The TRAPEZE project aims to drive a cultural shift in the protection of the European data economy by weaving trust into its very foundation and reconstructing the concepts of control, transparency, and compliance through technical and methodological, citizen-first, innovations. Driven by the needs of three distinct real-world use cases, TRAPEZE brings together over a decade worth of EU-funded research in security and privacy, as well as proprietary solutions and know-how, towards realistic and marketable solutions. We will develop technologies which: (i) empower citizens with the necessary tools and know-how to manage their security and privacy and actively contribute to the cyber resilience of the common European data space; (ii) enforce the integrity and nonrepudiation of citizens’ data usage policies and processing across data sources and controllers’ borders; (iii) dynamically acquire citizens’ consent and adjust their data policies in real time in response to their changing circumstances; (iv) protect citizens’ online communications and applications running on their personal devices against malicious agents; and (v) provide citizens, as well as other relevant stakeholders (including controllers, CERTs/CSIRTs, and data protection authorities) with a comprehensible overview of transborder data lineage and flows, as well as proof of legal compliance, even in big data environments. By relying on Linked Data and Blockchain, TRAPEZE will lead the way in putting the often-misplaced cutting-edge technologies to practical use and become a lighthouse for European and global initiatives aiming to deliver privacy-aware innovations. Finally, to ensure citizens of all groups can have an active role in the protection of their data flows, TRAPEZE will place a special emphasis on usability and co-production, involving European citizens directly in the development of its security- and privacy-enhancing technologies.

Cyber threats are the most significant and growing risk for public administrations (PA). However, technological, organisational and structural issues hamper the ability, especially for local PAs (LPAs) to improve their cyber security level. Budget constraints and evolving legal, ethical, societal and privacy regulations render the situation even more complex. COMPACT’s goal is to empower local LPAs to become the main actors of their cyber-resilience improvement process. COMPACT’s objectives are to 1) increase awareness, skills and protection; 2) foster information exchange between European LPAs; 3) link LPAs to major EU initiatives, including the newly created cyber-security private-public partnership. COMPACT innovates at technological level and at process level – an important dimension in engaging LPA employees in the improvement of cyber-resilience. At technological level, COMPACT innovates in real time security monitoring, security awareness training, information sharing, cyber-security gamification, risk assessment, and threat intelligence. At process level, COMPACT adapts the Plan-Do-Check-Act cycle for LPAs to do iterative removal of security bottlenecks and achieve compliance to EN ISO/IEC 27001 and BS ISO/IEC 27005. COMPACT delivers an integrated platform with 4 types of tools/services – 1) risk assessment, 2) education, 3) monitoring, and 4) knowledge sharing – characterized by a high degree of usability by non IT experts and automation. It protects LPAs’ investments by interoperating with market solutions from major vendors. It eases deployment and adoption by being both cloud-enabled (i.e. it addresses cloud specific issues) and cloud-ready (i.e. it can be deployed – if users wish– on the cloud). COMPACT validates its results through 5 challenging use cases provided by 5 users in 4 European countries. 90% of COMPACT solutions will achieve TRL7 and the residual part TRL6.

Our proposed GEIGER will be an innovative solution with associated components and an Education Ecosystem addressing security, privacy and data protection risks of and for Small and Medium-sized Enterprises and Microenterprises (SMEs&MEs) in Europe. GEIGER will be developed in analogy of a GEIGER counter for detecting atomic radiation threatening human life. The GEIGER solution will be used for assessing, monitoring, and forecasting risks and reducing these risks by improving the SMEs’&MEs’ security with well-curated tools, and an education program targeting practitioners-in-practice as “Certified Security Defenders” bringing security expertise sustainably to SMEs&MEs using existing vocational education frameworks. GEIGER consist of a GEIGER Indicator that dynamically summarizes the current level of risk by evaluating measures undertaken for security defences among the participating SMEs&MEs. The GEIGER Indicator can be personalised by registering the enterprise’s profile and supports GDPR-compliant sharing and exchanging data about incidents. The GEIGER Toolbox allows stepwise do-it-yourself assessment and improvement of the SMEs’&MEs’ security, privacy, and data protection with lightweight controls and advice for improved protection at varied levels of sophistication. The included tools offer endpoint, server, and network protection and guide the SME&ME in a personalised manner in data hygiene, including access and security control, data privacy management, and backup practices. The GEIGER Education Ecosystem offers experimental-based training and cyber range-enabled challenges and will be integrated into curricula of diverse professions of non-ICT experts, offering direct impact on SMEs&MEs through target group-oriented education. The GEIGER solution will be demonstrated in three complementary use cases within three countries. GEIGER will achieve sustainable impact by raising awareness of more than one million SMEs&MEs within a period of 2.5 years after start.

With the emergence of the digitization of information, ICT infrastructure and communications gave an unprecedented push towards the realization of truly interconnected passenger transport ecosystems at city-level. The emerging notion of multimodality supports a plethora of diverse transport services, typically offered from a central location. There however, the complex interconnected infrastructures ease the cyber-threats propagation while the underlying mosaic of fleets, personal hand-held devices and non-standardized data types increase the system's attack surface and require the authorities collaboration to proactively handle severe incidents. CitySCAPE leverages the skills and mature technology of its 15-partner consortium to systematically explore all different cybersecurity dimensions of multimodal transport. These dimensions will drive a characterization of the cyber-threats in the ICT multimodal transport, extended to the close-by power and financial sector. Innovative software tools will be introduced to estimate the threats propagation in the system. Then, CitySCAPE will realize a modular software toolkit enabled to be seamlessly integrated into any multimodal transport system to: a)detect suspicious traffic-data values and identify persistent threats; b)evaluate an attack's impact in technical and notably in financial terms; c)combine external knowledge and internally-observed activities to enhance the predictability of zero-day attacks; d)instantiate a networked overlay to circulate informative notifications to CERT authorities and support their interplay. The CitySCAPE solution will be tested over a timely set of use-cases involving ticketing applications, cyber-fraud and location data in the regional transport system of two European cities, where extensive experiments will showcase its effectiveness. The findings will steer training sessions of expert/non-expert audience and shape a strong standardization contribution to security (labelling) protocols.