Closed

Supporting operators against cyber and non-cyber threats to reinforce the resilience of critical infrastructures

HORIZON Innovation Actions

Basic Information

Identifier
HORIZON-CL3-2023-INFRA-01-02
Programme
Resilient Infrastructure 2023
Programme Period
2021 - 2027
Status
Closed (31094503)
Opening Date
June 28, 2023
Deadline
November 22, 2023
Deadline Model
single-stage
Budget
€9,500,000
Min Grant Amount
€4,750,000
Max Grant Amount
€4,750,000
Expected Number of Grants
2
Keywords
HORIZON-CL3-2023-INFRA-01-02HORIZON-CL3-2023-INFRA-01Critical Infrastructure Protection (CIP)Critical infrastructure, emergency systems, security, safety engineeringCyber Defence systemsDetection, identification and authenticationEquipments and sub systemsOperators of critical infrastructurePolicy and SupportProtection of areas and infrastructuresResilience aspectsSecuritySecurity Management and GovernanceTerrorismThreats and vulnerabilities modellingTraining and exercises

Description

Expected Outcome:

Projects’ results are expected to contribute to some or all of the following outcomes:

  • Support is provided to the resilience of operators against cyber and non-cyber threats in specific sectors;
  • A reliable state-of-the-art analysis of physical/cyber detection technologies and risk scenarios is created, in the context of an operator in a specific sector in sectors that have not yet been covered by previous research projects;
  • Strengthened cooperation against natural or human-made threats and subsequent disruptions of infrastructures in Europe, allowing for operational testing in real scenarios or realistic simulations of scenarios with specific regard to disruptions in a specific sector of critical entities;
  • Improved situational awareness, preparedness and governance by the implementation of effective solutions that enhance detection and anticipated projection of a determined threating situation, as well as implementation of prevention, preparedness/mitigation, response, and recovery types of intervention;
  • Significant reduction of risks and exposures to anomalies or deliberate events on cyber-physical systems, or on complex and critical infrastructures/systems;
  • Enhanced preparedness and response by definition of operational procedures of operators as well as public authorities considering citizen’s behaviour/reaction and societal impact in case of disruption in a specific sector.
Scope:

The operational environment in which operators operate has changed significantly in recent years. Security research and innovation related to infrastructure resilience has been following a sectorial approach in order to increase the resilience. This approach to critical infrastructure resilience is needed that as it reflects the current and anticipated future risk landscape, the increasingly tight interdependencies between different sectors, and also the increasingly interdependent relationships between physical and digital infrastructures.

A disruption affecting the service provision by one operator in one sector has the potential to generate cascading effects on service provision in other sectors, and also potentially in other Member States or across the entire EU.

With more and more infrastructure systems being interconnected, a stronger focus on the systemic dimension and complexity of attacks and disruptions by cyber or physical means needs to be applied. As such, not only interdependencies within one type of infrastructure (or closely related types) can be taken into account. The risk landscape is more complex in the recent years, involving natural hazards (in many cases exacerbated by climate change), state-sponsored hybrid actions, terrorism, insider threats, pandemics, and accidents (such as industrial accidents).

Physical disruptions of the activities of operators active in these sectors have possibly serious negative implications for citizens, business, governments, in the environment and endanger the smooth functioning of the internal market. Therefore, operators should be equipped with the best possible means to be able to prevent, resist, absorb and recover from disruptive incidents, no matter if they are caused by natural hazards, accidents, terrorism, insider threats, or public health emergencies.

Another important issue is to have in place efficient cybersecurity measures to block the access to critical infrastructures. A possible project focusing on the protection of critical infrastructures against such threat should consider gaps and vulnerabilities that need to be identified and overcome (e.g. protection of drinking water supply systems from high chemical levels, nuclear facilities, etc.).

Therefore, the successful proposal, following a sector-based approach and identifying a specific priority sector, should work on how to increase the combined cyber and non-cyber resilience operators. It should do so by orienting itself on sectors that have not been covered in previous research, out of the list of sectors described in the respective Annexes of the of the directive on the resilience of critical entities (CER[1]) and the directive on measures for high common level of cybersecurity across the Union (NIS-2[2]) and thus contribute to enhancing the overall resilience on EU-level, in line with the EU Security Union Strategy[3].

The proposal should orient itself on the policy shift from protection towards resilience and thus focus on operators acting in the internal market, rather than only on physical or digital assets. This includes concepts of wider business continuity, as well as logistics and supply-chains. Proposals should also focus on the development of a more effective resilience plan conception method, which shall support operators to draft their resilience plans according to the provisions of the CER and NIS-2 Directives. The resilience plan conception method should include risk analysis, domino effects analysis, cross-sector and cross-border analysis, standardised plans etc. In addition, this method could include measures on adequate protection, measures on prevention, response, mitigation, and recovery from the consequences of incidents, protection of classified (e.g. the proposal for a Network Code on sector-specific rules for cybersecurity aspects of cross-border electricity flows) or sensitive information and measures that ensure adequate employee security management.

The main practitioners in this topic should come from private or public operators, meaning organisations and enterprises that use critical infrastructure to deliver services, vital for the functioning of society and the internal market. Consortia that will include MS public entities would be considered as an asset. Competent authorities of MS in charge of resilience and/ or overseeing operators in one or more sectors are also encouraged to join the consortia of applicants.

If the infrastructure includes processing of personal data, the proposal should consider including a risk assessment or privacy impact of individuals and society.

This topic requires the effective contribution of SSH disciplines and the involvement of SSH experts, institutions as well as the inclusion of relevant SSH expertise, in order to produce meaningful and significant effects enhancing the societal impact of the related innovation activities.

Applicants are encouraged to explore and demonstrate synergies with the work conducted in the European Reference Network for Critical Infrastructure Protection (ERNCIP), as applicable.

[1] Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC.

[2] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive).

[3] COM(2020) 605 final.

View on EU Portal →

Destination & Scope

Proposals for topics under this Destination should set out a credible pathway to contributing to the following expected impact of the Horizon Europe Strategic Plan 2021-2024:“[…] resilience and autonomy of physical and digital infrastructures are enhanced and vital societal functions are ensured, thanks to more powerful prevention, preparedness and response, a better understanding of related human, societal and technological aspects, and the development of cutting-edge capabilities for […] infrastructure operators […]”

More specifically, proposals should contribute to the achievement of one or more of the following impacts:

  • Ensured resilience of large-scale interconnected systems infrastructures and the entities that operate them in in case of complex attacks, pandemics, natural and human-made disasters, or the impacts of climate change;
  • Upgraded systems for resilience of the operators and the protection of critical infrastructure to enable rapid, effective, safe and secure response and without substantial human intervention to complex threats and challenges, and better assess risks ensuring resilience and open strategic autonomy of European infrastructures;
  • Resilient and secure smart cities are protected using the knowledge derived from the protection of critical infrastructures and systems that are characterised by growing complexity.

The capabilities built by research and innovation in this Destination would clearly be relevant to be better prepared for potential future challenges to European internal security and crises as the ones in Ukraine in 2022.

Where possible and relevant, synergy-building and clustering initiatives with successful proposals in the same area should be considered, including the organisation of international conferences in close coordination with the Community for European Research and Innovation for Security (CERIS) activities and/or other international events.

Eligibility & Conditions

General conditions

General conditions

1. Admissibility conditions: described in Annex A and Annex E of the Horizon Europe Work Programme General Annexes

Proposal page limits and layout: described in Part B of the Application Form available in the Submission System

2. Eligible countries: described in Annex B of the Work Programme General Annexes

A number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon Europe projects. See the information in the Horizon Europe Programme Guide.

If projects use satellite-based earth observation, positioning, navigation and/or related timing data and services, beneficiaries must make use of Copernicus and/or Galileo/EGNOS (other data and services may additionally be used).

The following additional eligibility criteria apply:

This topic requires the active involvement, as beneficiaries, of at least 3 infrastructure operators, which could include civil protection authorities, at national level from at least 3 different EU Member States or Associated Countries. For these participants, applicants must fill in the table “Information about security practitioners” in the application form with all the requested information, following the template provided in the submission IT tool.

3. Other eligibility conditions: described in Annex B of the Work Programme General Annexes

4. Financial and operational capacity and exclusion: described in Annex C of the Work Programme General Annexes

  • Award criteria, scoring and thresholds are described in Annex D of the Work Programme General Annexes

  • Submission and evaluation processes are described in Annex F of the Work Programme General Annexes and the Online Manual

  • Indicative timeline for evaluation and grant agreement: described in Annex F of the Work Programme General Annexes

Eligible costs will take the form of a lump sum as defined in the Decision of 7 July 2021 authorising the use of lump sum contributions under the Horizon Europe Programme – the Framework Programme for Research and Innovation (2021-2027) – and in actions under the Research and Training Programme of the European Atomic Energy Community (2021-2025). [[This decision is available on the Funding and Tenders Portal, in the reference documents section for Horizon Europe, under ‘Simplified costs decisions’ or through this link: https://ec.europa.eu/info/funding-tenders/opportunities/docs/2021-2027/horizon/guidance/ls-decision_he_en.pdf]].

6. Legal and financial set-up of the grants: described in Annex G of the Work Programme General Annexes

 

Specific conditions

7. Specific conditions: described in the [specific topic of the Work Programme]

 

Documents

Call documents:

Standard application form — call-specific application form is available in the Submission System

Standard application form (HE RIA, IA)

Standard evaluation form — will be used with the necessary adaptations

Standard evaluation form (HE RIA, IA)

MGA

Lump Sum MGA v1.0

 

Call-specific instructions:

Template for Security & eligibility conditions in Horizon Europe

Additional documents:

HE Main Work Programme 2023–2024 – 1. General Introduction

HE Main Work Programme 2023–2024 – 3. Research Infrastructures

HE Main Work Programme 2023–2024 – 6. Civil Security for Society

HE Main Work Programme 2023–2024 – 13. General Annexes

HE Programme Guide

HE Framework Programme and Rules for Participation Regulation 2021/695

HE Specific Programme Decision 2021/764

EU Financial Regulation

Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment

EU Grants AGA — Annotated Model Grant Agreement

Funding & Tenders Portal Online Manual

Funding & Tenders Portal Terms and Conditions

Funding & Tenders Portal Privacy Statement

Support & Resources

Online Manual is your guide on the procedures from proposal submission to managing your grant.

Horizon Europe Programme Guide contains the detailed guidance to the structure, budget and political priorities of Horizon Europe.

Funding & Tenders Portal FAQ – find the answers to most frequently asked questions on submission of proposals, evaluation and grant management.

Research Enquiry Service – ask questions about any aspect of European research in general and the EU Research Framework Programmes in particular.

National Contact Points (NCPs) – get guidance, practical information and assistance on participation in Horizon Europe. There are also NCPs in many non-EU and non-associated countries (‘third-countries’).

Enterprise Europe Network – contact your EEN national contact for advice to businesses with special focus on SMEs. The support includes guidance on the EU research funding.

IT Helpdesk – contact the Funding & Tenders Portal IT helpdesk for questions such as forgotten passwords, access rights and roles, technical aspects of submission of proposals, etc.

European IPR Helpdesk assists you on intellectual property issues.

CEN-CENELEC Research Helpdesk and ETSI Research Helpdesk – the European Standards Organisations advise you how to tackle standardisation in your project proposal.  

The European Charter for Researchers and the Code of Conduct for their recruitment – consult the general principles and requirements specifying the roles, responsibilities and entitlements of researchers, employers and funders of researchers.

Partner Search Services help you find a partner organisation for your proposal.

 

Latest Updates

Last Changed: November 29, 2023

A total of 26 proposals have been submitted in response to this call. The number of proposals for each topic is shown below including the indicative budget of the topics for 2023:

·   HORIZON-CL3-2023-INFRA-01-01: 5 proposals (indicative budget: 5 M€)

·   HORIZON-CL3-2023-INFRA-01-02: 21 proposals (indicative budget: 9.5 M€)

The evaluation of the proposals will start by mid-December and will be closed by mid-February 2024. Applicants will be informed on the outcome of the evaluations in mid-April 2024.

 
Last Changed: June 29, 2023
The submission session is now available for: HORIZON-CL3-2023-INFRA-01-01(HORIZON-IA), HORIZON-CL3-2023-INFRA-01-02(HORIZON-IA)
Supporting operators against cyber and non-cyber threats to reinforce the resilience of critical infrastructures | Grantalist