Research, development and innovation

A personalised, customised, work-based training framework for enhanced CYbeR-security skills across indUstrial Sectors The CYRUS project proposes a novel training system focused on cybersecurity for Transport and Manufacturing organizations. Understanding that cybersecurity is essential in protecting the massive data generated and exchanged by modern devices, the project offers a framework for training employees to identify and mitigate cyber threats. This approach includes innovative methods such as virtualization, dedicated cyber-range simulations, and work-based learning. These methods allow for efficient course delivery, catering to employees at different levels and roles, from new entrants to managers. The training paths are customized according to the audience's skills, know-how, and attitudes, providing comprehensive cybersecurity competency within the organization.

Cross-platform Open Security Stack for Connected Devices
The CROSSCON project addresses security challenges in the fragmented IoT landscape by designing a new, flexible, portable, and vendor-independent IoT security stack. This stack can run on various edge devices and hardware platforms, offering a consistent security baseline across an entire IoT system. The stack's specifications are formally verified, and it offers a unified set of trusted APIs, modular security features, and a complete Trusted Execution Environment (TEE) for devices that lack security features. CROSSCON provides open specifications of the stack and an open-source reference implementation.

The Ecosystem Framework of next generation AI-based services for critical system robustness, resilience, and appropriate response in the face of advanced and AI-powered cyberattacks The AI4CYBER project aims to develop an Ecosystem Framework using AI and Big Data technologies to improve cybersecurity. It recognizes the dual nature of AI, which can both defend against and be used for cyber attacks. The project will offer AI-powered software robustness and security testing services for smarter flaw identification and automated code fixing. It will also offer services to detect and analyze AI-powered attacks, improving system resilience. Additionally, AI4CYBER will support incident response, helping security operators optimize security protection orchestration and continuously learn from system status and defense efficiency. The project ensures its technology respects fundamental rights and values, integrating explainability, fairness, and robustness into its components. The framework will be validated in three scenarios: the detection and mitigation of AI-powered attacks against the energy sector, banking application adaptation to face AI-powered attacks, and hospital service resilience against advanced cyber-physical attacks.

Assurance and certification in secure Multi-party Open Software and Services
The AssureMOSS project addresses the challenge of security and privacy assurance in today's European Digital Single Market, where software is often assembled from various Open Source Software repositories, undergoing continuous, distributed changes. Traditional techniques designed for large, infrequent updates need to adapt to smaller, frequent changes made by various third-party developers. AssureMOSS proposes a shift to artefact-based security evaluation, supporting all phases of the continuous software lifecycle. Key features include machine intelligent identification of security issues across artefacts, sound analysis and verification of changes, and business insight through risk analysis and security evaluation. This enables continuous (re)certification, supporting fast-paced better software development. The project comprises leading universities, innovative SMEs, large enterprises, and a Special Interest Group Organization. AssureMOSS will generate innovative methods, open-source tools, and benchmark datasets with vulnerabilities and code for further research.

End-to-end Security of Digital Single Market’s E-commerce and Delivery Service Ecosystem 
ENSURESEC is a comprehensive solution designed for safeguarding e-commerce operations against cyber and physical threats within the Digital Single Market. It offers an open-source toolkit for protecting e-commerce activities. Utilizing machine learning and formal reasoning methods, it provides built-in protection and continuous run-time monitoring. By leveraging distributed ledger technology, it ensures transparency and trust among its users. The system's approach is particularly effective in protecting widely dispersed and evolving e-commerce infrastructures, thereby contributing to the growth of a trusted digital single market.