Call: European infrastructures and their autonomy safeguarded against systemic risks
|Type of Fund||Direct Management|
|Description of programme |
"Horizon Europe - Cluster 3 - Destination 3: Resilient Infrastructure"
The reliable, robust and resilient operation of infrastructures is vital for the security, well-being and economic prosperity of people in Europe. They provide the basis for our daily lives, connect people to each other and guarantee different kinds of social and economic interactions. To be able to allow for such interactions, be it in transport, communications or services, infrastructures has grown more complex to keep up with the development of modern societies, while at the same time ensuring their resilience against disasters and the impacts of climate change and other factors that affect society e.g. demographic changes. Infrastructures operate and function in a rapidly evolving socio-technological and threat environment with increasingly interconnected networks highly reliant upon one another, which presents both risks and opportunities for their protection. They must be resilient towards different expected and unexpected events, emerging risks, be they natural or man-made, unintentional, accidental or with malicious intent.
The Security Union Strategy [[COM(2020) 605 final.]] identifies the protection of critical infrastructures as one of the main priorities for the EU and its Member States for the coming years. Specific reference is established to growing interconnectivity as well as emerging and complex threats: technological trends like the use of Artificial Intelligence and the rapid development of sophisticated unmanned vehicles, the impact of natural and man-made disasters, as well as major crisis scenarios like the COVID-19 pandemic and unexpected events. Infrastructure preparedness and protection is a technologically complex domain, affected by various global developments and thus needs to be supported by targeted security research. This Work Programme aims at supporting the protection of European infrastructures with relevant projects, enabling public and private actors to meet current and emerging challenges.
Technologically complex applications offer the possibility for better prevention and preparedness, can enable efficient response to different threats and faster recovery. But at the same time, they create new vulnerabilities. The potential damage resulting from their disruption can escalate rapidly and negatively affect wider parts of vital societal functions. For instance, this is the case of satellite-based positioning and timing systems, which provide a wealth of high quality Positioning, Navigation and Timing (PNT) services that are exploited by critical infrastructures such as transport and logistics, energy grids, drinking water network, dams, telecom networks or financial markets. Global Navigation Satellite System (GNSS) disruption or denial of services is recognised as an important economic and societal threat.
Infrastructures in the European Union are a high-value target for terrorist groups as well as agencies of third countries. With the Directive on identification and designation of European critical infrastructures and assessment of the need to improve their protection [[Directive (EU) 2008/114.]] the EU and its Member States have created a basis for a common approach towards protection. Under the umbrella of the new Security Union Strategy, the regulatory framework for critical infrastructure protection is currently under revision. The Proposal for additional measures on Critical Infrastructure Protection which is part of the European Commission work programme for 2020 [[COM(2020) 440 final. ]] is also making use of the significant results that security research has produced over the last decade.
Especially in the cyber-domain, the risks have been constantly growing in recent years, with both more frequent and more sophisticated attacks. In addition, criminals, and state-sponsored entities are utilising different tools for carrying out cyber-attacks on infrastructures with the help of cyber-tools for personal or political gain (e.g. extortion, blackmailing). The EU has acknowledged the strong role of the cyber dimension in infrastructure protection, most notably in the Directive on security of network and information systems [[Directive (EU) 2016/1148.]] and its revision, proposed in December 2020 [[COM(2020) 823 final.]] . Large-scale data mining of cross-sectoral information should be supported by targeted research on appropriate AI techniques and infrastructure. For instance for mission-critical systems it is essential to be able to react quickly, efficiently, safely and secure to different and complex scenarios enabling effective and informed decision-making based on sufficient available and trustworthy data.
Physical attacks are less frequent, but cases in the EUs neighbourhood have shown the destructive potential of new technologies used for attacks such as Unmanned Aerial Vehicles (UAVs), which can also be used for intentional disruptions that pose danger to safe operations of infrastructures and create significant economic losses.
Hybrid threats are of particular relevance in the overall risk scenarios, since they are designed to target vulnerabilities and aim in many cases at disrupting infrastructure and its services, making use of different methods. Hybrid threats, techniques and means encompass a combination of physical and cyber-attacks or disruptions, diplomatic, military and political as well as economic means. The effects of cyber-instruments and disinformation are crucial elements of such malevolent strategies and create the need for comprehensive preparedness to avoid large scale disruptions. As such, both the Joint Framework on Countering Hybrid Threats (2016) [[JOIN/2016/018 final.]] and the Joint Communication on Increasing Resilience and Bolstering Capabilities to Address Hybrid Threats (2018)[[JOIN/2018/16 final.]] pay special attention to the role of infrastructures and state that research should provide better means to counter hybrid threats.
Europe is exposed to a wide range of natural hazards and the vulnerabilities of infrastructures need to be addressed also from that perspective. With certain disasters striking more frequently and more severely, as well as long-term challenges such as climate change, there is a need to deploy innovative solutions to ensure the continuous functioning of European infrastructures exposed to such natural extremes. Security research should in this regard support the regulatory and cooperation measures at European level, such as the Union Civil Protection Mechanism [[Decision No 1313/2013/EU on a Union Civil Protection Mechanism and subsequent amendments.]] and the new EU Adaptation Strategy. On the other hand, new infrastructures technologies themselves (for example energy production and storages, new materials, water protection, etc.) can pose a potential risks for society due to accidents. Therefore, the role of civil protection needs to be reflected in targeted research at the same level as it is the case for different security authorities.
The COVID-19 crisis presents a challenge that is unprecedented in recent European history and it concerns infrastructures in two main dimensions. Pandemics are an extreme stress-test for the function of certain infrastructures (most notably: health, transport and supply-chains) by disrupting established procedures, threatening the function due to infection of workforces and massively scaling up the need for resources. In addition, infrastructures themselves can increase pandemic risk if unsuited to different mitigation measures and promoting virus transmission. This area will build on lessons learnt from the COVID-19 crisis. It will be for certain topics essential also to ensure synergies and coordination of actions with the Health Programme [[Regulation (EU) 2021/522 of the European Parliament and of the Council of 24 March 2021 establishing a Programme for the Union’s action in the field of health (‘EU4Health Programme’) for the period 2021-2027, and repealing Regulation (EU) No 282/2014.]].
Increased complexity in the area of infrastructure protection is not only related to the amplified role of the cyber dimension, but also by the mix of man-made and natural hazards and the growing interdependence. The development of European cities into smart cities has opened up a new domain in infrastructure protection, expanding the perspective beyond classical sectors of (critical) infrastructure since more complex, connected and vulnerable assets are deployed in urban areas. This consideration unveils the still fragile building blocks of smart cities’ technological features and underlines the need to put a stronger emphasis on broader societal challenges and needs. Security research can help to make use of the knowledge acquired in other sectors and to make it usable for local authorities to protect and empowers people and assets in cities and urban areas.
Furthermore, in order to accomplish the objectives of this Destination, additional eligibility conditions have been defined with regard to the active involvement of relevant security practitioners or end-users.
Proposals involving earth observation are encouraged to primarily make use of Copernicus data, services and technologies.
Proposals for topics under this Destination should set out a credible pathway to contributing to the following expected impact of the Horizon Europe Strategic Plan 2021-2024:“[…] resilience and autonomy of physical and digital infrastructures are enhanced and vital societal functions are ensured, thanks to more powerful prevention, preparedness and response, a better understanding of related human, societal and technological aspects, and the development of cutting-edge capabilities for […] infrastructure operators […]”
More specifically, proposals should contribute to the achievement of one or more of the following impacts:
|Link||Link to Programme|
European infrastructures and their autonomy safeguarded against systemic risks
|Description of call |
"European infrastructures and their autonomy safeguarded against systemic risks"
Projects are expected to contribute to some of the following expected outcomes:
Security research related to infrastructure protection has been traditionally following a sectorial approach. With more and more infrastructure systems being interconnected, a stronger focus on the systemic dimension and complexity of attacks and disruptions by cyber or physical means needs to be applied. As such, not only interdependencies within one type of infrastructure (or closely related types) can be taken into account, but large-scale disruptions also with a view of the specific challenges of the cross-border dimension. Also, there is a need for a comprehensive strategy that takes into account different forms of interdependence (e.g. physical, geographic, cyber and logical).
In order to raise the awareness and preparedness for emerging risks, research should enhance the capabilities for foresight and risk management on a systemic level. As such, large-scale Vulnerability Assessments and risks management capabilities, as well as forecasting of emerging risks should be developed with a view of preparing for attacks or disruptions on the whole infrastructure of one or several EU Member States and Associated Countries. To allow for rapid and adequate response, simulations to prepare for systemic disruption of several key infrastructures are necessary. Since especially physical attacks on infrastructures in the EU are less frequent compared to other scenarios there is less empirical data available that can be used to improve protection. Furthermore, there is a lack of capabilities for testing protective equipment and training manuals. Security research can help to develop tools for operational testing in real-scenarios or simulated scenarios. Specific attention should be dedicated to Hybrid Threat scenarios, as defined by the European Centre of Excellence for Countering Hybrid Threats. The same is true for extreme natural events, which have the potential to disrupt several key infrastructures and whose subsequent effects are difficult to predict. Security research should in this regard support and complement obligations to better prevent and prepare for crises as set by the Union Civil Protection Mechanism.
Some essential sectors of the economy need uninterrupted access to the high-quality position and timing information provided for free by satellite navigation systems. Despite the fact that satellite navigation systems such as Galileo are made ever more robust to withstand risks and disruptions in terms of ground segments as well as space assets, there remain residual vulnerabilities that cannot be coped with when facing the emergence of new challenges. These critical sectors should therefore develop complementary positioning and/or timing solutions that are able to sustain a sudden disruption of GNSS service. This would make the vital functions of the society more resilient.
Infrastructure security research is in many cases transnational. While there has always been a strong European dimension in the conducted research, there has been less of a focus on cross-border scenarios with third-countries. Security research should therefore stimulate knowledge generation and cooperation with relevant third countries, which are vital for the functioning of European infrastructure. Examples could include energy, but also critical supplies, digital services or transport.
The means to attack infrastructure on a large scale have been rapidly enhanced by malevolent actors. Nevertheless, risks do not only emerge from intentional acts or disruptions, they can also grow over time based on other factors such as climate change, or lack of independence in critical technologies. Thus, better anticipation of systemic risks including forward-looking technological risk assessment and advanced screening of private interests related to ownership and operations (licensing), and FDI should be a key area of security research in the future. On a constant basis, information about the functioning and vulnerabilities of European infrastructures is unlawfully gathered for economic reasons, as well as with a view of preparing possible intentional disruptions. With the aim of safeguarding autonomy, more sophisticated tools against unlawful gathering of information on infrastructures need to be developed.
In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.
|Link||Link to Call|
|Thematic Focus||Research & Innovation, Technology Transfer & Exchange, Capacity Building, Cooperation Networks, Institutional Cooperation, Clustering, Development Cooperation, Economic Cooperation, Digitisation, ICT, Telecommunication, Justice, Safety & Security, Administration & Governance, Disaster Prevention, Resiliance, Risk Management, Climate, Climate Change, Environment & Biodiversity, Green Technologies & Green Deal, Circular Economy, Sustainability, Natural Resources|
|Funding area|| EU Member States |
Overseas Countries and Territories (OCTs)
|Origin of Applicant|| EU Member States |
Overseas Countries and Territories (OCTs)
|Eligible applicants||Public Services, Federal State / Region / City / Municipality / Local Authority, National Government, Education and Training Centres, Research Institution, Lobby Group / Professional Association / Trade Union, International Organization, Small and Medium Sized Enterprises, SMEs (between 10 and 249 employees), Microenterprises (fewer than 10 employees), NGO / NPO, Start Up Company, University, Enterprise (more than 250 employees or not defined), Association|
|Applicant details|| |
eligible non-EU countries:
At the date of the publication of the work programme, there are no countries associated to Horizon Europe. Considering the Union’s interest to retain, in principle, relations with the countries associated to Horizon 2020, most third countries associated to Horizon 2020 are expected to be associated to Horizon Europe with an intention to secure uninterrupted continuity between Horizon 2020 and Horizon Europe. In addition, other third countries can also become associated to Horizon Europe during the programme. For the purposes of the eligibility conditions, applicants established in Horizon 2020 Associated Countries or in other third countries negotiating association to Horizon Europe will be treated as entities established in an Associated Country, if the Horizon Europe association agreement with the third country concerned applies at the time of signature of the grant agreement.
Legal entities which are established in countries not listed above will be eligible for funding if provided for in the specific call conditions, or if their participation is considered essential for implementing the action by the granting authority.
|Project Partner Details|| |
Unless otherwise provided for in the specific call conditions , legal entities forming a consortium are eligible to participate in actions provided that the consortium includes:
|Further info|| |
Proposal page limits and layout:
The application form will have two parts:
Page limit - Part B: 45 pages
|Type of Funding||Grants|
|Financial details|| |
This topic requires the active involvement, as beneficiaries, of at least 3 government entities responsible for security, which could include civil protection authorities, at national level from at least 3 different EU Member States or Associated countries. For these participants, applicants must fill in the table “Eligibility information about practitioners” in the application form with all the requested information, following the template provided in the submission IT tool.
In order to achieve the expected outcomes, and safeguard the Union’s strategic assets, interests, autonomy, or security, namely the security-sensitive nature of the autonomy of European infrastructures against systemic risks and hybrid threats, participation is limited to legal entities established in Member States and Associated Countries. Proposals including legal entities which are not established in these countries will be ineligible.
Some activities, resulting from this topic, may involve using classified background and/or producing of security sensitive results (EUCI and SEN). Please refer to the related provisions in section B Security — EU classified and sensitive information of the General Annexes.
Activities are expected to achieve TRL 6-7 by the end of the project.
To ensure a balanced portfolio, grants will be awarded to applications not only in order of ranking but at least also to those that are the highest ranked within set topics, provided that the applications attain all thresholds.
|Submission||Proposals must be submitted electronically via the Funding & Tenders Portal Electronic Submission System. Paper submissions are NOTpossible.|