2017-2 CEF Telecom Calls: CEF-TC-2017-2: Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT
CEF-TC-2017-2: Cyber Security Funding under this call will allow the Member States to limit the economic and political damage of cyber-attacks, while reducing the overall costs of cyber security for individual Member States. This will be achieved by the development of national capabilities and by facilitating connections to the information exchange cooperation mechanisms that will allow Member States to co-operate and respond early enough to prevent, detect or mitigate cyber security incidents that may affect their network and information systems, making European digital networks more secure for their citizens Financial Support Instrument: Grants for Generic Services Budget: 12 million EU funding: up to 1,000,000 per action Co-funding rate: Up to 75% of the eligible costs of the action Pre-financing:50% within 30 days after signed grant agreement, balance on completion Indicative duration of the actions: 24 months 2
Eligibility Proposals may be submitted by a single CERT/CSIRT or by a consortium of several CERTs/CSIRTs based in one or more Member States Primarily focused on national/governmental (n/g) CERTs/CSIRTs Each applicant must provide a written confirmation from the concerned Member States Ministry that an applicant has been designated as either n/g or sectoral CERT/CSIRT 3
Legal framework The Cyber security DSI is underpinned by the Security of Network and Information Systems (NIS) Directive (2016/1148) Generic Services under this DSI will support the development of operational capacity in Member State CSIRTs in accordance with Article 9 and Annex 1 of the NIS Directive Generic Services will also facilitate swift and effective operational cooperation between Member State CSIRTs via access points to the CSP - cooperation mechanisms for information exchange in accordance with Article 12 of the NIS Directive (CSIRT Network) 4
Objectives The specific objective in 2017 is to support Generic Services provided by n/g CERTs/CSIRTs in all the Member States, building on their interoperability with the Core Service Platform information exchange cooperation mechanisms established via the SMART 2015/1089 project This call is primarily focused on those Member States who did not receive funding under the previous cyber security call (i.e. CEF-TC-2016-3) 5
Objectives Funding will be granted as an incentive for Member States to develop their cyber security capacity for participating in the cooperation platform and mechanisms under deployment in the project SMART 2015/1089, including one or both of the following: 1. Activities for increasing the preparedness of the n/g CERTs/CSIRTs (e.g. development or acquisition of better tools for analysis, identification, and detection of threats, awareness campaigns ancillary to capabilities development, maturity assessment and development encompassing governance and legal compliance, services to local agents) 2. Establishment of access points from the n/g CERTs/CSIRTs to the Core Service Platform - cooperation mechanisms (e.g. secure devices and software, interfaces, gateways, translation of local tools into common formats). 6
Objectives These activities could include: acquisition and operation of national level cyber security IT systems, experimental test-beds, and training facilities, that will facilitate the cross-border cooperation of n/g CERTs/CSIRTs, which may be complemented with very sophisticated toolsets specific to the cyber security area that directly support CERT/CSIRT operations (e.g. sandboxes, simulation environments, advanced research infrastructures, and secure control rooms) hiring of trained staff, training of current staff, joint training courses, cooperation meetings, Europe-wide cyber security exercises, data protection compliance audits. However, dissemination activities including the organisation of workshops and meetings must be planned in alignment with the activities of the CSIRT Network, as well as other CSIRTs/CERTs to avoid possible overlapping 7
Objectives Please note: that activities relating to the functioning of the organisation (e.g. installing/outfitting data, training and/or meeting rooms with floors, electrical systems, air conditioning, office furniture, physical security controls, fire sensors, network cables and sockets, etc.) will not be supported under this call. for all those actions selected following this call which propose a connection with the Core Service Platform - cooperation mechanisms in SMART 2015/1089, demonstration of the interaction with or use of the Platform will be required. 8
award criteria Relevance: Alignment with the objectives and activities required for the deployment of the Cyber security Digital Service Infrastructure described in Chapter 3.7 of the work programme and priorities set in Section 2 of the call text How well does the written proposal fit with the actions and activities in Section 2.1 of the call text? How does it help meet expected outputs and outcomes in Section 2.2 of the call text? Alignment and synergies with relevant policies, strategies and activities at European and national level Does the written proposal demonstrate awareness of and, as appropriate, alignment with, e.g. the NIS Directive, the GDPR, review of the cyber security strategy, other CEF and Horizon 2020 cyber security projects, etc.? 9
award criteria Quality & efficiency A proposal will demonstrate its quality and efficiency through: Maturity of the proposed solution in terms of its contribution towards interoperability, connectivity, operation, and integration with the Core Service Platform - co-operation mechanisms under deployment in the project SMART 2015/1089 E.g. How the written proposal envisages the extent of integration with and use of the CSP - cooperation mechanisms? Coherence and effectiveness of the work plan E.g. Is there sufficient detail on project management, risk management and dissemination arrangements? E.g. Are the tasks described in sufficient detail for independent evaluation? Quality and relevant experience of the individual participants E.g. Are CVs provided with the proposal including experience, qualifications and industry/sector certifications? Extent to which the proposal demonstrates support from national authorities and peers E.g. Are letters of support from constituents, peers and national authorities provided? Appropriate attention to security, privacy, inclusiveness and accessibility E.g. How the written proposal addresses operational security, protection of personal data, etc.? 10
award criteria Impact & Sustainability: A proposal will demonstrate its impact & sustainability through: Demonstration of the connection of n/g CERTs/CSIRTs capabilities to the cooperation mechanisms in the SMART 2015/1089 project that will allow Member States to be prepared to respond early enough to prevent or at least to mitigate cyber security incidents that may affect their networks and information systems, making European digital networks more secure for their citizens Exploration of new avenues for cross-european and multidisciplinary methodological and experimental cooperation that include Europe-wide views, perceptions and behaviours leading to higher preparedness and better cyber security resilience Capability of long-term sustainability without EU funding Extent to which long term knowledge transfer takes place? Extent to which the actions are mainstreamed and embedded in the CSIRT operations resulting in a step change in CSIRT maturity levels? 11
Other information Call text and supporting information https://ec.europa.eu/inea/en/connecting-europe-facility/cef- telecom/apply-funding/2017-cef-telecom-call-cyber-security-cef-tc- 2017-2 Background info online: NIS Directive: http://eur-lex.europa.eu/legalcontent/en/txt/?uri=uriserv:oj.l_.2016.194.01.0001.01.eng&toc=oj: L:2016:194:TOC NIS Directive Introduction: https://ec.europa.eu/digital-singlemarket/en/network-and-information-security-nis-directive Detailed information on the Core Service Platform co-operation mechanism under the SMART 2015/1089 project is available from: csirt-csp@capgemini.com or CNECT-H1@ec.europa.eu 12
More information on the calls inea-cef-telecom-calls@ec.europa.eu inea@ec.europa.eu https://ec.europa.eu/inea/en/2017-ceftelecom-calls-proposals @inea_eu INEA