Filter Search for grants
Call Navigation
Call key data
Supporting operators against cyber and non-cyber threats to reinforce the resilience of critical infrastructures
Funding Program
Horizon Europe - Cluster 3 - Destination 3: Resilient Infrastructure
Call number
HORIZON-CL3-2023-INFRA-01-02
deadlines
Opening
29.06.2023
Deadline
23.11.2023 17:00
Funding rate
70% (NPO:100%)
Call budget
€ 9,500,000.00
Estimated EU contribution per project
€ 4,750,000.00
Link to the call
Link to the submission
Call content
short description
The successful proposal, following a sector-based approach and identifying a specific priority sector, should work on how to increase the combined cyber and non-cyber resilience operators.
Call objectives
The operational environment in which operators operate has changed significantly in recent years. Security research and innovation related to infrastructure resilience has been following a sectorial approach in order to increase the resilience. This approach to critical infrastructure resilience is needed that as it reflects the current and anticipated future risk landscape, the increasingly tight interdependencies between different sectors, and also the increasingly interdependent relationships between physical and digital infrastructures.
A disruption affecting the service provision by one operator in one sector has the potential to generate cascading effects on service provision in other sectors, and also potentially in other Member States or across the entire EU.
With more and more infrastructure systems being interconnected, a stronger focus on the systemic dimension and complexity of attacks and disruptions by cyber or physical means needs to be applied. As such, not only interdependencies within one type of infrastructure (or closely related types) can be taken into account. The risk landscape is more complex in the recent years, involving natural hazards (in many cases exacerbated by climate change), state-sponsored hybrid actions, terrorism, insider threats, pandemics, and accidents (such as industrial accidents).
Physical disruptions of the activities of operators active in these sectors have possibly serious negative implications for citizens, business, governments, in the environment and endanger the smooth functioning of the internal market. Therefore, operators should be equipped with the best possible means to be able to prevent, resist, absorb and recover from disruptive incidents, no matter if they are caused by natural hazards, accidents, terrorism, insider threats, or public health emergencies.
Another important issue is to have in place efficient cybersecurity measures to block the access to critical infrastructures. A possible project focusing on the protection of critical infrastructures against such threat should consider gaps and vulnerabilities that need to be identified and overcome (e.g. protection of drinking water supply systems from high chemical levels, nuclear facilities, etc.).
Therefore, the successful proposal, following a sector-based approach and identifying a specific priority sector, should work on how to increase the combined cyber and non-cyber resilience operators. It should do so by orienting itself on sectors that have not been covered in previous research, out of the list of sectors described in the respective Annexes of the of the directive on the resilience of critical entities (CER) and the directive on measures for high common level of cybersecurity across the Union (NIS-2) and thus contribute to enhancing the overall resilience on EU-level, in line with the EU Security Union Strategy.
The proposal should orient itself on the policy shift from protection towards resilience and thus focus on operators acting in the internal market, rather than only on physical or digital assets. This includes concepts of wider business continuity, as well as logistics and supply-chains. Proposals should also focus on the development of a more effective resilience plan conception method, which shall support operators to draft their resilience plans according to the provisions of the CER and NIS-2 Directives. The resilience plan conception method should include risk analysis, domino effects analysis, cross-sector and cross-border analysis, standardised plans etc. In addition, this method could include measures on adequate protection, measures on prevention, response, mitigation, and recovery from the consequences of incidents, protection of classified (e.g. the proposal for a Network Code on sector-specific rules for cybersecurity aspects of cross-border electricity flows) or sensitive information and measures that ensure adequate employee security management.
The main practitioners in this topic should come from private or public operators, meaning organisations and enterprises that use critical infrastructure to deliver services, vital for the functioning of society and the internal market. Consortia that will include MS public entities would be considered as an asset. Competent authorities of MS in charge of resilience and/ or overseeing operators in one or more sectors are also encouraged to join the consortia of applicants.
If the infrastructure includes processing of personal data, the proposal should consider including a risk assessment or privacy impact of individuals and society.
This topic requires the effective contribution of SSH disciplines and the involvement of SSH experts, institutions as well as the inclusion of relevant SSH expertise, in order to produce meaningful and significant effects enhancing the societal impact of the related innovation activities.
Applicants are encouraged to explore and demonstrate synergies with the work conducted in the European Reference Network for Critical Infrastructure Protection (ERNCIP), as applicable.
read more
Expected results
Projects’ results are expected to contribute to some or all of the following outcomes:
- Support is provided to the resilience of operators against cyber and non-cyber threats in specific sectors;
- A reliable state-of-the-art analysis of physical/cyber detection technologies and risk scenarios is created, in the context of an operator in a specific sector in sectors that have not yet been covered by previous research projects;
- Strengthened cooperation against natural or human-made threats and subsequent disruptions of infrastructures in Europe, allowing for operational testing in real scenarios or realistic simulations of scenarios with specific regard to disruptions in a specific sector of critical entities;
- Improved situational awareness, preparedness and governance by the implementation of effective solutions that enhance detection and anticipated projection of a determined threating situation, as well as implementation of prevention, preparedness/mitigation, response, and recovery types of intervention;
- Significant reduction of risks and exposures to anomalies or deliberate events on cyber-physical systems, or on complex and critical infrastructures/systems;
- Enhanced preparedness and response by definition of operational procedures of operators as well as public authorities considering citizen’s behaviour/reaction and societal impact in case of disruption in a specific sector.
read more
Eligibility Criteria
Regions / countries for funding
Moldova (Moldova), Albania (Shqipëria), Armenia (Հայաստան), Azerbaijan (Azərbaycan), Belarus (Беларусь), Bosnia and Herzegovina (Bosna i Hercegovina / Босна и Херцеговина), Faeroes (Føroyar / Færøerne), Georgia (საქართველო), Iceland (Ísland), Israel (ישראל / إِسْرَائِيل), Kosovo (Kosova/Kosovë / Косово), Montenegro (Црна Гора), Morocco (المغرب), North Macedonia (Северна Македонија), Norway (Norge), Serbia (Srbija/Сpбија), Tunisia (تونس /Tūnis), Türkiye, Ukraine (Україна), United Kingdom
eligible entities
Education and training institution, International organization, Non-Profit Organisation (NPO) / Non-Governmental Organisation (NGO), Other, Private institution, incl. private company (private for profit), Public Body (national, regional and local; incl. EGTCs), Research Institution incl. University, Small and medium-sized enterprise (SME)
Mandatory partnership
Yes
Project Partnership
To be eligible for funding, applicants must be established in one of the following countries:
- the Member States of the European Union, including their outermost regions
- the Overseas Countries and Territories (OCTs) linked to the Member States
- third countries associated to Horizon Europe - see list of particpating countries
Only legal entities forming a consortium are eligible to participate in actions provided that the consortium includes, as beneficiaries, three legal entities independent from each other and each established in a different country as follows:
- at least one independent legal entity established in a Member State; and
- at least two other independent legal entities, each established in different Member States or Associated Countries.
Any legal entity, regardless of its place of establishment, including legal entities from non-associated third countries or international organisations (including international European research organisations) is eligible to participate (whether it is eligible for funding or not), provided that the conditions laid down in the Horizon Europe Regulation have been met, along with any other conditions laid down in the specific call topic.
A ‘legal entity’ means any natural or legal person created and recognised as such under national law, EU law or international law, which has legal personality and which may, acting in its own name, exercise rights and be subject to obligations, or an entity without legal personality.
Specific cases:
- Affiliated entities — Affiliated entities (i.e. entities with a legal or capital link to a beneficiary which participate in the action with similar rights and obligations to the beneficiaries, but which do not sign the grant agreement and therefore do not become beneficiaries themselves) are allowed, if they are eligible for participation and funding.
- Associated partners — Associated partners (i.e. entities which participate in the action without signing the grant agreement, and without the right to charge costs or claim contributions) are allowed, subject to any conditions regarding associated partners set out in the specific call conditions.
- Entities without legal personality — Entities which do not have legal personality under their national law may exceptionally participate, provided that their representatives have the capacity to undertake legal obligations on their behalf, and offer guarantees to protect the EU’s financial interests equivalent to those offered by legal persons.
- EU bodies — Legal entities created under EU law including decentralised agencies may be part of the consortium, unless provided for otherwise in their basic act.
- Joint Research Centre (‘JRC’)— Where provided for in the specific call conditions, applicants may include in their proposals the possible contribution of the JRC but the JRC will not participate in the preparation and submission of the proposal. Applicants will indicate the contribution that the JRC could bring to the project based on the scope of the topic text. After the evaluation process, the JRC and the consortium selected for funding may come to an agreement on the specific terms of the participation of the JRC. If an agreement is found, the JRC may accede to the grant agreement as beneficiary requesting zero funding or participate as an associated partner, and would accede to the consortium as a member.
- Associations and interest groupings — Entities composed of members (e.g. European research infrastructure consortia (ERICs)) may participate as ‘sole beneficiaries’ or ‘beneficiaries without legal personality’. However, if the action is in practice implemented by the individual members, those members should also participate (either as beneficiaries or as affiliated entities, otherwise their costs will NOT be eligible.
other eligibility criteria
This topic requires the active involvement, as beneficiaries, of at least 3 infrastructure operators, which could include civil protection authorities, at national level from at least 3 different EU Member States or Associated Countries. For these participants, applicants must fill in the table “Information about security practitioners” in the application form with all the requested information, following the template provided in the submission IT tool.
If projects use satellite-based earth observation, positioning, navigation and/or related timing data and services, beneficiaries must make use of Copernicus and/or Galileo/EGNOS (other data and services may additionally be used).
Eligible costs will take the form of a lump sum.
Activities are expected to achieve TRL 6-8 by the end of the project.
For the Technology Readiness Level (TRL), the following definitions apply:
- TRL 1 — Basic principles observed
- TRL 2 — Technology concept formulated
- TRL 3 — Experimental proof of concept
- TRL 4 — Technology validated in a lab
- TRL 5 — Technology validated in a relevant environment (industrially relevant environment in the case of key enabling technologies)
- TRL 6 — Technology demonstrated in a relevant environment (industrially relevant environment in the case of key enabling technologies)
- TRL 7 — System prototype demonstration in an operational environment
- TRL 8 — System complete and qualified
- TRL 9 — Actual system proven in an operational environment (competitive manufacturing in the case of key enabling technologies, or in space)
Additional information
Topics
Relevance for EU Macro-Region
EUSAIR - EU Strategy for the Adriatic and Ionian Region, EUSALP - EU Strategy for the Alpine Space, EUSBSR - EU Strategy for the Baltic Sea Region, EUSDR - EU Strategy for the Danube Region
UN Sustainable Development Goals (UN-SDGs)
Additional Information
All proposals must be submitted electronically via the Funders & Tenders Portal electronic submission system (accessible via the topic page in the Search Funding & Tenders section). Paper submissions are NOT possible.
Proposals must be complete and contain all parts and mandatory annexes and supporting documents, e.g. plan for the exploitation and dissemination of the results including communication activities, etc.
The application form will have two parts:
- Part A (to be filled in directly online) contains administrative information about the applicant organisations (future coordinator and beneficiaries and affiliated entities), the summarised budget for the proposal and call-specific questions;
- Part B (to be downloaded from the Portal submission system, completed and then assembled and re-uploaded as a PDF in the system) contains the technical description of the project.
Annexes and supporting documents will be directly available in the submission system and must be uploaded as PDF files (or other formats allowed by the system).
The limit for a full application (Part B) is 50 pages.
Call documents
HE-Work Programme 2023-2024, Cluster 3HE-Work Programme 2023-2024, Cluster 3(1701kB)
Contact
To see more information about this call, you can register for free here
or log in with an existing account.
Log in
Register now