Governance activities form the backbone of the network, supporting community activities that range from roadmap design to Request for Challenges, from monthly SPARTA Workshops to bi-yearly SPARTA Days. Research programs are continuously spun from strands of the roadmap, led by experts of their fields, and aim at generating concrete and transformative results.
News & Events
Report: Understanding European Cybersecurity HR Recruitment Processes
28th Dec 2021How organisations in Europe currently address the recruitment of cybersecurity specialists? This report - Understanding European Cybersecurity HR Recruitment Processes - seeks to answer this question and provides the foundation to create a Cyber HR Toolbox!
The report is the result of the collaborative effort between ECSO and the European Cybersecurity Competence Network Pilot projects – ECHO, Concordia, SPARTA and CyberSec4Europe and provides the key findings and results from the analysis around understanding how cybersecurity recruitment and overall HR processes and motivations work in Europe, based on survey responses received over the course of two months (April-May 2021). This analysis results from the collaboration between ESCO Working Group (WG5) for human factors & competence building, and the Cybersecurity Competence Network.
Read the full report here.
SPARTA Roadmap Design Highlights
22nd Dec 2021SPARTA’s Work Package #3, responsible for roadmapping affairs in the SPARTA project and in the CCN ecosystem, has been mainly active on two fronts: internally, by compiling a Strategic Research and Innovation Agenda within SPARTA towards strengthening EU’s digital autonomy, and externally, by coordinating discussions between the 4 Pilots and ECSO on consolidating the various individual cybersecurity roadmaps developed in the EU. In this dissemination report, we outline the highlights of both work streams.
CCN Roadmaps Consolidation. The 4 CCN Pilots and ECSO benefit from large individual networks of partners, including large enterprises, SMEs, universities, and cybersecurity research institutes, that join efforts into identifying cybersecurity research & innovation priorities for retaining EU’s digital autonomy and sovereignty. Each consortium adheres to the common goal of strengthening and sustaining Europe’s cybersecurity competence, but the 4 Pilots and ECSO take slightly di...
My way in cybersecurity
16th Nov 2021A woman who works in a male-dominated field cannot usually say it’s easy. It has its advantages and disadvantages.
When I started my professional career, I did not know what it would look like. I’ve always believed that doing complicated things like analyzing information to keep it safe or the security of data, people, computers, devices, networks was difficult. When I was offered a job at NASK, I had divergent thoughts about it. I felt it could be a big challenge, maybe even too big? I was surprised by this proposal because it seemed very difficult to work there. I had a lot of thoughts about whether I would be able to deal with it. And at the same time, something was fascinating about it. I had the prospect of doing great things. Nevertheless, I was wondering quite intensively if I could cope with this task.
My first job was to test a system that aggregated, analyzed and classified network incidents. I got the feeling that the programmers hated me. They hated me. I found bugs in...
High Assurance Intelligent Infrastructure Toolkit: Program Results
21st Oct 2021Program goals
The High Assurance Intelligent Infrastructure Toolkit (HAII-T) Program deals with the menaces to the security of the modern, smart infrastructures. Intelligent infrastructures are objects of extreme complexity (aka systems of systems) which are difficult to protect and, contemporary, very appealing for an attacker.
The cornerstone of the HAII-T Program is that security must be considered along the entire life cycle of an infrastructure, starting from the very initial design fases. This apporach aims at supporting state-of-the-art best practices such as Security- and Privacy-by-Design. The toolkit is an integrated, extensible platform that follows the development phases of an infrastructure and, at each phase, provide the right tools for dealing with the relevant security aspects.
Hardening legacy components
We have started looking into reducing the attack surface of OS kernels by means of static program analysis, we are working on a prototype ...
Secure and fair AI systems for citizens: Program Results
21st Oct 2021The expansion of artificial intelligence (AI) has opened the doors for advancements and improvements in almost every domain of human life. However, the development of AI comes at a cost – the methods are not bulletproof, and may be thwarted by a number of issues, among them two major ones. One regards the technical side of it and is related to the fact how many new cyberattacks keep emerging, and consequently, require employing adequate countermeasures. The other set of challenges to the successful proliferation of AI are of the humanistic nature, and relate to the concepts such as trust, fairness and other social challenges. Among them, there is also the question of explainability, i.e. explaining the outcomes of an algorithm in a transparent way, so that human operators can understand where the decision is coming from. The need to answer all of those issues sits at the heart of the SAFAIR (Secure And FAIR AI systems for citizens) program. Its primary and most ambitious goal has be...
SPARTA | The Future Needs You
18th Oct 2021The instant interconnectivity brought by the rapid advances in technology revolutionised the way we lived and changed the paradigm of security. Cyberspace is a place shared by all the citizens, where social, political, and economic aspects are constantly emerging. As in the physical world, cyberspace faces a range of emerging challenges, namely concerning its security.
An interconnected world means that cyberattacks can come from any part of the world. Cybercriminals, or non-ethical hackers, come from different countries, backgrounds, and cultures, being only possible to prevent cyberattacks globally if there is a common but diverse understanding of the reasons, ways, and forms of attacks. How? By creating cybersecurity teams with professionals from different cultural backgrounds. A diverse workforce is of utter importance to ensure national and global security, peace, and progress.
Besides the need for a diverse workforce, there is an urgent need to fill job positions. The increa...
Local explanation of Machine Learning model with shapkit, a Python module that approximate Shapley Values
4th Oct 2021Nowadays, Machine Learning models are used for various applications with already successful or promising results. Unfortunately, a common criticism is the lack of transparency associated with these algorithm decisions. This is mainly due to a greater interest in performance (measurable on specific tasks) at the expense of a complete understanding of the model. This results in a lack of knowledge of the internal working of the algorithm by the developer and the end user. The most obvious consequences are firstly a difficulty to correct the algorithm by an expert (different assumptions, removing outliers, adding new variables or diverse samples). Secondly, limiting its adoption by operational staff. There is even an urgent need for an explainable Artificial Intelligence (AI). There is no single definition of interpretability or explainability concerning model prediction. Therefore, there are several ways to proceed. Assessing them objectively is a real problem because we do not have u...
National Clusters pushing the JCCI growth
27th Sep 2021European Commission has funded four different pilots for establishing a European Cybersecurity Competence centre, promoting share competences, expertise and knowledge among the institutions, stakeholders, and other members. In this context, in SPARTA project, the Joint Competence Centre Infrastructure is implemented as a solution for addressing these Commission’s needs.
The mission of a Joint Competence Centre Infrastructure is to promote and make available information about tools, infrastructure, data and learning content to all (and not only) partners and associates of SPARTA. Its objective is to be used to optimize research and innovation in cyber security, creating new services or extending those that are currently provided by third parties, offering learning, training and experimentation resources. Those singular assets can be accessed and used in similar ways to those of a Digital Innovation Hub. Such information is publicly available through the SPARTA JCCI NEXUS. The Nexus ...
Evaluation of the Cooperative Car demonstrator developed by TECNALIA in the CAPE program
17th Sep 2021Last week EURECAT technology centre has visited the TECNALIA’s Autonomous Vehicle Cybersecurity laboratory, which is one of the laboratories that forms the BDIH Cybersecurity Node. The aim of the visit was to carry out, together with the TECNALIA team, a penetration test on a fleet of Model Cars while they circulate jointly and in a coordinated manner forming a platoon. This work is part of SPARTA!
In SPARTA, TECNALIA is working on the assessment and improvement of the security of connected vehicles driving autonomously in a platoon mode. A platoon is a group of vehicles driving in close proximity to each other, with the purpose of reducing aerodynamic drag, thereby reducing fuel consumption and CO2 emissions. Each platoon member, thanks to its CACC (Cooperative Adaptive Cruise Control), adapts its speed based on data received from its sensors and information exchanged with the other vehicles. They have also worked in new countermeasures to mitigate the cyber-attacks to which this ...
Turris OS 5.2 has bee released
8th Sep 2021About Turris project:
Project Turris started back in 2013. It was a security project sponsored by CZ.NIC to get more relevant data about attacks on average Joe. As part of the project, routers with custom software were created and given away to Czech Republic households. Those routers were under contract, which stated that they had to be the main access point to the Internet. From those routers, firewall logs were collected. Apart from firewall logs, some minimalistic honeypots were written for popular protocols, trying to learn more about attacker’s behavior. The resulting data were shared with the Czech national CSIRT team and the relevant result with the worldwide security community. Apart from that, those data were used to generate publicly available greylist and dynamically update firewall on the routers and frequent updates, open-source firmware, and performance. After receiving this kind of feedback, CZ.NIC decided to try to spread those routers even further and created a co...