In December 2020, the European Commission presented its new cybersecurity strategy which highlights the importance of research, innovation, and deployment to create a resilient, global and open cyberspace. Historically, Europe has leveraged cybersecurity tools and infrastructures which originated in the United States and were adapted to European systems and policies. It is time for Europe to become technologically sovereign and create its own world-class solutions and standards. CyberSec4Europe plays a key role in driving this strategy by advancing cyber-secure technologies through collaboration between universities, research institutes, and industry.

One of CyberSec4Europe’s key contributions to the challenges of this ambitious goal is to design and develop a set of innovative, real world demonstrator use cases in the areas of open banking, supply chain, privacy-preserving identity management, incident reporting in the financial sector, maritime transport, medical data exchange, and smart cities. They embody the project’s will to lead Europe’s cybersecurity research and innovation with technology advancements catering to the complex reality of the Digital Single Market, as well as the security of European citizens and society as a whole. A demonstrator is a prototype of a cybersecurity solution, product, or service, secured by design. In addition to being developed with an eye on security and privacy, the demonstrators are also compliant with important EU legislation, such as PSD2 and the GDPR.

Since the project’s inception over 24 months ago, we have produced three deliverables: the first analyses the requirements of each use case, identifies the key actors and describes their importance in the context of the selected sectors; the second defines the specification and set-up required for each use case demonstrator.

Our latest deliverable is a validation of each demonstrator according to a pre-defined set of criteria including technical performance and usability based on the requirements and specifications outlined in the documents above.

We employ two validation strategies: test cases and technology-based analysis. Test cases are inspired by software engineering best practices and consist of a description, workflow, and test results. The technology-based analysis reasons that some requirements are met by the design of a demonstrator architecture or by its use of a certain technology.

We use quality indicators to pose questions to users and to capture their feedback.  Quality indicators also cover the effectiveness and efficacy of the solution across multiple categories, such as integration and interoperability, documentation, usability, and testing and deployment. For each use case, a validation summary presents the outcome of the validation, including, for example, the percentage of requirements successfully validated.

This latest deliverable is an important milestone as it concludes the first of two parallel cycles. As we move forward, we are scrutinising the lessons learned during the first cycle, analysing where we would like to make changes or improvements in planning the second cycle of requirements analysis, specification, and validation.

Interested in learning more about CyberSec4Europe’s demonstrators? Read here!

Alessandro Sforzin and Rahul Bobba, NEC Laboratories Europe GmbH.