Digital Security Focus Area H2020 WP Aristotelis Tzafalias Trust and Security, DG CNECT
Contents Introduction Call - Digital Security Focus Area (DS) Topics & Planning Call – SME Instrument (SMEInst) Topic & Planning
Situation: ICT-driven transformations bring opportunities across many important sectors. Complication: "Smart", "Connected", "Digital" also introduce vulnerabilities... R&D&I challenge: Innovative and multidisciplinary actions addressing cyber security, data protection and privacy across individual H2020 pillars and calls.
Call – Digital Security Focus Area – Topics DS : Assurance and Certification for Trustworthy and Secure ICT systems, services and components; DS : Cyber Security for SMEs, local public administration and Individuals; DS : Increasing digital security of health related data on a systemic level; DS : Economics of Cybersecurity; DS : EU Cooperation and International Dialogues in Cybersecurity and Privacy Research and Innovation; DS : Cryptography; DS : Addressing Advanced Cyber Security Threats and Threat Actors; DS : Privacy, Data Protection, Digital Identities;
DS : Assurance and Certification for Trustworthy and Secure ICT systems, services and components
Assurance (RIA); Evidence, metrics, standardisation Security Certification (IA); Improve effectiveness and efficiency of existing security certification processes Building trustworthiness: economic, legal and social aspects of security assurance and certification (CSA); Economic and legal aspects Social, cultural, behavioural, gender and ethical factors Barriers and incentives in the market
DS : Cyber Security for SMEs, local public administration and Individuals
DS : Cyber Security for SMEs, local public administration and Individuals (IA) Considering the adequate level of security commensurate with the considered use-case, proposals may address one types of end-user: SMEs, local PA, individual citizens. Basic cyber security threats Organisation size and budgetary constraints Individuals, the "weakest link“ ? Human factors, behaviour Usability, automation Guidance, best practices and standards
DS : Increasing digital security of health related data on a systemic level
DS : Increasing digital security of health related data on a systemic level (RIA) A systemic approach to unlock eHealth potential in Europe. Challenges: secure storage and exchange (including cross- border) of data, protection and control over personal data, and security of health related data gathered by mobile devices combined with the usability of the eHealth solutions. Analyse the legal applicable frameworks and societal aspects. Piloted in 3 different MS or associated countries.
DS : Economics of Cybersecurity
DS : Economics of Cybersecurity (RIA) [...] combining methods from microeconomics, econometrics, qualitative social sciences, behavioural sciences, decision making, risk management and experimental economics. Cost-benefit Intangible assets, metrics, optimal investement, insurance Incentives and business models Incentives, cooperative and regulatory approaches Information security markets (e.g. bug bounties, vulnerability disclosure) Revenue models for criminal activity Institutional innovation
DS : EU Cooperation and International Dialogues in Cybersecurity and Privacy Research and Innovation
DS : EU Cooperation and International Dialogues in Cybersecurity and Privacy Research and Innovation (CSAs) A better overview of EU, MS and regional activities. Exchange of views on global level; promote EU stakeholder participation. 3 separate CSAs Synergies between H2020, EU Member States and associated countries R&I activities and cybersecurity innovation clusters. 4 years International dialogue with Japan International dialogue with the USA
Call - DS – Planning 19 Three separate opening dates - deadlines for submission Topic(s) DS DS DS DS DS Opening20 Oct Mar 2016 Deadline16 Feb Apr Aug 2016 TopicInstr.Funding (M) DS RIA IA CSA Only the best proposal may be funded for part c) Coordination and Support Action DS RIA22.0 DS RIA11.0 DS RIA4.0 DS CSA 3 strands 2;0.5;0.5 Only the best proposal may be funded for strands 1, 2 and 3. Proposals addressing strand 1 shall be of a 4 year duration.
DS : Cryptography SW4gbGluZSB3aXRoIHRlY2hub2xvZ2ljYWwgZGV WxvcG1lbnRzIGFuZCBlbWVyZ2luZyB0aHJlYXRzLC B0aGUgaW1wcm92ZW1lbnQgb2YgcGVyZm9ybW FuY2UgYW5kIGVmZmljaWVuY3kgb2YgY3J5cHRvZ 3JhcGhpYyBzb2x1dGlvbnMgaXMgYSBwZXJzaXN0 ZW50IG5lZWQgYWNyb3NzIElDVA==
DS : Cryptography (RIA) In line with technological developments and emerging threats, the improvement of performance and efficiency of cryptographic solutions is a persistent need across ICT. Nine thematic research challenges, including: Ultra-lightweight High speed Implementation Authenticated encrypted tokens Increase trust in ICT and online services Protect the European Fundamental Rights of Privacy, Data Protection
DS : Addressing Advanced Cyber Security Threats and Threat Actors
Situational Awareness (RIA); Detect and quickly and effectively respond to sophisticated cyber- attacks; Interdisciplinary research to counter threat actors and their methods; Assess and address the impact to fundamental rights, data protection and privacy in particular; Simulation Environments, Training (IA); Prepare those tasked with defending high-risk organisations; Realistic environments; Tools for producing both benign and malicious system events; May also address crisis management and decision making processes in relation to obligations stemming from applicable legal frameworks
DS : Privacy, Data Protection, Digital Identities CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION TITLE II – FREEDOMS Article 6 Right to liberty and security Everyone has the right to liberty and security of person. Article 7 Respect for private and family life Everyone has the right to respect for his or her private and family life, home and communications. Article 8 Protection of personal data 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.
DS : Privacy, Data Protection, Digital Identities (IA) Privacy-enhancing Technologies (PET) General Data Protection Regulation in practice Secure digital identities Support for Fundamental Rights in Digital Society. Increased Trust and Confidence in the Digital Single Market Increase in the use of privacy-by-design principles in ICT systems and services
Call - DS – Planning 26 Two separate opening dates - deadlines for submission Topic(s) DS DS DS Opening08 Dec Mar 2017 Deadline25 Apr Aug 2017 TopicInstr.Funding (M) DS RIA18.50 DS RIA IA DS IA18.0
Call – SMEInstr – Topic & Planning SMEInst : Engaging SMEs in security research and development. Topic: "[…] cover any aspect of the Specific Programme for "secure societies - protecting freedom and security of Europe and its citizens" (Horizon 2020 Framework programme and Specific programme):" 7.1. Fighting crime, illegal trafficking and terrorism, … … 7.4. Improving cyber security 7.5. Increasing Europe's resilience to crises and disasters 7.6. Ensuring privacy and freedom, including in the Internet, and enhancing the societal legal and ethical understanding of all areas of security, risk and management … Funding: Approximately 21.5M in 2016 and 19M in 2017 Logistics and more information on SME Instrument: instrument
Where else to find cybersecurity and privacy R&D&I in H2020? Everywhere! change of mindset
References H2020 Digital Security Focus Area National Contact Points (NCPs)
Extra Slides on the SME-Instrument BEYOND THIS POINT
C. European Innovation Policies for SMEs a)H2020 SME instruments b)H2020 SME support in cybersecurity 2016/17 31
Bridging the Valley of Death 32
a) H2020 SME instrument 33 4 steps for funding of innovation projects: concept and feasibility assessment phase (phase 1) innovation project (phase 2) support services (phase 3) Free of charge coaching (during phases 1 + 2)
phase 1 - concept and feasibility assessment 34 Concept & Feasibility Assessment – From Idea to Concept Grant of € 50,000 (lump sum) for 6 months + coaching support Proof of Concept: Prove Technical and Commercial Viability Explore IP Regime Design Study Develop Pilot Application Risk Assessment
phase 1 - concept and feasibility assessment 35 What to submit when applying: description of the overall innovation idea + initial business plan + description of the activities to be undertaken under phase 1 Outcome: feasibility report, including a more elaborated business plan.
phase 2 - Demonstration / Market Replication / R&D 36 From Concept to Market-Maturity and Commercialisable Output Grant of € 0.5 Million to € 2.5 Million (70% of funding) over months Demonstration of Commercial Potential via Prototyping Testing Piloting Miniaturization Scaling-up Application Development
phase 2 - Demonstration / Market Replication / R&D 37 What to submit when applying: proposals based on a feasibility assessment + containing a full business plan, backed up by a phase 1 project or other means. Outcome: a new idea (product, process, service) that can be launched on the market or a business innovation plan incorporating a detailed commercialisation strategy + a plan on how to attract private investors. The time-to-grant is expected to be six months.
phase 3 - Commercialisation 38 Market-Maturity to Market Launch Access to Risk Finance (Private/Public) Go-To-Market support through EU Quality Label (Promotion & Networking with Financiers/Clients) Investment Readiness Training SME window in the EU Financial Facilities (debt & equity backed by EIB/EIF) Link to Public Procurement Networks
b) SME instrument for cybersecurity SMEInst : Engaging SMEs in security research and development Fighting crime, illegal trafficking and terrorism Resilience of critical infrastructures Border management Security Cybersecurity Crisis and disaster resilience privacy Budget in total (10 MEUR for cybersecurity): MEUR MEUR 39
Links SME Instrument section/sme-instrument Digital Security Focus Area Call Cybersecurity Policies