The European Union is fostering cybersecurity, among many other initiatives, through its Horizon2020 call “Establishing and operating a pilot for a European Cybersecurity Competence Network and developing a common European Cybersecurity Research & Innovation Roadmap!” Here, the four projects titled CONCORDIA, ECHO, SPARTA and CyberSec4Europe aim to secure Europes’ global competitiveness by strengthening and sustaining cybersecurity in a European Cybersecurity Competence Network. To illustrate these objectives, the CyberSec4Europe project, its objectives and an exemplary result on the management of cybersecurity are introduced in the following.
CyberSec4Europe is a research project that aims to harmonize the process of developing software components that meet the objectives outlined by a set of short- and long-term roadmaps, resulting in several recommendations. These are linked to the project’s real-world use cases (verticals) in specific domains such as healthcare, finance, smart cities or digital infrastructure.
The long-term objective and vision of CyberSec4Europe are to create a European Union with all the capabilities necessary to safeguard and preserve a healthy democratic society while adhering to European constitutional principles, such as privacy and data sharing, and remaining a world-leading digital economy.
The main goal of CyberSec4Europe is to test the consolidation and future projection of cyber security capabilities needed to safeguard and sustain European democracy and the Digital Single Market’s integrity. CyberSecurity4Europe has broken down this broad goal into quantifiable, tangible steps: three policy goals, three technological goals, and two innovation goals, as seen in
Figure 3. CyberSec4Europe: Project goals
The target audiences for CyberSec4Europe includes, among policy makers, system developers and SMEs, the research community through the projects’ technical and innovation objectives.
As an example of this coordination, the “incident reporting” vertical will pave the way to an active dialogue with regulators in order to reach a harmonized EU framework for incident reporting. This will include a certified process with an established standard classification of work roles, aligned with skills and responsibilities. At the same time, the advanced research techniques of this demonstration case (AI, Big Data etc.) will contribute towards the adoption by relevant actors, cross-verticals, and cross-regulatory bodies. These outcomes provide a common “blueprint” of appropriate safeguards to the industry stakeholders that manage or participate in data exchange platforms with data brokers, providers, and consumers. Such a framework for data incident reporting could then also be consulted and used in research projects and in academia.
Cybersec4Europe – Creation of a medical data exchange
The results of the Cybersec4Europe-project do not only serve researchers on a high level but can also act as best practices on how to plan and design secure information systems that are of use for researchers. An example of this is the development of a medical data exchange in the projects’ publicly available deliverables D5.1 – D5.3. Here, a medical data exchange serves as a use case for which requirements, specifications and validations are collected and performed. These steps are comparable to the steps described in this chapter on cybersecurity as they follow a systematic process to ensure the secure functioning of the platform.
In the first step, stakeholders and entities that interact with the platform are identified. Functional and non-functional (usability, portability, social and legal) requirements are assessed through the identification of use cases. Next, preconditions for the use case and the data flow of the medical data exchange are analyzed. These steps are comparable to the first step in the risk assessment in the previous chapters. Lastly, requirements, including technical, privacy and security related requirements, are stated. Again, these steps are comparable to the last four steps in the risk assessment in the previous chapters of this work. Protection measures, such as the use of privacy-preserving technologies, are stated and given a priority value. Based on these requirements, a demonstrator is created and evaluated upon.
1See CybersSec4Europe. Deliverables. Available under: https://cybersec4europe.eu/publications/deliverables/ (Last accessed: 05.11.2021) ↑
2See CybersSec4Europe. D5.4 – Requirements Analysis of Demonstration Cases Phase 2. Available under https://cybersec4europe.eu/wp-content/uploads/2021/05/D5.4-Requirements-Analysis-of-Demonstration-Cases-Phase-2-v1.0-submitted.pdf (Last accessed: 05.11.2021) ↑