Assurance and Certification for Trustworthy and Secure ICT systems, services and components -

Specific Challenge:

The constant discovery of vulnerabilities in ICT components, applications, services and systems is placing our entire digital society at risk. Insecure ICT is also imposing a significant cost on users (individuals and organisations) who have to mitigate the resulting risk by implementing additional technical and procedural measures which are resource consuming.

Smart systems, highly connected cyber-physical systems (CPS) are introducing a high dynamism in the system to develop and validate. Hence, CPS are evolving in a complex and dynamic environment, making safety-critical decisions based on information from other systems not known during development.

Another key challenge is posed by domains, such as medical devices, critical infrastructure facilities, and cloud data centres, where security is deeply intertwined and a prerequisite for other trustworthiness aspects such as safety and privacy.

The challenges are further intensified by the increasing trend of using third party components for critical infrastructures, by the ubiquity of embedded systems and the growing uptake of IoT as well as the deployment of decentralized and virtualized architectures.

In order to tackle these challenges, there is a need of appropriate assurances that our ICT systems are secure and trustworthy by design as well as a need of certified levels of assurance where security is regarded as the primary concern. Likewise, target architectures and methods improving the efficiency of assurance cases are needed in order to lower their costs.

Scope

a. Research and Innovation Actions - Assurance

Providing assurance is a complex task, requiring the development of a chain of evidence and specific techniques during all the phases of the ICT Systems Development Lifecycle (SDLC for short: e.g. design verification, testing, and runtime verification and enforcement) including the validation of individual devices and components. These techniques are complementary yet all necessary, each of them independently contributing towards improving security assurance. It includes methods for reliability and quality development and validation of highly dynamic systems.

Proposals may address security, reliability and safety assurance at individual phases of the SDLC and are expected to cover at least one of the areas identified below, depending on their relevance to the proposal overall objectives:

• Security requirements specification and formalization;
• Security properties formal verification and proofs at design and runtime
• Secure software coding;
• Assurance-aware modular or distributed architecting and algorithmic;
• Software code review, static and dynamic security testing;
• Automated tools for system validation and testing;
• Attack and threat modelling;
• Vulnerability analysis;
• Vendor (third-party) application security testing;
• Penetration testing;
• Collection and management of evidence for assessing security and trustworthiness;
• Operational assurance, verification and security policy enforcement;
• Adaptive security by design and during operation.

Proposal should strive to quantify their progress beyond the state of the art in terms of efficiency and effectiveness. Particular importance within this context should be placed on determining the appropriate metrics.

Proposals should take into account the changing threat landscape, where targeted attacks and advanced persistent threats assume an increasingly more important role and address the challenge of security assurance in state-of-the-art development methods and deployment models including but not limited to solutions focussing on reducing the cost and complexity of assurance in large-scale systems.

Proposals should include a clear standardisation plan at submission time.

The Commission considers that proposals requesting a contribution from the EU between EUR 3 and 4 million would allow this specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.

The outcome of the proposals are expected to lead to development up to Technology Readiness Level (TRL) 3 to 5; please see part G of the General Annexes.

b. Innovation Actions – Security Certification

Proposals should address the challenge of improving the effectiveness and efficiency of existing security certification processes for state-of-the-art ICT components and products including the production and delivery of the corresponding guidance materials.

In terms of effectiveness, proposals should address, amongst other factors, emerging threats, compositional certification and reuse of components in the context of certified systems and certification throughout the operational deployment of a product or a service.

In terms of efficiency, proposals should strive to reduce the cost and duration of the certification process.

Proposals may address security certification in any area of their choice. Consortia submitting proposals are expected to approach the selected topic as widely as possible including all necessary actors – e.g. industry, academia, certification laboratories - and involve the relevant certification authorities from at least three Member States in order to achieve added value at a European level.

Proposals are encouraged to work towards moderate to high assurance level protection profiles as a way to validate their results.

The Commission considers that proposals requesting a contribution from the EU between EUR 3 and 4 million would allow this specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.

The outcome of the proposals are expected to lead to development up to Technology Readiness Level (TRL) 6 to 7; please see part G of the General Annexes.

c. Coordination and Support Actions

To complement the research and innovation activities in security assurance and certification in this topic, support and coordination actions should address the following:

Building trustworthiness: economic, legal and social aspects of security assurance and certification

• Study in depth the economic and legal aspects related to assurance and certification (including European-wide labelling), EU and International regulatory aspects;
• Explore and identify the interplay of relevant social, cultural, behavioural, gender and ethical factors with ICT systems with regards to their trustworthiness and security, actual or perceived
• Identify barriers and incentives in the market for certified products in the consumer and/or enterprise market;
• Produce a comprehensive cost/benefit model for security assurance and certification;

Engage with multidisciplinary communities and stakeholders.

The Commission considers that proposals requesting a contribution from the EU of up to EUR 1 million would allow this specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.

Expected Impact:

• European ICT offering a higher level of assurance compared to non-European ICT products and services.
• ICT products and services more compliant with relevant European security and/or privacy regulations.
• ICT with a higher level of security assurance at marginally additional cost.
• Facilitation of mutual recognition of security certificates across the EU.
• Increased market uptake of secure ICT products.
• Increased user trust in ICT products and services.
• Reduction of negative externalities associated with deployment of insecure ICT.
• More resilient critical infrastructures and services.
• Progress beyond the state-of-the-art in the effectiveness and efficiency of the areas addressed by the proposals.

Cross-cutting Priorities:

GenderSocio-economic science and humanities

News flashes