CyberSec4Europe recently published its new set of policy recommendations in the area of research for cybersecurity. One of the most important recommendations in this report focusses on the issue of funding in Europe. The authors of the recommendations argue that although Europe invests significant amounts in cybersecurity research, most of the research funds are for short-term medium/high-TRL (technology readiness level) projects that allow practically no time to explore new and promising technologies. Without the proper environment to invent fundamentally new technologies, and to nurture them into fruition, Europe will be forced to import its cybersecurity technologies from overseas. Such a practice not only increases Europe’s reliance on imported technology, but also significantly undermines its long-term sovereignty in the digital domain.

Indeed, it seems that fundamental ideas which have the opportunity to significantly change the world, usually need a lot of time to develop and reach a mature stage. In addition to time, such ideas also need space: a nurturing environment in which to grow, flourish, and find their place in the sun. Such an environment should be willing to take high risks in order to have a chance to reap high gains at the end. Scientific evidence clearly supports the fact that fundamental ideas and technologies need a lot of time between their invention and the time they achieve a noticeable market share. For example, the mobile phone took 29 years to reach 20% market penetration; LED lights took 24 years; the Internet took more than 25 years, the ATM cards took 25 years, etc. These are inventions that almost everyone in the developed world uses every day and possibly can not properly function without. And, still, it took those amazing inventions almost three decades to get out of their nurturing environment and achieve a decent market share. It seems that the old proverb is true: “great things just take time”. Time, indeed, is what most new cybersecurity ideas are deprived of in the current European setting. Over the past few years, research funding in the area of cybersecurity follows a completely different approach with respect to time: it favours short-term projects with immediate market application, medium/high TRLs, and rapid market exploitation. This approach effectively deprives cybersecurity ideas from a nurturing environment: their environment is dwindling, the expectations are high, and the ideas just cannot reach maturity.

To help researchers make fundamental long-term contributions in the area of cybersecurity, the authors make two clear research policy recommendations:

• Create an “EIC PathFinder” for cybersecurity: It is possible to form a collaboration between EIC Pathfinder or a similar research line and the research community to support blue sky research in the future challenges of cybersecurity.
• Restructure funding: A good architecture of European funding may consist of blue sky individual projects under the ERC (European Research Council), plus a large number of collaborative EIC Pathfinder projects in strategic areas of cybersecurity. These could also network the results stemming from the ERC, complemented by DARPA-like technological projects that would bring the most promising ideas that have most impact potential closer to the market. Essentially, by refocusing existing EU funding schemes, like the EIC Pathfinder and the ERC, we can accelerate the production of high-quality research in cybersecurity that can address Europe’s cybersecurity needs for the future.

For more information you can access the full report here.

Evangelos Markatos, FORTH