Call: Trustworthy methodologies, tools and data security “by design” for dynamic testing of potentially vulnerable, insecure hardware and software components
Logo | ![]() | ||||||||
Programme | |||||||||
Acronym | HE-CL3-CS | ||||||||
Type of Fund | Direct Management | ||||||||
Description
of programme "Horizon Europe - Cluster 3 - Destination 4: Increased Cybersecurity" | Europe is in the midst of a digital transformation. Digital technologies are profoundly changing our daily life, our way of working and doing business, and the way people travel, communicate and relate with each other. Digital communication, social media interaction, artificial intelligence, e-government, e-commerce and digital enterprises are steadily transforming our world. They are generating an ever-increasing amount of data, which, if pooled and used, can lead to a completely new means and levels of value creation. The more interconnected we are, however, the more we are vulnerable to cyber threats. Digital disruption, notably caused by malicious cyber activities, not only threaten our economies but also our way of life, our freedoms and values, and even try to undermine the cohesion and functioning of our democracy in Europe. Regardless of the economic, political or personal motivations behind the cyber threats, securing our future wellbeing, freedoms, democratic governance, and prosperity depend on improving our capacity to shield the EU from malicious attacks and to address digital security weaknesses in general. The digital transformation requires improving cybersecurity substantially, so as to ensure the protection of the increasing number of connected devices and the safe operation of network and information systems, including the ones used in power grids, drinking water supply and distribution services, vehicles and transport systems, hospitals and the overall health system, finances, public institutions, factories, and homes. Europe must build resilience to cyber-attacks and create effective cyber deterrence, while making sure that data protection and freedom of citizens are strengthened. These efforts should include considerations for particularly vulnerable organisations and citizens. The technological tools of cybersecurity are strategic assets, as well as being key growth technologies for the future. It is in the EU's strategic interest to ensure that the EU retains and develops the essential capacities to secure its digital economy, society and democracy, to protect critical hardware and software and to provide key cybersecurity services. Cybersecurity research and innovation activities will support a Europe fit for the digital age, enabling and supporting digital innovation while highly preserving privacy, security, safety and ethical standards. They will contribute to the implementation of the digital and privacy policy of the Union, in particular the NIS Directive [[Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive).]], the EU Cybersecurity Act [[Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act).]], the EU Cybersecurity Strategy [[Joint Communication to the European Parliament and the Council The EU's Cybersecurity Strategy for the Digital Decade JOIN/2020/18 final.]], the GDPR[[Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).]], and the future e-Privacy Regulation. Research and innovation will build on the results of Horizon 2020 such as the pilot projects funded under SU-ICT-03-2018 [[Establishing and operating a pilot for a Cybersecurity Competence Network to develop and implement a common Cybersecurity Research & Innovation Roadmap.]].and other relevant H2020 topics and cybersecurity activities (e.g. carried out by ENISA [[https://www.enisa.europa.eu/]] or relevant parts of work of the EIT Digital[[https://www.eitdigital.eu/]]). The activities will be aligned as relevant with the future objectives of the Cybersecurity Competence Centre and Network of National Coordination Centres (Commission proposal COM(2018) 630). They will be complementary to actions under the Digital Europe Programme, Specific Objectives 3 and 4, which will strengthen EU cybersecurity capacity by support to deployment of cybersecurity infrastructures and tools across the EU, for public administrations, businesses, and individuals, and support digital skills including in cybersecurity. For example support is foreseen to specialised education programmes or modules in key capacity areas such as cybersecurity. Generally, cybersecurity is a horizontal challenge and is not be limited to Horizon Europe Cluster 3. In addition to the calls of the Horizon Europe of Cluster 3 - Civil Security for Society, other activities relevant for Cybersecurity will be supported in particular in the Work Programme part of Cluster 4 - Digital, Industry and Space. Research and innovation results may feed into the operational work on preparedness and response in the Joint Cyber Unit [[see section 2.1 in The EU's Cybersecurity Strategy for the Digital Decade, JOIN(2020) 18 final. https://eur-lex.europa.eu/legal-content/GA/TXT/?uri=CELEX:52020JC0018]]. Expected impacts: Proposals for topics under this Destination should set out a credible pathway contributing to the following impact of the Strategic Plan 2021-2024: "Increased cybersecurity and a more secure online environment by developing and using effectively EU and Member States’ capabilities in digital technologies supporting protection of data and networks aspiring to technological sovereignty in this field, while respecting privacy and other fundamental rights; this should contribute to secure services, processes and products, as well as to robust digital infrastructures capable to resist and counter cyber-attacks and hybrid threats". More specifically, proposals should contribute to the achievement of one or more of the following impacts:
| ||||||||
Link | Link to Programme | ||||||||
Call | Trustworthy methodologies,
tools and data security “by design” for dynamic testing of potentially vulnerable, insecure hardware and software components |
||||||||
Description of call "Trustworthy methodologies, tools and data security “by design” for dynamic testing of potentially vulnerable, insecure hardware and software components" | Expected Outcome
Scope Trustworthy methodologies and tools for advanced analysis and verification, and dynamic testing of potentially vulnerable, insecure hardware and software components calls for good practices for system security, with a particular focus on software development tools, IT security metric and guidelines for secure products and services throughout their lifetime. A holistic methodology is needed, integrating runtime methods for monitoring and enforcement as well as design-time methods for static analysis and programme synthesis, which allows for the construction of secure systems with the strongest possible formal guarantees. The firmware of devices, implementations of communication protocols and stacks, Operating Systems (OSs), Application Programming Interfaces (APIs) supporting interoperability and connectivity of different services, device drivers, backend cloud and virtualisation software, as well as software implementing different service functionalities, are some examples of how software provides the essence of systems and smart (networked) objects. Supply chain issues, including integration of software and hardware, should be considered appropriately. R&I will be funded to develop hybrid, agile and high-assurance tools capable of automating evaluation processes, accountability tools for audit results and updates and lightweight, isolated virtualisation environments capable of securely inspecting and orchestrating appliances in heterogeneous hardware and software architectures. Moreover, KPIs, metrics, procedures and tools for dynamic certification of implementation security and scalable security, from chip-level to software-level and service-level, should be developed. It may also include testing methods like coverage guided fuzzing as well as symbolic execution. The participation of SMEs is strongly encouraged. In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement. | ||||||||
Link | Link to Call | ||||||||
Thematic Focus | Justice, Safety & Security, Digitisation, ICT, Telecommunication, Capacity Building, Cooperation Networks, Institutional Cooperation | ||||||||
Funding area | EU Member States Overseas Countries and Territories (OCTs) | ||||||||
Origin of Applicant | EU Member States Overseas Countries and Territories (OCTs) | ||||||||
Eligible applicants | Education and Training Centres, Federal State / Region / City / Municipality / Local Authority, Research Institution, Lobby Group / Professional Association / Trade Union, International Organization, Small and Medium Sized Enterprises, SMEs (between 10 and 249 employees), Microenterprises (fewer than 10 employees), NGO / NPO, Public Services, National Government, Other, Start Up Company, University, Enterprise (more than 250 employees or not defined), Association | ||||||||
Applicant details | eligible non-EU countries:
Please see the List
of Participating Countries in Horizon Europe for an up-to-date list of countries with which the association agreements
have started to produce legal effects (either through provisional application or their entry into force).
Legal entities which are established in countries not listed above will be eligible for funding if provided for in the specific call conditions, or if their participation is considered essential for implementing the action by the granting authority. | ||||||||
Project Partner | Yes | ||||||||
Project Partner Details | Unless otherwise provided for in the specific call conditions , legal entities forming a consortium are eligible to participate in actions provided that the consortium includes:
| ||||||||
Call opens | 01.07.2022 | ||||||||
Call closes | 16.11.2022 | ||||||||
Further info | Proposal page limits and layout: The application form will have two parts:
Page limit - Part B: 45 pages | ||||||||
Type of Funding | Grants | ||||||||
Financial details |
Activities are expected to achieve TRL 4 by the end of the project. | ||||||||
Submission | Proposals must be submitted electronically via the Funding & Tenders Portal Electronic Submission System. Paper submissions are NOTpossible. |
Register now and benefit:
Personalised newsletter
Register now and benefit:
Save calls in your personal funding basket
Register now and benefit:
Export calls as pdf
Contact us at office@euro-access.eu to
Share your success story on EU project funding with the help of EuroAccess!
News
Published on 01.07.2022
Improved monitoring of threats, intrusion detection and response in complex and heterogeneous digital systems and infrastructures
Horizon Europe - Cluster 3 - Destination 4: Increased Cybersecurity
Link to CallPublished on 01.07.2022
Trustworthy methodologies, tools and data security “by design” for dynamic testing of potentially vulnerable, insecure hardware and software components
Horizon Europe - Cluster 3 - Destination 4: Increased Cybersecurity
Link to Call