The ECHO Consortium at the CYpBER 2020 Conference
The CYpBER 2020 Conference, the only specialized Cybersecurity event for Maritime - Oil & Gas - Energy in the Eastern Mediterranean, took place online on June 3rd, 2020. The ECHO (the European network of Cybersecurity centers and competence Hub for innovation and Operations) Consortium was represented by the Project Implementation Coordinator Matteo Merialdo from RHEA Group. Matteo focused his presentation on the strategies that the ECHO Consortium undertook at addressing common challenges within the Maritime sector.
"Cybersecurity in Operational Technology sectors is critical. Our life heavily depends on a combination of multiple OT systems strictly connected to IT counterparts, in many critical sectors. The CYpBER 2020 conference deeply explored cyber-security gaps and challenges of OT systems and how the European Union is reacting to them.
ECHO is at the frontline of OT security and considers inter and multi-sector risks one of the major challenges we need to solve together as Europeans."
- Matteo Merialdo, ECHO Project Implementation Coordinator
The European Commission has, under the H2020 Program, brought together specialist expertise to form four pilot projects with the objective of connecting and sharing knowledge across multiple domains to develop a common cybersecurity strategy for Europe. ECHO (the European network of Cybersecurity centers and competence Hub for innovation and Operations) is one of these four projects. The ECHO consortium consists of 30 partners from different fields and sectors including health, transport, manufacturing, ICT, education, research, telecom, energy, space, healthcare, defense & civil protection.
The main objective of ECHO is to strengthen the proactive cyber defense of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector and multi-domain collaboration. The project will develop a European Cybersecurity ecosystem, to support secure cooperation and development of the European market, as well as to protect the citizens of the European Union against cyber threats and incidents.
Main ECHO concepts:
- ECHO Governance Model: Management of direction and engagement of partners (current and future)
- ECHO Multi-sector assessment framework: Transverse and inter-sector needs assessment and technology R&D roadmaps
- ECHO Cyber skills Framework and training curriculum: Cyber skills reference model and associated curriculum
- ECHO Security Certification Scheme: Development of sector-specific security certification needs within EU Cybersecurity Certification Framework from ENISA
- ECHO Federated Cyber Range: Advanced cyber simulation environment supporting training, R&D, and certification
- ECHO Early Warning System: Secured collaborative information sharing of cyber-relevant information
ECHO will develop sector-specific and inter-sector demonstration cases for improving security measures within and among organizations. The testing and validation of innovative technologies, operational, and decision-making processes enable the identification, specification, and development of inter-sector challenges and opportunities. Enabling the definition and development of relevant inter-sector technology roadmaps.
The ECHO governance model will define the effective operational management of the future ECHO Group which shall consist of a network of cybersecurity competence centers and demonstrate an efficient ECHO Cybersecurity certification scheme.
The following systems and assets will also be delivered:
- The ECHO Early Warning System (E-EWS) – provides a mechanism for partners to share incidents, trends and other relevant cybersecurity data to trusted partners within the network of cybersecurity competence centers;
- The ECHO Federated Cyber Range (E-FCR) – provides realistic environments for conducting experimentation, exercises, research, and prototype testing, enables the combination of multiple scenarios from different content providers, and a focal point for training and expertise.
ECHO intends to raise awareness of the need for cybersecurity amongst EU citizens and better-inform them of potential threats and best practices. The project will also provide innovative solutions to Governmental cyber issues, aid detection of cyberattacks, better combat them, and improve response times in order to reduce their impact and ensure the safety of democratic decision-making. The industry will be educated on why and how to protect themselves and their customers against the potential loss of data or money, helping to consolidate their reputation and position in the market.
The main challenge faced by ECHO is to create a stable, effective, shared, and durable network composed of governments, organizations, and companies in order to pool the collective cybersecurity skills, resources, and knowledge within the European territory. Therefore, the visionary aim of ECHO is anchored on the project’s name itself: to establish a strong and resounding sustainable network of cybersecurity centers and competence for innovation within European Union, which will facilitate the sharing of knowledge, threats and cyber incidents for improving cybersecurity solutions, raise awareness of security and protection methods and establish best practices to reduce risk exposure.
- ECHO targets practical use of outcomes to offer technologies and services having increased cyber-resilience by sector and among inter-dependent partners
- Use of the ECHO Federation of Cyber Ranges (E-FCR) for experimental simulation of cyberattack scenarios, pre-production testing, product evaluations
- Combined use of the ECHO Federation of Cyber Ranges (E-FCR) and E-Cybersecurity Certification Scheme (E-CCS) for certified qualification testing of potential technologies required to meet customer specification
- Use of ECHO Cybersecurity Certification Scheme (E-CCS) as a benchmark of cybersecurity certification to be obtained as a market differentiator
- Use of the ECHO Early Warning System (E-EWS) to share early warning of cybersecurity-related issues (e.g., vulnerabilities, malware, and trends, etc…)
- Promotion of improved cyber skills through leveraging diverse education and training options made available by the E-Cybersecurity Skills Framework, particularly as it relates to security-by-design best practices.