2020-2 CEF Telecom Call:Cybersecurity

Miguel Gonzalez-Sancho, Monika Lanzenberger, Fidel Santiago, Ioannis Askoxylakis

& Domenico Ferrara

H.1 Cybersecurity Technology and Capacity BuildingDG CONNECT, European Commission

Cybersecurity Digital Service InfrastructurePolicy Framework

• Cybersecurity package: Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

• Directive on security of network and information systems (2016/1148) (NIS Directive)

• Commission recommendation (2017/1584) on coordinated response to large-scale cybersecurity incidents and crises (Cyber Blueprint)

• Regulation (2019/881) on ENISA and on information and communications technology cybersecurity certification (Cybersecurity Act)

2

CEF-TC-2020-2: Cybersecurity

Expected results from the funded activities:

• Cross-European cooperation in Cybersecurity for higher preparedness and better cybersecurity resilience

• Strengthening the Digital Single Market in terms of reliability and trustworthiness of networks and services

• Budget: €10.5 million

• Co-funding rate 75% / pre-financing up to 60% of the maximum grant

• Indicative duration of the actions: 36 months

• Detailed information is available online: Call Website, Work Programme, Call Text and FAQ

3

4

CEF-TC-2020-2: Cybersecurity: Objectives

• Objective 1: Support for Operators of Essential Services (OES), National Competent Authorities, and Information Sharing and Analysis Centres (ISAC)

• Objective 2: Support to joint preparedness, shared situational awareness and coordinated response to cybersecurity incidents

• Objective 3: Support to the implementation of cooperation activities of the Second Biannual Work Programme of the NIS Cooperation Group (2020-2022)

• Objective 4: Support to cooperation and capacity building for cybersecurity certification in line with the Cybersecurity Act

5

Cybersecurity - Objective 1: Support for OES, NCAs and ISACs

•Activities (at least one)

• OES(s) improving internal capabilities to meet security and reporting requirements under national and EU legislation

• OESs and/or ISACs setting-up a new/improving an existing national or European level ISAC

• NCAs/SPOCs supporting the national ISAC ecosystem or its development

• Beneficiaries should liaise with the Core Service Platform cooperation mechanism: the ISAC Facilities manager.

6

Eligibility Requirements - Objective 1

Proposals must include at least one of the following entities:

• Operator of Essential Services (OES), as identified by the Member State in the context of the NIS Directive

• National or European Information Sharing and Analysis Centre (ISAC) having at least one OES as a member

• National Competent Authority (NCA) or Single Point of Contact (SPOC) designated by the Member States in line with the NIS Directive

7

Cybersecurity - Objective 2: Support to joint preparedness, shared situational awareness and coordinated response to cybersecurity incidents (1/2)

Overarching goals: joint preparedness and shared situational awareness about cyber threats at the Member State and EU level, as well as coordinated response and mutual assistance in times of crisis

Proposals including cross-border cooperation activities for effective joint cybersecurity operations and/or building mutual trust are particularly encouraged.

8

Proposals should address at least one of the activities:

• Developing and deploying cyber range platforms and strategic and/or operational Cyber Threat intelligence (CTI) frameworks, programs and/or tools.

• Designing, developing and delivering structured trainings

• Further developing and implementing the European Commission Recommendation on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

9

Cybersecurity - Objective 2: Support to joint preparedness, shared situational awareness and coordinated response to cybersecurity incidents (2/2)

Eligibility Requirements - Objective 2

Proposals must include at least one of the following entities:

• National public authorities and national public bodies

• Legal entities entrusted with national level cybersecurity

10

Objective 3: Support to the implementation of cooperation activities of the Second Biannual Work Programme of the NIS Cooperation Group (2020-2022)

• Proposals should address activities developing and implementing cooperation activities in line with the Second Biennial Work Programme of the Cooperation Group (2020-2022).

• Proposed activities should aim to create mutual trust and confidence and facilitate knowledge sharing, as well as build effective joint working methods and increase national capacities in the cybersecurity domain.

• Relevant context: NIS Cooperation Group

• Allocated budget: € 1 million

11

12

Eligibility Requirements - Objective 3

Proposals must include national public authorities and/or national public bodies from at least two different Member States

Objective 4: Support to cooperation and capacity building for cybersecurity certification in line with the Cybersecurity Act

Overarching goals:

• Increase capacity building with regard to cybersecurity certification

• Support implementation of Cybersecurity Act

Proposals should address at least one of the activities:

• Building up or enhancing internal capabilities

• Cross-border exchange of good practices e.g. related to conformity assessment activities (at least two NCCAs)

• Development and implementation of efficient evaluation methods

Allocated budget: € 1 million13

Eligibility Requirements - Objective 4

Proposals must include at least one of the following entities:

• National Cybersecurity Certification Authority (NCCA), officially designated, or in the process of being designated, by a Member State in line with the Cybersecurity Act

• National Accreditation Body located in an EU Member State appointed pursuant Regulation (EC) No 765/2008

• Conformity Assessment Body (CAB) defined as an entity accredited by national accreditation bodies appointed pursuant to Regulation (EC) No 765/2008

14

Cybersecurity - Award criteria: Relevance

• Alignment with the objectives and activities required for the deployment of the Cybersecurity Digital Service Infrastructure described in Chapter 3.9 of the work programme and priorities set in Section 2 of the call text

• How well does the proposal fit with the Objective and activity you havechosen and its description in the call text?

TIP! Have you explained clearly which objective/activity are you addressing?

Is it clear how the proposal addresses the chosen objective/activity?

• How does it help meeting expected outputs and outcomes of theObjective you have chosen?

TIP! Did you check what beneficiaries are expected to do? E.g. participation inspecific activities

• Alignment and synergies with relevant policies, strategies and activitiesat European and national level

• Does the proposal demonstrate awareness of and, as appropriate,support/alignment with national strategies or EU strategies (forexample the NIS Directive, the Cybersecurity Act, the Cyber Blueprint,the Cybersecurity package from September 2017, other CEF and Horizon2020 cybersecurity projects etc.)?

TIP! Are you name-dropping or are you actually explaining how the proposal fitsinto the European/National contexts?

15

Cybersecurity - Award criteria: Quality & Efficiency

• Maturity in terms of readiness of the action to be implemented and operational level of the proposed solution(s) at the end of the action e.g. will the proposed solution be ready to be used at the end of the action?

TIP! Have you asked yourself:

• E.g. Is there sufficient detail on the architecture/features of what you want to implement?

• E.g. Is it clear what will be developed/implemented from scratch and what is alreadyavailable?

• E.g. Is it clear what will be the OUTPUT of the Action?

• Coherence and effectiveness of the work plan

TIP! Have you asked yourself:

• E.g. Is there sufficient detail on project management, and risk management?

• E.g. Are the tasks described in sufficient detail?

• E.g. Is the allocation of tasks and resources appropriate? Are the costs justified?

• Quality and relevant experience of the participantsTIP! Have you asked yourself:

• E.g. Are CVs provided with the proposal including relevant experience, qualifications andindustry/sector certifications? Is the consortium composition relevant and well-balanced?

• E.g. Does the proposal has the support needed from the entities important for itsimplementation?

• Appropriate attention to security, privacy, inclusiveness and accessibility

• E.g. Have you explained how the proposal addresses operational security, protection ofpersonal data? 16

Cybersecurity - Award criteria: Impact & Sustainability

• Quality of the approach to facilitate wider deployment and take-upTIP! Have you asked yourself:

• E.g. Is there an adequate dissemination plan? Does it explain in practicewhat you will do?

• E.g. Are concrete actions to facilitate the take-up internally/for externalstakeholders foreseen?

• Capability of long-term sustainability without EU fundingTIP! Have you asked yourself:

• E.g. Does the proposal foresee concrete measure to ensure long termknowledge transfer takes place (especially when subcontracting)?

• E.g. are the actions mainstreamed and embedded in cyber securityoperations in the participating organisation? Are they resulting in a stepchange in maturity levels in the participating organisations?

• E.g. Does the proposal foresee a business model or a concrete plan tocarry on without EU-funding after the end of the action?

17

Results from previous calls

• List of projects funded in previous calls

•Overview about beneficiaries, projects titles and funding

18

More information on the calls…

@inea_eu

inea@ec.europa.eu

https://ec.europa.eu/inea/en/connecting-europe-facility/cef-telecom/apply-funding/2020-cef-telecom-calls-proposals

inea-cef-telecom-calls@ec.europa.eu

INEA