Cyber-attacks get more sophisticated every day, thus affecting a large number of IoT-related infrastructures and raising security and privacy concerns of consumers and businesses. Security management of IoT infrastructures encompassing full lifecycle of products and continuous certification are fundamental tools to guarantee a high-level of security, as emphasized by the European Union Agency for Cybersecurity (ENISA) Cybersecurity Act (CSA). CERTIFY defines a methodological, technological, and organizational approach towards IoT security lifecycle management based on (i) security by design support, (ii) continuous security assessment and monitoring (iii) timely detection, mitigation, and reconfiguration, (iv) secure IoT Over-The-Air (OTA) updating, and (v) continuous security information sharing. To ensure the security compliance throughout the lifetime of the device, we propose the design and implementation of a cybersecurity lifecycle management framework for IoT devices. The framework is intended to support the device security management by collecting and sharing relevant security information both internally (via monitoring and self-assessment services) and externally, e.g., by interacting with device manufacturers, threat databases, certification authorities, Information Sharing and Analysis Centres (ISACs), and more. The received information is meant to support the local decision making with respect to the security, monitoring, updating and configuration of the device. Moreover, this information sharing will enable a continuous risk assessment, gathering evidence that could agile future certifications. CERTIFY's provides IoT stakeholders with mechanisms achieving high-level of security. CERTIFY will detect and respond to a wide spectrum of attack, in a collaborative/decentralized fashion. CERTIFY will validate the architecture through cutting-edge use-cases and pave the way towards innovative security in a broad spectrum of IoT environments.

Cybersecurity for children has become a rapidly growing topic due to the increased availability of the internet to children and their consequent exposure to various online risks. Children start going online at an early age, and are doing so even more after the sudden rise in remote schooling due to the COVID-19 pandemic. It is therefore very important to provide teachers with proper training in cybersecurity skills so that they can transfer them to their youngest pupils.SuperCyberKids aims to respond to this need by providing children aged 8 to 13 and their teachers with an educational ecosystem providing learning content on cybersecurity, using a game-based approach to increase motivation and engagement. The content will be delivered through a gamification platform, including two games on cybersecurity. The overall project approach is based on the delivery of the two main project results, the educational ecosystem and the related guidelines for implementing it. We will then carry out four pilots in four different settings (Europe-wide in English, and in local languages in Italy, Estonia, Germany) to test the results. This will lead to develop a Handbook of good practices on cybersecurity education in schools for children aged 8-13, including recommendations for researchers, school heads and teachers, parents, game and instructional designers, as well as Recommendations targeting relevant policy makers, regulatory bodies and institutions in cybersecurity education.Eight partners from 5 countries are involved, including the umbrella organisations dealing at EU level with cybersecurity (ECSO), and school heads (ESHA), who collect through their membership actors from all Europe. Thanks to ECSO and ESHA, stakeholders will be constantly involved in the project activities, through panel groups and small-scale enactment events, in addition to at least fifty school heads plus at least one-hundred teachers who will be directly participating in the pilot uses cases.

COBALT proposes the introduction of a Common Certification Model (CCM) for European industries, leveraging existing standards and composing a unified cybersecurity namespace for ICT processes. The proposal will uphold the paradigm of Digital Twinning (DT) via the creation of Digital Threads and extend it in a vertical agnostic approach across different industries, including Quantum computing (involving FHG’s Quantum Computer) and I4.0. The COBALT DT will explore technology disruption mainly focusing on AI and High-Performance Computing (HPC) via the analysis and certification of Quantum Processing Oracles (a Quantum Computer exposure operation that is used as input to another algorithm), and how different enablers of these paradigms can be certified in a vertical agnostic manner. Quantum is destined to play a pivotal role in Europe’s AI and Computing sovereignty, thus protecting such infrastructure and its relevant processes (Quantum Oracles), should be of top priority. Along with common information models, COBALT acknowledges the importance of trusted information exchange a critical feature for an effective certification process across different industries, especially regarding cybersecurity. Therefore, COBALT will focus on the integration of International Data Spaces (IDS) primitives as a basis for the data sharing platform across different stakeholders. IDS currently proposes different models and procedures to share information and data across different spaces in a trusted manner between two parties, this can facilitate the process to build a trusted end-to-end certification framework across different industry stakeholders. Finally, COBALT aims to build a decentralized solution to further accelerate technology adoption and harmonization for the different use cases to be adopted. For the proposed CCM to function as a long term and sustainable European solution for certification, it needs to adapt and flex according to different environment conditions.

Uptake of IoT and AI driven ICT systems in Europe is crucial for our common future, but it is dependent on our strategic ability to protect these systems from cyber threats and attacks on their privacy. IRIS addresses this challenge with a collaborative-first approach centered around CERTs/CSIRTs. From a technological perspective, it deploys (i) autonomous detection of IoT and AI threats, enriched with (ii) privacy-aware intelligence sharing and collaboration, and (iii) advanced data protection and accountability. Crucially, IRIS introduces (iv) the first dedicated online training and cyber exercises to prepare CERTs/CSIRTs to collaboratively protect critical infrastructures and systems against cross-border AI and IoT threats. IRIS will be validated in three pilot demonstrators, focussing in the IoT, AI and cross-border dimensions, across three existing smart city environments (in Helsinki, Tallinn and Barcelona), involving the associated national/governmental CERTs/CSIRTs, cybersecurity authorities and municipalities. The scenarios will contain real-life inspired cyber incidents that will build up into pilots at all levels (from local to national and to cross-border) to showcase the versatility of the IRIS solution. With 19 key partners from around Europe and 5 CERTs/CSIRTs as Associated Partners, IRIS’s solid consortium composition and work plan prioritises the effectiveness needed for quick real-world adoption and impact. Moreover, integration will be carried out on the EU’s existing MeliCERTes platform, with the support of NETCOMPANY-INTRASOFT, while training will build upon THALES’s existing cyber range, and ECSO will ensure the contribution to standards and policymaking. With the formal support of the four H2020 Cybersecurity Competence Network Pilot Projects, IRIS will also actively engage with the full scope of the cybersecurity ecosystem in Europe.