Across all the project work activities, CyberSec4Europe has come up with a number of recommendations intended for the attention of policymakers and strategists in government, industry, standards bodies and academia.

Here are a few examples:

Support research in SMEs cybersecurity

SMEs are the backbone of the EU economy and are also among the most vulnerable groups to cyberattacks and cybercrimes. The COVID-19 pandemic, which accelerated existing trends in remote work and e-commerce, has made their cybersecurity condition even worse. Read more 

The need for proper vulnerability attribution/characterisation and handling

Security flaws (vulnerabilities) are increasingly being discovered in software systems and services produced by even well-known software companies. These weaknesses can be exploited by skilled adversaries to compromise sensitive data or computational resources. Read more

Allocating controllership in the European Digital Identity Wallet

The eIDAS 2 proposal enables the transition towards new models for identity management (IdM), placing the user at the centre of the ecosystem and limiting the role of identity providers (providers of electronic attestations of attributes/ issuing authorities), to the provision of identity credentials (electronic attestations of attributes). Read more

Facilitate cybersecurity collaboration by creating flexible and accessible community engagement mechanisms

Europe’s cybersecurity potential is not being fully realized due to the existing fragmentation of the cybersecurity landscape and inefficient cooperation and collaboration. Read more

Promote new sovereign solutions in cybersecurity: support blue-sky research and nurture their results

Although Europe invests significant amounts of funding in cybersecurity research, most of the funds are for short-term medium to high TRL projects which have practically no time to explore fundamentally new and promising technologies. Read more

Set up a data protection by design and by default technology programme

European personal and corporate data does not enjoy the same level of protection in all territories outside Europe. While adequacy agreements have been negotiated, they have not been found to be compliant with European law by the Court of Justice of the European Union. Read more

Support research in the password-less authentication

A strong password is not enough to guarantee security and, even though it can be safely stored (e.g., as a hash value), it can be subject to various attacks that target the user (e.g., through social engineering) or the system (e.g., password leakage). Read more

Support for novel privacy-preserving technologies including data sharing for COVID-19

Europe has traditionally been a leader in the area of data protection and privacy. For example, the General Data Protection Regulation (GDPR) has demonstrated this leadership by completely changing the legal landscape of data collection, data processing and data protection; significantly, it has been used as the basis for similar regulations in other jurisdictions. Read more

The provision of  greater emphasis on cybersecurity topics including security-by-design and privacy-by-design in University curricula

Certain cybersecurity topics have not attracted the attention they deserve in university curricula. Some of these cyber topics will have broad applicability in the near future. Read more

The adoption of a common eIDAS-based trust framework for Member State digital identity trust schemes

On the back of the eIDAS regulation entering into force on 29 September 2018, it became mandatory for Member States to enable cross-border recognition of eIDs, allowing citizens and businesses to share their identity data when necessary. Read more