Research, development and innovation

A personalised, customised, work-based training framework for enhanced CYbeR-security skills across indUstrial Sectors The CYRUS project proposes a novel training system focused on cybersecurity for Transport and Manufacturing organizations. Understanding that cybersecurity is essential in protecting the massive data generated and exchanged by modern devices, the project offers a framework for training employees to identify and mitigate cyber threats. This approach includes innovative methods such as virtualization, dedicated cyber-range simulations, and work-based learning. These methods allow for efficient course delivery, catering to employees at different levels and roles, from new entrants to managers. The training paths are customized according to the audience's skills, know-how, and attitudes, providing comprehensive cybersecurity competency within the organization.

Cross-platform Open Security Stack for Connected Devices
The CROSSCON project addresses security challenges in the fragmented IoT landscape by designing a new, flexible, portable, and vendor-independent IoT security stack. This stack can run on various edge devices and hardware platforms, offering a consistent security baseline across an entire IoT system. The stack's specifications are formally verified, and it offers a unified set of trusted APIs, modular security features, and a complete Trusted Execution Environment (TEE) for devices that lack security features. CROSSCON provides open specifications of the stack and an open-source reference implementation.

The Ecosystem Framework of next generation AI-based services for critical system robustness, resilience, and appropriate response in the face of advanced and AI-powered cyberattacks The AI4CYBER project aims to develop an Ecosystem Framework using AI and Big Data technologies to improve cybersecurity. It recognizes the dual nature of AI, which can both defend against and be used for cyber attacks. The project will offer AI-powered software robustness and security testing services for smarter flaw identification and automated code fixing. It will also offer services to detect and analyze AI-powered attacks, improving system resilience. Additionally, AI4CYBER will support incident response, helping security operators optimize security protection orchestration and continuously learn from system status and defense efficiency. The project ensures its technology respects fundamental rights and values, integrating explainability, fairness, and robustness into its components. The framework will be validated in three scenarios: the detection and mitigation of AI-powered attacks against the energy sector, banking application adaptation to face AI-powered attacks, and hospital service resilience against advanced cyber-physical attacks.