In the domain of Cybersecurity Research and innovation, European scientists hold pioneering positions in fields such as cryptography, formal methods, or secure components. Yet this excellence on focused domains does not translate into larger-scale, system-level advantages. Too often, scattered and small teams fall short of critical mass capabilities, despite demonstrating world-class talent and results. Europe’s strength is in its diversity, but that strength is only materialised if we cooperate, combine, and develop common lines of research. Given today’s societal challenges, this has become more than an advantage – an urgent necessity. Various approaches are being developed to enhance collaboration at many levels. Europe’s framework programs have sprung projects in cybersecurity over the past thirty years, encouraging international cooperation and funding support actions. More recently, the Cybersecurity PPP has brought together public institutions and industrial actors around common roadmaps and projects. While encouraging, these efforts have highlighted the need to break the mould, to step up investments and intensify coordination. The SPARTA proposal brings together a unique set of actors at the intersection of scientific excellence, technological innovation, and societal sciences in cybersecurity. Strongly guided by concrete and risky challenges, it will setup unique collaboration means, leading the way in building transformative capabilities and forming world-leading expertise centres. Through innovative governance, ambitious demonstration cases, and active community engagement, SPARTA aims at re-thinking the way cybersecurity research is performed in Europe across domains and expertise, from foundations to applications, in academia and industry.

More than ever, Europe needs cybersecurity. With the constant development of new malicious software, cyberattacks have been on the rise. Due to new attack vectors and encryption, novel attacks are undetectable to humans and simple rules and signatures. Without holistic and interdisciplinary cybersecurity solutions, the citizens’ lives, well-being, money and other assets are at risk. The PERUN project will strengthen the European cybersecurity by providing novel solutions powered by artificial intelligence and machine learning, to analyse and counter emerging cyberthreats to software, firmware and hardware in an efficient and cost-effective way. The PERUN project aims to enhance the security and resilience of digital infrastructures - national-level cybersecurity infrastructures, education and research networks, critical energy infrastructures, digital infrastructures of NGOs providing critical services and security operations centers (SOCs) across various sectors - by developing advanced cybersecurity solutions that leverage AI/ML technologies. To this end, PERUN will produce a set of innovative methods and algorithms to analyse data and detect new types of malware, as well as a collection of high TRL tools and products using new scientific approaches, all validated by representatives of the critical sectors. The results will be communicated and disseminated, not only to reach a broad range of stakeholders, but also to raise public awareness of cyberthreats. The tangible results of PERUN will be applied in five real-life scenarios pertaining to critical sectors such as nonprofits, energy, telecommunications, private SOCs and CERTs/CSIRTs. Owing to their high TRL and versatility, they will be an instant boost to Europe’s cybersecurity, whilst increasing its strategic autonomy and technological advantage.

SISSDEN is a project aimed at improving the cybersecurity posture of EU entities and end users through development of situational awareness and sharing of actionable information. It builds on the experience of Shadowserver, a non-profit organization well known in the security community for its efforts in mitigation of botnet and malware propagation, free of charge victim notification services, and close collaboration with Law Enforcement Agencies, national CERTs, and network providers. The core of SISSDEN is a worldwide sensor network, which will be deployed and operated by the project consortium. This passive threat data collection mechanism will be complemented by behavioral analysis of malware and multiple external data sources. Actionable information produced by SISSDEN will be used for the purposes of no‐cost victim notification and remediation via organizations such as National CERTs, ISPs, hosting providers and Law Enforcement Agencies such as EC3. It will especially benefit SMEs and citizens, which do not have the capability to resist threats alone, allowing them to participate in this global effort, and profit from the improved information processing, analysis and exchange of security intelligence, to effectively prevent and counter security breaches. The main goal of the project is creation of multiple high-quality feeds of actionable security information that will be used for remediation purposes and for proactive tightening of computer defences. This will be achieved through development and deployment of a distributed sensor network based on state-of-the-art honeypot/darknet technologies and creation of a high-throughput data processing center. SISSDEN will provide in-depth analytics on the collected data and develop metrics that will be used to establish the scale of most important security issues in the EU, and impact of the project itself. Finally, a curated reference data set will be created and published to provide a high-value resource.

Evolving business models are progressively reshaping the scope and structure of ICT services, with massive introduction of virtualization paradigms and tight integration with the physical environment. Several market forces are already driving towards the creation of multi-domain and complex business service chains, which undoubtedly bring more agility in service deployment and operation but introduce additional security and privacy concerns that have not been addressed in a satisfactory way yet. Tackling conflicting trends in the cybersecurity market, like fragmentation or vendor lock-ins, GUARD will develop an open and extensible platform for advanced assurance and protection of trustworthy and reliable business chains spanning multiple administrative domains and heterogeneous infrastructures. The purpose of GUARD is manifold: i) to increase the information base for analysis and detection, while preserving privacy, ii) to improve the detection capability by data correlation between domains and sources, iii) to verify reliability and dependability by formal methods that take into account configuration and trust properties of the whole chain, and iv) to increase awareness by better propagation of knowledge to the humans in the loop. The distinctive approach of GUARD will be the architectural separation between analysis and data sources, mediated by proper abstraction; this paradigm will result in an open, modular, pluggable, extendable, and scalable security framework. This holistic solution will blend security-by-design with enhanced inspection and detection techniques, raising situational awareness at different levels of the companies’ structure by tailored informative contents, so to enable quick and effective reaction to cyber-threats. Demonstration and validation in two challenging scenarios is envisioned to bring the technology to an acceptable level of maturity, as well as direct involvement of relevant stakeholders for concrete business planning.