The European CYberSecurity cPPP ‐ ECYS Draft Proposal 12 April 2016
The urgency to act • We cannot miss the window opportunity for budgetary reasons: create a synergy among the different EC budgets via the cPPP, already from 2017 • Europe's contribution to solutions is lagging behind in this sector which is increasingly pervasive in all applications Urgent need for industry in Europe to develop innovative solutions responding to competitive and societal issues, in a global strategy • The political need to provide our users with trusted solutions according to EU values, laws and procedures.
European Cybersecurity cPPP: The Challenges The ambitious timeline (building on previous work) • The consensus building ( several MS already contributed to Statutes and • Bylaws following the meeting of January 20 th , further MS comments' are welcome ‐ until end of April as it would then be critical for the targeted timeline) The content (merging societal security with competitiveness) • The positioning of the different Members: • – MS, (H2020) Associate Countries, Regions – Industry (large; SMEs; EU and "Non EU") – Associations / Clusters (EU, National, Local) – RTOs / Academia – Users / Operators (public and private) The budgetary commitment (leverage factor) •
Consensus building • Kick off cPPP: EC meeting with MS representatives (1 public + 1 private) + EU bodies on January 20 th • 5 coordinators of the work to define proposal for SRIA, Industry Proposal, Association, Contract, Membership & Governance • Work done in WGs, regular update to January 20 th participants and to all those who have requested to be informed • Invitation to join the cPPP launched March 10 th • Main trends on the different documents provided to the Commission • "Stabilised" draft, to be distributed next week to bodies having expressed interest • Discussions in countries (public and private bodies): further remarks to be considered possibly by end of April.
Cybersecurity: a different cPPP Leveraging upon H2020 rules • Open to any entity eligible under H2020 rules • Developing a SRIA and supporting its implementation and the H2020 projects defined • in the Work Programme The cPPP will focus on R&I, the Association will tackle other industry policy aspects • for the market and industrial / economic development Convergence of Secure Societies and LEIT ICT: societal and competitiveness issues • Cybersecurity: a transversal issue, pervasive in all sector (economic, societal, …): large • number of stakeholders, of interests, of constraints… Squaring the circle! Supporting the development of the cybersecurity industry in Europe and EU trusted • solutions, including cooperation with Third Countries. Security: a national prerogative. Stronger participation of representatives from the • national administrations Interest from national Public Administrations: Representatives to the two PCs + • Ministries (Interior, Economy, etc.) + Regulatory Bodies (and, of course, as users)
Cybersecurity cPPP strategic objectives (from the Industry Proposal) The European Cybersecurity cPPP has three main strategic objectives: Security underlying the growth of the European Digital Single Market • The creation of a strong European ‐ based offering and an equal level playing field to meet the • needs of the emerging digital market with trustworthy and privacy aware solutions The growth and the presence of Europe's cybersecurity industry, in the global market • To reach these objectives, the Cybersecurity cPPP should leverage complementary work: The coordination of R&I in the frame of H2020 characterized by a cross ‐ sectoral, technology ‐ • neutral, interoperable, and holistic approach The development of industrial policy activities to support the growth of the cybersecurity • industry in Europe and broadly deploy innovative solutions and services for the most economically important and growing end markets as well as for security sensitive applications To achieve maximum leverage for impact all proposed cPPP activities will : be designed and deployed to be technology ‐ neutral, interoperable and transparent • combine security and privacy improvements – not only partially but with positive, measurable • impact for the system solution all along the value chain elaborate and indicate which is the addressed minimum (where applicable higher) level of • security and give a workable guideline for supportive policy activities such as certification and labelling provide evidence how the approach enhances trust and acceptance by citizens, consumers and • businesses
Link Applications (verticals) / ICT Infrastructure / Cybersecurity Products & Services Hyperconnected (Critical) Infrastructures Smart Public Vertical Industry & Energy Transport Finance Services / Health Other Domains 4.0 Secure eGovernment Cities Built on top of IoT Mobile Embedded Network Cloud/ Other Secure ICT s / 5G web services infrastruct ures Relying on security and privacy Identity and access compliance security operations services Trust management Network security (device/endpoint) Risk management and certification Security training systems security cloud security management Data security Products& Services by design security Audit, Cyber Research Areas/ Topics Technology Research
Mechanisms for SRIA implementation
Technical Priorities for the cPPP We consider the following classification and grouping for the cybersecurity Products & Services: Fostering assurance and security and privacy by design Identity, access and trust management ( Identity and Access Management, Trust Management) Data protection Protecting the ICT Infrastructure (Cyber Threats Management, Network Security, System Security, Cloud Security, Trusted hardware/ end point security/ mobile security) Security services (Auditing, compliance and certification, risk Management, cyber security operation, security training services) Area Prioritization 0 0.5 1 1.5 2 2.5 Protecting the ICT Infrastructure and enabling secure execution: Analysis and presentation Focus on data protection (including crypto) (structure similar to WP) Scope • Fostering assurance and security and privacy by design Research challenges • Expected outcome • Identity, access and trust management #REF! Time line • Security Services
Relevant issues/activities to the cPPP Education, training, and skills development • Fostering innovation in cyber security • o Develop a cyber security ecosystem o Define the cyber security value chain Policy, regulation, standardisation and certification • o Standardisation (pre ‐ standardisation possibly in the cPPP) o Regulation o EU Cyber Security quality/ trust label o Boosting SMEs o Bottom ‐ up Fast Track for Cybersecurity Innovation Societal aspects •
Industry Proposal* Vision Scene Setter Expected Impact • o The nature of the cyber threat Description of Industry commitment • o Overview of the current situation in Europe Expected impact on strategic objectives • o The strengths, weaknesses, opportunities Impact of cybersecurity on strategic sectors: a • and threats market analysis o Market Analysis Ability to Leverage Additional Investments • Needs for action Monitoring: KPIs • • Overall long term vision of the PPP Proposed methodology for monitoring the • • commitments Strategic and specific Objectives of the PPP • Risks Added Value of actions at Union Level • • Added value of implementation via a • contractual PPP Governance Actors behind this proposal Overview of the governance model • • IPR Principles • Research and Innovation Strategy (SRIA) Association Statues and Modus Operandi of • the Association Scope of R&D and Innovation Challenges • Technical Priorities • * According to article 25 Technical priorities and vertical sectors • Non ‐ Technical Priorities and Supporting Action • Societal aspects • Indicated timeline and estimated budget •
Recommend
More recommend