ECSO- European Cyber Security Organisation and the new cppp on CyberSecurity WG RISET- Research & Innovation on SEcurityrelated Topics 7 June 2017
ABOUT THE EUROPEAN CYBERSECURITY PPP A EUROPEAN PPP ON CYBERSECURITY The European Commission has signed on July 2016 a PPP with the private sector for the development of a common approach and market on cybersecurity. 3 AIM 1. Foster cooperation between public and private actors at early stages of the research and innovation process in order to allow people in Europe to access innovative and trustworthy European solutions (ICT products, services and software). These solutions take into consideration fundamental rights, such as the right for privacy. 2. Stimulate cybersecurity industry, by helping align the demand and supply sectors to allow industry to elicit future requirements from end-users, as well as sectors that are important customers of cybersecurity solutions (e.g. energy, health, transport, finance). 3. Coordinate digital security industrial resources in Europe. BUDGET The EC will invest up to 450 million in this partnership, under its research and innovation programme Horizon 2020 for the 2017-2020 calls (4 years). Cybersecurity market players are expected to invest three times more ( 1350 mln: leverage factor = 3) to a total of 1800 mln. SUPPORT European Cyber Security Organisation ECSO Association has been created to engage with the EC in this PPP. ECSO is open to any stakeholder (public / private; user / supplier) allowed to participated in H2020 projects.
ABOUT THE CYBER cppp 4 A DOUBLE APPROACH, BEYOND TRADITIONAL EC PPPs: LINKING RESEARCH AND CYBERSECURITY INDUSTRIAL POLICY The cppp will focus on R&I, developing a SRIA and supporting its implementation in the H2020 Work Programme The ECSO Association will tackle other industrial policy aspects for the market and the industrial / economic development ECSO will support the development of the European cybersecurity industry and EU trusted solutions, including cooperation withthirdcountries. REFERENCE DOCUMENTS 1. Industry proposal 2. Strategic Research and Innovation Agenda (SRIA) proposal (already evolving)
ECSO membership update 201 organisations* from 27 countries and counting Associations : 20 Largecompanies and users: 64 National Public Administrations: 15 AT, BE, CY, CZ, DE, EE, ES, FI, FR, FR, IT, SK, FI, NL, NO, PL, UK, + observers at NAPAC (BG, DK, HU, IE, LT, LU, LV, PT, RO, SE, SI, MT, ) Regional clusters; 2 RTO/Universities: 53 SMEs: 47 ISRAEL 2 ITALY 27 *Organisations having formally requested membership as of 24 May 2017 4
European Cybersecurity Council (High Level Advisory Group: EC, MEP, MS, CEOs, ) ECS - cppp Partnership Board (monitoring of the ECS cppp - R&I priorities) EUROPEAN COMMISSION Governance INDUSTRIAL POLICY ECSO Board of Directors (Management of the ECSO Association: policy/market actions) R&I Coordination / Strategy Committee Scientific & Technology Committee WG Standardisation / certification / labelling / supply chain management WG Market deployment / investments / international collaboration WG Sectoral Demand (market applications) WG Support to SMEs and regions WG Education, training, exercise, raising awareness WG SRIA Technical areas Products Service areas SME solutions / services providers; local / regional SME clusters and associations Startups, Incubators / Accelerators Others (financing bodies, insurance, etc.) Large companies Solutions / Services Providers; National or European Organisation / Associations Regional / Local administrations (with economic interests); Regional / Local Clusters of Solution / Services providers or users Public or private users / operators: large companies and SMEs National Public Authority Representatives Committee R&I Group / Policy Advisory Group (GAG) Research Centers (large and medium / small), Academies / Universities and their Associations ECSO General Assembly
Where we started: «Industry Proposal» Identifies industrial cybersecurity challenges in Europe Global cybersecurity and ICT market dominated by global suppliers from outside Europe. Innovation led by imported ICT products. Strategic supplychain dependency. Mature commodity market; professional applications under development / evolution (e.g. DigitizingEuropean Industry) Market fragmentation. Innovation: strong in Europe but not always properly funded due to a lack of a consistent transnational approach and global EU strategy. Results of Research and Innovation are hardly reaching the market. Weak entrepreneurial culture, lack ofventure capital. European industrial policies not yet addressing specific cybersecurity issues. Human factor. Sovereignty.
Where we started: Objectives Identifies industrial operational and strategic objectives 1. Protecting infrastructures from cyber threats. 2. Use of massive data collection to increase overall security. 3. Increased European digital autonomy. 4. Security and trust of the whole supply chain. 5. Investments in areas where Europe has a clear leadership. 6. Leveraging upon the potential of SMEs. 7. Support local competence and development. 8. Increase competitiveness.
One year after: Update of the analysisof the situation One year after the preparation of the Industry Proposal for the cppp: Evolution of the awareness on cybersecurity at national and EU level Evolution of threats (e.g. Mirai/ IoT; Wanna Cry ) and priorities (also political ) Evolution in the dialogue between public and private stakeholders thanks to the cppp / ECSO New EU cybersecurity strategy (to come by end 2017), possibly including large UE projects and higher funding (not only for R&I) Digitalisation of the society and increase of security Impact on all societal and economic levels Need for improved control / ownership / security of data Growth of pervasive and distributed / local IT infrastructure (IoT, 5G, cloud) needing distributed decisions (at local level with data proximity) to counter attacks with faster reaction times. Infrastructure for centralised information (e.g. SOC) to increase wider (/global) security: Big Data Analytics / Intelligence
DRAFT update of the vision & strategy of the Industry Proposal for the EU Cybersecurity cppp: PEST ANALYSIS FOR CYBERSECURITY IN EUROPE Political: Interferences in democratic processes; New EU regulations; Sovereignty issues at MS level (limited exchange of information and sensitive technologies) Economic: Low investments wrt US; Market fragmentation; Large presence of SMEs; Difficult market deployment of R&I results Social: European concepts of Privacy; Need for education / training / awareness Technological: Data kept in Europe / Cloud; Enhanced encryption for increasing privacy and data security; IoT security; Impact of 5G; Analytics / AI; DTL and use of blockchain in different applications
INDUSTRYOBJECTIVES for the cpppstrategy Industry looks for: Investments in the development of innovative cybersecurity technologies; Validation of the solutions in key infrastructures andapplications; The development of a sustainable ecosystem that will facilitate innovation uptake including: Increased investments and awareness for capacity building at regional, national and EU level European certification Education and harmonised training for increased needs in job creation Increased leverage upon SMEs
COMPREHENSIVE EU CYBERSECURITY OBJECTIVES Protection DSM (digital enabled growth of EU economy ) Protection of EU countries and vital services (national security; EU Agenda on Security including cybercrime / cyberterrorism; hybrid threats) Protection of citizens (participation in the digital world, privacy) Growth of EU Cybersecurity market and competitiveness of the EU CS Industry ROADMAP 2016 2020 2025 H2020 PROJECTS FP9 PROJECTS cppp / ECSO ECSO+ Market / Cybersecurity Industry Policy R&I (cppp) WG6 SRIA PRIORITIES
ECSO Governance & Activity update Main decisions at the last Board (March 22 nd ) Election of members of the Coordination & Strategy committee: 6 Board members + 6 Chairs of the WGs: first meeting on June 9 th for coordination of WG activities and governance to improve interpretation of procedures for transparency Election of 4 members of the Financial Committee: first meeting on May 29 th Approval of 22 new members Second meeting of the Partnership Board (26/4): discussion on cppp vision and strategy, finalisation of SRIA and cppp monitoring (KPIs) Ongoing membership campaign to get new members, in particular Users / Operators and Regions. ECSO Budget will be proposed for approval at the General Assembly of June 21 st. The General Assembly will renew 19 members (over 36) of the Board and the full Partnership Board (20 + 10 members and substitutes) Discussionsinitiated with VP Ansip about future targets of the cppp and next EU cybersecurity strategy WG1 deliverable: ECSO contribution on EU certification by June to the EC WG6 deliverable: Strategy for SRIA priorities for the 2018 2020 H2020 Work Programme New priority for 2017 requested by the Board: creation of a creation of an EU Cybersecurity Human Resources Network to develop education, training and jobs: EHR-4CYBER 12
WG5 - Creation of an EU Cybersecurity Human Resources Network to develop education, training and jobs: ERH-4CYBER Europe urgently needs a larger number of skilled cyber experts: the European Commission estimates that by 2020, 900.000 new jobs will be needed in Europe in the cybersecurity sector. This need is recognised by large companies to increase their business activity and competitiveness, by SMEs that look for a fast growth, by public administrations that need to protect public services from threats leveraging upon experts that are increasingly attracted by the salary of the private sector, by RTOs and Universities that need to keep high profile researchers attractive to the private sector facilities and of course by users / operators that need to develop a consistent internal panel of experts to run cybersecurity solutions for protection of their activity. Initial investments from the private sector are already done independently: such a platform could create a synergetic effect across ECSO members and provide European / national public administrations and decision makers (politicians) with a very strong message on the need for an effective financial support and incentives for developing cybersecurity competence in order to feed as soon as possible the need for jobs with European manpower, allowing also the possibilityto retain them. This platform would discuss and work on a benchmarking system, foster collaboration through the exchange of best practices, look towards harmonisation of education and training procedures across Europe, develop and harmonise certification for diploma and specialties, as well as foster the recruitment process of cybersecurity specialists. Envisaged outputs: Sharing Best Practices and Leveraging on Network to Inform EU Policy European Cybersecurity Certification for Education & Training A European Cybersecurity Workforce Development Toolkit 13
Ø Update of WGs activities WG1 (standards / certification / label / trusted supply chain) Initial activities focus on the overview of existing cybersecurity standards and certification schemes relevant for the activities of WG1 (SOTA), and the identification of the challenges relevant for the industrial sector (COTI). Will be used as basis for ECSO recommendations for EU certification (EU meta framework) Many security certification schemes exist for products, services and organizations, but there is no unified or combined solution available. ECSO would propose a meta-scheme, with which arbitrary schemes can be combined and «sealed». More flexibility is gained and more complex products like cars or planes can be certified together with services and infrastructures. Moreover, the meta-framework allows addition of arbitrary schemes in future, hence not being limited to any kind of existing subsequent scheme or market considered. Contact: roberto.cascella@ecs-org.eu Ø WG2 (market/ funds/ cppp monitoring) First WG meeting on 6 th June 2017. Initial internal work on business models (also with insurances and private funds) andfunding programmes. Work withec to better define cppp monitoring KPIs / criteria. Contact: danilo.delia@ecs-org.eu Ø WG3 (verticals: Industry 4.0; Energy; Transport; Finance / Bank; Public Admin / egov; Health; Smart Cities) State of the Art deliverable under definition, engagement with users initiated. SubWG meetings ongoing to define detailed needs / objectives / actions. Initial meetings with different Directorate Generals at the European Commission (ICT, energy, transport, internal security, etc.) to better define technology priorities 14 Contact: nina.olesen@ecs-org.eu
Ø Update of WGs activities WG4 (SMEs,Regions, East EU) Meeting on Regional aspects with EU Regions (DG REGIO + DG CNECT + DG JRC, DG GROW, ECSO members and regions not ECSO members): identification of regional and structural funds for cybersecurity; gathering of Regions to better target these resources. WG on SMEs: discussions on other forms of support to SMEs other than R&D (e.g. EU regional funds); SME hub; cooperation with largecompanies; certificationissues / labelling; workforce. Contact: danilo.delia@ecs-org.eu Ø WG5 (education, training, awareness, cyber ranges ) SubWG meetings ongoing to define detailed needs / objectives / actions. Meeting on June 8 th to start the ERH-4CYBER Network (to promote and harmonise education and training and develop job creation) Contact: nina.olesen@ecs-org.eu Ø WG6 (SRIA) Informal suggestions delivered to the European Commission for the 2018 2020 H2020 Work Programme: organisation of the priority topics identified by ECSO in the SRIA. Contacts with other PPPs and similar EU activities to coordinate objectives (BDV, 5G, FoF, AIOTI ) Contact: roberto.cascella@ecs-org.eu 15
STRATEGIC PRIORITIES - Cybersecurity Technologies & Services - Infrastructure & Applications - Cyber ecosystem A strategic view for the SRIA CYBERSEC TECHNOLOGIES & SERVICES to protect Infrastructure / Applications and citizens privacy - Encryption (key management, homomorphic, post quantum, ) - ID and DLT (blockchain, ) security - AAA: Authentication; Authorisation; Accounting - Security / Resilience & Privacy by Design (GDPR, ) - PET: Privacy Enhancing Technologies - Information Sharing, Threat Detection and Intelligence (incl. sensors / probes for ICS, SIEMs and SOCs), Artificial Intelligence and Analytics - Protection of innovative ICT infrastructure - Risk Management, Response and Recovery - Tamperproof communication protocols Pilots and validation of solutions in INFRASTRUCTURE (for use in all sectors) & APPLICATIONS (specific verticals) - Industry 4.0 (FoF, Robotics, SPIRE, AIOTI, ECSEL) - Energy (EdB; AIOTI) - Transport (AIOTI, ECSEL) - Finance (EU FI-ISAC) - Public Administration (EU Cloud Initiative; FIWARE, HPC, BDV) - Health (EIP AHA, AIOTI, ECSEL) - Smart cities (Smart Cities and Communities; EIT Digital, EdB, AIOTI, ECSEL) - Telecom (5G; AIOTI) CYBER ECOSYSTEM: preparing the market to introduce and use innovations - Standardisation - Validation / Labelling / Certification (end user awareness for implementation; different needs and different levels, flexibility for evolution) - Trusted management of the supply chain: Assurance - Education (cyber-erasmus) - Training/ simulation (certification of experts to help employment needs) - Awareness of citizens, users (Cyber Hygiene) and decision makers (procurement, implementation and use); - Legislation & Liability - Investments Funds / Economics - Business models / Insurances - Support to SMEs - Regional / local aspects
Estimation of the relevance of Cybersecurity Technologies for the different Infrastructures / Applications (tentative!!!) Verticals Industry 4.0 and ICS Energy Transportation Finance and Insurance Smart cities & smart buildings Public Services / egovernment Healthcare Technologies Telecom, Media, and Content AAA PET Tamperproof communication protocols Cryptography ID and DLT security Protection of ICT infrastructure Security/ Resilience & privacy by design Risk Management, Response and Recovery Information sharing, Threat detection and AI Low Medium High Priority
BECOME MEMBER! CONTACT US European Cyber Security Organisation 10, Rue Montoyer 1000 Brussels BELGIUM www.ecs-org.eu Phone: +32 (0) 27770256 E-mail: Ms. Eda Aygen Head of Communications & Advisor to the SecGen eda.aygen@ecs-org.eu Follow us Twitter: @ecso_eu