ESCO SRIA v1.2 contributed to the definition of the priorities of the calls indicated

in the European Commission Working Programme for 2018 – 2020. An overall analysis identified

a very good alignment between the priorities identified by the private sector and those present in

the EC Working Programme. In the following paragraphs we will present the analysis of both


4


ongoing and recently granted projects, which are funded under the ECS cPPP framework. We will

also assess their relevance to the ECSO SRIA strategy.

The call SU-ICT-01-2018 addresses solutions for cyber-attack management, both in terms of

protection and response and recovery. GUARD and SIMARGL focus on the prevention side.

GUARD will develop an open and extensible platform for advanced assurance and protection of

trustworthy and reliable business chains, spanning multiple administrative domains and

heterogeneous infrastructures, by considering security-by-design principles with enhanced

inspection and detection techniques, raising situational awareness at different levels of the

companies’ structure. The SIMARGL project focuses on prevention with the intention to significantly

improve malware and stegomalware detection. The SOCCRATES project will develop and

implement a new security platform for Security Operation Centres (SOCs) and Computer Security

Incident Response Teams (CSIRTs) that will significantly improve an organisation’s capability to

quickly and effectively detect and respond to new cyber threats and ongoing attacks. CyberSane

addresses the management of cybersecurity incidents from warning to response, specifically

targeting European Critical Infrastructures. SAPPAN will provide a cyber threat intelligence system

by developing a platform for sharing and automation to enable privacy preserving and efficient

response and recovery utilising advanced data analysis and machine learning. The C4IIoT

addresses Industrial IoT and will build a unified IIoT cybersecurity framework for malicious and

anomalous behaviour anticipation, detection, mitigation, and end-user informing. The nIoVe project

targets the Internet-of-Vehicles (IoV), with emphasis on the Connected and Autonomous Vehicles

(CAVs) ecosystem, and focuses on all aspects linked to cyber threat intelligence, including

response and recovery activities.

The ECSO SRIA identifies the need to invest and focus on incorporating additional security-specific

components and processes into any system to make it more robust, resilient and secure. These

security sub-systems include prevention with the aim to prevent attacks in succeeding. It includes

processes to achieve security by design, reducing attack surfaces through appropriate

configuration of system elements and means of assisting the users in handling security-related

tasks (e.g., credentials management tools), vulnerability scanning, penetration testing, patching,

and also deployment and operation of protective/preventative controls such as firewalls, intrusion

protection systems, etc. The objective is to provide high-assurance prevention and protection. On

the other hand, other important aspects of secure sub-systems are response and recovery.

Response means to take appropriate and timely actions in response to detection of attacks or other

suspicious activity, in order to disrupt them, mitigate their impact, investigate their origins, etc.

Responses include the sharing of information with other organisations in order to prepare them for

similar attacks and to co-ordinate actions. Digital forensics technologies and activities are a part of

response and also provide key contributions to recovery operations planning. Recovery aims to

restore the system to normal operation following an attack. It may include measures to ensure that

similar attacks will not be successful in the future, or at least that they will have less detrimental

impact.

The projects under the call SU-ICT-03-2018 are expected to strengthen the EU's cybersecurity

capacity and tackle future cybersecurity challenges for a safer European Digital Single Market.

Establishing and operating a pilot for a Cybersecurity Competence Network to develop and

implement a common Cybersecurity Research & Innovation Roadmap. The 4 projects funded in

this call, CONCORDIA, ECHO, SPARTA and CyberSec4Europe look at aspects that ECSO has

recognised the importance of, not only in the SRIA but also in the Industry Proposal, such as

certification, cyber ranges, vertical domains and value chain, international cooperation, and skills.


5


The call SU-ICT-04-2019 focuses on building an experimental platform to test and validate the

concept of end-to-end security, providing quantum key distribution as a service. The OPENQKD

project, recently started, aims to create and test a communication network infrastructure with a

built-in quantum element, using Quantum Key Distribution (QKD). The ECSO SRIA identifies

several areas of research and innovation linked to quantum computing and quantum

communication, such as migration to post-quantum cryptography, development of new quantum-

safe crypto methods and algorithms for both asymmetric and symmetric cryptography, including

their integration in security protocols, and evaluation criteria for quantum-resistant public key

cryptographic standards and implementations. In addition, the ECSO SRIA strategy indicates the

importance of designing quantum resistant crypto technologies with a smaller cyber innovation

cycle, enabling to meet the challenges of future threats and market opportunities in Europe.

The SU-DS01-2018 call is considered a continuation of the topic DS-07-2017, with the intent to

develop, test and validate highly customisable dynamic simulators serving as knowledge-based

platforms accompanied with mechanisms for real time interactions and information sharing,

feedback loops, developments and adjustments of exercises. The three projects funded under this

call address different domains. SPIDER addresses the 5G network and its services. The

FORESIGHT project aims to develop a federated cyber range solution that collaboratively brings

unique cyber security aspects from the aviation, smart grid and naval domains. The third project

Cyber-MAR focuses on the maritime logistics value chain.

The ECSO SRIA indicates the importance of developing new cyber ranges and simulation

techniques, including a strict focus on education and training. These actions are necessary if we

want to empower individuals and organisations for situational awareness and cyber threat

detection.

The call SU-DS04-2018-2020 focuses on the cybersecurity challenges in the Electrical Power and

Energy System (EPES). The objective is to make those systems more resilient to cyber-attacks

and reduce their exposure to potential vulnerabilities. The EnergyShield project will develop an

integrated toolkit covering the complete EPES value chain. The toolkit should include technologies

for vulnerability assessment, monitoring and protection, and learning and sharing. PHOENIX will

offer a cyber-shield armour to EPES infrastructure enabling cooperative detection of large scale,

cyber-human security and privacy incidents and attacks, guarantee the continuity of operations and

minimise cascading effects on the infrastructure itself, the environment, the citizens and the end-

users at a reasonable cost. The SDN-microSENSE project will focus on a set of secure, privacy-

enabled and resilient to cyberattacks tools to address the normal operation of EPES as well as the

integrity and the confidentiality of communications, thus looking at SDN-based technology.

The ECSO SRIA identifies the need to address the challenges of the following energy

infrastructures: smart energy grids, smart home, Distributed Energy Resources (DER) and

centralized energy generation. There is a need to develop new security solutions preventing

illegitimate access and covering control access mechanisms, addressing early detection of threats

including techniques to avoid their propagation, as well as response tools. Data protection and

privacy concerns should be considered mainly when sensitive data are collected from smart

devices such as sensors. New security approaches to detect and isolate the different threats early

are key for the energy systems as the wide variety of threats will have potentially large impacts on

the energy infrastructures and their components, from smart meters to relays, including software

components, as well as the SCADA systems. Impacts on safety mechanisms which are of major

importance in the energy context should also be covered. Solutions should provide response and


6


notification tools (technical and organisational) to security alerts coming from intrusion detection

tools, as well as for disaster recovery techniques in case of incidents. Some of the main challenges

for energy systems are the mix between legacy systems and new technologies, interdependency

between safety and security, and highly distributed and resource constrained systems to control

and prevent cascading effects.

The call SU-DS05-2018-2019 addresses data security and protection for the critical sectors. The

2018 call focuses only on the financial sector and in particular addresses the need for technologies

for digital security, privacy and personal data protection. The SOTER project aims at increasing

cyber resilience by providing a comprehensive set of tools to increase the cybersecurity level. On

the other hand, the CRITICAL-CHAINS focuses on the integration of Cyber Physical Systems in

the financial sector by delivering a novel triangular accountability model and integrated framework

supporting accountable, effective, accessible, fast, secure and privacy-preserving financial

contracts and transactions to protect against illicit transactions, illegal money trafficking and fraud

on FinTech e-operations.

ECSO considers the finance sector as the backbone of economic development, identifying cyber

risk management as a top priority for the financial industry. The increasing number and frequency

of sophisticated cyber-attacks to the banking sector highlights the need to develop a

comprehensive cybersecurity framework to protect the integrated financial market and to combat

cyber fraud with the aim of enhancing the resilience of financial systems. This includes looking at

the management of cyber-secure supply chains, and aspects linked to privacy, data protection, and

data integrity.

The calls SU-TDS-02-2018 and SU-TDS-03-2018 focus on the health sector and in particular on

hospitals, with the aim to reduce the cyber risks to the former and to raise awareness and develop

training schemes for the latter. Under the SU-TDS-02-2018 call, the PANACEA project looks at

solutions for cybersecurity assessment and preparedness of Healthcare ICT infrastructures and

connected devices. ProTego will focus on advanced data protection measures to reduce the risks

in hospitals and care centres. CUREX will look into GDPR-compliant solutions for the secure and

private exchange of data, while SERUMS will focus on securing medical data to enhance personal

care solutions. FeatureCloud will look into solutions for minimising the potential of cyber-crime and

enabling first secure cross-border collaborative data mining endeavours. SPHINX will provide a

vulnerability assessment toolkit and ASCLEPIOS a secure cloud encrypted platform. The

SecureHospitals.eu project, funded under the SU-TDS-03-2018 call, aims to set up training

schemes and initiate training sessions for IT staff working in hospitals with the aim of improving the

knowledge of staff and in turn contribute to decreased vulnerabilities against cyber threats and

increased patient trust and safety.

ECSO considers the security of healthcare systems, services and applications as a major concern

due to the high privacy and confidentiality requirements of sensitive healthcare data. e-Health faces

many security challenges, most of them common to any critical infrastructure. Major specific

challenges include service resiliency against cyberattacks, prevention against data-leakage and

loss of patient data and identity theft. In particular, systems’ availability and business continuity are

the key components for providing seamless electronic healthcare services. Data security and

integrity represent another important challenge. The ECSO SRIA identifies the importance for

solutions to address patients, healthcare service providers, doctors and other professionals to

reduce the risk of cyber-attacks.


7


The SU-INFRA01-2018-2019-2020 call addresses the prevention, detection, response and

mitigation of combined physical and cyber threats to critical infrastructure in Europe. SecureGas

focuses on the European Gas network covering the entire value chain from production to

distribution to the users, providing tools and guidelines to secure existing and incoming installations

and make them resilient to cyber-physical threats. In particular, the project will also look at the

interdependent and interconnected European Gas grids to understand the impacts and cascading

effects of cyber-physical attacks. InfraStress addresses cyber-physical security of Sensitive

Industrial Plants and Sites (SIPS) Critical Infrastructures (CI) in order to improve resilience and

protection capabilities of SIPS exposed to large scale threats and hazards, and guarantee

continuity of operations. SATIE will look at the air transport infrastructure with the aim to improve

cyber-physical correlations, forensics investigations and dynamic impact assessment at airports,

while guaranteeing the protection of critical systems, sensitive data and passengers.

The ECSO SRIA identifies the need to invest and focus on the protection of critical infrastructures.

For this, we need the analysis of the risk aspects of the evolving technology in relation to legacy

systems, as it will help to achieve an adequate level of protection and risk management. The ever-

increasing use of IoT and Cyber-Physical Systems (CPS) to achieve a higher degree of automation

exposes critical infrastructures to new types of attacks. Thus, monitoring and threat detection tools

become of primary importance when reacting quickly to threats with a strong degree of automation,

in order to enhance the resilience and high availability of the systems and critical infrastructures.

2.2. Mobilisation of stakeholders, outreach, success stories

It is paramount for an Association such as ECSO to reach out to and foster the participation of the

entire European cybersecurity ecosystem. Since December 2017, ECSO has continuously

intensified its efforts to reach out to and mobilise stakeholders from the wider European

cybersecurity community.

From a membership perspective, in 2018, ECSO welcomed 39 new members across 30 different

ECSO countries1 counting therefore a total of 249 members in its membership base in December

2018. ECSO is also reaching out to all the members of its 22 associations, which represents a

Community of more than 2000 bodies.

Repartition across ECSO countries as of December 2018

AUSTRIA 8 ITALY 27

BELGIUM 15 LATVIA 1

BE -EU ASSOCIATIONS

8 LITHUANIA 1

BULGARIA 2 LUXEMBOURG 4

CYPRUS 6 NORWAY 4

1 ECSO countries include: Member States, EEA/EFTA countries, H2020 associated countries.


8


CZECH REP. 3 POLAND 6

DENMARK 5 PORTUGAL 4

ESTONIA 6 ROMANIA 2

FINLAND 8 SLOVAKIA 3

FRANCE 26 SLOVENIA 1

GERMANY 22 SPAIN 34

GREECE 5 SWEDEN 3

HUNGARY 3 SWITZERLAND 5

IRELAND 3 THE NETHERLANDS

17

ISRAEL 2 TURKEY 5

UNITED KINGDOM 8

In 2018, the ECSO Board of Directors approved the creation of a Communication Task Force to

boost the visibility of ECSO in 2018 though targeted communication campaigns, initiatives and

dissemination activities, as well as build stronger collaborations and synergies between members

and ECSO.

On 21st June, ECSO held its second General Assembly in Brussels, Belgium which was promptly

followed by a public event attended by 150 participants including ECSO members, partners,

potential new members, European Institutions representatives, agencies and associations. This

public session has become an annual gathering of cybersecurity stakeholders and allows ECSO

to not only present the evolution and the progress made in the framework of the cPPP and its

achievements, but also to promote other industrial policy initiatives such as those mentioned above.

ECSO participated and contributed to around 100 high-level European exhibition events,

workshops and conferences in 2018. ECSO further developed and established around 20 media

partnership proposals with well-known European events such as FIC (Lille), CYBERTECH Israel

9%

29%

9%2%

27%

24%

ECSO MEMBERSHIP BASE ACCORDING TO CATEGORY OF MEMBERS DECEMBER 2018

Associations Large companies and Users Public Administrations

Regions and Clusters RTO/Universities SMEs


9


and CYBERTECH Europe, Cybersecurity Summit Command and Control (Munich), CYBERSEC

(Poland and Brussels), HIMSS EU – Health 2.0, IOT Week, ETSI Security Week, EID Forum in

Estonia, Cyber Security Nordic, IT-SA Nuremberg, and others.

In November 2018, ECSO became one of the first supporters of the Paris Call for Trust and Security

in Cyberspace, the high-level declaration on developing common principles for securing

cyberspace.

2.3. ECSO governance

The ECSO governance model, extensively presented in the Industrial Vision document2, is based

on the three bodies: Board of Directors, National Public Authority Representatives Committee and

Partnership Board (see the scheme below).

Figure 1 ECSO Governance

2 http://ecs-org.eu/documents/ecs-cppp-industry-proposal.pdf

http://ecs-org.eu/documents/ecs-cppp-industry-proposal.pdf


10


There are no major changes in the ECSO governance in 2018 (for the details of each body please

refer to the First Monitoring Report3). Philippe Vannier (EVP Atos) has been reappointed as ECSO

Chairperson and Luigi Rebuffi is the ECSO Secretary General.

ECSO Working Groups have found a stable configuration and working rules, thus allowing a higher

efficiency in cooperation across working groups (also supporting the definition of priorities for

H2020 and cPPP monitoring).

3 https://www.ecs-org.eu/documents/uploads/progress-monitoring-report-2016-2017.pdf


11


MONITORING OF THE OVERALL PROGRESS SINCE THE LAUNCH OF THE CPPP

This section reviews the cPPP’s progress in 2018, based on data gathered from ECSO members

and H2020 beneficiaries via two separate questionnaires and targeted phone interviews. In

particular, we introduce the impact analysis of the seven KPIs, which include indicators specific

to the market relevant to the cPPP on cybersecurity as well as indicators relevant to all cPPPs.

3.1 Progress achieved on KPIs

KPI 1 – Assessing the cybersecurity R&I investment leverage factor

Community commitment: cybersecurity cPPP well on track in leveraging public investment by a

factor higher than 3

A major aim of the cybersecurity cPPP is to trigger common investment of the private and public

side in a jointly agreed Strategic Research and Innovation Agenda. In this respect, ECSO

presented the foundational guidelines for the setting up of the cPPP in its ECS SRIA document in

20164, which reflects the needs of the European cybersecurity industry. Accordingly, the ECSO

stakeholder community committed to increasing the level of EU funding allocated to R&I in

cybersecurity by a leverage factor of at least 3.

Already at this stage, where 62% of the expected funds have been allocated by the European

Commission, with most of the relevant projects still in their early stages and with a first

commercialisation and exploitation of the R&I project results not yet started, the ECSO community

can confirm the positive trend of the 1st period: the private counterpart of the cPPP is achieving and

exceeding the amount of investments foreseen when the cPPP was established in July 2016.

4 European Cybersecurity Strategic Research and Innovation Agenda (SRIA) for a contractual Public-Private-Partnership (cPPP) (2016), https://www.ecs-org.eu/documents/ecs-cppp-sria.pdf

https://www.ecs-org.eu/documents/ecs-cppp-sria.pdf


12


Figure 1 EC investments in cPPP (mln €)

Update on the assessment methodology used in the second period

The progress monitoring methodology is composed of three steps, including:

• Survey & phone interviews. In order to calculate the common KPI as defined in the PPP contract and the agreed methodology with the EC Services, an online survey was carried out between February and March 2019. The questionnaire was addressed to both ECSO members and H2020 participants engaged in cybersecurity relevant activities within the Framework Programme. This year, in order to address the EC’s request for a higher response rate, the ECSO Secretariat carried out a series of targeted phone interviews to several of its members to increase the amount of data used for the estimation of the private investment. After 2 months of data collection, 92 responses were received, reaching a response rate of 33% and confirming the target of 30% achieved last year. Here we would like to stress some critical elements in collecting R&D data. Often the person participating in the cPPP doesn’t have access to all the needed data on R&D investment in cybersecurity. In addition, the geographic perimeter of the investment is sometimes difficult to define: the differentiation between what is spent on R&I investment in Europe and what is spent at global level could be tricky, in particular for large corporates. On the other hand, cybersecurity as a vertical sector could be confused with other activities such as cloud and other business lines. Another element to be improved is the participation of H2020 beneficiaries to the questionnaires (27 answers in 2018). For the next period, the ECSO Secretariat reiterates its commitment to get ECSO members engaged in responding to the survey. In particular, the Association plans to make more extensive use of phone interviews.

• Data analysis. The survey responses were organised in clusters corresponding to the ECSO membership categories. The analysis of the cumulative data for the different categories revealed the presence of potential outliers. Hence, to reduce the impact of the potential biases (e.g. over- or under- assessment of the private expenditure in research) to the final results of the analysis, we have inferred the average amount of investment for each type of organisation by computing the percentiles (5-th-95th; 10-th-90th; 15-th-85th; 25-th-75th). To highlight the potential outliners for the largest populations, the extreme values were eliminated from further analysis if an extreme deviation from the indicated investment average was found. The average investment was then recomputed and multiplied by the number of survey participants belonging to that category.

71,46

207

278,46

450

0

50

100

150

200

250

300

350

400

450

500

2016-2017 period 2018 period 2016-2018Cumulative period

Total cPPP period2020

EC Seed Investments in mln €


13


• Qualitative data collection. The last step of the progress monitoring methodology is the qualitative data collection, based on the analysis of the organisations’ success stories and the real impact of investment on R&I projects.

The main biases from the methodology

When conducting the data analysis, we assume the presence of significant methodology biases

which can affect the results. The biases, such as the already discussed presence of potential

outliers, can easily alter the estimations of the private investment in R&I and the final calculations

of the leveraging factor.

As mentioned in the first periodic monitoring report, there are several reasons for such biases to

emerge. Firstly, R&I figures are often treated by companies as confidential information, which is

especially the case when dealing with the private R&I investments in cybersecurity. An

unwillingness to share specific data, even if it is an anonymous survey, reduces the response rates.

Among ECSO members, the highest response rate is from the Regions (57%), which is the smallest

category with 6 members (in 2018), from large companies (42%), and the RTO & Academia

category (40%). The response rate of SME’s can also be considered as significant (30%). We did

not receive any response from Associations, whose primary investment in R&I might be linked to

their participation in European projects and not significant for the estimation of the private

investment.

Secondly, ECSO membership categories contain many companies and organisations which are

different in size of cybersecurity R&I, as well as in types of business, ranging from B2B to B2C, to

B2G cybersecurity solution providers. Because of these differences, the estimated averages of

investments per category cannot be compared. In some cases, it might be difficult to differentiate

between the general R&I investments and cybersecurity specific R&I investments, or the

investments allocated to both business development and R&I units (especially in the case of

SMEs). For the 2018 period, ECSO also tried to collect data on the revenues of private

players in order to verify whether there is a correlation between the revenues and the R&D

spending amounts for each category, thus possibly inferring new data from public

information. Nevertheless, the analysis of the data did not reveal a specific trend between

R&D spending and annual revenues.

Even if the response rate of the survey is considered as sufficient by statistical means, some

answers do not meet the general assumptions and can be regarded as an underestimation of

investments received by the organisation. Figure 2 shows (on a logarithmic scale) the distribution

of the answers from each category and the median using all data points available. Only the

companies belonging to ‘Large companies’, ‘SMEs’ and ‘RTO’ categories have a significant enough

number of responses to plot the percentiles. The boxplots in Figure 2 depict the statistical data, in

particular, the maximum and minimum values, the median and the percentiles. The size of the data

points indicates the number of answers received per value.


14


To reduce the potential bias in the estimation of the average, which is used to compute the 2018

leverage factor, the outliers are removed for the three above-mentioned categories based on the

plotted percentiles. The average private investments injected into the cybersecurity market per

category in the 2nd reporting period is estimated (see Figure 3) taking into account the different

values of percentiles to identify the outliers.

Figure 3. Estimated private investment in 2018

Figure 2. The size of the private investment by different types of organization (January 2018 – December 2018). The size of the data points indicates the number of answers received per value.


15


In order to be conservative in terms of private investment and to limit the impact of the

potential biases inferred by the available data to compute the leverage factor, we consider

the 15th and 85th percentiles as the most likely values in our analysis and the impact market

growth rate on the estimation of 2018 private investment (see Figure 4).

The Direct leverage: cumulative financial contribution to all H2020 projects in the areas covered by

the cPPP strategic roadmap

The mobilised private investment in the context of the SRIA, and upon request of DG RTD, ECSO

has also continued to monitor other investments mobilised to support the execution of H2020

projects as a result of the initial investment from consortia partners. To calculate such amounts, a

specific question was addressed to all ECSO members participating in H2020 projects:

Please give an estimate of the overall additional contribution to all H2020 projects (e.g., additional

internal R&I funding and from innovation to the market) and in particular your indirect costs for the

project. This would take into account the overheads exceeding the 25% flat rate reimbursements

which are based on the reported direct costs and already available in the EU databases).

The total based on an aggregated 38 answers from ESCO members is 38,6 million euros. This

amount is considered as part of the overall R&D private investment. For the next year, upon

suggestion of the EC Services, ECSO will rephrase the question in order to better define the

perimeter of the direct leverage as part of the global investment.

The leverage factor assessment for 2018 and updated figure for 2017

Considering the 15th and 85th percentiles as the most likely values in our analysis, the investment

in R&I provided by the European cybersecurity industry in 2018 is estimated to be 1216 million

euros (see Figure 4) while the EC public investment from H2020 programmes related to

Figure 4. Private investment estimation for 2018 with corrected averages


16


cybersecurity amounts to 207 million euros. Given the amount of investments from the private and

public sectors and the minimum target of the leverage factor of 3, the total amount of investments

reached about 1400 million euros by the end of 2018. As expected, the main contribution (almost

65% of the total investments) comes from large companies, followed by the end-users and

operators, and RTOs. An explanation of such a high level of investment is mainly that cybersecurity

is becoming a critical political and economic challenge for both governments and businesses in

Europe.

As for the 1st period, the estimated leverage factor for 2018 is higher than the one foreseen at the

signature of the cPPP on cybersecurity (Figure 5). Given the growing awareness of cyber threats,

we expect that the private investments in cybersecurity technologies and services will continue to

grow in the upcoming years. Recent cyber-attacks have significantly raised the interest in

cybersecurity among society, businesses and politicians at the national, European and international

level.

Figure 5 Overall 1st and 2nd cPPP period leverage factor

Conclusions on the leverage factor for the overall cPPP period

The amount of the private investment since the launch of the cPPP is estimated to be €1.700 million

euros (aggregating the figures reported for the1st period 534 mln € and for the 2nd period 1216 mln

€), which overstep the 2016 objective of €1350 million euros of “industry investment” for the four

year cPPP. This result is a valuable indication to confidently estimate that the ECSO stakeholder

community invests in cybersecurity, leveraging the public investment ratio, as well as creates new

market opportunities and strengthens the European cybersecurity market.

2018 Success Stories of ECSO Members

Because the quantitative data tells us only half of the story, we asked our members to share their

success stories and provide a qualitative assessment on the R&I investment: mainly, how the cPPP

has benefited them in building the cybersecurity ecosystem and facilitating market development.

This section provides information about the concrete initiatives taken by our members, which serve


17


as a strong example of how the ECSO stakeholder community contributes to the development of

a competitive European cybersecurity technology ecosystem.

In terms of cybersecurity technology, ECSO members initiated several highly relevant projects.

S21sec, one of the main European pure cybersecurity players, developed in 2018 an internal R&D

project not directly funded through the H2020 programme and related to the “Development of a

module for phishing detection based on machine learning” (Project “PhisCheck”). The project is

highly aligned (directly and indirectly) with several of the areas and priorities highlighted in the

cPPP SRIA, including “Collaborative intelligence to manage cyber threats and risks”, “Remove trust

barriers for data-driven applications and services”, or “Intelligent approaches to eliminate security

vulnerabilities in systems, services and applications”. Within the “PhisCheck” project, S21sec

developed a module for the detection of phishing activities based only on proprietary technology.

For this development, S21sec’s internal team has researched and identified the most adequate

Machine Learning algorithms and the result was a module that processes over 5.000 entries per

minute, with a precision of 99%. By using machine learning algorithms, S21sec was able to

internally develop an advanced tool that is used to detect phishing activities with a precision of

99%. Being able to decrease the impact of these phishing activities within organisations is a quite

sought after capability by S21sec’s clients, since it contributes to tackle continuous threat exposure

by malware, reducing the potential impact of ransomware. As a result of this demand, S21sec

believes that the internal investment that was made on the R&I project “PhisCheck” will have a

direct return for the company, given its positive impact on the provision of services.

Among the RTO category, the Institute Information Technology at Jyväskylä University of

Applied Sciences continues its development of the RGCE Cyber Range (RGCE=Realistic Global

Cyber Environment) launched in 2013. RGCE is a closed environment that models the main

structures and services of the Internet, as well as the environments of various industries such as

financial operators, internet shops, telecom operators, internet service providers, road tunnel

operators and energy producers. The costs of the investment project are approximately 1,1 M€ and

they are totally covered by funding from national public organisations as well as from private

companies. With help of “Healthcare Cyber Range” –project during years 2019-2021, the RGCE

environment will be extended to the Healthcare sector, focusing on modelling of healthcare

systems and processes. As the result of the separate development project, the utilisation of the

Healthcare Cyber Range enabled the digital environment for healthcare to be explored and

developed in a dynamically changing field of operation. As an impact of these projects, the actors

in the healthcare sector will have improved capabilities to meet the constantly changing

cybersecurity requirements. Through the integration of cybersecurity expertise into the activities

and quality assurance of healthcare operators and industry players, the continuity and development

of the activities started during the project will be ensured.

As a result of an internal R&D research project, the Austrian SME Radar Services developed an

Automated Cyber Risk Detection for SMEs “Radar Smart Solution”. The project was pursued with

the goal of standardising and miniaturising Cyber Risk Detection capabilities into a small and

affordable format for SMEs, who don’t have the resources to fund a fully-fledged SOC/SIEM

solution. Based on its Enterprise technology built for larger organisation, RadarServices has thus

released a new product aimed at SMEs which provides full-scope cyber risk detection based on

network behaviour analysis, machine-learning based log correlation and vulnerability

management. This cloud-based service collects data by implementing a small sensor appliance in

the customers infrastructure and delivers all relevant information to a private European-Cloud

managed by RadarServices. There, automated analysis is performed by the machine learning


18


components, Cyber risk detected is being shown in a Cockpit to provide unparalleled insight into

the SME's Cyber risk status.

ElevenPaths, Telefónica Cybersecurity unit, developed the Document Intelligent Analysis

Respecting Intimacy of the Owner (DIARIO) project. This project in line with two areas covered by

the cPPP SRIA (Security validation and Dynamic Risk assessment and management), aims to

develop a new malware detection concept which scans and analyses documents in a static way

while keeping user's content private. The expected outcome consists of a TRL 7 demonstrator

about the feasibility of the technology and the advantages of the ML analysis with the privacy

safekeeping. This platform will be tested as an open beta, granting access to the platform to specific

users, so that they can give feedback and make comments about DIARIO’s capabilities, usability

and results. In terms of foreseen impact, the innovative approach based on parameters other than

by-signature detection or heuristics represents a complement to the detection of traditional

frameworks that would make a more efficient identification possible. Moreover, privacy is important

when talking about PDF or Office Documents, so special attention should be given to this type of

potential malware. In that sense, Eleven Paths expects the market to be more receptive to its

innovative solution due to the protection of the user’s private content and sensitive information. At

this stage, DIARIO is in a beta state and is ready to be included within Telefonica’s cybersecurity

portfolio. This conversion will set out all the requirements to become a commercial product,

including pre and production scenarios, marketing plan, legal assurance, product roadmap and the

additional service plan to manage the lifecycle and support its development in the future.

With regards to awareness activities and skills development, the Technology Ireland ICT Skillnet

Cybersecurity Skills Initiative (CSI) was launched in October 2018. The project involved many

Triple Helix stakeholders and is funded by Skillnet Ireland and the Irish Department of Education

and Skills. In conjunction with the current training, two programmes were developed in 2019.The

first one is the Commercial Cyber Aptitude Test which assesses employees’ and candidates’

behavioural attributes and cognitive aptitude to acquire the technical knowledge required in a cyber

role. It identifies the behavioural traits required for cyber roles such as: Adaptability. Compliance,

Dependability, Energy, Learning Orientation & Resilience. The second one is the CRA-QMark-IRL

which is a fully integrated and end-to-end Governance, Risk & Compliance management

information system. This integrated software and training support system allows smaller firms to:

Understand Cybersecurity Risk Management Principles and the Risk Management Process,

Undertake a Risk Assessment using the CRA-QMark-IRL and update this regularly, Identify any

weakness in their cybersecurity defensive strategy and operational procedures and Maximise

effective defence against cyber attack and effective recovery from such attacks


19


KPI 2 - New skills and job profiles

Cybersecurity jobs continue to be in high and growing demand in Europe5. In order to deliver fine-

grained insights on the workforce landscape, the ECSO Secretariat rephrased and completed the

questions related to the monitoring of KPI2.

In particular, following the recommendations of the European Commission to improve the

measurement of job creation in Europe, two main improvements should be highlighted here.

Firstly, the question on the existing workforce has been improved. In the 2017 exercise, we

noticed that the answer option “>100 employees” was misconceived and, in many cases, we were

not able to consider this answer, most likely because of the indefinite spectrum of the number of

employees. As such, for the 2018 period, we adapted the answer perimeter of the survey to allow

for more precise answers from participants.

As a result, we reviewed the 2016 baseline according to much more consistent data obtained in

2018 on the current workforce in Europe: we estimate that there were 140.000 employees working

on pure cybersecurity issues in 2016. We then proposed an updated figure for 2017 employees

(190.000) based on survey contributions received last year.

In 2018, the new version of the ECSO Survey on the creation of jobs highlights that the

partnership is on track comparing its target of yearly job growth of 10% growth rate of the

workforce. The data analysis shows that employment has grown between 2017 to 2018 by more

than 30% in large companies and SMEs and 25% in RTOs (fig.6). We can therefore estimate the

number of cybersecurity employees for 2018 at 280.000.

Figure 6 New skills and jobs creation in 2018

5 A study done (ISC)² found that there is a shortage of 2.93 million cybersecurity industry professionals in the word. In Europe and Middle East region this gap has been estimated at 142.000 professionals. Source: https://www.isc2.org/-/media/ISC2/Research/2018-ISC2-Cybersecurity-Workforce-Study.ashx?la=en&hash=4E09681D0FB51698D9BA6BF13EEABFA48BD17DB0

32,535,3

25

0

5

10

15

20

25

30

35

40

Large Companies SMEs RTO

Increase of employment in 2nd Period in %


20


This means that, with regards to the number of people employed in the sector, the European

cybersecurity industry has shown an important overall growth of +100% compared to the 2016

exercise and +47% compared to 2017 (fig 7).

Figure 7 Overall number of cybersecurity employees in Europe

Secondly, for the 2018 exercise, the ECSO Secretariat elaborated a list of existing job profiles in

order to map the evolution based on specific categories. Based on the list elaborated by Working

Group 5 on Education, awareness, training, cyber ranges, the 2018 survey results report that about

23% of new positions are for secure software engineers and 14% for security consultants.

This shows that demand for those positions has grown in line with the increasing cybersecurity

demand in companies. As regards the rise for the security consultant profile, this demonstrates that

companies are taking this aspect more into account, in addition to traditional consultant roles.

Figure 9. 2018 Cybersecurity workforce breakdown

140000

190000

280000

2016 2017 2018

Overall number of cyber security employees in Europe

Number of employees

23%

8%

6%

4%12%

9%

4%

14%

5%3%

9%3%

Cyber security workforce - 2018 new positions breakdown

Secure SW engineer Cybersecurity Project manager

IoT cybersecurity specialist Cloud security expert/developer

Security architect Data scientist

Cybersecurity compliance manager Security consultant

AI specialist Privacy technologies specialist

Ethical hacker/penetration tester Security manager/officer


21


In addition to developing jobs, cPPP projects and ECSO members were asked for the first time to

indicate emerging profiles of jobs created in 2018. For the 2018 exercise, new job profiles emerged:

behavioural analytics of cyber-attacks and social sciences experts. In order to monitor the market

trends of such new job profiles, we will enlarge the 2019 list of professional profiles with these new

identified profiles. Another relevant point to be mentioned here is that the graph of new positions

breakdown also shows the increasing trend of dividing functions between various lines of defences.

According to a report by the Global Technology Audit Guide (GTAG)6, one can distinguish between

three lines of defences when it comes to dividing the cybersecurity functions within an organisation.

The first line of defence refers to the owning and management of data, processes, risks, and

controls (this includes systems administrators and others responsible for safeguarding the assets

of the organisation). The second line of defence includes risk, control and compliance oversight

(these functions ensure that the first line processes and controls are in place and effectively

operating). Third line of defence refers to the internal audit activity which provides senior

management and boards with assurances on governance, risk management, and controls. The

ECSO Secretariat will continue to monitor the evolution of the job market for the 2019 period.

Developing skills for tomorrow’s European cybersecurity industry

As mentioned above, the European cybersecurity industry is growing rapidly. To support this

growth in the long term, we need to make sure that a growing and highly-skilled cybersecurity

workforce is available in Europe at all levels of technology development, from basic R&D to pilot

projects prior to market introduction, and all levels of production chain and hierarchy. In order to

keep up with the rapidly evolving nature of cybersecurity, it will also be increasingly important to

develop the workforce based on competencies rather than diplomas. The skills, knowledge and

competence of an individual should be the marker for whether they fit the requirements of a

particular job.

In 2018, ECSO working group 5 released two main documents.

- WG5 position paper on “Gaps in European Cyber Education and Professional Training”

In order to analyse existing academic education and professional training and how they address

different learning needs, and the opportunities for collaboration and knowledge transfer to bridge

the skill gaps, WG5 released a position paper in early 2018 on the gaps in education & professional

training. The paper highlights the changing nature of the field of education in that it may be expected

that the commercialisation of higher education, including the rising cost of education and growing

number of students, will lose students to affordable and widely accessible MOOCs, unless those

are effectively incorporated into the university teaching repertoire. Online courses scale better and

can sometimes offer the same level of knowledge at a cheaper price. However, institutions that

stick to strong academic values will find themselves equipped with a rich learning environment for

graduates of the information-age. Those institutions can discover the transformative potential of

modern technology, but the high quality of the institution will always have to come from inspired

teachers. The paper recommends that we find ways of retaining those teachers and strengthen

research excellence courses.

6 Global Technology Audit Guide (GTAG) (2016): “Assessing Cybersecurity Risk: Roles of the Three Lines of Defense”


22


In order to deal with the fact that we are not producing enough skilled experts that the industry is

urgently looking for, the paper also stresses the urgent need for a “constructive transformation of

higher education” which must rapidly react to such needs for high growth. To satisfy the growing

demand for skilled cybersecurity professionals, the paper calls for an expansion of educational

opportunities at all levels; an increase in the number of qualified educators; synergies between

educational paths and training possibilities at a workplace; outreach to the skilled unemployed and

displaced workers (workers who are not happy with their current profession); and the creation of

fundamentals of lifelong learning in cybersecurity.

Finally, the paper also stresses the need to ensure gender diversity and inclusiveness of

cybersecurity education and training, to inform and encourage girls and women to engage into

cybersecurity careers.

Note: it is on the back of this that ECSO decided in 2018 to start developing its Women4Cyber

initiative.

In 2018, the EHR4CYBER Task Force7 released an analysis paper on “Information and Cyber

Security Professional Certification”. The paper analysed existing certification and competence

frameworks in Europe and internationally, and provided some recommendations:

1. A comprehensive market study into the age structure and career history of information and cybersecurity professionals in the European market, training paths and industry demand should be conducted. This would enable better understanding for the actual number and growth of information cybersecurity professionals, as well as their career development needs and drivers, both upon entering as well as leaving the information and cybersecurity profession.

2. ECSO should support ENISA and the European standardisation bodies in the development of one European-wide certification scheme and baseline requirements for certification schemes to be met under the purview of public procurement, cybersecurity and critical infrastructure regulation.

3. In addition to this and to support the certification scheme, ECSO should coordinate the development of one European-wide education framework for cybersecurity. This framework needs to support young professionals (via formal education), existing professionals, and professionals joining the cybersecurity field at a later stage (i.e. after completion of formal education).

4. In the development of the certification scheme as well as the education framework, representatives from existing initiatives at national level should be involved to make this a joint effort.

5. The education framework needs to be internationally recognised and accepted. Cooperation with other parties like NIST (US NICE framework) is recommended

7 ECSO’s European Human Resources Network for Cyber (EHR4CYBER) Task Force launched in 2018 creates awareness among decision makers (private companies, regional / local administrations, national / EU administrations) about the need to develop education and training measures which will address the demand in the cybersecurity field. The target is to increase public and private spending in the relevant field to foster more possibilities of such education and training that recruiters are looking for, both in private and public sectors. The network also works on a common benchmarking system in cybersecurity recruitment, foster collaboration through the exchange of best practices, look into harmonisation of education and training procedures across Europe, develop and harmonise certification for diploma and specialties, as well as support the recruitment process of cybersecurity specialists. Reference; https://www.ecs-org.eu/documents/publications/5c593f623e979.pdf

https://www.ecs-org.eu/documents/publications/5c593f623e979.pdf


23


Based on this, EHR4CYBER organised a workshop with relevant stakeholders (CEN-CENELEC,

DG CNECT, ENISA, ISC²) in November 2018 in order to discuss the recommendations and

possible collaboration on this moving forward.

EHR4CYBER also started developing a mind map of job/competence profiles in cybersecurity in

order to map out the different possible career paths and required skills for a particular profile. The

aim is that this will provide the foundation for a common taxonomy on skills & competencies that

can be used by different stakeholders (and HR departments), in addition to the existing frameworks

(e-CF, NICE, etc.).

EHR4CYBER also started the analysis of the required functionalities for a job platform for

cybersecurity in Europe and is piloting these functionalities through the “human resources pillar” of

the hub set up by the Cyber Valleys project (link to regional policy and ECSO WG4 activities).

KPI 3 – The participation of SMEs in R&D projects

The cPPP on cybersecurity has a strategic objective (which is one of the common KPIs for all

cPPPs) – to ensure that at least 20% of the unique participants involved in cybersecurity calls

funded under the cPPP framework are SMEs, start-ups or high-growth (50+% increase in annual

revenue) companies specialised in cybersecurity. For that reason, the monitoring analysis of H2020

projects doesn’t take into account the SMEs specialised in consultancy, marketing and

communication, or coordination of R&D projects.

The results of the Monitoring Report 2018 show that 15% of unique participants in H2020 projects

are SMEs specialised in cybersecurity. This situation confirms the trend which already

emerged in 2017 and the causes of this drop need to be further analysed.

Upon suggestion of the EC Services during the May 2018 Partnership Board, we collected

information related to SME participation in H2020 proposals in order to monitor the % of SME’s

in proposals (not just winning projects)8. The results show that 24% of total applications are

coming from SME organisations requesting the 21% of the total EU contribution for H2020

projects. Nevertheless, the data available from the H2020 Dashboard are aggregates of SMEs

without any specific indication of the market category (pure cybersecurity or consulting companies).

As such, it is difficult to verify whether there exists a correlation between the winning consortia with

SMEs and eligible H2020 proposal. Moreover, it could be interesting to explore further and

understand the reasons for the decreasing participation of SMEs from the proposal to the winning

phase. A much more in depth analysis will require a cooperation between ECSO and EC Services

and in particular RTD services in charge of the public version of H2020 Dashboard: in order to get

more granularity, the list of SMEs participating to the proposal should be disclosed to provide a

better view and give an understanding of the data available on winning projects.

8 Source: H2020 Dashboard for proposals https://webgate.ec.europa.eu/dashboard


24


Figure 10. KPI 3 – Participation of cybersecurity SMEs in H2020

In order to respond to the general need of European SMEs for a stronger participation in

cybersecurity funding, the ECSO Secretariat is supporting two main initiatives that might result in

a stronger participation of SMEs to H2020 calls and more market visibility.

ECSO launched cybersecurity business matchmaking event series seeking private

investment for European SMEs

First, ECSO launched the cybersecurity business matchmaking event in 2017 in Tallinn and

continued in 2018 with three main events in Paris, Milan and Berlin. The aims of the ECSO

matchmaking event series are to raise awareness about the cybersecurity market within the

investor community, to support the cybersecurity industry in raising funds, and to ensure that

cybersecurity becomes a pillar of regional development. With the strategic objective to increase

the visibility of the European cybersecurity market players and reach out to different European

cybersecurity ecosystems, each edition of the event is organised in different European cities,

together with local partners. For the three events, we received more than 100 applications from

across several Member States.

In particular, the 2018 event in Milan was organised with the support of EIT-Digital which offered a

tailored training session for SMEs aimed at preparing cybersecurity entrepreneurs for pitching a

solid investment plan with investors.

These findings show the concrete benefits of coordinating the private investor community and

SMEs looking for investment through ECSO, insofar as it provides SMEs with a unique opportunity

to network with large enterprises and private investors and close potential rounds of investment.

18

1617

0

5

10

15

20

25

Pre cPPP (Baseline) 1st Period 2nd Period

Cybersecurity SMEs Participation in H2020 projects in %

Cyber security SMEs Participation in H2020 projects in % Participation in %

Cyber security SMEs Participation in H2020 projects in % Target 2020


25


While it is difficult in general (if not impossible) to have a quantitative feedback of the investments

following our Roadshow for confidential / competition issues, we can mention the deal closed

between two companies which met for the first time in Berlin. Sweepatic, a Belgian cybersecurity

reconnaissance platform monitoring internet-facing assets to protect companies against cyber-

attacks, has secured 1 million EUR from eCAPITAL’s Cybersecurity Fund and eCAPITAL

Technologies IV Fund in a Series-A funding round. Sweepatic will use eCAPITAL’s investment to

boost its growth by strengthening management and accelerating the product development through

expanding the technical team with senior hires and further building the sales & marketing and

partner organisation.

Figure 2 SME participations to ECSO Investor Days in 2018

Linking the cybersecurity cPPP with regional Smart Specialisation Strategies (S³).

The second flagship dedicated to SMEs is the Cyber Valleys Project funded by DG REGIO under

the Pilot Action on Smart Specialisation Platform. Following the identification of regions with an

investment priority in cybersecurity in the Smart Specialisation Programme, the objective of the first

year of the Pilot Action was to set the proper conditions to build a European Interregional

acceleration programme to support local SMEs to access the European market in the framework

of the smart specialisation strategy of the European Commission as well as to initiate co-design

technology offering with SMEs coming from other regions.

The Brittany region (France) was selected to lead the newly created cybersecurity initiative

involving 5 regions in 2018: Estonia, Central Finland, Castilla y Leon, North Rhine Westphalia and

Brittany. A tangible result of the pilot action is the dynamic platform with a tool to search SMEs and

connect them to the broader quadruple helix community and cybersecurity stakeholders. So far,

460 players, including RTOs and SME have advertised their expertise and interest along the

cybersecurity value chain9.

99 The mapping of regional ecosystems is available on :http://tools.bdi.fr/annu_craft/cybersecurity.html?dashboard=1

https://s3platform.jrc.ec.europa.eu/cybersecurity

http://tools.bdi.fr/annu_craft/cybersecurity.html?dashboard=1


26


KPI 4 – Significant innovation

Regarding innovations, the second reporting period still cannot provide a full picture of the impact

achieved by the cPPP H2020 projects. This is due to the nature of the topic having a time to market

of solutions that could span from 1 to 3 years after the end of the project in some cases, and the

time span between the start of the projects and the release of their deliverables indicating the

innovation potential. The first H2020 projects falling under the scope of the cPPP on cybersecurity

started their activities only in mid-2017 and thus their results in terms of significant innovations

might not yet be fully available. The methodology that we use for the evaluation of the significance

of the innovation was presented in the first monitoring report and essentially relies on the Innovation

Radar10 which is based on two indicators: the innovation potential and capacity. The former

measures the commercial development of the innovation and its readiness to enter the market,

while the latter measures the capacity behind the innovations. Because the Innovation Radar

methodology provides a general framework, it can also be applied to analyse the results of

cybersecurity solutions and projects.

We also measure the significance of the innovation in terms of its impact on strengthening the

European cybersecurity ecosystem. The qualitative analysis demonstrates the importance and the

impact of the technology market in the short term, but also provide insights, even if less precise,

on its disruptive potential in the future (e.g. the impact of the innovations in a new cryptographic

library or secure protocol for communication). The report also takes into account both tangible and

intangible assets. The intangible assets do not have an immediate innovation on the market, but

they are relevant to understand how the know-how can be leveraged and exploited towards further

developing cybersecurity innovation and solutions.

The following tables (see below) provide the qualitative impact of the ECS cPPP for the projects

funded and reported during the first reporting period. The methodology leverages the analysis of

the existing cybersecurity ecosystem before the launch of the cPPP (pre-cPPP analysis) and

reported fully in the ECSO SRIA v1.2 (published in December 2017). The impact of the cPPP

projects funded under the H2020 framework programme will also be assessed qualitatively to

estimate the potential innovation of the projects. The innovation result uses public information

available on the project websites and the EC Cordis website, in addition to information collected by

the CSA Cyberwatching.eu on the market readiness levels of those projects that responded to their

survey (at the moment, only a few projects are among those in the cPPP calls). The tables will then

be updated with the information provided by the EC (see Annex III of the periodic activity report

template). Based on the information received by the EC, the following projects have overall

published 104 articles, of which 97 are peer-reviewed, and 1 patent was awarded.

10 European Commission. Innovation Radar: Identifying the maturity of innovations in EU-funded research and innovation projects. Available at https://ec.europa.eu/jrc/sites/jrcsh/files/booklet-a4_innovation_radar.pdf


27


cPPP Topic Summary Pre-cPPP Analysis Name Project EU

Contribution Summary Project Expected Outcome Innovation results

DS-06-2017

Cyber security

PPP:

Cryptography

Foreseen solutions

that go beyond

homomorphic

encryption (for

processed data),

anonymisation and

obfuscation

(including

measurement of

information leakage),

lightweight crypto for

tiny battery powered

devices,

implementation of

hardware and

software crypto and

its usage, token-

based authentication

mechanisms for

payment schemes,

privacy preserving

mechanisms and

post quantum

cryptography.

In recent years, companies have paid more attention to

the need to have an overall encryption plan or strategy

that is applied consistently within the organisation to

face the need to protect both sensitive data against

known threats (e.g. company IPR but also personal

information) and the confidentiality and integrity of the

data increasingly used in automated decisions for the

digitisation of industrial sectors. At the core of the

implementation of cryptographic algorithms, there is the

need to design and implement random number

generators and physically unclonable functions with

demonstrable entropy guarantees, otherwise state of

the art cryptography could fail. A solution was

investigated by the HECTOR project that proposed to

demonstrate this and combine it with hardware

efficiency and flexibility, in particular for constrained

embedded devices.

If we zoom in on data encryption, we consider mainly

three specific needs: data in transit, data at rest, and

data during the computation. While for the first two

there are cryptographic solutions available, lately

attention has turned to the third, and in particular to the

applicability of known or design of new cryptographic

solutions, such as homomorphic encryption. For

instance, the HEAT project aimed to validate and define

a Somewhat Homomorphic Encryption based tool and

validate it in different scenarios.

It is also worth mentioning research projects in the area

of cloud computing and privacy where solutions related

to obfuscation and anonymisation have been

investigated for specific scopes (CLARUS project) or

cryptographic security primitives have been evaluated

for the confidentiality and integrity of data processing

(TREDISEC).

FENTEC:

Functional

Encryption

Technologies

4.223.141,25 €

FENTEC will

address functional

cryptography to

allow processing of

encrypted data to

obtain a partial view

of the message

plaintext.

The main outcome of the project will be

new functional encryption schemes,

cryptographic tools API, and 3 prototypes

demonstrating new functional encryption:

privacy-preserving digital currency;

anonymous data analytics enabling

computation of statistics over encrypted

data; secure key and content distribution

communication protocols for IOT devices.

As indicated on the project website, the

mission is “to make Functional

Encryption readily available for wide-

range applications, integrating the new

paradigm into ICT technologies as

naturally as classical encryption.”

The project has

reached the laboratory

testing phase for

some of the

components

developed. To be

provided by the EC

PROMETHEUS:

PRivacy

preserving pOst-

quantuM

systEms from

advanced

crypTograpHic

mEchanisms

Using latticeS

5.496.968,75 €

PROMETHEUS

focuses on the

design of new

security and privacy-

preserving primitives

and protocols for

post-quantum

computing.

New tools leading to the design of

practical advanced protocols, like

anonymous credentials, digital cash or

electronic voting, that maintain users'

privacy against quantum adversaries.

The project has

achieved some

significant scientific

results showing how

to secure a family of

quantum-resistant

signature schemes

against certain side-

channel leakages. To

be provided by the EC

PRIVILEDGE:

Privacy-

Enhancing

Cryptography in

Distributed

Ledgers

4.527.917,50 €

PRIViLEDGE will

focus on blockchain

and distributed

ledger technologies

supporting privacy

(protection of

sensitive data such

Blockchain and distributed ledger

technology will be demonstrated through

four ledger-based solutions: (1) verifiable

online voting; (2) contract validation and

execution for insurance; (3) university

diploma record ledger; and (4) update

mechanism for stake-based ledgers.

According to the

project website, “In

2018, the project work

was mainly focused

on 1) research in


28


Still in the cryptography area, past and current research

has focused on specific needs addressing quantum

computing. The SAFEcrypto project focuses on a new

generation of practical, robust and physically secure

post-quantum cryptographic schemes based on the

hardness of problems in lattices. In addition to public

key agreement and digital signatures, SAFEcrypto

addresses the need to develop schemes for identity-

based encryption (IBE) and attribute-based encryption

(ABE). The PQCRYPTO project proposes to design a

portfolio of high-security post-quantum public-key

systems, and improve the speed of these systems,

adapting to the different performance challenges of

mobile devices, the cloud, and the Internet of Things.

Finally, it is worth mentioning the recommendations of

the ECRYPT-CSA with respect to Algorithms, Key Size

and Protocols. The CSA has published several reports

highlighting the state of the art in cryptography while

pinpointing the new challenges and research directions.

In the definition of the priorities highlighted in the SRIA

v1.2, ECSO has considered the current technological

innovations in cryptography, their potential applicability

to address the needs of the vertical sectors and new

potential disruptive technologies to guarantee a

sustainable and reliable cybersecure ecosystem.

as trade secrets and

personal

information),

anonymity and

decentralised

consensus.

privacy-preserving

cryptography and

cryptographic

protocols, 2) research

in multi-party

computation and

development of the

first published toolkit,

and 3) specifying use

cases and the

corresponding

requirements for

each.” To be provided

by the EC

Future TPM:

Future Proofing

the Connected

World: A

Quantum-

Resistant Trusted

Platform Module

4.868.890,00 €

Future TPM will

design and develop

a quantum-resistant

trusted platform

module with

provably secure

algorithms. The

validation will be

performed in online

banking

environments.

The mission of FutureTPM is to provide a

new generation of TPM-based solutions

including hardware, software and

virtualisation environments, by

incorporating robust and physically

secured Quantum-Resistant

cryptographic primitives.

In a nutshell, the expected outcomes of

Future TPM are: robust and provably

secure QR algorithms for TPMs and

contributions to standardisation effort at

EU level.

This will allow long-term security, privacy

and operational assurance for future ICT

systems and services. FutureTPM

solutions aim to also improve the security

of Hardware Security Modules, Trusted

Execution Environments, Smart Cards,

and the Internet of Things.

To be provided by the

EC

Table 1. KPI 4 – The analysis of significant innovations for the call DS-06-2017


29



Contribution Summary Project Expected Outcome

Innovation

results

DS-07-2017:

Cybersecurity

PPP: Addressing

Advanced Cyber

Security Threats

and Threat

Actors

This call aims to address

situational awareness,

cyber security threats,

and their management.

The expected outcome

are techniques such as

anomaly detection,

visualisation tools, big

data analysis, threat

analysis, deep-packet

inspection, protocol

analysis, etc as well as

interdisciplinary research

to counter threat actors

and their methods.

Those techniques are

meant to improve the

response to advanced

cyber-attacks. The

solutions should be

developed respecting the

European fundamental

rights, such as privacy.

The call also set the

definition of cyber ranges

and simulation

environments for training

to prepare organisations

in case of cyber-attacks.

The ECSO SRIA indicates the importance of

developing new cyber ranges and simulation

techniques, including a strict focus on education

and training. These actions are necessary if we

want to empower individuals and organisations for

situational awareness and cyber-threat detection.

Cyber ranges are also used to experiment novel

technical tools and services within the exercise

frameworks prior to their actual uptake in

operational environments. Cyber range

environments are not yet adequately supported by

tools that capture the necessary data that can later

be used for developing new strategies, products,

frameworks etc.

Previous efforts in this area focus on defining

specific tools. Among those, COSSIM (A Novel,

Comprehensible, Ultra-Fast, Security-Aware CPS

Simulator) provides a simulator specifically

designed for Cyber Physical Systems which is not

designed to train people but to obtain fast and

accurate results of these systems. FORTISSIMO

and FORTISSIMO 2 “provide one-stop, pay-per-

use, on-demand access to advanced simulation and

modelling resources including software, hardware

and expertise”. However, it was not built under the

cybersecurity perspective needed for the

preparation of cybersecurity professionals and the

definition of cyber ranges.

SPEAR: Secure

and PrivatE smArt

gRid

2.965.569,14 €

SPEAR project aims to define

new technologies for the

Smart Grids which help to

detect threats and develop

appropriate security solutions,

including the collection of the

forensic information to provide

evidence of the possible

attacks.

The expected outcome of SPEAR is the

design of tools for the timely detection of

evolved security attacks using big data

analytics, advanced visual-aided anomaly

detection and embedded smart node trust

management. This will be supported by

an advanced forensic readiness

framework for the necessary legal

evidence and by a communication

channel for mitigating the lack of trust in

exchanging sensitive information about

cyber-attack incidents.

To be

provided

by the EC

ASTRID:

AddreSing ThReats

for virtualIseD

services

2.932.297,50 €

ASTRID project focuses on

the microservice architectures

and virtualised services with

the aim to develop new

opportunities in situational

awareness.

The project aims at building situational

awareness through orchestration by

designing and delivering a modular

framework suitable for software

orchestration. ASTRID will develop a

common approach easily portable to

different virtualisation scenarios and will

validate the technology in plain cloud

applications and Network Function

Virtualisation.

To be

provided

by the EC

CYBER-TRUST:

Advanced Cyber-

Threat Intelligence,

Detection, and

Mitigation Platform

for a Trusted

Internet of Things

2.996.182,50 €

CYBER-TRUST seeks to

address the security of IoT

devices with the intent to

develop a cyber intelligence

platform.

The CYBER-TRUST project aims to

develop an innovative cyber-threat

intelligence gathering, detection, and

mitigation platform to tackle the grand

challenges towards securing the

ecosystem of IoT devices.

To be

provided

by the EC


30


In terms of situational awareness, the ongoing

PROTECTIVE H2020 project proposes to provide

greater cyber security capabilities.

From the analysis conducted before the publication

of the call, it was highlighted that the potential of

training remained largely under exploited, in terms

of catering to the actual needs of target trainees but

also as a source for new commercial offerings.

Analytics of environments require more automation

to enable better analysis, e.g. automate analysis of

situational awareness, risks and competences

profiling etc. The serious games environments are

also environments that can provide input to new

products development. Cyber ranges / serious

games environments are rarely used in educational

programmes to build practical, hands-on

competences of students.

CYBERWISER.EU:

Civil Cyber Range

Platform for a novel

approach to

cybersecurity

threats simulation

and professional

training

4.134.245,00 €

CYBERWISER.EU seeks to

develop an educational,

collaborative, real-time civil

cyber range platform.

The expected outcome will be a set of

innovative tools to generate highly

detailed exercise scenarios simulating

ICT infrastructures to be used for

cybersecurity professional training,

together with tools and solutions to

simulate cyberattacks and defensive

countermeasures and a set of highly

descriptive economic models for cyber

risk assessment and countermeasure

suggestion, to boost user training and

performance evaluation.

To be

provided

by the EC

REACT: REactively

Defending against

Advanced

Cybersecurity

Threats

2.726.461,25 €

REACT focuses on the

proactive measures to identify

and reach to potential attacks

and on the fortification

solutions to the potential

targets with passive and

active defence approaches.

The expected outcome of the project is a

mechanism that combines traditional

passive and active defence approaches

with new reactive modes of operation to

address software hardening and

immediately deliver effective patches by

selectively armouring the vulnerable part

of a programme.

To be

provided

by the EC

THREAT-

ARREST: Cyber

Security Threats

and Threat Actors

Training -

Assurance Driven

Multi-Layer, end-to-

end Simulation and

Training

4.988.837,5 €

THREAT-ARREST will

develop an advanced training

platform incorporating

emulation, simulation, serious

gaming and visualisation

capabilities to adequately

prepare stakeholders with

different types of responsibility

and levels of expertise in

defending high-risk cyber

systems and organisations to

counter advanced, known and

new cyber-attacks.

The THREAT-ARREST platform will

deliver security training, based on a

model-driven approach where cyber

threat and training preparation models,

specifying the potential attacks, the

security controls of cyber systems against

them, and the tools that may be used to

assess the effectiveness of these

controls, will drive the training process

and align it with operational cyber system

security assurance mechanisms to

ensure the relevance of training. The

platform will also support trainee

performance and programme evaluation

and adapt training programmes.

To be

provided

by the EC



31


cPPP Topic Summary Pre-cPPP Analysis Name Project EU Contribution Summary Project Expected Outcome Innovation

results

DS-08-2017:

Cybersecurity

PPP: Privacy,

Data Protection,

Digital Identities

The topic indicates

the need for new

solutions and tools

to support the

fundamental rights

in digital society

and, specifically, to

increase trust in

Europe’s digital

economy. Three

areas have been

identified and

addressed by the

funded projects:

privacy-enhancing

techniques (PETs),

GDPR in practice

and, finally, secure

digital identities.

Most of the funded

research activities

in the near future

will focus on GDPR

and its application

in practice.

Protecting identity is a top priority

for Europe, arguably more than

other regions in the world. On the

one hand, because identities and

user data are a key business

asset and, on the other hand,

because user privacy is a main

concern and sensitive data

should be protected. Offering the

technology to adequately handle

and protect identity would

position Europe at the peak of

innovation, besides guaranteeing

citizens’ rights and security – as

e.g. codified in the GDPR or the

Privacy-by-design provisions of

the eIDAS regulation.

Identity protection and privacy

are topics of general interest for

different markets since they are

transversal to several areas and

can be used for digital services.

Providing user-centric solutions

is very difficult. Nevertheless,

there are already projects that

deal with user-centric security

solutions, such as

SUPERCLOUD, COURAGE,

INSPECT2T, CASPER, etc.

Although the ECSO SRIA

strategy indicates the importance

of developing new privacy-

enhancing techniques, especially

in e-governance and public

administration, the funded

DEFeEND: Data

Governance for Supporting

GDPR

2.737.300,00 €

DEFeND seeks to develop a platform

to test GDPR compliance of

organisations.

DEFeND will deliver a platform which

empowers organisations in different sectors to

assess the compliance status, plan the

attainment of GDPR compliance and increase

their maturity in different aspects of GDPR.

The DEFeND platform will be tested focusing

on the GDPR compliance process for end-

users and on the GDPR implications for

external stakeholders in four different areas:

healthcare, banking, energy and local public

administrations.

To be

provided

by the EC

BPR4GDPR: Business

Process Re-engineering

and functional toolkit for

GDPR compliance

2.974.012,40 €

BPR4GDPR seeks to create the end-

to-end, GDPR compliant, intra- and

inter-organisational, ICT-enabled

processes at various scales, to

investigate PETs, and, ultimately, to

provide the Compliance-as-a-Service

(CaaS) solution.

The expected outcome of BPR4GDPR will be

a Business Process Re-engineering and

functional toolkit for GDPR compliance.

To be

provided

by the EC

PDP4E: Methods and tools

for GDPR compliance

through Privacy and Data

Protection Engineering

2.941.113,13 €

PDP4E plans to integrate privacy and

data protection techniques into existing

software tools so that the final products

will be GDPR compliant

The expected outcome of PDP4E will be tools

on data protection principles applications that

will empower developers to create products,

systems and services that better protect the

privacy and personal data of EU citizens. The

solutions will be demonstrated in connected

vehicles and big data on smart grid scenarios.

To be

provided

by the EC

PAPAYA: PlAtform for

PrivAcY preserving data

Analytics

2.949.417,50 €

PAPAYA focuses on untrusted third-

party data processors and the related

privacy concerns.

PAPAYA will design and develop dedicated

privacy preserving data analytics primitives

that will enable data owners to extract valuable

information from this protected data, while

being cost-effective and accurate. The

expected outcome is the deployment and

validation of “atomic” privacy preserving data

To be

provided

by the EC


32


projects cover these aspects in a

limited way and mainly focus on

providing relevant tools to test

GPDR compliance and develop

new data protection awareness

services. Nevertheless, the

implementation of these projects

will help to strengthen European

market and guarantee the

fundamental rights of the EU

citizens.

analytics modules, the underlying

cryptographic primitives, and the platform. The

platform will be validated considering a

healthcare analytics and web & mobile data

analytics applications.

SMOOTH: GDPR

Compliance Cloud Platform

for Micro Enterprises

2.986.061,25 €

SMOOTH focuses on creating GDPR

awareness to micro-enterprises and

assisting them in becoming fully

compliant with the regulation.

SMOOTH will develop an advanced cloud-

based platform for validating the GDPR

compliance of their privacy policies,

databases, as well as their tracking elements

in websites and mobile applications. The

platform will inform micro businesses of the

elements needed to be revised to avoid

potential fines.

To be

provided

by the EC

OLYMPUS: Oblivious

identitY Management for

Private and User-friendly

Services

2.564.480,01 €

OLYMPUS seeks to address secure

digital identities – Intrusion Detection

and Prevention Systems (IDPs) in

particular – to allow users to maintain

un-linkable identities with different

service providers and to achieve a

secure and interoperable European

identity management framework.

The project will develop an interoperable

European identity management framework

based on novel cryptographic approaches

applied to currently deployed identity

management technologies.

To be

provided

by the EC

PoSeID-on: Protection and

control of Secured

Information by means of a

privacy enhanced

Dashboard

2.541.208,75 €

PoSeID seeks to develop a dashboard

for the monitoring of the personal data

protection and for the controlling the

privacy settings, with the ultimate goal

of supporting GDPR compliance of the

services and products.

The expected outcome is a scalable platform

aimed at safeguarding the rights of data

subjects. The platform will rely on smart

contracts and blockchain technology.

To be

provided

by the EC



33



Contribution Summary Project Expected Outcome

Innovation

results

CIP-01-2016-17:

- Prevention,

detection,

response and

mitigation of the

combination of

physical and

cyber threats to

the critical

infrastructure of

Europe

The call CIP-01-2016-17

is dedicated to the

protection of critical

infrastructures, covering

both the physical and

cyber dimensions of

security. The objective is

to address the

challenges for one of the

following critical

infrastructures:

Communication

Infrastructure, Health

Services, Financial

Services. Water, energy

and transport critical

infrastructures were

covered in the 2016 call.

The ECSO SRIA identifies the need to invest and

focus on the protection of critical infrastructure. For

this, we need an analysis of the risk aspects of the

evolving technology in relation to legacy systems,

as it will help to achieve an adequate level of

protection and risk management. The ever-

increasing use of IoT and Cyber-Physical Systems

(CPS) to achieve a higher degree of automation

exposes critical infrastructures to new types of

attacks. Thus, monitoring and threat detection tools

become of utmost importance when reacting

quickly to threats with a strong degree of

automation, in order to enhance the resilience and

high availability of the systems and critical

infrastructures.

Several projects on ICT infrastructure protection

exist. Although a complete list is outside the scope

of this work, a partial list can be found on the SRIA

v1.2.

Critical infrastructures need solutions (i) to analyse

the risk aspects of the evolving technology

landscape, including migration to new and legacy

ICT systems, (ii) to propose risk mitigation

techniques to alleviate or prevent these risks, and

(iii) to ensure that the desired level of protection is

still available. Other aspects to consider are:

- The ability to deploy sophisticated patterns for ensuring that a deployed ICT system complies with a desired level of protection and risk management.

- The ability to deploy sophisticated trace, monitoring, and detection tools in order to rapidly detect existing and new threats and to verify that the risk profile and the protection measures are still pertinent.

RESISTO:

RESIlience

enhancement

and risk control

platform for

communication

infraSTructure

Operators

7.999.970,00 €

RESISTO addresses

Communication Critical

Infrastructures and will design

and develop tools, concepts,

and technologies for combatting

combined physical/cyber

threats. The solutions will be

validated across three verticals:

current, future (towards 5G) and

interconnected communication

infrastructures.

The expected outcome of RESISTO is

a platform for Communication

Infrastructure providing holistic

(cyber/physical) situation awareness

and enhanced resilience. The platform

should address the needs of operators

to take the best countermeasures and

reactive actions exploiting the

combined use of preparatory analyses

on risk and resilience, detection and

reaction technologies, applications and

processes, in the physical and cyber

domains.

To be

provided by

the EC

SAFECARE:

SAFEguard of

Critical heAlth

infrastructure

7.994.553,63 €

SAFECARE seeks to provide

solutions which aim to improve

physical and cybersecurity in

the health sector by developing

and promoting new technologies

to enhance threat prevention,

threat detection, incident

response and mitigation of

impact.

The expected outcome of the project

will be the definition of solutions to

address physical, cyber and cyber-

physical threats in concrete crisis

scenarios that will be tested in three

different hospitals. The goal is to create

a global protection system which will

cover threat prevention, detection,

response, and mitigation of impacts,

across infrastructures, populations and

environments.

To be

provided by

the EC

FINESEC:

Integrated

Framework for

Predictive and

Collaborative

Security of

Financial

Infrastructures

7.817.631,25 €

FINSEC aims to provide a

mature implementation of the

reference architecture (RA),

based on the enhancement and

integration of the novel solutions

from the partners (e.g. Anomaly

Detection, AI CCTV Analytics,

Risk Assessment Engines,

Collaborative Risk Analysis &

FINSEC addresses the financial sector and will design and implement a reference architecture for integrated physical and cybersecurity of critical infrastructures. The objective is to enable handling of dynamic, advanced and asymmetric attacks, while at the same time boosting financial organisations’ compliance to security standards and regulations. As a result, FINSEC will provide a blueprint for the next generation security systems for the

To be

provided by

the EC


34


- The ability to quickly and accurately react to threats.

- The ability to provide more resilient environments, able through management, monitoring and mitigation to autonomously face threats and continue offering services.

Management, Compliance), in

order to strengthen the security

of the financial sector.

critical infrastructures of the financial sector. FINSEC platform will be tested in five pilots: the SWIFT network and its connected cyber & physical assets, buildings and ATM networks, peer-to-peer payment infrastructures, small financial institutes, and insurance and risk management in public critical infrastructures

Table 4. KPI 4 – The analysis of significant innovation


35


KPI 5 – End-user participation

One of the main aims of the cPPP on cybersecurity is to promote a deeper involvement of end-

users in cPPP projects and thus to increase their participation to 15% in H2020 projects. For this

purpose, ECSO has established a Working Group 3 - Sectoral Demand, dealing with the market

applications according to eight sectors of activity and involving end-users in the discussion on the

SRIA-related topics.

Figure 12. KPI 5 - End-users participation in H2020 projects

The information about the 31 projects funded under the cPPP framework shows that 152 end-users

are among the 450 unique participants of cPPP H2020 projects with five end-users on average

representing different sectors11. These findings show a positive trend that could be attributed to the

rise of cyber risk as a priority for large companies and the publication of specific calls aiming to

develop tailored solutions to end-users needs and in particular critical infrastructures (e.g. SU-

INFRA01, SU-TDS-02 and SU-DS05) as well as the launch of the four ICT 03 Pilot Projects with a

strong orientation towards market applications of cybersecurity solutions.

KPI 6 – Dissemination and Communication

As mentioned above in 2018, the ECSO Board of Directors approved the creation of a

Communication Task Force to boost the visibility of ECSO in 2018 through targeted communication

campaigns, initiatives and dissemination activities as well as build stronger collaborations and

synergies between members and ECSO.

11 Please note that the information on SU-ICT-04-2019 are not yet available on Cordis/H2020 Dashboard.

12

10

22

0

5

10

15

20

25

Pre cPPP (Baseline) 1st Period 2nd Period

End-users participation in H2020 projects in %

End-Users Participation in H2020 projects in % Participation in %

End-Users Participation in H2020 projects in % Target 2020


36


ECSO built its communication and dissemination campaigns around specific initiatives designed

and launched by ECSO Working Groups such as the Business Matchmaking Events between

SMEs and Investors, Cybersecurity Investors Days, Cybersecurity Market Radar. In parallel, in

view of strengthening and increasing its position as a strong stakeholder in the European

institutional landscape, ECSO also established several Memorandums of Understanding with

European Bodies and other PPPs such as ETSI, CEN/CENELEC and 5G PPP to deepen

collaborations on standards and cybersecurity in the implementation of 5G, respectively. As one of

the European “ecosystem builders” ECSO has continued to establish strong relations and

collaborations with other European Union agencies and bodies such as ENISA, EUROPOL, EDA,

EASA, EIT Digital, EIB, etc. ECSO has also continued to maintain strong synergies with other

cPPPs including Factories of the Future, Big Data Value, 5G IA, euRobotics, etc., with the aim

of addressing cybersecurity challenges and investigating possible cooperation opportunities

for a comprehensive and effective implementation of a European cybersecurity strategy.

In 2018, ECSO also supported the setup of the 4 European Pilot Projects in the framework of

the European Commission’s proposal on establishing a European Cyber Centre and a Network

of National Competence Centres. These Pilot projects are largely composed by ECSO

members (40%) and therefore facilitate the support and coordination with the cPPP on

cybersecurity.

During the reporting period, ECSO can confirm that its communication activity is in full flight. ECSO

appeared in the media 50 times (compared to 53 in 2017), not including appearances in press

releases. ECSO participated and contributed to around 100 high-level (comparing to 97 in 2017),

European exhibition events, workshops and conferences. This year, ECSO further developed and

established around 20 media partnership proposals with well-known European events such as FIC

(Lille), CYBERTECH Israel and CYBERTECH Europe, Cybersecurity Summit Command and

Control (Munich), CYBERSEC (Poland and Brussels), HIMSS EU – Health 2.0, IOT Week, ETSI

Security Week, EID Forum in Estonia, Cyber Security Nordic, IT-SA Nuremberg, and others.

KPI 7 – Openness

The cybersecurity cPPP is based on an open and transparent community involvement through

ECSO addressing more than 250 organisations from 28 countries and reaching out to all the

members of our associations and regional ecosystems (more than 2000 bodies).

In 2018, the European Commission funded 31 cybersecurity cPPP projects under the H2020

framework (as per end of December 2018). The amount of investments injected amounts to 201

million euros. The overview of the approved projects shows that about 75% of the H2020

programme beneficiaries are non-ECSO members. This result confirms the trend reported in 2017.


37


Figure 13. KPI 7 – Openness

Within the framework of 31 cPPP projects funded by the European Commission, the financial

support received by ECSO members lies around 35% with regards to the 27% of ECSO members

in projects, which can be explained by fact that some of these ECSO members are among the

largest and most influential RTO organisations and companies in the cybersecurity field.

Figure 12. EU Contribution to cPPP participants (2018)

ECSO 27%

NON ECSO 73%

TOTAL

68.552.110 (ECSO members)

111.056.070 (non ECSO)

0

20.000.000

40.000.000

60.000.000

80.000.000

100.000.000

120.000.000

140.000.000

160.000.000

180.000.000

200.000.000

EU Contribution in Mln €

cPPP EU Contribution to participants 2018


38


4. OUTLOOK AND LESSONS LEARNT

Cybersecurity is a strategic domain for Europe and as such crucial for the current and future

competitiveness of European industries and life of citizens. By developing and providing the latest

cybersecurity technologies for the European society, the entire European ecosystem massively

supports the development and strengthening of Europe. This was the basic reason for the

European Commission to establish the ECS cPPP in 2016.

Over the last two years and a half, the main stakeholders of the European cybersecurity community

have been working together in ECSO to develop the Strategic Research & Innovation Agenda in

an open and transparent decision-making process and to promote its implementation in the

framework of Horizon 2020. The success achieved so far, even going beyond the R&D activities –

as highlighted above - underlines that we have struck the right path.

Europe will have to face huge challenges in the near future to protect the digitalisation of the

society, for instance on IoT security, or 5G security. Given the highly competitive cybersecurity

market, the coming years will be decisive for Europe to successfully overcome these challenges or

to avoid falling behind. In this context, the next European R&D framework will play an essential role

in promoting Europe’s strengths.

• ECSO is performing, is delivering and is having an effective impact on the European

cybersecurity ecosystem, also leveraging upon the cPPP initiative. The methodology jointly

defined with the EC Services in 2016 will continue to drive the monitoring of the cPPP.

Nevertheless, a more comprehensive analysis could be elaborated on the SME

participation and impact R&I investment if EC Services would be able to share some

operational information in their possession (e.g. data on innovation, new filter on type of

organisations).

• The ECSO governance is efficient and continues to have a high level involvement of

European stakeholders, involving end-users, cybersecurity providers as well local and

national public administrations.

• Analysis of SME participation would also benefit from the development of data availability

from the public version of the H2020 Dashboard for the purposes of benchmarking (that

reflect the type of SME), as well as more nuanced qualitative assessment of how European

SMEs benefit from and could contribute to the cPPP.


39


Annex I – Report on industrial policy activities

WG1 Standardisation, certification and labelling WG1

WG breakdown

Compared to the previous structure, WG1 has been re-organised into 3 different sub WGs to better reflect the activities:

• SWG 1.1 Self-assessment

• SWG 1.2 Third-party assessment

• SWG 1.3 Base Layer

No. of members subscribed to WG1: 141 organisations (329 experts/individuals)

WG meetings held: 4 general Face to Face meetings in 2018.

Main activities

Support to the Cybersecurity Act

After the publication of the Meta-scheme approach and the State of the Art Syllabus (SOTA)12,

ECSO WG1 has worked on the mapping between the assurance levels proposed in the Meta-

Scheme approach with those of the Cybersecurity Act13. ENISA and DG-CNECT were invited to

the ECSO WG1 meeting to discuss the topic extensively and potential synergies. The ECSO

secretariat was also invited to the European Parliament (ITRE committee) to discuss the

Cybersecurity Act with the rapporteurs and shadows of the ITRE and IMCO.

ECSO engaged in a continuous dialogue with the European Institutions and National Public

Administrations. Some conclusions that were drawn from the ECSO work and internal discussions

on the EU Cybersecurity Act can be summarised as follows:

• Experts from industry should be part of the decision process for the scheme selection and priority (The Union Rolling plan will be defined by the SCCG)

• Minimum common baseline security needs to be defined across sectors.

• Threat analysis and risk assessment as a source for security requirements.

• The scope of the certification should address the entire supply chain: what and how depends on the intended use.

• The level of assurance attained should consider the potential risk and the related impact of potential attacks linked with the product/service usage.

• Ethical hacking shall be legally allowed and enforced for high security; checklists are insufficient.

• There is a need for a common definition of the proposed assurance levels, i.e., assessment methodologies (evaluation) associated.

12 https://www.ecs-org.eu/documents/publications/5a60b8bf83f7c.pdf

13 https://www.ecs-org.eu/documents/publications/5a3112ec2c891.pdf

https://www.ecs-org.eu/documents/publications/5a60b8bf83f7c.pdf

https://www.ecs-org.eu/documents/publications/5a3112ec2c891.pdf


40


• Centrally steered harmonisation across CABs, NABs and National Certification Supervisory Authorities (NCSA) is crucial.

Glossary

The ECSO WG1 worked on a Glossary with the aim of collecting definitions of terms related to the

activity of ECSO’s WG1. Particular terms which are more likely to often be referenced inside this

working group were specifically presented together with their definition and the source of the

definition. Other more general glossary lists (for example addressing general IT security

terminology) were referenced, together with links for quick access. The document is used internally

to ensure uniform language and common references.

Workstreams on different type of assessments

The ECSO WG1 created two different workstreams, Self-Assessment and Third-Party

Assessment, to work on the practical aspects of the Meta-Scheme approach. The two workstreams

looked into the different types of assessment with the aim of identifying the criteria to decide on the

fit-for-purpose type of assessment. The outcome of this activity has recently been published in an

ECSO deliverable.

Engagement with other entities

European Standard Organisations: WG1 has seen the need to engage with the European

Standards Developing Organisations, to work together towards a common objective of

strengthening cybersecurity in Europe. Towards this objective, ECSO has signed the Memorandum

of Understanding with ETSI and CEN-CENELEC to establish important synergies to provide the

lesson learnt in case there is a current gap in standardisation as identified by the exercise to map

the existing certification schemes and standards with the challenges identified by the industry.

ECSO WG1 has regularly been invited to contribute to workshops and events organised by CEN-

CENELEC in 2018. ECSO Meta-Scheme Approach and the activities of WG1 were presented at

the ETSI Security Week 2018.

DG-CNECT: Bilateral meetings have been organised to present the current status of the activities.

DG-CNECT was also invited to ECSO meetings to contribute to the discussions to support the

Cybersecurity Act. ECSO has also contributed to the workshop organised in 2018 to present the

view on the European Certification Framework.

ENISA: A running dialogue has been established with ENISA to avoid duplication of work on

certification and to reinforce cooperation and maximise resources for future actions and events.

European Parliament: ECSO was invited to the European Parliament (ITRE committee) to discuss

the Cybersecurity Act with the rapporteurs and shadow rapporteurs of the ITRE and IMCO

committees.

JRC: ECSO discussed a feasibility study on Industrial and Automated Control Systems (IACS) and

SCADA with the JRC. JRC was invited to present the current activities at an ECSO WG1 F2F

meeting and then invited to contribute to the pilot study as one of the stakeholders.

WG2 Market deployment / investments / international collaboration

The objective of the WG2 is to provide ECSO members with a market knowledge, to propose and

foster an EU model for investments in EU cybersecurity for technology, and to establish a dialogue


41


with the main countries (US and Japan) and initialise a dialogue with developing countries. The

same WG oversees the cPPP monitoring.

WG breakdown

WG2 has been segmented into 4 different sub WGs:

• SWG 2.1 Market knowledge: market, products and stakeholders update

• SWG 2.2 Investments, innovative business models

• SWG 2.3 International cooperation, global competitiveness and support to export

• SWG 2.4 Dissemination & awareness; KPI monitoring


WG meetings held: 4 in 2018 (6 phone conference calls).

Main activities

Market Analysis

The aim of WG2 is not to start another market study from scratch, but to develop a common analysis

of the market moves – mainly in Europe. To do that, ECSO has supported the CIMA study led by

PWC and LSEC by organising national workshops with ECSO members. In addition, WG2 jointly

with WG4 has developed a common market taxonomy in order to design and deliver a market radar

of the existing cybersecurity solutions which should provide inputs to WG6 on a technological gap

analysis as well as investors on market opportunities. The first version of the Radar was released

on 6th November14.

Investments, innovative, business models

WG2 jointly organised the Investor Roadshow with WG4: ECSO Business Matchmaking events

aim to increase the visibility of the European cybersecurity market players and to foster the

European cybersecurity market consolidation. In order to reach out to different European

cybersecurity ecosystems, each edition of the event is organised in different European cities,

together with the local partners. The Chairs participated to the selection of start-ups and SMEs and

supported the running of the pitching sessions as well as the constitution of a unique investors’

community.

Monitoring methodology

WG2 first elaborated the monitoring methodology used in this report and then supported the analysis and data validation for drafting the monitoring report.

WG3 Sectoral Demand (market applications)

WG breakdown

14 https://www.ecs-org.eu/press-releases/the-latest-edition-of-the-ecso-cybersecurity-market-radar-is-out-now

https://www.ecs-org.eu/press-releases/the-latest-edition-of-the-ecso-cybersecurity-market-radar-is-out-now


42


WG3 is segmented into 8 different sectors, each represented by its own sub WG:

• SWG 3.1 Industry 4.0 and ICS

• SWG 3.2 Energy Networks and Smart Grids

• SWG 3.3 Transportation (road, rail, air, sea, and space)

• SWG 3.4 Finance, ePayments, and Insurance

• SWG 3.5 Public Services, eGovernment, and Digital Citizenship

• SWG 3.6 Healthcare, eHealth

• SWG 3.7 Smart Cities and Smart Buildings (convergence of digital services for citizens) and other Utilities


WG meetings held: 3 in 2018 (2 general meetings and 1 brainstorming workshop)

SWG meetings held: 2 in 2018 (1 on SWG 3.2 and 1 on SWG 3.8)

Main activities

Sector reports

As part of the WG task to assess the needs from the sectors across four aspects (landscape, user

engagement, sector specificities, and market study), five sector reports were publicly released in

2018. Available on the ECSO website15, they aim to provide a view from ECSO members on what

are the essential cybersecurity needs and requirements from the demand side with

recommendations on how to reflect these in the overall ecosystem.

Sector-specific workshops

In 2018, WG3 held 2 sector-specific workshops: one for energy, and one for telecom, media &

content. The aim of these workshops is to bring together ECSO members and users, utilities,

sectoral associations and relevant DG’s to discuss the main priorities and actions for the sector in

question and to elicit feedback from external parties on the needs and requirements expressed by

ECSO members in the sector reports.

The workshop on energy served to continue ECSO’s collaboration with key stakeholders in the

domain as well as DG ENER. ECSO was also invited by DG ENER as observer to the NIS

Cooperation Group’s Energy Workstream meeting.

The workshop on telecom, media & content was the first contact with stakeholders in the domain

and served to frame the initial elements for the sector report.

User engagement & collaborations

User engagement and outreach is an important task for WG3 as this WG aims to provide demand-driven requirements to other ECSO WG’s and externally via relevant policy channels. In 2017, this was done through:

• Bilateral meetings with sectoral associations

15 https://www.ecs-org.eu/working-groups/wg3-sectoral-demand


43


• Further building an internal database (excel) with the main users and associations for each sector

• Presenting ECSO at events and conferences with users as the main audience

Some key collaborations in 2018 include participation in the World Economic Forum’s Electricity

WG, attendance to EE-ISAC meetings, and a collaboration with Digital Europe on the transposition

of the NIS Directive (NIS Implementation Tracker).

ECSO also joined the HIMSS Partner Innovation Exchange (PIE) initiative in 2018. The HIMSS

Partners Innovation Exchange is an initiative to convene key digital health influencers to improve

healthcare through information and technology. Healthcare information technology is playing an

ever-expanding role in the transformation of healthcare delivery. Consequently, the digitisation of

healthcare has important security implications, and requires innovative cybersecurity solutions.

ISAC Position Paper

Having discussed the topic of European sector-specific ISAC’s and what should be done with

respect to these in terms of their setup, what they should achieve, and how to improve their

efficiency, a survey was conducted internally to analyse ECSO members’ assessment of the needs

and priorities for a European ISAC within their sector. The results of this survey were consolidated

and synthesised in a position paper, considering also the release of the ENISA study “Information

Sharing and Analysis Center (ISACs) - Cooperative models” released in February 2018.

Mapping of needs exercise

Based on the completed sector reports, WG3 also started a brainstorming exercise in 2018 on the

mapping of needs & requirements on a transversal level. The idea is to perform this as a continuous

exercise in order to cluster the different challenges to arrive at around 10 priority areas for the

verticals. The desired outcome would be a taxonomy of needs & priorities (from the demand side)

to feed into other ECSO WG’s (on standardisation, education, research, etc.) and EU policy

instruments.

Users’ Committee

In 2018, ECSO kicked off the activities of its Users’ Committee (UC) (linked to WG3). The UC has

been set up with the aim of gathering real Users/Operators from ECSO members (including large

companies that also have security needs), starting to build trust, attracting other Users/Operators

in the ECSO membership database (based on the trust reputation of the UC), providing

Users/Operators with a safe harbour to exchange sensitive information on cyberthreats and

possible solutions, and defining common needs to prevent/fight cyberthreats. A specific

governance and terms of reference for this group was set up. Being a member of ECSO is the first

guarantee to be part of the UC and candidacies must be sent to ECSO via an application that will

be forwarded to the UC Chairs for approval.

WG4 Support to SMEs and regions

The objective of WG4 is to focus on the following issues:

o Support the development of SMEs, start-ups and high growth companies

o Develop coordinated activities between clusters (both business oriented and triple helix), Regions and local bodies (for local implementation of solutions / educations)

https://www.digitaleurope.org/resources/digitaleurope-publishes-nis-directive-implementation-and-national-cybersecurity-strategies-tracker/

https://www.ecs-org.eu/documents/publications/5c0a6a3aac673.pdf


44


o Development of East and Central EU public and private sectors dealing with cybersecurity.

Segmentation:

• SWG4.1: SMEs, start-ups and high growth companies -

• SWG4.2: Coordination with activities in EU countries and regions -

• SWG4.3: Support to East and Central EU Members


WG meetings held: 6 in 2018

Main activities:

Support to SMEs

WG4 organised the Investor Days events jointly with WG2 which provide a unique forum for

European startups and scaleups, specialising in cybersecurity, to meet investors coming from

across Europe. In 2018, we organised 3 events gathering more than 70 startups/SMEs and 50

international investors.

SME Hub

WG4 elaborated the value proposition for design and setting of a SME Hub which is intended as a

market support and networking tool for European Cyber SMEs. It shall help SMEs to create more

market transparency and to reach out far beyond their traditional home markets, which are usually

nationally or regionally limited. The SME hub shall be a publicly accessible platform where SMEs

can register their company and define the services or products they offer in a predefined market

segmentation taxonomy. The Hub consists of three main functionalities: a Registry, a Label and a

Quadrant. The platform shall be open to all European Cyber SMEs, neutral and unbiased. It shall

be provided via a web platform which is easily accessible by potential customers. The governance

of structure, contents and criteria shall be done by a neutral governance body consisting of industry

participants, e.g. from ECSO WG4.

Support to regional Ecosystems/Smart specialisation on cybersecurity

Since its launch, ECSO has put a lot of effort into bringing in regions and regional players as key

stakeholders. In 2018, ECSO was in charge of the coordination of the Pilot Action on the Smart

Specialization Platform which gather 5 Regions (Brittany, North Rhine Westphalia, Estonia, Central

Finland and Castilla y Leon) The Cyber Valleys Pilot Action is an “Interregional innovation projects”

implemented within the framework of the Thematic Smart Specialisation Platforms (TSSP) and

funded by DG-REGIO. Through this pilot action the EC wants to accelerate the work done mostly

under the TSSP increasing the focus on bottlenecks to be removed to ensure the commercialisation

and scale-up of concrete investment projects among regions at the EU level.

Since 2017, ECSO is acting as the Single Partnership Coordinator of the Project led by Brittany

Region. The partnership is expected to deliver its recommendation on the use of the Component

V budget dedicated to the inter-regional cooperation by the end of 2019.

INTERREG CYBER for the strong European cybersecurity valleys (2018-2023)


45


As an Advisory Partner, the European Cyber Security Organisation (ECSO) brings to the project

its expertise on regional cybersecurity industrial policies, acquired in its Working Group 4 focusing

on ‘support to SMEs and regional cooperation’. The Bretagne Development Innovation agency is

the leading partner in CYBER. The project involves seven European regional partners, including

Institute for Business Competitiveness of Castilla y León (Spain), Tuscan Region (Italy), Digital

Wallonia (Belgium), Brittany Region (France), and Kosice IT Valley (Slovakia), Chamber of

Commerce and Industry of Slovenia (Slovenia) and Estonian Information System Authority

(Estonia). Interreg Europe CYBER aims to boost the competitiveness of European cybersecurity

SMEs by creating synergies between European cybersecurity valleys.

WG5 Education, training, exercise, raising awareness

WG breakdown

WG5 is segmented into three sub WG’s:

• SWG 5.1 Cyber Ranges Environments and Technical Exercises

• SWG 5.2 Education & Training

• SWG 5.3 Awareness

A Task Force has also been set up, linked to SWG 5.2, for the development of a European Human Resources Network for Cyber (EHR4CYBER)


WG meetings held: 2 in 2018

Main activities

Position Paper: Gaps in European Cyber Education and Professional Training

In 2018, ECSO released a position paper on gaps in education & training highlighting the need to bridge gaps and strengthen synergies between higher education and professional training16. To satisfy the growing demand for skilled cybersecurity professionals, we need to expand educational opportunities at all levels; increase the number of qualified educators; create synergies between educational paths and training possibilities at a workplace; reach the skilled unemployed and displaced workers (workers who are not happy with their current profession); and create the fundamentals of lifelong learning in cybersecurity. We also need to ensure gender diversity and inclusiveness of cybersecurity education and training, to inform and encourage girls and women to engage into cybersecurity careers. To achieve this, a working cooperation is needed between academia and industry which utilises and combines their available resources to ultimately strengthen the cyber domain together.

EHR4CYBER Analysis Paper: Information and Cybersecurity Professional Certification

Last year, EHR4CYBER released its first output document, an analysis paper on information and cybersecurity professional certification17. The paper mainly addresses the established and recognised Information and Cybersecurity Professional Certification schemes that helps to develop human resources. The paper is not meant to be exhaustive but serves to give an overview of

16 https://www.ecs-org.eu/documents/publications/5bf7e01bf3ed0.pdf

17 https://www.ecs-org.eu/documents/publications/5bf7e0d81b347.pdf


46


several existing certification schemes, both in Europe and internationally, to establish gaps and needed developments for the future. A follow up paper could be envisaged which would go deeper into the needs with possible concrete proposals (i.e. the establishment of an EU-wide certification and accreditation scheme as well as a European framework for professional development in cybersecurity). The paper does not deal with certification of products and services.

ECSO-Microsoft Cybersecurity Awareness Breakfast Series and subsequent Training Guide

In 2018, WG5 organised a breakfast awareness event series with its member Microsoft. The theme for week two of ENISA’s European Cyber Security Month in 2018 was “Expand your digital skills and education.” In line with this theme, ECSO and Microsoft collaborated to offer an in-person training to promote end-user education and improve cybersecurity literacy. The training took place over three 90-minute breakfast series and covered cyber threats, vulnerabilities and countermeasures unique to senior EU policy makers. Following the workshop series, a practical guide on cybersecurity awareness trainings was released by ECSO and Microsoft.

Workshop with EDA on the federation of cyber ranges

Having conducted an internal survey on cyber range capabilities and motivations towards a

federated approach, a cyber range workshop was organised in 2018 in collaboration with the

European Defence Agency (EDA) who have their own cyber range federation project. The aim of

the workshop was to align with EDA on cyber range approaches and agree on a baseline for

continued collaboration, focusing on opportunities and motivations for a federated approach. The

event established links between the private sector (industry and research) and EDA (Member

States), with around 50 attendees (33 from ECSO members). ECSO is in continuous dialogue with

EDA on this topic, also through its members that are part of the EDA project.

https://www.ecs-org.eu/documents/publications/5c925b318adcd.pdf

https://www.ecs-org.eu/documents/publications/5c925b318adcd.pdf


47


Annex II – Common Priority Key Performance Indicators

Key Performance Indicator (KPI)

Value in {2018} Baseline at the start of H2020 (latest available)

Target (for the cPPP) by the end of H2020 Comments

#1 Mobilised Private Investments 1216 million €

[estimation]

482 € million 1,8 billion € See the methodology for calculating private investment (p 11)

#2 New skills and/or job profiles + 32,5% for large companies

+35% for SMEs

+25% for RTOs

280.000 employees [estimation]

190.000 + 10% growth rate market

#3 Impact of a cPPP on SMEs 17% of participants of H2020 projects are SMEs specialized in cybers security

18% of participants of H2020 projects are SMEs specialized in cybers security

At least 20% of participants of the cyber security calls funded are SMEs, start-ups or high growth companies (50+% increase in annual revenue) specialized in cyber/ICT or users

#4 Significant Innovations 1 patent (awarded) 2 pending patent applications; 1utiliy model awarded

See the methodology for future comparison (p 26)


48


Annex III – Specific Key Performance Indicators for the cPPP

KPI domain Key Performance Indicator (KPI) Value in {2018} Baseline at the start oH2020 (latest available)

Target (for the cPPP) at the end of H2020

Comments

#5 User participation Monitor the participations of users in R&I activities

22% 12 % at least 15% of users / operators participating in cyber security projects funded by H2020.

#6 Dissemination and Communication

Number of dissemination and information actions for promoting the PPP activities to a broad range of public and private stakeholders.

80 17 events attended by the ECSO Secretariat and members in 2016 (estimation made by the ECSO secretariat)

30 events per year

#7 Openness Share of participation of ECSO members / non ECSO members in H2020 projects

27% of unique participants are ECSO members

30% 50% of ECSO members vs 50% non ECSO members


49


Annex IV – Contribution to Programme-Level KPI's

Key Performance Indicator

Definition/Responding to question

Type of data required 2018 Data

[European Commission]

Baseline at the start of H2020 (latest available)

Target (for the cPPP) at the end of H2020

Comments

1 Patents Number of patent applications.

Number of patents awarded

1

2 patent applications

1 utility model awarded

2 Standardisation activities

(project level)

Contributions to new standards

(PPP level)

Number of activities leading to standardisation

Number of working items in European Standardisation Bodies.

Number of pre-normative research files – prEN - under consultation in ESBs

3 Operational performance

Time-to-grant

Time-to-drant(average)

240 days

4 H2020 - LEIT - Number of joint public-private publications

Number and share of joint public-private publications out of all LEIT publications.

Properly flagged publications data (DOI) from LEIT funded projects

104, of which peer reviewed: 97