A publicat studiul «Disponibilitatea pentru implementarea în România a schemei de certificare a securității cibernetice» Accesați aici studiul

eu-flag  secant-logo

The National Cyber Security Directorate - DNSC is the beneficiary of a non-reimbursable financing for the implementation of “SECurity And privacy protectioN in Internet of Things devices”- SECANT project, under financing contract no. 101019645. The project is financed through the European Union Horizon 2020 Programme, under the call H2020-SU-DS-2018-2019-2020/H2020-SU-DS-2020 topics.

Coordonator:
• NTT DATA Spain SLU - (NTT DATA), Spain
Parteneri:
• KAROLINSKA INSTITUTET (KI) - Sweden
• IOTA STIFTUNG (IOTA) - Germany
• ETHNIKO KENTRO EREVNAS KAI TECHNOLOGIKIS ANAPTYXIS (CERTH) - Greece
• EIGHT BELLS LTD (8BELLS)- Cyprus
• UBITECH LIMITED (UBI) - Cyprus
• AXON LOGIC P.C. (AXON) - Greece
• THALES SIX GTS FRANCE SAS (THALES) - France
• CYBERLENS BV (EXALENS) - The Netherlands
• UNIVERSITY OF SURREY (UOS) - United Kingdom
• SOFTWARE IMAGINATION & VISION SRL (SIMAVI) - Romania
• IANUS CONSULTING LTD (IANUS) - Cyprus
• THE NATIONAL CYBER SECURITY DIRECTORATE (DNSC) - Romania
• POLARIS MEDICAL CLINICA DE TRATAMENT SI RECUPERARE SA (POLARIS) - Romania
• BI2S-BUSINESS AND IOT INTEGRATED SOLUTIONS LTD (BI2S) - Cyprus
• INFOLYSIS P. C. (INF) - Greece
• FUNDACIO PRIVADA I2CAT, INTERNET I INNOVACIO DIGITAL A CATALUNYA (I2CAT) - Spain
• FUNDACIO TICSALUT (TICSALUT) - Spain
• ADRESTIA R&D PRIVATE COMPANY (ADR) - Greece
• SECURITY LABS CONSULTING LIMITED (SLC) - Ireland

Starting date of the action: 1 September, 2021

Duration of the action: 36 months

Total value: € 6 567 958,75 of which non-reimbursable financial assistance: € 5 202 226,38

DNSC budget: € 176 250.00

Project website: https://secant-project.eu

The overall objective of the project:

SECANT recognizes the needs of the European organizations and puts the sensitive data protection at the center-stage of the efforts towards enhancing the cybersecurity and privacy provisions of the industrial ecosystem. In particular, SECANT envisages delivering a holistic framework for cyber security risk assessment for enhancing the digital security, privacy, and personal data protection in complex ICT infrastructures by employing beyond the state-of-the-art technologies and methodologies. The SECANT platform will enhance the capabilities of organisations’ stakeholders, implementing (a) collaborative threat intelligence collection, analysis and sharing; (b) innovative risk analysis specifically designed for interconnected nodes of an industrial ecosystem; (c) cutting-edge trust and accountability mechanisms for data protection and (d) security awareness, training for more informed security choices.

The proposed solution’s effectiveness and versatility will be validated in four realistic pilot use case scenarios applied in the healthcare ecosystem. Ultimately, SECANT will contribute decisively towards improving the readiness and resilience of the organisations’ against the crippling modern cyber-threats, increasing the privacy, data protection and accountability across the entire interconnected ICT ecosystem, and reducing the costs for security training in the European market.

SECANT rests on four major pillars:
• Digital Security and Privacy (for both the underlying complex ICT infrastructure and the human actors);
• Data Protection and Accountability (based on the latest Distributed Ledger Technology – DLT);
• Collaborative Threat Intelligence (for collecting, sharing and reporting security incidents);
• Cyber Security Awareness Training (for both technical and non-technical users).
At its core, SECANT is a proof-of-concept platform enabling industrial participants to make informed and context-aware decisions regarding cybersecurity, privacy and data protection risks. The strength of the platform is that it allows not only for technologically protecting connected organizations, but also empowering their users in better protecting themselves (i.e.professionals, users, etc.).

The specific objectives of the project are as follows:
• to identify the user, technical and business requirements and design the architecture of a dynamic and highly flexible risk assessment platform for organizations;
• to design and implement a dynamic, evidence-based, sophisticated security and privacy risk assessment framework that can deal with the cascading effects of cyber-attacks and with propagated vulnerabilities in interconnected complex ICT systems, services, and applications;
• to design and implement a collaborative toolkit that allows the organization stakeholders and European CERTs/CSIRTs create and exchange dynamic vulnerability databases, as well as taxonomies for cyber-attacks targeting ICT systems, technologies, applications and services;
• to design and implement a tailored data protection and multi-level accountability framework, relying on a distributed ledger system, that can establish trust, integrity and protect sensitive data;
• to design and develop user interfacing applications and security training platforms with cyber range capabilities that can enable all stakeholders of the organizations’ ecosystem to make smarter security decisions with training and simulated social engineering;
• to demonstrate and validate the integrated SECANT Platform across four realistic pilot demonstrators;
• to ensure wide communication and scientific dissemination of the SECANT results to the research, academic, and professional community, efficient exploitation and business planning of the SECANT concepts and solutions to the market, and contribution of specific project results to relevant standardization bodies.

The activities of the project are the following:

WP1: Project Management;
WP2: Requirements Analysis, Use Cases and Architecture Design;
WP3: Cyber Security Risk Assessment in Connected ICT Ecosystems;
WP4: Trusted and Secure Data Sharing;
WP5: SECANT End-User Applications and Training;
WP6: SECANT Platform Integration and Testing;
WP7: Demonstration and Evaluation;
WP8: Dissemination, Communication and Exploitation of Results;
WP9: Ethics requirements.

Content reflects only the authors’ view and the European Commission is not responsible for any use that may be made of the information it contains.