Boosting the security of all EU citizens
Digitalisation has transformed society, providing numerous opportunities and solutions to the problems Europe is facing. At the same time, however, it leaves the economy and society open to cyber threats. To bolster resilience and reactivity to this problem, the EU has adopted the Cyber Solidarity Act, which aims to strengthen cybersecurity capacities in Member States. The EU-funded CyberSec4Europe project is part of this shared purpose. It aims to fortify cybersecurity in the European Union, including protection and defence measures, while also preserving its citizen’s cultural values. “Our main objective, and that of our three associated projects, CONCORDIA, ECHO and SPARTA, is to act as a pilot for the European Cybersecurity Competence Centre (ECCC) and the Network of National Coordination Centres (NCCs),” explains Kai Rannenberg, project coordinator. Both the ECCC and the NCCs constitute the EU’s new framework to support innovation and industrial policy in cybersecurity.
Designing a governance model
CyberSec4Europe’s work resulted in the development of a community-driven approach for the ECCC, as well as a governance model that complements and marginally adjusts the regulatory proposal Regulation EU No 2018/0328 to meet legal requirements. “In short, we propose a combined top-down and bottom-up approach and the addition of a network of Community Hubs of Expertise in cybersecurity knowledge to the European network, as outlined in the regulation proposal,” confirms Rannenberg. Additionally, CyberSec4Europe proposes the introduction of a sub-structure for the ECCC, the introduction of a stakeholder council as an additional bottom-up element, and a modification of the existing governance structure for the network, as proposed in the regulation proposal. “This approach and model are key to enabling stakeholders to candidly report cybersecurity issues and have the confidence that they will be heard. This means that candid reports will not play out against those who offer them,” confirms Rannenberg.
A roadmap and recommendations for the implementation of NCCs
The project also developed demonstrator use case scenarios to match application requirements with innovative security solutions for the areas of open banking, supply chain security assurance, privacy-preserving identity management, incident reporting (in finance), maritime transport, medical data exchange, and smart cities (personal data exchange among citizens and other city stakeholders). “We also developed a portal with open-source tools and operating systems such as the Cyber Sandbox Creator,” confirms Rannenberg. This tool can generate portable definition files and build virtual environments using VirtualBox. Another key result of the project is the production of two books. The Blue Book is a set of cybersecurity roadmaps and challenges for researchers and policymakers, while Stories is a narrative of the European cybersecurity community, which CyberSec4Europe created.
Securing and maintaining a healthy democratic society
“We have developed an understanding that cybersecurity really means defending European values and the need to respect value preserving rules and institutions like data protection,” says Rannenberg. The expected long-term impact of the project is that once the ECCC becomes fully operational, it will build on the work and results that CyberSec4Europe has achieved. “The same holds true for the NCCs, which are already using the results, as is appropriate,” concludes Rannenberg.
Keywords
CyberSec4Europe, cybersecurity, cyber threat, Cybersecurity Competence Centre and Network, Network of National Coordination Centres, data protection