Cryptographic technologies and encrypted channel communications have become a standard security pre-requisite among government and industry protocols, schemes and infrastructure. Practical quantum computing, when available to cyber adversaries, will break the security of nearly all modern public-key cryptographic systems. Practical quantum computing, when available to cyber adversaries, will break the security of nearly all modern public-key cryptographic systems. Consequently, all secret symmetric keys and private asymmetric keys that are now protected using current public-key algorithms, as well as the information protected under those keys, will be subject to exposure. This includes all recorded communications and other stored information protected by those public-key algorithms, the so-called Harvest Now Decrypt Later (HNDL) paradigm. Any information still considered to be private or otherwise sensitive will be vulnerable to exposure and undetected modification. Once exploitation of Shor’s algorithm becomes practical, protecting stored keys and data will require re-encrypting them with a quantum-resistant algorithm and deleting or physically securing “old” copies (e.g., backups). Integrity and sources of information will become unreliable unless they are processed or encapsulated (e.g., re-signed or timestamped) using a mechanism that is not vulnerable to quantum computing-based attacks. PQ-NEXT will focus on developing a comprehensive framework to facilitate the seamless transition to post-quantum cryptographic standards. This includes creating a catalog of PQC algorithms, maintenance tools, and a quantum programming language with advanced features like high-performance simulation and hybrid quantum-classical optimization, ensuring crypto-agility and security against quantum threats for large-scale pilots, targeting the financial, critical infrastructure, digital identities and telco industries.

In recent years the ICT market has evolved toward a cloud-based approach. This shift together with the rapidly changing legal and regulatory landscape has heavily impacted security assurance, governance and compliance. The information security market players have tried to provide suitable solutions to cope with issues such as i) lack of means to provide higher level of assurance (e.g continuous monitoring and auditing), ii) privacy not adequately taken into account, iii) limited transparency and iv) lack of means to streamline risk management and compliance. In the certification space this has resulted in the creation of several schemas creating an additional problem, i.e. the proliferation of certification scheme. The project EU-SEC will improve the effectiveness and efficiency of existing approaches for assurance and compliance. The EU-SEC aims to create a framework under which existing, certification and assurance approaches can co-exist. The three core ideas behind the EU-SEC project are that an effective and efficient approach to trust, assurance and compliance has to: (1) balance the need of nations and business sectors to develop their specific certification schemas with the need of CSPs to reduce compliance costs (2) avoid that humans (auditors) do activities that can be performed by machines (e.g. collecting data) (3) make sure that accurate and reliable evidences/information are provided to relevant people, in a timely fashion, leveraging as much as possible automatic means. The EU-SEC framework will equip stakeholders in the ICT security ecosystem with a validated governance structure, a reference architecture, and the corresponding set of tools to improve the efficiency and effectiveness of their current approach to security governance, risks management, assurance and compliance. The EU-SEC aims to enhancing trustworthiness and transparency in the ICT supply chain through business cases developed and piloted by industrial partners.

Artificial intelligence (AI) has lately proved to be a coin with two sides. On the one hand, it can be leveraged as a powerful defensive mechanism to improve system preparedness and response against cyber incidents and attacks, and on the other hand, it can be a formidable weapon attackers can use to damage, compromise or manipulate systems. AI4CYBER ambitions to provide an Ecosystem Framework of next-generation trustworthy cybersecurity services that leverage AI and Big Data technologies to support system developers and operators in effectively managing robustness, resilience, and dynamic response against advanced and AI-powered cyberattacks. The project will deliver a new breed of AI-driven software robustness and security testing services that significantly facilitates the testing experts work, through smarter flaw identification and code fixing automation. Moreover, the project will provide cybersecurity services for comprehension, detection and analysis of AI-powered attacks to prepare the critical systems to be resilient against them. Incident response support by AI4CYBER will offload security operators from complex and tedious tasks offering them mechanisms to optimize the orchestration of the most appropriate combination of security protections, and continuously learn from system status and defences’ efficiency. The AI4CYBER framework will ensure fundamental rights and values-based AI technology in its services, through the integration of demonstrable explainability, fairness and technology robustness (security) capabilities in the AI4CYBER components. The ecosystem will be validated in three scenarios: i) Detection and Mitigation of AI-powered Attacks against the Energy Sector, ii) Robustness and autonomous adaptation of Banking applications to face AI-powered attacks and iii) Resilient hospital services against advanced and AI-powered cyber-physical attacks.

GREEN.DAT.AI aims to channel the potential of AI towards the goals of the European Green Deal, by developing novel Energy-Efficient Large-Scale Data Analytics Services, ready-to-use in industrial AI-based systems, while reducing the environmental impact of data management processes. GREEN.DAT.AI will demonstrate the efficiencies of the new analytics services in four industries (Smart Energy, Smart Agriculture/Agri-food, Smart Mobility, Smart Banking) and six different application scenarios, leveraging the use of European Data Spaces. The ambition is to exploit mature (TRL5 or higher) solutions already developed in recent H2020 projects and deliver an efficient, massively distributed, open-source, green, AI/FL - ready platform, and a validated go-to-market TRL7/8 Toolbox for AI-ready Data Spaces. The services will cover AI-enabled data enrichment, Incentive mechanisms for Data Sharing, Synthetic Data Generation, Large-scale learning at the Edge/Fog, Federated & Auto ML at the edge/fog, Explainable AI/Feature Learning with Privacy Preservation, Federated & Automatic Transfer Learning, Adaptive FL for Digital Twin Applications, Automated IoT event-based change detection/forecasting. The GREEN.DAT.AI Consortium consists of a multidisciplinary group of 17 partners from 10 different countries (and one associated party), well balanced in terms of expertise. The vast majority of partners already have key roles in a number of projects funded under the Big Data PPP (ICT-16-2017) topic, namely BigDataStack, CLASS, Track & Know, and I-BiDaaS and are serving as active members of the BDVA/DAIRO Association, FIWARE, AIOTI, and ETSI. In addition, partners come from a variety of sectors, such as banking, mobility, energy, and agriculture, constituting a representative workforce of their respective domains, which will contribute to industry adoption and stimulate uptake in other sectors as well.

Europe needs to step up its efforts and strengthen its very own security capacities to secure its digital society, economy, and democracy. It is time to reconquer Europe’s digital sovereignty. The vision for Europe can only be to join forces across Europe’s research, industry and public sector and to include all talents not just those that have representation in the EU mainstream or are within big organizations. Diversity and inclusion are keys for success. Europe has incredible coverage and talent in the area of IT and cybersecurity. The area of cybersecurity is geographically fragmented across Europe for competences, and often also technically fragmented with problem-specific development of security solutions. There is no doubt that excellent research exists in Europe. Nevertheless, it is a fact that this research does not result in IT products and solutions that contribute to the European Single Digital Market. On contrary, a lot of research, also financed by EU ERC grants, is tested on real data in large US companies that cooperate with them. Europe has to and is already rethinking this strategy. CONCORDIA addresses the current fragmentation of security competence by networking diverse competences into a leadership role via a synergistic agglomeration of a pan-European Cybersecurity Center. The vision of CONCORDIA is to build a community a strong cooperation between all stakeholders, understanding that all stakeholders have their KPIs, bridging among them, and fostering the development of IT products and solutions along the whole supply chain. Technologically, it projects a broad and evolvable data-driven and cognitive E2E Security approach for the ever-complex ever-interconnected compositions of emergent data-driven cloud, IoT and edge-assisted ICT ecosystems.