We have come a long way since the cyberwatching.eu project began back in Spring 2017. The cybersecurity landscape in Europe was a very different and quite fragmented place: The NIS Directive had not long been adopted, ECSO and its WGs were holding their first meetings and the GDPR was still to come into force. Since then, the landscape has evolved and throughout this cyberwatching.eu and its partners have been monitoring, engaging, and contributing directly to the wide-range of measures the EU has adopted to shield the European Digital Single Market and protect infrastructure, governments, businesses and citizens.
With a number of sustainable assets, cyberwatching.eu officially closed at the end of July 2021. However, with a number of results which will continue to live on, project partners are making sure the project leaves a lasting legacy which will continue to contribute to this evolving landscape.
The cyberwatching.eu consortium led by Trust-IT Services and is made up of key players in the European landscape with expertise in: research (Oxford University); SME networks (AEI Ciberseguridad and Digital SME Alliance); Policy making (Conceptivity); Privacy (ICT Legal Consulting); and risk management (AON).
Let’s start first with the core of cyberwatching.eu’s work. With cybersecurity a key pillar of the EC’s digital strategy cyberwatching.eu has delivered an EU Project Radar which gives a clarity to a busy landscape. The radar provides an interactive “birds-eye” view of the complete collection of EU funded projects in the cybersecurity space. Over 260 projects are organized by high-level categories, their lifecycle stage and relative market and technology maturity. Users can also zoom in on technology and vertical sectors (defined by the EC’s JRC cybersecurity taxonomy) in order to identify projects that are focusing on these areas. With 5 iterative versions dating back to 2018, the radar provides detailed analysis of the cybersecurity priorities over time. What is really special about the radar though is its live version. Managed directly by the projects it maps, researchers and innovators working in the EC R&I space can actually update their data in real-time and at the same time actually carry out a self-assessment on their market and technology readiness levels at the same time.
David Wallom, Associate Professor at the Oxford University eResearch centre comments
The radar offers a unique vision an ever-evolving landscape. It processes and analyses detailed landscape data for users such as policymakers, researchers and companies make swift yet statistically sound statements on the state of the art of the European cybersecurity and privacy research landscape.
Behind the radar lies detailed information managed by a community of R&I projects which have been funded by the EC. Realising the importance of supporting project-to-project collaboration to address technology and sector-specific challenges, as well as joint dissemination actions to further market readiness, cyberwatching,eu has established six sector-specific clusters (health, energy, finance, critical infrastructure, GDPR, threat intelligence) involving over 25 projects and providing key support to deliver joint recommendations and over 10 webinars.
Marina Ramírez Jiménez, project manager at AEI Ciberseguridad comments.
Thanks to our understanding of the market and technology readiness of projects, we’ve been able to cluster them into meaningful clusters. The clusters demonstrate the value of collaborating to align on joint recommendations and showcasing results together through joint events and webinars.
The announcement of the new EU Competence Centre in Bucharest earlier this year represents a watershed moment for a truly European approach to cybersecurity. Contributing to this, Cyberwatching.eu has played a constructive role in facilitating collaboration between four Competence Centre Pilot projects since their conception in 2019. From organizing the first of a number of joint-public workshops to providing documentation detailing activities and respective roadmaps (included in this document), we have consistently engaged and contributed to supporting their dialogue and alignment between them.
The European Union and the EU Member States are building the necessary cybersecurity culture and capabilities to resist and counteract the very real and ever-changing cyber threats and cyber-attacks. In the duration of the cyberwatching.eu project, the regulatory landscape has evolved through a number of regulatory tools, including regulations, directives and manifold opinions, guidance, and tools aiming to guarantee a higher level of data protection to European citizens and an increased legal certainty. We captured this transformation first in a key document “Building Strong Cybersecurity in the European Union” presented by the EC’s delegation visit to the US in 2019.
The roadmap is an essential read. It builds upon the significant number of already existing roadmap efforts and modules, domains, categories, taxonomies and concepts. This is an important effort to understand the commonalities and the differences in approach not only in Europe but also beyond.
In 2018, the General Data Protection Regulation (GDPR) became the first landmark in the evolutionary landscape in Europe safeguarding data protection, transparency, purpose limitation, and many more rights and guarantees to data subjects. Following that, the Directive on security of network and information systems (NIS Directive) imposed a minimum standard on operators of essential services and digital services ensuring that the European critical infrastructure would be harmonised.
The cybersecurity and privacy landscape moves fast. More often than not, much faster than legal regulations can cater for. New technologies such as AI, Blockchain and IOT have emerged and with them new challenges which need to be addressed. Cyberwatching.eu has provided a robust package of recommendations (see D3.4, 3.5 and D3.7) facing both the policymakers and the Supervisory Authorities, to address stakeholders’ needs in this area.
Paolo Balboni, founding partner of ICT Legal Consulting explains.
Clear explanations of the fundamental obligations on data protection and data (cyber-)security included in the EU legislation, are best provided by the experts that practice and apply such laws on a day-to-day basis, making the cyberwatching.eu partners the most appropriate resource of creating this impact. The ultimate aim of merging legal and technical knowledge and practical observation of reality was to develop online tools that are meant to complement one another, resulting in self-assessment tools that provide handy self-explanatory legal and practical recommendations for all stakeholders, including SMEs.
Sebastiano Toffaletti, Secretary-General, European DIGITAL SME Alliance picks up on the importance of this for SMEs.
SMEs have a vital role to play in the development of Europe’s cybersecurity capacities and digital sovereignty. SMEs make up the backbone of the European economy, accounting for 99% of businesses in Europe. A clear need for reliable and trusted self-assessment resources for SMEs to understand the GDPR and their cybersecurity posture was identified early in the project and then addressed successfully.
The GDPR Temperature Tool and Information Notices Tool, provide expert guidance to SMEs providing an overview of their strengths and weaknesses in their compliance posture, and immediate recommendations on how to move forward, and suggestions of tools, software, and services they can consider to improve their compliance.
With the EU Cybersecurity Act is another milestone for Europe coming into force less than a year ago to provide an EU-wide harmonised framework to certify ICT products and services. cybersecurity certification can be a market differentiator for businesses. Certifications can help companies act with confidence and assure their customers and partners of their ability to defend themselves from cyberattacks and data breaches. However, for an SME, micro-enterprise or start-up, taking the first steps to certification can be both complex and daunting. By delivering the Cybersecurity Label in partnership with the the global leader of Testing, Inspections and Verifications SGS, cyberwatching.eu has provided a cost-effective resource for SMEs to understand and take first step towards certification. By including a lightweight approach of several and existing certification schemes, this self-assessment exercise includes the security requirements that any organization should comply with in order to demonstrate that it has securely implemented basic logical systems and measures to protect their assets against cyber-threats. Lucio González Jiménez, CyberLab Madrid Manager at SGS and AEI Ciberseguridad Vice-president explains:
With so many standards, schemes and methodologies around, the landscape can be confusing especially for start-ups, micro SMEs or even for those who approach certification ecosystem for the very first time. The Cybersecurity Label is a robust but lightweight first step for small businesses carry out a self-assessment to understand where their weaknesses and priorities lie as well as to appropriately approach further certification and standards they will have to face in the coming future.
The online resources above as well as the Risk Management Temperature Tool and various SME guides will live on through the Spanish Cybersecurity Digital Innovation Hub CyberDIH , which is part of a broader EU network. Paolo Modica, AON comments
The cyber risk assessment tool and guides are a real asset for SMEs wishing to succeed in the digital economy. It helps them to evaluate their cyber security environment and identify steps towards reducing their vulnerabilities.
The cyberwatching.eu marketplace is a unique platform which showcases both CS&P results from R&I projects in a market-oriented way and together with services and products from European SMEs. Through collaboration with ECSO to address their need for an SME Hub, a Marketplace v3 will be handed over and sustained by ECSO. The hub will become a lasting legacy of cyberwatching.eu.
A key driver for the marketplace and ECSO SME Hub is to increase the trust and confidence in European products and services, so that buyers can discern which products, services and solutions can be trusted. It is also a market support and networking tool for European Cyber SMEs, helping them to create more market transparency and to reach out far beyond their traditional home markets, which are usually nationally or regionally limited. Finally, the Hub shall give the possibility to serve as a market differentiator between SMEs based on their broadness of service, quality and capability to deliver.
So, although cyberwatching.eu comes to an end, we see a new beginning with partnerships formed between project partners, a legacy of lasting and sustained outputs and new challenges and horizons with the European Commission’s Horizon Europe and Digital Europe Programmes.
Nicholas Ferguson, Coordinator of cyberwatching.eu and Senior Project Manager at Trust-IT Services concludes.
The introduction of new regulations in Europe and the changing technological landscape has heralded new challenges and at the same time, new opportunities. Through cyberwatching.eu we’ve been able to carefully monitor the changing landscape and deliver useful and practical resources to both the research and SME communities in Europe and bring them closer together. Together we will continue to build on our results in order to ensure that we continue to play our part in making a more resilient and trusted Digital Single Market.