HORIZON EUROPE
European
Specific Challenge:The constant discovery of vulnerabilities in ICT components, applications, services and systems is placing our entire digital society at risk. Insecure ICT is also imposing a significant cost on users (individuals and organisations) who have to mitigate the resulting risk by implementing additional technical and procedural measures which are resource consuming.
Smart systems, highly connected cyber-physical systems (CPS) are introducing a high dynamism in the system to develop and validate. Hence, CPS are evolving in a complex and dynamic environment, making safety-critical decisions based on information from other systems not known during development.
Another key challenge is posed by domains, such as medical devices, critical infrastructure facilities, and cloud data centres, where security is deeply intertwined and a prerequisite for other trustworthiness aspects such as safety and privacy.
The challenges are further intensified by the increasing trend of using third party components for critical infrastructures, by the ubiquity of embedded systems and the growing uptake of IoT as well as the deployment of decentralized a...
see more
Specific Challenge:The constant discovery of vulnerabilities in ICT components, applications, services and systems is placing our entire digital society at risk. Insecure ICT is also imposing a significant cost on users (individuals and organisations) who have to mitigate the resulting risk by implementing additional technical and procedural measures which are resource consuming.
Smart systems, highly connected cyber-physical systems (CPS) are introducing a high dynamism in the system to develop and validate. Hence, CPS are evolving in a complex and dynamic environment, making safety-critical decisions based on information from other systems not known during development.
Another key challenge is posed by domains, such as medical devices, critical infrastructure facilities, and cloud data centres, where security is deeply intertwined and a prerequisite for other trustworthiness aspects such as safety and privacy.
The challenges are further intensified by the increasing trend of using third party components for critical infrastructures, by the ubiquity of embedded systems and the growing uptake of IoT as well as the deployment of decentralized and virtualized architectures.
In order to tackle these challenges, there is a need of appropriate assurances that our ICT systems are secure and trustworthy by design as well as a need of certified levels of assurance where security is regarded as the primary concern. Likewise, target architectures and methods improving the efficiency of assurance cases are needed in order to lower their costs.
Scope:a. Research and Innovation Actions - Assurance
Providing assurance is a complex task, requiring the development of a chain of evidence and specific techniques during all the phases of the ICT Systems Development Lifecycle (SDLC for short: e.g. design verification, testing, and runtime verification and enforcement) including the validation of individual devices and components. These techniques are complementary yet all necessary, each of them independently contributing towards improving security assurance. It includes methods for reliability and quality development and validation of highly dynamic systems.
Proposals may address security, reliability and safety assurance at individual phases of the SDLC and are expected to cover at least one of the areas identified below, depending on their relevance to the proposal overall objectives:
Security requirements specification and formalization; Security properties formal verification and proofs at design and runtime Secure software coding; Assurance-aware modular or distributed architecting and algorithmic; Software code review, static and dynamic security testing; Automated tools for system validation and testing; Attack and threat modelling; Vulnerability analysis; Vendor (third-party) application security testing; Penetration testing; Collection and management of evidence for assessing security and trustworthiness; Operational assurance, verification and security policy enforcement; Adaptive security by design and during operation. Proposal should strive to quantify their progress beyond the state of the art in terms of efficiency and effectiveness. Particular importance within this context should be placed on determining the appropriate metrics.
Proposals should take into account the changing threat landscape, where targeted attacks and advanced persistent threats assume an increasingly more important role and address the challenge of security assurance in state-of-the-art development methods and deployment models including but not limited to solutions focussing on reducing the cost and complexity of assurance in large-scale systems.
Proposals should include a clear standardisation plan at submission time.
The Commission considers that proposals requesting a contribution from the EU between EUR 3 and 4 million would allow this specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
The outcome of the proposals are expected to lead to development up to Technology Readiness Level (TRL) 3 to 5; please see part G of the General Annexes.
b. Innovation Actions – Security Certification
Proposals should address the challenge of improving the effectiveness and efficiency of existing security certification processes for state-of-the-art ICT components and products including the production and delivery of the corresponding guidance materials.
In terms of effectiveness, proposals should address, amongst other factors, emerging threats, compositional certification and reuse of components in the context of certified systems and certification throughout the operational deployment of a product or a service.
In terms of efficiency, proposals should strive to reduce the cost and duration of the certification process.
Proposals may address security certification in any area of their choice. Consortia submitting proposals are expected to approach the selected topic as widely as possible including all necessary actors – e.g. industry, academia, certification laboratories - and involve the relevant certification authorities from at least three Member States in order to achieve added value at a European level.
Proposals are encouraged to work towards moderate to high assurance level protection profiles as a way to validate their results.
The Commission considers that proposals requesting a contribution from the EU between EUR 3 and 4 million would allow this specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
The outcome of the proposals are expected to lead to development up to Technology Readiness Level (TRL) 6 to 7; please see part G of the General Annexes.
c. Coordination and Support Actions
To complement the research and innovation activities in security assurance and certification in this topic, support and coordination actions should address the following:
Building trustworthiness: economic, legal and social aspects of security assurance and certification
Study in depth the economic and legal aspects related to assurance and certification (including European-wide labelling), EU and International regulatory aspects; Explore and identify the interplay of relevant social, cultural, behavioural, gender and ethical factors with ICT systems with regards to their trustworthiness and security, actual or perceived Identify barriers and incentives in the market for certified products in the consumer and/or enterprise market; Produce a comprehensive cost/benefit model for security assurance and certification; Engage with multidisciplinary communities and stakeholders.
The Commission considers that proposals requesting a contribution from the EU of up to EUR 1 million would allow this specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
Expected Impact: European ICT offering a higher level of assurance compared to non-European ICT products and services. ICT products and services more compliant with relevant European security and/or privacy regulations. ICT with a higher level of security assurance at marginally additional cost. Facilitation of mutual recognition of security certificates across the EU. Increased market uptake of secure ICT products. Increased user trust in ICT products and services. Reduction of negative externalities associated with deployment of insecure ICT. More resilient critical infrastructures and services. Progress beyond the state-of-the-art in the effectiveness and efficiency of the areas addressed by the proposals.
Cross-cutting Priorities:GenderSocio-economic science and humanities
see less
Consortium characteristics
:
The aid is European, you can apply to this line any company that is part of the European Community.
characteristics of the Proyecto
Los costes de personal subvencionables cubren las horas de trabajo efectivo de las personas directamente dedicadas a la ejecución de la acción. Los propietarios de pequeñas y medianas empresas que no perciban salario y otras personas físicas que no perciban salario podrán imputar los costes de personal sobre la base de una escala de costes unitarios
Los otros costes directos se dividen en los siguientes apartados: Viajes, amortizaciones, equipamiento y otros bienes y servicios. Se financia la amortización de equipos, permitiendo incluir la amortización de equipos adquiridos antes del proyecto si se registra durante su ejecución. En el apartado de otros bienes y servicios se incluyen los diferentes bienes y servicios comprados por los beneficiarios a proveedores externos para poder llevar a cabo sus tareas
La subcontratación en ayudas europeas no debe tratarse del core de actividades de I+D del proyecto. El contratista debe ser seleccionado por el beneficiario de acuerdo con el principio de mejor relación calidad-precio bajo las condiciones de transparencia e igualdad (en ningún caso consistirá en solicitar menos de 3 ofertas). En el caso de entidades públicas, para la subcontratación se deberán de seguir las leyes que rijan en el país al que pertenezca el contratante
Characteristics of financing
List of countries and applicable rules for funding: described in part A of the General Annexes of the General Work Programme.
Please also note that a number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon 2020 projects (follow the links to China, Japan, Republic of Korea, Mexico, Russia, Taiwan).
Eligibility and admissibility conditions: described in part B and C of the General Annexes of the General Work Programme
Proposal page limits and layout: Please refer to Part B of the standard proposal template.
Evaluation
3.1 Evaluation criteria and procedure, scoring and threshold: described in part H of the General Annexes of the General Work Programme, with the following exception:
Only the best proposal may be funded for part c) Coordination and Suport Action.
3.2 Submission and evaluation process: Guide to the submission and evaluation process
Indicative timetable for evaluation and grant agreement:
Information on the outcome of the evaluation: maximum 5 months from the deadline for submission.
Signature of grant agreements: maximum 8 months from the deadline for... Please read carefully all provisions below before the preparation of your application.
List of countries and applicable rules for funding: described in part A of the General Annexes of the General Work Programme.
Please also note that a number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon 2020 projects (follow the links to China, Japan, Republic of Korea, Mexico, Russia, Taiwan).
Eligibility and admissibility conditions: described in part B and C of the General Annexes of the General Work Programme
Proposal page limits and layout: Please refer to Part B of the standard proposal template.
Evaluation
3.1 Evaluation criteria and procedure, scoring and threshold: described in part H of the General Annexes of the General Work Programme, with the following exception:
Only the best proposal may be funded for part c) Coordination and Suport Action.
3.2 Submission and evaluation process: Guide to the submission and evaluation process
Indicative timetable for evaluation and grant agreement:
Information on the outcome of the evaluation: maximum 5 months from the deadline for submission.
Signature of grant agreements: maximum 8 months from the deadline for submission.
Provisions, proposal templates and evaluation forms for the type(s) of action(s) under this topic:
Research and Innovation Action:
Specific provisions and funding rates
Standard proposal template
Standard evaluation form
H2020 General MGA -Multi-Beneficiary
Annotated Grant Agreement
Innovation Action:
Specific provisions and funding rates
Standard proposal template
Standard evaluation form
H2020 General MGA -Multi-Beneficiary
Annotated Grant Agreement
Coordination and Support Action:
Specific provisions and funding rates
Standard proposal template
Standard evaluation form
H2020 General MGA -Multi-Beneficiary
Annotated Grant Agreement
Additional provisions:
Horizon 2020 budget flexibility
Classified information
Technology readiness levels (TRL) – where a topic description refers to TRL, these definitions apply.
Open access must be granted to all scientific publications resulting from Horizon 2020 actions, and proposals must refer to measures envisaged. Where relevant, proposals should also provide information on how the participants will manage the research data generated and/or collected during the project, such as details on what types of data the project will generate, whether and how this data will be exploited or made accessible for verification and re-use, and how it will be curated and preserved.
Additional documents
H2020 Work Programme 2016-17: Introduction
H2020 Work Programme 2016-17: Introduction to Leadership in enabling and industrial technologies (LEITs)
H2020 Work Programme 2016-17: Secure societies – protecting freedom and security of Europe and its citizens
H2020 Work Programme 2016-17: Dissemination, Exploitation and Evaluation
H2020 Work Programme 2016-17: General Annexes
Legal basis: Horizon 2020 - Regulation of Establishment
Legal basis: Horizon 2020 Rules for Participation
Legal basis: Horizon 2020 Specific Programme
Additional information about the call
other advantages
