SAINT proposes to analyse and identify incentives to improve levels of collaboration between cooperative and regulatory approaches to information sharing. Analysis of the ecosystems of cybercriminal activity, associated markets and revenues will drive the development of a framework of business models appropriate for the fighting of cybercrime. The role of regulatory approaches as a cost benefit in cybercrime reduction will be explored within a concept of greater collaboration in order to gain optimal attrition of cybercriminal activities. Experimental economics will aid SAINT in designing new methodologies for the development of an ongoing and searchable public database of cybersecurity indicators and open source intelligence. Comparative analysis of cybercrime victims and stakeholders within a framework of qualitative social science methodologies will deliver valuable evidences and advance knowledge on privacy issues and Deep Web practices. Equally, comparative analysis of the failures of current cybersecurity solutions, products and models will underpin a model for greater effectiveness of applications and improved cost-benefits within the information security industry. SAINT proposes to advance measurement approaches and methodologies of the metrics of cybercrime through the construct of a framework of a new empirical science that challenges traditional approaches and fuses evidence-based practices with more established disciplines for a lasting legacy. SAINT’s innovative models, algorithms and automated framework for objective metrics will benefit decision-makers, regulators, law enforcement in the EU, at national and organisational levels providing improved cost-benefit analysis and supported by tangible and intangible costs for optimal risk and investment incentives. The resulting ongoing business spin off and the potential for novel research and further studies will be attractive to academia and researchers beyond the lifetime of the project.

Nowadays, cybercrime is one of the most relevant and critical threats to both the economy and society in Europe. Establishing efficient and effective ways to protect services and infrastructures from ever-evolving cyber threats is crucial for sustaining business integrity and reputation as well as protecting personal and sensitive data. To that end, the SHIELD project proposes a universal solution for dynamically establishing and deploying virtual security infrastructures into ISP and corporate networks. SHIELD builds on the huge momentum of Network Functions Virtualisation (NFV), as currently standardised by ETSI, in order to virtualise security appliances into virtual Network Security Functions (vNSFs), to be instantiated within the network infrastructure using NFV technologies and concepts, effectively monitoring and filtering network traffic in a distributed manner. Logs and metrics from vNSFs are aggregated into an information-driven Data Analysis and Remediation Engine (DARE), which leverages state-of-the-art big data storage and analytics in order to predict specific vulnerabilities and attacks by analysing the network and understanding the adversary possibilities, behaviour and intent. The SHIELD virtual security infrastructure can either used by the ISP internally for network monitoring and protection, but it can also be offered as-a-service to ISP customers; for this purpose, SHIELD establishes a “vNSF Store”, i.e. a repository of available virtual security functions (firewalls, DPIs, content filters etc.) from which the ISP customers can select the ones which best match their needs and deploy them to protect their infrastructure. This approach promotes openness and interoperability of security functions and offers an affordable, zero-CAPEX security solution for citizens and SMEs. Moreover, SHIELD services can be easily scaled up or down, configured and upgraded according to customers’ needs, as opposed to security solutions based on monolithic hardware.

CHARISMA proposes an intelligent hierarchical routing and paravirtualised architecture that unites two important concepts: devolved offload with shortest path nearest to end-users and an end-to-end security service chain via virtualized open access physical layer security (PLS). The CHARISMA architecture meets the goals of low-latency (<1ms) and security required for future converged wireless/wireline advanced 5G networking. This provides a cloud infrastructure platform with increased spectral and energy efficiency and enhanced performance targeting the identified needs for 1000-fold increased mobile data volume, 10-100 times higher data rates, 10-100 times more connected devices and 5x reduced latency. Fully aligned and committed to the 5G-PPP principles and KPIs, the CHARISMA proposal brings together 10G-wireless (via mm-wave/60-GHz & free-space optics, FSO) access and 100G fixed optical (OFDM-PON) solutions through an intelligent cloud radio-access-network (C-RAN) and intelligent radio remote head (RRH) platform with IPv6 Trust Node routing featuring very low-latency for the traffic management. Low-cost Ethernet is used across front- and backhaul, and end-user equipment (vCPE), and intelligence distributed across the back-, front-hauls, and perimetric data transports. Ad-hoc mobile device interconnectivities (D2D, D2I, C2C etc.), content delivery network (CDN) and mobile distributed caching (MDC) offer an energy-efficient (better than x20 improvement possible) information-centric networking (ICN) architecture. Furthermore, caching will provide efficient utilization of scarce resources by early aggregating data or/and by executing communication locally. The CHARISMA approach will benefit user experiences with ground-breaking low-latency services, high-bandwidth, and mobile cloud resilient network security.

SMEs and MEs constitute a very large part of the economy and are thus integral to the EU’s economic growth and social development. However, they often have no systematic approach for ensuring digital security and 60% of them not being able to recover economically from a cyberattack. PALANTIR aims at bridging the gap between large enterprises and SMEs/MEs, by providing multi-layered, infrastructure-wide threat monitoring, cyber-resiliency and knowledge sharing in a heterogeneous ecosystem, while at the same time being able to market these services to third parties in the form of Security-as-a-service (SECaaS). PALANTIR will implement a coherent privacy assurance, data protection, incident detection and recovery framework, focusing on the case of highly dynamic service-oriented systems and networks, taking advantage of their inherent programmability features and abstractions. PALANTIR will also focus on cyber-resiliency leveraging the features of service-oriented systems key building features by a) applying and exploiting Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technologies; b) considering emerging paradigms such as the application of scalable artificial Intelligence, standardization and threat-sharing techniques to risk analysis, network operation, monitoring and management and c) ensuring the SME’s compliance with the relevant data privacy and protection regulations in the data breach age, implementing the «Privacy by Default» and the «Privacy by Design» principles on how personal data is collected, used, transferred and stored between 3rd party businesses and entities. The end result will be an evolving, expandable and unified framework, tailored to the individual needs of every SME and ME, reducing the complexity level of usual security tools while still being affordable and thus attractive for adoption.

Over the last decade, cyber-attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted which may leverage zero-day exploits and highly creative interdisciplinary attack methods. As our society is becoming increasingly dependent on Critical INfrastructures (CIN), new technologies are needed to increase our detection and response capabilities. Detecting and responding to such attacks by a highly motivated, skilled and well-funded attacker has however been proven highly challenging. One of the most vulnerable and high-impact CIN is the Smart Grid. Smart Grid is considered as the next-generation power system, which promises self-healing, resilience, sustainability and efficiency to the energy Critical Infrastructures (CIN). However, securing smart grids against cyber-attacks is of vital importance for National Security and Public Safety, since the collapse of an energy production utility may cause human lives, millions of euros, denial of a very important and common good such as energy and days or even months of recovering. To this end, the SPEAR proposal aims at a) detecting and responding to cyber-attacks using new technologies and capabilities, b) detecting threat and anomalies timely, c) developing all-in-one security detection solutions, d) leveraging advanced forensics subject to privacy-preserving, e) confronting Advanced Persistent Threat (APT) and targeted attacks in smart grids, f) increasing the resilience of the smart grid innovation, g) alleviating the lack of trust in smart grid operators and h) empowering EU-wide consensus. Within SPEAR, four proof-of-concept Use Cases are planned in order to validate and assess the implemented security and privacy tools.