New advanced tools and processes for Operational Cybersecurity

Action launched by the ECCC to incorporate ‘expected impact’ language set out in the ‘Destination – Increased Cybersecurity’ section of this work programme part.

Destination - Increased Cybersecurity

The strategic plan 2025-2027 identifies the following impact: "Increased cybersecurity and a more secure online environment by developing and using effectively EU and Member States’ capabilities in digital technologies supporting protection of data and networks aspiring to technological sovereignty in this field, while respecting privacy and other fundamental rights; this should contribute to secure services, processes and products, as well as to robust digital infrastructures capable to resist and counter cyber-attacks and hybrid threats".

Under this Work Programme, the Commission intends to conclude a contribution agreement entrusting the European Cybersecurity Competence Centre (ECCC) with the implementation of call topics related to Increased Cybersecurity. Please refer to "Indirectly managed action by the ECCC" in the section "Other Actions" of this Work Programme part – including the Appendix providing the call specifications for information purposes. Those specifications incorporate ‘expected impacts’ set out below.

Expected impacts:

• Support the EU’s technological capabilities by investing in cybersecurity research and innovation to further strengthen its leadership, strategic autonomy, digital sovereignty and resilience;
• Help protect its infrastructures and improve its ability to prevent, protect against, respond to, resist, mitigate, absorb, accommodate and recover from cyber and hybrid incidents, especially given the current context of geopolitical change;
• Support European competitiveness in cybersecurity and European strategic autonomy, by protecting EU products and digital supply chains, as well as critical EU services and infrastructures (both physical and digital) to ensure their robustness and continuity in the face of severe disruptions;
• Encourage the development of the European Cybersecurity Competence Community;
• Particular attention will be given to SMEs, who play a crucial role in the cybersecurity ecosystem and in overall EU digital single market competitiveness, by promoting security and privacy ‘by design’ in existing and emerging technologies.

The use of and dependence on information and communication technologies have become fundamental aspects in all sectors of the economy. Public administrations, companies and citizens are more interconnected and interdependent across sectors and borders than ever before. This higher uptake of digital technologies increases exposure to cyber security incidents, vulnerabilities and their potential impacts. At the same time, Member States are facing growing cybersecurity risks and an overall complex threat landscape, with a clear risk of rapid spill-over of cyber incidents from one Member State to others.

Moreover, cyber operations are increasingly integrated in hybrid and warfare strategies, with significant effects on the target. In particular, the current geopolitical context is being accompanied by a strategy of hostile cyber operations, which is a game changer for the perception and assessment of the EU’s collective cybersecurity crisis management preparedness and a call for urgent action. The threat of a possible large-scale incident causing significant disruption and damage to critical infrastructure and data spaces demands heightened preparedness at all levels of the EU’s cybersecurity ecosystem. In recent years, the number of cyberattacks has increased dramatically, including supply chain attacks aiming at cyberespionage, ransomware, or disruption. The vulnerability landscape is also threatening. The ENISA Threat Landscape Report 2024^[1] counts a total of 19,754 vulnerabilities. This amount of vulnerabilities can’t be manually managed by humans. There is a need for automated management of vulnerabilities based on established standards like the Common Security Advisory Framework (CSAF)^[2].

As regards detection of cyber threats and incidents, there is an urgent need to increase the exchange of information and improve our collective capabilities in order to reduce drastically the time needed to detect cyber threats and mitigate, before they can cause large-scale damage and costs. While many cybersecurity threats and incidents have a potential cross-border dimension, due to the interconnection of digital infrastructures, the sharing of relevant information among Member States remains limited. Proposals are expected to address this emerging threat landscape with the development of advanced frameworks, services tools, and processes, in line with relevant EU legislation (NIS2, Cyber Resilience Act, Cyber Solidarity Act).

Lastly, focus should be given to developing innovative frameworks, technologies, tools, processes, and services that reinforce cybersecurity capabilities for operational and technical cybersecurity cooperation, in line with relevant EU policy, with particular focus on NIS2, Cyber Solidarity Act and the EU Cybersecurity Strategy, as well as legal and ethical requirements.

Proposals should address at least two of the following expected outcomes:

• Enhanced Situational Awareness through advanced Cyber Threat Intelligence frameworks, tools, and services as well as cybersecurity risk assessments of critical supply chains made in the EU,
• Frameworks, tools, and services for preparedness against Cyber and Hybrid Threats in information and communication technology (ICT) and operational technology (OT), including cybersecurity exercises,
• Expanded Security Operations Centre/Computer Security Incident Response Teams (SOC/CSIRT) functionality through advanced tools and services for detection, analysis, incident handling including response and reporting as well as remediation,
• Development of testing and experimentation facilities for advanced tools and processes for operational cybersecurity, including the creation of digital twins for critical infrastructures and essential and important entities as defined in NIS2,
• Development and pilot implementation of cross-sector and/or cross-border cyber crisis management frameworks, services, and tools,
• Frameworks, services, and tools aimed at mechanisms and processes for enhanced operational cooperation between public sector entities (CSIRT network, EU-CyCLONe). Extension of the above to essential and important entities as defined in NIS2 ^[3], would be an advantage.

Proposals are expected to demonstrate the developed frameworks, tools, services, and processes through pilot implementations involving the participation of relevant national cybersecurity authorities and/or essential and important entities as defined in NIS2, implemented with the participation of leading European cybersecurity industry. Proposals should consider the impact of forthcoming legislation, in particular the Cyber Resilience Act.

Real world applications and the usability of the solutions developed should feature predominately in the proposals.

The participation of the following types of entities is highly encouraged: innovative European cybersecurity start-ups and SMEs with a proven track-record in cybersecurity innovation at EU level (e.g. active participation in successful EU funded projects including cybersecurity projects under Horizon Europe, Digital Europe Programme cybersecurity projects or EIC Pathfinder or Accelerator projects), European start-ups and SMEs that can demonstrate established operational cooperation with relevant National Cybersecurity Authorities, European start-ups and SMEs that have received equity investments by national, European or private Venture Capital funds for cybersecurity activities etc. The participation of these start-ups and SMEs with an active role in the implementation of the proposed action (project coordination, technical coordination, lead of pilot implementation etc) would be considered an asset.

[1] The ENISA Threat Landscape Report 2024: ENISA Threat Landscape Report 2024: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024

[2] Common Security Advisory Framework (CSAF): https://csaf.io/

[3] Directive on measures for a high common level of cybersecurity across the Union: https://eur-lex.europa.eu/eli/dir/2022/2555