Certification for Cybersecurity in EU ICT using Decentralized Digital Twinning

Scientific Papers

2024

Die Utopie der europäischen Cybersicherheitszertifizierungen

Abstract:

Interoperable Automatisierung kann Zertifizierungsverfahren für Cybersicherheit, wie sie aus dem EU-Cybersicherheitsgesetz (z. B. EUCS) hervorgehen, zugutekommen, so dass sie für die beteiligten Interessengruppen weniger Aufwand bedeuten. Die Entwicklung von Standardisierungsbemühungen unter Einbeziehung relevanter Akteure (z. B. Regulierungsbehörden) ist erforderlich, um diese Vorteile vollständig zu realisieren. EU-Projekte wie H2020 MEDINA, HEU COBALT und Gemeinschaften wie EUROSCAL sind auf dem Weg, dieses Ziel zu erreichen. Dennoch ist mehr praktische Erfahrungen erforderlich, damit eine kontinuierliche Zertifizierung mit Automatisierung Realität wird.

Authors: Alexander Lawall ORCID, Jesus Luna Garcia

Published on: Industry Science 4.0

DOI: 10.30844/I4SD.24.2.xx

Evolution of secure development lifecycles and maturity models in the context of hosted solutions

Abstract

Organizations creating software commonly utilize software development lifecycles (SDLCs) to structure development activities. Secure development lifecycles (SDLs) integrate into SDLCs, adding security or compliance activities. They are widely used and have been published by industry leaders and in literature. These SDLs, however, were mostly designed before or while cloud services and other hosted solutions became popular. Such offerings widen the provider’s responsibilities, as they not only deliver software but operate and decommission it as well. SDLs, however, do not always account for this change. Security maturity models (SMMs) help to assess SDLs and identify improvements by introducing a baseline to compare against. Multiple of these models were created after the advent of hosted solutions and are more recent than commonly referenced SDLs. Recent SMMs and SDLs may therefore support hosted solutions better than older proposals do. This paper compares a set of current and historic SDLs and SMMs in order to review their support for hosted solutions, including how support has changed over time. Security, privacy, and support for small or agile organizations are considered, as all are relevant to hosted solutions. The SDLs analyzed include Microsoft’s SDL, McGraw’s Touchpoints, the Cisco’s SDL, and Stackpole and Oksendahl’s SDL ² . The SMMs reviewed are OWASP’s Software Assurance Maturity Model 2 and DevSecOps Maturity Model. To assess the support for hosted solutions, the security and privacy activities foreseen in each SDLC phase are compared, before organizational compatibility, activity relevance, and efficiency are assessed. The paper further demonstrates how organizations may select and adjust a suitable proposal. The analyzed proposals are found to not sufficiently support hosted solutions: Important SDLC phases, such as solution retirement, are not always sufficiently supported. Agile practices, such as working in sprints, and small organizations are often not sufficiently considered as well. Efficiency is found to vary based on the application context. A clear improvement trend from before the proliferation of hosted solutions cannot be identified. Future work is therefore found to be required.

Authors: Felix Lange, Immanuel Kunz

Published onJournal of Software: Evolution and Process

DOI: http://dx.doi.org/10.1002/smr.2711

Towards the Automation of Attack Graph-based Risk Assessment with OSCAL

Abstract

In increasingly dynamic threat landscapes, automated Risk Assessment emerges as an essential approach, highlighting the benefits of enhanced accuracy and operational efficiency in addressing threats. This work combines Attack Graphs with the Open Security Controls Assessment Language (OSCAL), employing compliance-as-code for enforceable, machine-readable security modeling. Utilizing Domain-Specific Languages (DSLs), we aim to simplify the creation and enforcement of security measures, establish connections between components and controls, and uses graph-based algorithms for risk assessment, risk mitigation, and asset management in line with OSCAL standards and requirements. Such approaches aim to streamline RA process, providing real-time insights and allowing for quicker, more efficient decision-making regarding threat mitigation and security measures, without the need for extensive manual intervention.

Authors: Ioannis Koufos, Maria Christopoulou, George Xilouris, Michael-Alexandros Kourtis, Maria Souvalioti, Panagiotis Trakadas

Published on: Distributed Computing and Artificial Intelligence, Special Sessions I, 20th International Conference

DOIhttp://dx.doi.org/10.1007/978-3-031-76459-2_30

Applying Digital Twins to Optical Networks with Cloud-native SDN Controllers and Generative AI

Abstract

This paper presents optical networks using Network Digital Twins (NDT) integrated with
cloud-native SDN controllers and intent based networking with generative AI. The framework optimizes
network design, automation, and maintenance, enhancing efficiency and performance.

Authors: Ricard Vilalta, Allen Abishek, Lluis Gifre, Ramon Casellas, Ricardo Martínez, Raul Muñoz

Published onECOC 2024

DOI:

Edge Computing Cybersecurity standards: protecting infrastructure and applications

Abstract

The advent of MEC (Multi-access Edge Computing), as a natural evolution of cloud computing, can enable innovative services and applications, with many opportunities for end users. Hosting applications at the edge could also address privacy and security issues inherent to the traditional cloud-based deployment model, e.g., keeping regional regulatory compliance. However, shifting workloads to the edge of the network warrants the consideration of new security risks. Separately, the recent specification of MEC federations (as result of the GSMA’s Telco Edge Cloud) underscores the importance of security and trust due to the heterogeneity of edge systems in global MEC deployments. Edge cybersecurity solutions must adopt international standards for interoperability. Accordingly, ETSI MEC has endeavored to study edge security threats and craft solutions, oftentimes based on existing standards from other industry groups. This paper discusses the security challenges that arise from shifting workloads to the edge of the network with particular emphasis on international standards and aims to provide a tutorial for developers and architects to navigate the complexities in achieving edge computing security.

Authors: Dario Sabella, Kishen Maloor, Ned Smith, Michaela Vanderveen, Akis Kourtis

Published onECOC 2024

DOIhttp://dx.doi.org/10.1109/ACCESS.2024.3506212

2025

(TBA) Secure Information Exchange between Optical Network Digital Twin and Optical Transport Network

 

Authors: Allen Abishek, Lluis Gifre, Raul Muñoz, Marco Ruffini, Dmitrii Briantcev, Dan Kilper, Adrian Asensio, Xavier Masip-Bruin, and Ricard Vilalta

Published on: IEEE NetSoft 2025

DOI: TBA

Bosch


Short Description

The Bosch Group is a leading global supplier of technology and services. Its operations are divided into four business sectors: Automotive Technology, Industrial Technology, Consumer Goods, and Energy and Building Technology. The Bosch Group comprises Robert Bosch GmbH and its roughly 360 subsidiaries and regional companies in some 50 countries. If its sales and service partners are included, then Bosch is represented in roughly 150 countries. This worldwide development, manufacturing, and sales network are the foundation for further growth. The Bosch Group’s products and services are designed to fascinate, and to improve the quality of life by providing solutions which are both innovative and beneficial. In this way, the company offers technology worldwide that is “Invented for life.” 

In COBALT is involved the Bosch team “Cybersecurity Governance - Enterprise IT”, comprised of experts on governance-risk-compliance related to cloud and artificial intelligence. Our topics of interest also comprise cybersecurity metrics and standardization/regulation. 

Organisation’s role in COBALT

Our team is in charge of leading WP3 related to the framework for enabling “continuous” cybersecurity audits. Also, we lead the WP5 task related to the validation usecase for Artificial Intelligence. Finally, Bosch also has a relevant role on topics related to standardization, and design of the COBALT architecture. 

Expected Impact

Our aim is to influence the ongoing standardization activities aimed at developing cybersecurity controls, metrics, and certification for artificial intelligence (AI). These results are then planned to be integrated into Bosch’s internal cybersecurity framework so its compliance monitoring can be automatized in favor of facilitating conformance assessments. 

URL: https://www.bosch.de/

This will close in 0 seconds

National Centre for Scientific Research "Demokritos"


Short Description

The National Centre for Scientific Research "Demokritos" holds a prominent position as the leading research institution in Greece. Established in July 1961, initially focused on nuclear research, Demokritos has evolved into an expansive interdisciplinary research center. It comprises a dedicated team of approximately 180 esteemed researchers occupying tenured and tenure-track positions, complemented by over 500 research personnel engaged in diverse projects funded primarily by State Funds, the European Union, and Private Industries.

Noteworthy achievements include adept management of numerous FP6/FP7/H2020 projects centered around 5G, virtualization, and cloud technologies. The NCSRD proudly hosts its advanced experimental 5G infrastructure in collaboration with Vodafone, alongside the innovative GOLD innovation space (i-Space) and an incubator fostering start-up and SME growth within the Lefkippos Technology Park.

Organisation’s role in COBALT

Within the project, the Center assumes a dual role, serving as both the Project Coordinator and the Work Package Leader. As the Project Coordinator, it oversees administrative aspects, acting as the primary liaison with the European Commission. Responsibilities include coordinating communication among project partners, ensuring smooth progress and high-quality task execution, providing comprehensive technical, managerial, and financial information to the European Commission, presiding over General Assembly meetings, and representing the project's interests in relevant European bodies and initiatives.

Administrative duties encompass supervising overall project progression, organizing General Assembly meetings, managing Consortium Agreement coordination, monitoring European Commission payments to partners, preparing required reports, cost statements, and project documentation, orchestrating European Commission review meetings, overseeing Intellectual Property Rights (IPR), knowledge management, and representing the consortium at various events.

Simultaneously, in its role as a Work Package Leader, the Center coordinates tasks within the designated Work Package. This involves diligently monitoring performance and progress in alignment with the project plan, ensuring seamless information flow to other Work Package Leaders, and providing comprehensive reports to the Board on the Work Package's

URL: https://www.demokritos.gr/

This will close in 0 seconds

Advanced Network Architectures Lab

Short Description

The Advanced Network Architectures Lab (CRAAX) from Universitat Politècnica de Catalunya (UPC) is a multidisciplinary research group at the Department of Computer Architecture. The UPC is a public institution of research and higher education in the fields of engineering, architecture, sciences, and technology, and one of the leading technical universities in Europe. 

The CRAAX team was set to concentrate a pool of knowledge in the ICT field, with the main objective of conducting breakthrough applied research in several network related areas. Foremost, the core CRAAX mission is positioned to transfer research results to the industry sector but also to harvest innovative solutions strongly impacting on the overall society, while simultaneously keep on training highly skilled professionals. 

Nowadays, the CRAAX team manages the CRAAX Lab bringing together a multidisciplinary team consisting in researchers from the UPC (networking, OS, HPC and maths background) and from the Directorate of Innovation at the Hospital Clínic in Barcelona (health background). This correlation of knowledge, integrating and leveraging ICT and health profiles, fosters the development of innovative high-tech close-to-society solutions with a particular focus on smart and secured scenarios (IoX, cities, transport, homes) and on the e-health sector. CRAAX research mainly pivots on several topics where the CRAAX team substantially contributes, including, cloud continuum management, cybersecurity, distributed systems modeling, smart systems (cities, health, transportation, etc.), etc. 

As an outcome of this research, the team has participated and is participating in many national and EU projects (10 EU active projects nowadays), and has published the research results in many highly reputed scientific venues and inn one start-up in the health arena. 

Organisation’s role in COBALT

In COBALT, the CRAAX team will focus on Digital Twinning, Distributed Ledgers and Communication. Specifically, UPC will lead task 2.3 and will undertake the Digital Twinning efforts and focus on their integration in the certification chain. 

The main objectives for UPC within COBALT are: i) the design of the Digital Twin as service concept; ii) the co-development of a distributed ledger; iii) the delivery of a tool for predictive cybersecurity provisioning, and; iv) the participation in the dissemination activities of the project. 

Expected Impact

From the impact side, the CRAAX team aims at both, making the most out of any development and innovation the team will contribute to in the project, including scientific publications and any effort on technology transfer, as well as transfer the acquired knowledge to the academic duties, by including new concepts in the academic courses and by developing new PhD thematic lines of work to also attract highly skilled students to the group. 

URL: https://www.craax.upc.edu, https://www.upc.edu/

This will close in 0 seconds

CTTC

Short Description 

CTTC is a non-profit research center, from a public initiative and with a high degree of self-financing, open to the participation of other public and private bodies, as well as to partnership with the industrial and business sectors. CTTC’s core activity is the conception, design, implementation and experimentation of research and development projects in telecommunications and geomatics, which must produce innovative results in all their development phases, in both scientific and engineering terms. Our ultimate mission is to be an Excellence Flagship Center that serves as a bridge between academia and industry. A center that influences the future paths of communication technologies, systems, networks and geomatics. 

Packet Optical Networks and Services (PONS) Research Unit addresses packet optical communications and networking technologies, edge and cloud computing infrastructure for virtual functions and applications, and network and service management to provide high-speed, cost-effective, energy-efficient, secured, and reliable connectivity, network and slice services for multi-tenancy. It spans from the access to the metro and long-haul network segments, as well as inter and intra data center communication. To address sustainable high-capacity scaling and support network dynamicity, the adoption of spectrally and spatially multiplexed transmission systems with suitable photonic technologies and adaptive transceivers becomes crucial. Moreover, the emergence of quantum technologies and the prospect of quantum computing (which represents a threat for future network security) require to consider reliable security mechanisms and appropriate solutions to be adopted in the network infrastructure. 

Network and service management will face radical architectural transformations to provide autonomous, reliable, secured, and trustworthy services. At the network level, software defined network control and telemetry will enable full programmability and real-time streaming for autonomous connectivity and transport slice management. At the service level, network function virtualization service orchestration with intent-based policies and software defined security will deploy smart and secured virtual network services and network slices. 

 

Organisation’s role in COBALT

CTTC will lead WP4 Digital Twinning and Decentralized Intelligence. CTTC will lead T4.1 Digital Twinning tools and trusted enablers. There CTTC will develop the trusted manager and lead the efforts for IDS interfacing in the COBALT framework.  Significant technical contributions on Inter-Ledger for Cross-Border Certification and Digital Twinning for Quantum Processes are also expected. 

 

Expected Impact

As a non-profit research and development institution, CTTC exploitation plans focus on transferring the knowledge gained, encouraging the use of research results for the public benefit. As part of its research activities, CTTC develops its own portfolio of patents & products, including contracts established on a case-by-case basis, developed in the framework of (bilateral) agreements given a customer specific needs and requirements. Exploitation and transfer plans involve: i) contracts with industry for consulting and services, ii) offering the developed infrastructure / experimental platform to third parties as well as the design of prototypes, and iii) offering software licenses or software support and maintenance contracts. In particular, several components of a unified cloud and network operating system (with aspects related to SDN/NFV and network virtualization) will reach TRL that make them apt for transfer. Selected promising results may also be considered for patenting. It is worth noting that there are several companies that may show their interest in the outputs of the project, taking into account the collaborations, which the group has active with them. Moreover, impact on Standardization Defining Organizations and OpenSource Software Communities (such as ETSI OpenSlice or TeraFlowSDN) are also expected.

URL: http://www.cttc.cat

This will close in 0 seconds

European Cyber Security Organisation


URL:

This will close in 0 seconds

Hellenic Mediterranean University


Short Description

Pasiphae Lab operates as a research unit within the Electrical and Computer Engineering Department of the Hellenic Mediterranean University, situated in Heraklion, Crete, Greece. Established formally in 2003 as an extension of the Multimedia, Networks, and Communications Laboratory, Pasiphae Lab embodies a comprehensive mission encompassing academic, research, and development pursuits. In more detail, under the leadership of the Principal Investigator, Prof. Evangelos Markakis, the lab specializes in state-of-the-art research within the domain of Computer Networks, including Cybersecurity and Emergency Communications Networks. Aligned with the Digital European Strategy, our research endeavours focus on developing innovative digital solutions in the field. Additionally, with its robust track record in both EU-funded and national projects, Pasiphae Lab has played multifaceted roles ranging from software and application development to technical coordination. Finally, Pasiphae Lab actively engages in standardization activities with the European Telecommunications Standards Institute (ETSI) and the European Agency for Cybersecurity (ENISA). Its participation in their Task forces is geared towards updating guidelines for Emergency Communications Network Resilience and Preparedness and addressing security considerations in Fog and Edge Computing within the 5G ecosystem, respectively.

Organisation’s role in COBALT

HMU’s Pasiphae Lab is in charge of T6.3 Dissemination, Communication and Awareness Campaigns. Creating the dissemination plan for the duration of the project’s lifecycle and beyond.

URL: www.pasiphae.eu

This will close in 0 seconds

Practin

Short Description

Practin offers a full range of services in managing and implementing projects, providing long-term support (operational, technical/user support, development), as well as developing complicated specific applications adjusted to the needs and specifications to the client or project. The company participates in all the phases of the development of a project, namely analysis of specifications, analysis and design of the software, development of it, writing documentation, installation and setup of the environment and its support. The knowhow and the tool utilized in development are based on or entirely consisted of open source technologies. Our main objective is to provide our customers all the complex technological solutions for their business needs in the modern and demanding environment, Custom Software Development: We can create a software product tailored to your specific needs, a business or activity. it is designed to achieve your unique goals, it can be created from scratch or use any existing solutions, Apps, desktop, web and clouds applications. Furthermore, we offer Ecommerce solutions for shops of all shapes and sizes and Data Management and effective data management strategy, predictive analytics, and intelligent automation using our in-depth knowledge of emerging technologies.  

Organisation’s role in COBALT

Practin will offer its expertise in the design and development of the project SW components. PRACTIN will assist in the development of different connectors and RAL will contribute in the risk evaluation framework. PRACTIN will support requirements collection and RAL will collectively support the certification design.  

 

URL: https://practin.com

This will close in 0 seconds

University of Murcia

Short Description

University of Murcia: The University of Murcia is a big-sized University with approximately 36.000 students and 3.500 staff members. For the Faculty of Informatics, the ANTS research group will participate in this project. The ANTS group is a subdivision of the Intelligent Systems Group, from the Department of Communications and Information Engineering with experience in security in network infrastructure. The research group is active on different security and IoT related project like ARIES, IoT Crawler, ANASTACIA, INSPIRE5G+, BIECO, OLYMPUS and now in HE in project like CERTIFY or ENTRUST.  UMU has designed and implemented trust-based access control systems, secure data sharing mechanisms, security evaluation methodologies as well as privacy-preserving identity management solutions for distributed systems, in scenarios such as IoT/CPS.  

Organisation’s role in COBALT

UMU will  be: WP2 leader , T4.2 leader, Dynamic certification approach & IoT bootstrapping and commission research 

Expected Impact

UMU will work on definition of the Common Certification Model that could be used to describe the security and privacy properties to be analyzed and later enforced within system lifecycle. Also this could be used in the EUCS approach to provide continuous certification monitoring and evaluation. 

URL: www.um.es 

This will close in 0 seconds

Fraunhofer Aisec

Short Description

Fraunhofer AISEC supports companies from all industries and service sectors in securing their systems, infrastructures, products and offerings. More than 150 highly skilled employees work at Fraunhofer AISEC, whose competencies range from the integrated security of embedded systems and hardware components to operating systems, applications (apps) and cloud-based services to solutions for secure software and system development and the use of machine learning techniques for cyber security. In doing so, the scientists draw on comprehensive know-how across the entire spectrum of the technology stack and deal intensively with the security of industrial plants and automotive systems and the challenges of a wide range of industries such as the energy sector or the public sector. 

In COBALT, members from the Service and Application Security (SAS) department will be involved. At SAS, we are primarily concerned with the security and data protection of distributed applications as well as secure cloud and container infrastructures. Novel solutions are developed and implemented based on current results from security research, for example in the ares of cloud monitoring, secure data ecosystems, and privacy technologies. 

 

Organisation’s role in COBALT

From earlier research projects, most notably the EU-funded projects EU-Sec and MEDINA, Fraunhofer AISEC has extensive experience in the domain of automated, continuous security certification. In COBALT, we will contribute to the results in multiple work packages. The main goals are to contribute to the COBALT concepts, e.g., the design and metrics, as well as to the technical infrastructure, e.g., the evidence collection and management tools. 

Expected Impact

We expect to make an impact in multiple ways: We want to advance the technical know-how in collecting and managing certification evidence across industries and technologies. We also want to make a scientific impact, for example by publishing papers about novel technologies and how to monitor them automatically for certification purposes.

URL: https://www.aisec.fraunhofer.de/en

This will close in 0 seconds

Red Alert Labs

Short Description

Red Alert Labs is an IoT security provider helping organizations trust IoT solutions. We created automated security by design & certification tools and an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.  

Our framework covers the whole IoT solution from Chip to Cloud, is business context driven and offers proper security dimensioning with respect to the customer's maturity.  

We provide standard security certifications or independent evaluation reports based on our in-house security risk analysis, security testing intelligence, automation and security profiles.  

Our partners turn to us at any stage of the IoT product/solution life-cycle to benefit from our special expertise in IoT security and full mastering of compliance and regulations. 

Finally, the expertise of Red Alert Labs has been recognized by numerous awards, including the Label France Cybersecurity for 2019 and the 2019 award from the French IoT community. The company was also nominated for the IoT Global Awards in 2018. Red Alert Labs co-founded IoTSF and is a contributing member of EUROSMART, ACN, SYSTEMATIC, CONNECTWAVE, CEN-CENELEC, and ECSO. 

Ayman KHALIL: 

is an outstanding professional in the field of cybersecurity, thanks to his in-depth expertise as an Expert of the Ad Hoc Working Group on Cloud Services and Vulnerability Management within the European Union Agency for Cybersecurity (ENISA). With a solid experience of 2 years, Ayman has established itself as a key player in the development of the European Cloud Certification Scheme (EUCS) and the development of related documents such as requirements guides and questionnaires to be used when certifying cloud services. 

Ayman plays a crucial role as an EUCS expert, actively contributing to various projects related to directives and regulations within ENISA. Its main mission is to support ENISA in the preparation of the cybersecurity certification scheme, focusing on key aspects such as boosting the adoption of cloud services, user confidence in these services, data mobility, and compliance with the European Union legal framework for the digital single market. 

Ayman Khalil is not limited to his role within ENISA. He also stands out as a major contributor for several organizations and consortia focused on cybersecurity, certification and the Internet of Things (IoT). Notable contributions include his active involvement in initiatives such as IoXt, ISCI, EUCS/ENISA, ENISA vulnerability management and Campus Cyber, demonstrating his ongoing commitment to digital advancement and security. 

Its expertise covers a wide range of areas, from compliance with European cybersecurity regulations to ISO standards, cloud computing and cloud security. Ayman Khalil positions himself as a versatile and seasoned professional, able to effectively help a business adapt and comply with the SecNumCloud standard. His in-depth knowledge of security requirements, controls and relevant standards makes him an invaluable asset to any organization seeking to strengthen its cybersecurity posture. 

 

Nataël COUTURIER: 

 is an expert in mathematics, Nataël graduated from the University of Bordeaux with a master’s degree in cryptology and cybersecurity. He wrote his master’s thesis on the subject «IoT security». It is currently "IoT Security Evaluator" and tackles hardware hacking, radio frequency and protocol analysis as well as more conventional pentesting. It also carries out evaluations under the FIDO certification programme and implements training at internal and external levels. In addition to his main mission, he has been involved in cybersecurity topics such as applied cryptography, IoT device security research, network security, the security of communication protocols and the development of testing methodologies based on cybersecurity standards. In particular, he has been involved in CC and EUCC projects as lead writer of protection profiles and security targets and participated in the substantial assurance level assessment (corresponding to AVA_VAN.2). Nataël is involved in the activities of the RED ALERT LABS laboratory as quality manager and ISO/IEC17025 expert. Participated in internal capacity building to ensure that the laboratory has the capacity to conduct a substantive evaluation of the EUCC. Nataël has also actively contributed to all projects related to the development of the EUCS certification scheme with expertise in the security of cloud solutions. 

 

Roland ATOUI: 

has over 15 years of proven experience in cybersecurity applied to smart cards, embedded systems and the Internet of Things. He holds a master's degree in computer science and Critical Systems Engineering from Bordeaux 1 University. He also holds an Executive MBA from EDHEC Business School. 

He has built his expertise with companies such as Trusted Labs, Gemalto and Oracle. Since 2017 he is the founder and CEO of RED ALERT LABS. He is a founding member and contributor to several organizations that shape the future of IoT and cybersecurity, such as the IoT Security Foundation, CEN-CENELEC, ECSO, EUROSMART and the FIDO Alliance. 

He is co-author of several recognized protection profiles and security targets (CC and CSPN). He has contributed to FIPS 140-2 security guidelines and policies for schemes such as ANSSI, BSI and CMVP. 

He also helped define a risk-based approach to security, from defining assets to modeling threats to selecting security requirements and assessment methodologies. These efforts have been included in the definition of private security certification schemes applied to IoT. He is a recognized expert in Common Criteria methodology, from the development of innovative tools to supporting certification and actual certification of ICT products up to EAL 5+. 

He has been the principal writer of several successful private security certification schemes. These schemes cover the definition of policies and procedures, security requirements, assessment methodologies, CAB accreditation, assurance continuity, and vulnerability management. 

His expertise extends to European and international levels, where he acts as an expert for ENISA and represents the French delegation in the activities of ESO and ISO. It is behind the development and main contribution to several IoT schemes, regulations and certification standards such as FIDO/FDO (aligned with NIST 8259D and FIPS 140-2/3), CSA, CRA, RED-DA, Eurosmart, IoTSF, EUCC, ioXtAlliance, EN 303 645, ISO 27402/4. It actively participates in the development of harmonized standards necessary to demonstrate compliance with the cybersecurity requirements of the RED Directive and its Delegated Act, as well as the CRA (Cyber Resilience Act). 

Paul GEDEON: 

Graduated from EPITA engineering school with master's degree specialized in computer security, Paul became an expert in cybersecurity and blockchain/Cloud technologies. He is the equipment manager in Red Alert Labs Laboratory (ISO17025) and works as well as an IoT Security Evaluator and consultant and is involved in topics related to the creation of security plans and profiles in embedded systems, evaluation in diverse industrial IoT architectures or advanced securing of company’s networks (through penetration testing). He performed cybersecurity activities such as secure designs, risk analysis of infrastructures, IEC62443 standards, GDPR regulations and EUROSMART IoT certification schemes.
Through his work experience, Paul has already performed several audits on mobile, Cloud & IoT environments. Paul has deep knowledge when it comes to IoT and Cloud technologies and communications protocols. Paul also contributed to the delivery of the 2 projects related to the development of guidance on security requirements of EUCS for ENISA.                                                           

He has produced a series of world-first publications, evaluations of new products and services. He was selected as one of the top 100 global IoT influencers for 2019. 

Organization's role in COBALT

Red Alert Labs is mainly involved in the following WPs: 

  • WP2 - COBALT Architecture and use case definition where we will collectively support the certification design. 
  • WP3 - COBALT Continuous Certification Enablers where we will contribute to the risk evaluation framework. EBOS will leverage its WisEBOS Platform & knowledge from relevant projects (e.g. SANCUS * DARLENE for AR/VR & digital twin technologies) to develop a dashboard for visualizing a complex ICT system of the enterprise and producing an immersive operational environment. 
  • and WP6 - Dissemination, Communication and Business planning where we will actively contribute to the impact maximization effort especially when it comes to standardization and empowering European cybersecurity certification. 

Expected Impact

Red Alert Labs provides a fully comprehensive IoT security by design, risk management, consulting, audit and certification services supported by automated processes, which will be mainly correspondingly extended and integrated in the COBALT certification framework. 

URL: https://www.redalertlabs.com/

This will close in 0 seconds

InQbit Innovation

Short Description

InQbit Innovations SRL is an SME that focuses on designing, developing and providing ICT solutions and services to the market. It was founded by an international team that ensures a right balance of entrepreneurship, research and engineering that joined their forces to produce innovation to serve and satisfy societal and market needs. Being a nascent company, InQbit is already participating in four H2020-ICT projects (EVOLVED-5G, PHYSICS, TRUSTEE and aerOS) in securing 5G virtualized infrastructure and services and in other Horizon Europe projects (OASEES, FAME). InQbit portfolio includes the solutions on software design and software deployment using state-of-the art technologies like virtualization, docker, Kubernetes, service mesh, immutable real-time logging, multi-regional DB replication, OpenID Connect, OAuth2, FIDO2, UMA2, SCIM, carrier grade - scalability, reliability and performance; blockchain and smart contracts. 

Organization's role in COBALT

InQbit plays a pivotal role in the COBALT Certification Framework, focusing on the implementation of Self-Sovereign Identity (SSI) and Decentralized Identifiers (DIDs) for Digital Twins (DTs). The organization's primary goals include: 

  • Requirement Gathering: Identifying and documenting the specific needs and standards for SSI and DIDs within the Digital Twin environment. 
  • Development and Integration: Creating robust and secure SSI and DID solutions tailored for Digital Twins, and seamlessly integrating these solutions within the existing infrastructure. 
  • Validation: Rigorously testing the implemented solutions to ensure they meet the necessary criteria for security, efficiency, and reliability. 
  • Exploitation: Utilizing the developed solutions to their fullest potential, ensuring they are effectively employed in relevant scenarios within the framework 

Expected Impact

The expected impact of InQbit's involvement includes enhancing the security and autonomy of digital identities within Digital Twins, promoting a higher level of trust and interoperability in the digital ecosystem. The implementation of SSI and DIDs is anticipated to revolutionize the management and verification of digital identities, leading to more streamlined processes, reduced fraud, and increased efficiency in operations. This project is set to be a benchmark in the field, showcasing the potential of advanced digital identity management in a rapidly evolving digital landscape.

URL: https://inqbit.io/

This will close in 0 seconds

eBOS

Short Description

eBOS is an innovative SME based in Cyprus (Nicosia), providing technologically advanced digital business solutions to clients internationally, with a focus on the FinTech and RegTech sectors. At the same time, it is heavily engaged in Research, Innovation and Development (R&D&I) projects with involvement in more than sixty European Commission projects in recent years (FP7, H2020, HE). 

Organisation’s role in COBALT

eBOS will lead the effort towards maximizing the impact of the COBALT results through: Market Analysis and Strategy Definition including SWOT/PEST, Cost-Benefit and Cost Effectiveness Analysis; Socio-Economical Sustainability Analysis, COBALT Ecosystem Business Models and Uptake Roadmap, coordinating the overall business development activities of the project; Dissemination, Communication and Awareness Campaigns, undertaking all activities relevant to the outreach activities and diffusion of the project; Standardization and Empowering European Cybersecurity Certification, investigating the current relevant legislation and standardization landscape, defining a robust standardization strategy for COBALT results and harmonising the use of digital sovereign identity. 

Furthermore, eBOS will have significant involvement in developing the techniques for assessing and managing the risk associated to the target of evaluation during its whole life cycle as well as the development of the COBALT Continuous Certification Toolkit. In addition, eBOS will participate in the integration of the COBALT ecosystem and the demonstrations on the I4.0 and Quantum domains, that will showcase the advantages of the COBALT unified certification framework.

URL: https://ebos.com.cy

This will close in 0 seconds

TUV SUD

Short Description

TÜV SÜD is a trusted partner of choice for safety, security & sustainability solutions. We specialise in testing, certification, auditing, and advisory services. More than 150 years on, sustainability and safety continue to be the backbone of our mission and services. We are represented by more than 26,000 employees located across over 1,000 locations. Our aim is to inspire trust in technology, enabling progress by managing technology-related risks and facilitating change. This commitment is embodied in our claim “Add value. Inspire trust.” 

In COBALT, TÜV SÜD Product Service GmbH will be involved. TÜV SÜD Product Service is a "Notified Body" for all relevant EU directives. TÜV SÜD Product Service's comprehensive know-how in the field of laws, directives and standards forms the basis of a range of services that focus on product testing and certification. As a trusted and independent partner, our dedicated team of experts and worldwide laboratory network assures the safety, compliance, and performance of innovative products. 

Organisation’s role in COBALT

We are leading the task of risk assessment and dynamic security evaluation in WP3. Also, we are in charge of WP5 regarding demonstration, validation and best practices. Apart from this, we also lead the task of standardization and empowering European Cybersecurity Certification in WP6. 

Expected Impact

Together with consortium partners, we are going to scope dynamic cybersecurity evaluation metrics. This foundation work will lead to a risk assessment framework to be used for defined use cases within the project. We also contribute to standardization activities based on COBALT outcomes. Our standardization tasks could be integrated into our future projects revolving around the use of dynamic cybersecurity evaluation across industries.

URL: https://www.tuvsud.com/

This will close in 0 seconds

Bosch Global Software Technologies

Short Description

Bosch Global Software Technologies is a 100% owned subsidiary of Robert Bosch GmbH, one of the world’s leading global supplier of technology and services, offering end to end engineering, IT and Business solutions. With a strong and significant global presence, BGSW has its headquarters at Bengaluru, India. BGSW is renowned for its expertise in designing, developing, and executing in the Automotive, IoT, building systems, manufacturing and healthcare ecosystems. This enables businesses to transition into digital realms or enhance their existing operations by integrating digital elements into their products and processes. 

Through its innovation strategy, BGSW pioneers in several domains including AI, Edge, Digital Twin, Connected and Collaborative intelligence, Cyber security among others.  

Organisation’s role in COBALT

BGSG is at the forefront of advancing cybersecurity and artificial intelligence (AI) security standards through its pivotal leadership and contributions across multiple work packages. Specifically, BGSG leads the development of the Continuous Certification Toolkit within WP3, aimed at establishing a robust framework for ongoing cybersecurity audits. This effort aligns with the broader goal of enhancing cyber resilience and ensuring the integrity of digital infrastructures. BGSG will build, enhance, adapt and leverage AIShield Platform for the continuous AI Security assessment. AIShield is an AI Application Security Platform with have the ability to assess vulnerabilities in the AI model across the AI Model Lifecycle. 

Expected Impact

BGSG will demonstrate the use of a toolkit “AIShield” for continuous certification of AI Systems. The framework will provide evidence (act as evidence collectors) with metrices that will feed as key indicators into cybersecurity audits. The practical metrices will also be a key in influencing the audits for timely mitigation measures and hence reduce overall cybersecurity risks of organizations. This will also be demonstrated as part of an Industrial usecase, which will highlight the practical use and demonstrability of the solution. 

URL: https://www.bosch-softwaretechnologies.com/en/

This will close in 0 seconds