The increasing interconnection of technology in healthcare between devices at the physical and cyber levels has transformed these infrastructures into large Health Care Information Infrastructures. Such HCIIs are considered critical and sensitive infrastructures due to their importance for people’s well-being and safety. On the other hand, the evolving digital interconnectivity has also changed the threat landscape, producing a wide range of security and privacy challenges and increasing the danger of potential cybersecurity attacks. The integrated nature introduces new potential entry points for cybersecurity risks. Thus, there is an urgent, pressing need for the Health operators to protect their HCIIs. Efficient situational awareness, incident handling and risk assessment is an important step to acquiring a thorough and common understanding of cyber-attack situations, and is necessary to timely reveal security events and data breaches occurring into HCIIs. Consequently, analysis of incident information is crucial in attempting to detect the presence of a threat, within HCIIs, that has already been detected in other interdependent systems within the same ecosystem. AI4HEALTHSEC proposes a state of the art solution that improves the detection and analysis of cyber-attacks and threats on HCIIs, and increases the knowledge on the current cyber security and privacy risks. Additionally, AI4HEALTHSEC builds risk awareness, within the digital Healthcare ecosystem and among the involved Health operators, to enhance their insight into their Healthcare ICT infrastructures and provides them with capability to react in case of security and privacy breaches. Last but not least AI4HEALTHSEC fosters the exchange of reliable and trusted incident-related information, among ICT systems and entities composing the HCIIs without revealing sensitive corporate details

Over 25 million European SMEs/MEs, central within EU enterprise policy, face multiple challenges related to personal data protection; ranging from awareness, to a clear and practical roadmap to compliance, the most prominent one is the fact that, unlike larger enterprises, SMEs/MEs lack access to enterprise-grade cybersecurity technology and capacity-building for compliance, making them increasingly often victims of costly data breaches. Although, according to studies, small and micro businesses declare openness to invest in regulatory compliance, including for consultants and technology, millions of European SMEs/MEs still fail to comply with GDPR while their managers are confused about basic data security concepts, like data stewardship, encryption and secure communication. This presents a clear gap between cybersecurity- and privacy-related spending and its actual effect in personal data protection compliance. SENTINEL aspires to bridge this gap by boosting SMEs/MEs capabilities in this domain through innovation, at a cost-effective level. SENTINEL will integrate tried-and-tested modular cybersecurity technologies with fresh, ambitious ones, such as a novel Identity Management System for human-centric data portability, enabling a unified “European Data Space” and an end-to-end digital personal data protection compliance self-assessment framework for SMEs, into a unified digital architecture. The data from these modules will then undergo disruptive Intelligence for Compliance through SENTINEL’s digital core, featuring machine learning-powered recommendations, policy drafting & enforcement for compliance and a ‘one-stop-shop’ incident response centre. Combined with a well-researched methodology for application, an open knowledge sharing hub and a wide-reaching plan for experimentation, SENTINEL will catalyse adoption of market-leading security tech among SMEs/MEs and help safeguard their and their customers’ assets.

Despite the tremendous socio-economic importance of Supply Chains (SCs), security officers and operators have still no easy and integrated way to protect their interconnected Critical Infrastructures (CIs) and cyber systems in the new digital era. CYRENE vision is to enhance the security, privacy, resilience, accountability and trustworthiness of SCs through the provision of a novel and dynamic Conformity Assessment Process (CAP) that evaluates the security and resilience of supply chain services, the interconnected IT infrastructures composing these services, and the individual devices that support the operations of the SCs. In order to meet its objectives, the proposed CAP is based on a collaborative, multi-level evidence-driven, Risk and Privacy Assessment approach that support, at different levels, the SCs security officers and operators to recognize, identify, model, and dynamically analyse advanced persistent threats and vulnerabilities as well as to handle daily cyber-security and privacy risks and data breaches. CYRENE will be validated in the scope of realistic scenarios/conditions comprising of real-life supply chain infrastructures and end-users. Furthermore, the project will ensure the active engagement of a large number of external stakeholders as a means of developing a wider ecosystem around the project’s results, which will set the basis for CYRENE large scale adoption and global impact.