Research & Innovation - Participant Portal


TOPIC : Cybersecurity preparedness - cyber range, simulation and economics

Topic identifier: SU-DS01-2018
Publication date: 27 October 2017
Focus area: Boosting the effectiveness of the Security Union (SU)

Types of action: IA Innovation action
Opening date:
15 March 2018
Deadline: 28 August 2018 17:00:00

Time Zone : (Brussels time)
  Horizon 2020 H2020 website
Pillar: Societal Challenges
Work Programme Year: H2020-2018-2020
Topic Description
Specific Challenge:

The digital infrastructure, upon which other sectors, businesses and society at large critically depend, must be resilient and trustworthy, and must remain secure despite the escalating cyber-threats. New technologies and their novel combinations require innovative ways to implement security measures and to make new security-related assumptions, identifying "zero-day" or potential unknown vulnerabilities, forecasting new threats (plus their cascading effects) and emerging attacks, and managing cyber risks.

Many organisations are unable to forecast and/or estimate the impacts of a cyber-risk. This results often in insufficient and/or irrelevant investments to ensure a more cyber secure environment. In addition, cybersecurity experts and professionals need to continuously adapt their expertise to a constantly evolving landscape with increasingly sophisticated and novel cyber-attacks, a widening surface of exposed ICT systems and services and a set of relevant changing legislation. In a connected EU society, there is an urgent need for highly competent cybersecurity professionals, and security experts need to be in a constant learning process, to match the quick rate of evolution of the cyber threats, attacks and vulnerabilities.

Cybersecurity skills need to be continuously advanced at all levels (e.g. security officers, operators, developers, integrators, administrators, end users) in order to enable cybersecurity, digital privacy and personal data protection within the EU Digital Single Market.


As a continuation of topic DS-07-2017 "Addressing advanced cyber security threats and threat actors", where cyber range is partially addressed, proposals are called to deliver extended capabilities of cyber ranges (e.g. piloting of networked cyber-ranges; extension of the cyber-ranges network, adding domain specificities like cyber range for IoT and/or for Industrial Control Systems such as SCADA).

The proposals should develop, test and validate highly customizable dynamic simulators serving as knowledge-based platforms accompanied with mechanisms for real time interactions and information sharing, feedback loops, developments and adjustments of exercises. These simulation platforms will help professionals responsible for cybersecurity in organizations to collaboratively improve their ability in handling and forecasting security incidents, complex attacks and propagated vulnerabilities, based upon targeted scenarios and exercises. Proposals are encouraged to bring shared approaches to express and transform user needs into actual experiments and cyber exercises (e.g. capture-the-flag) and to develop/integrate/parameterise appropriate tools and methods for supporting current and future generated evidence-based simulation scenarios. The proposed cyber range model should be validated across one critical economic sector, involving as many as possible relevant stakeholders from its supply chain. Proposals should consider the specific needs of end-users, private and public security end-users alike. Proposals are encouraged to include public security end-users and/or private end-users, and to create operational links to the Computer Emergency Response Teams (CERTs) / Computer Security Incident Response Teams (CSIRTs)[1] network across the EU.

Proposals should also develop, test and validate operational ways to continuously analyse the information collected by CERTs and/or CSIRTs and all relevant cybersecurity data. This analysis should feed their risk analysis models (which need to comply with relevant standards e.g. ISO27001, ISO27005 and relevant EU cybersecurity legislation) in order to derive appropriate econometric models that can be used by public/private organisations/companies (e.g. insurance companies, SMEs, governmental bodies). These econometric models should assist them to select realistic, affordable baseline cybersecurity measures that will improve their security, resilience and sustainability, and should also help in identifying the cost and time to recover following a cyber-attack.

In addition, the proposals should show that the econometric models contribute to: (i) identifying affordable security controls that are needed to protect valuable organization assets, (ii) promoting the development of cyber insurance and liability policies/contracts and (iii) fostering service level agreements addressing security, privacy and personal data protection requirements and policies. Proposals should bring innovative solutions to enforce and encourage accountability of security as a shared responsibility.

Proposals should also include (but should not be limited to) the delivery of solutions for specific social aspects of digital security related to training, in particular practical, operational and hands-on training, including: (i) increasing the dynamics of the training and awareness methods, to match/exceed the same rate of evolution of the cyber attackers, that is to say new methods of awareness/training offering more qualification tracks to fully and efficiently integrate ICT security workers and employers in the European e-Skills market; and (ii) integrating awareness into the eco-system of humans, competences, services and solutions which are able to rapidly adapt to the evolutions of cyber-attackers or even surpass them.

Participation of SMEs is strongly encouraged.

The outcome of the proposal is expected to lead to development up to Technology Readiness level (TRL) 7; please see Annex G of the General Annexes.

The Commission considers that proposals requesting a contribution from the EU of between EUR 5 and 6 million would allow the specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.

Projects should also foresee activities and envisage resources for clustering with other projects funded under this topic and with other relevant projects in the field funded by H2020.

Expected Impact:


  • Professionals better prepared to detect, block and mitigate emerging cyberattacks;
  • End-users of cybersecurity products and services more involved into expressing actual needs to developers/vendors, through cyber range and simulation;
  • More organized collaboration between a network of cyber ranges and Europe-wide initiatives such as the CERTs/CSIRTs cooperation network of the NIS directive.
  • Improved risks analysis models to be used by public/private organisations, through the use of economics for evidence-based cybersecurity and data privacy;
  • Appropriate econometric models able to learn from cyber incident data on a wide scale;
  • Improved knowledge on how organisations can make the right investment to secure their operations against cyber-attacks (e.g. where they result in personal data breaches[2]), using economics for evidence-based cybersecurity and data privacy;

Medium and long term:

  • Improved resilience of ICT systems/infrastructures and reduced time and cost in infrastructures for training users;
  • EU member states better prepared to face malware campaigns and to take down malicious infrastructures; improved EU-skills market;
  • Better preparedness to put in place cybersecurity measures and identify the necessary resources for recovering after a cyber-attack;
  • Improved security, resilience and sustainability of organisations.
Cross-cutting Priorities:

Contractual Public-Private Partnerships (cPPPs)
Socio-economic science and humanities

[1]Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (NIS directive)

[2]Notification of a personal data breach to the supervisory authority and communication of a personal data breach to the data subject are regulated under articles 33 and 34 of the GDPR.

Topic conditions and documents

1. Eligible countries: described in Annex A of the Work Programme.
A number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon 2020 projects. See the information in the Online Manual.


2. Eligibility and admissibility conditions: described in Annex B and Annex C of the Work Programme.


Proposal page limits and layout: please refer to Part B of the proposal template in the submission system below.


3. Evaluation:


4. Indicative time for evaluation and grant agreements:

Information on the outcome of evaluation (single-stage call): maximum 5 months from the deadline for submission.
Signature of grant agreements: maximum 8 months from the deadline for submission.


5. Proposal templates, evaluation forms and model grant agreements (MGA):

Innovation Action:

Specific provisions and funding rates
Standard proposal template
Standard evaluation form
General MGA - Multi-Beneficiary
Annotated Grant Agreement


6. Additional provisions:

Horizon 2020 budget flexibility
Classified information
Technology readiness levels (TRL) – where a topic description refers to TRL, these definitions apply


Members of consortium are required to conclude a consortium agreement prior to the signature of the grant agreement.


7. Open access must be granted to all scientific publications resulting from Horizon 2020 actions.

Where relevant, proposals should also provide information on how the participants will manage the research data generated and/or collected during the project, such as details on what types of data the project will generate, whether and how this data will be exploited or made accessible for verification and re-use, and how it will be curated and preserved.

Open access to research data
The Open Research Data Pilot has been extended to cover all Horizon 2020 topics for which the submission is opened on 26 July 2016 or later. Projects funded under this topic will therefore by default provide open access to the research data they generate, except if they decide to opt-out under the conditions described in Annex L of the Work Programme. Projects can opt-out at any stage, that is both before and after the grant signature.

Note that the evaluation phase proposals will not be evaluated more favourably because they plan to open or share their data, and will not be penalised for opting out.

Open research data sharing applies to the data needed to validate the results presented in scientific publications. Additionally, projects can choose to make other data available open access and need to describe their approach in a Data Management Plan.

Projects need to create a Data Management Plan (DMP), except if they opt-out of making their research data open access. A first version of the DMP must be provided as an early deliverable within six months of the project and should be updated during the project as appropriate. The Commission already provides guidance documents, including a template for DMPs. See the Online Manual.

Eligibility of costs: costs related to data management and data sharing are eligible for reimbursement during the project duration.

The legal requirements for projects participating in this pilot are in the article 29.3 of the Model Grant Agreement.


8. Additional documents:

1. Introduction WP 2018-20

14. Secure societies – protecting freedom and security of Europe and its citizens WP 2018-20

18. Dissemination, Exploitation and Evaluation WP 2018-20

General annexes to the Work Programme 2018-2020

Legal basis: Horizon 2020 Regulation of Establishment
Legal basis: Horizon 2020 Rules for Participation
Legal basis: Horizon 2020 Specific Programme


Submission Service

No submission system is open for this topic.

Get support

H2020 Online Manual is your guide on the procedures from proposal submission to managing your grant.

Participant Portal FAQ – Submission of proposals.

National Contact Points (NCP) - contact your NCP for further assistance in your national language(s).

Research Enquiry Service – ask questions about any aspect of European research in general and the EU Research Framework Programmes in particular.

Enterprise Europe Network – contact your EEN national contact for advice to businesses with special focus on SMEs. The support includes guidance on the EU research funding.

IT Helpdesk - contact the Participant Portal IT helpdesk for questions such as forgotten passwords, access rights and roles, technical aspects of submission of proposals, etc.

Ethics – for compliance with ethical issues, see the Online Manual and Science and Society Portal

European IPR Helpdesk assists you on intellectual property issues

CEN and CENELEC, the European Standards Organisations, advise you how to tackle standardisation in your project proposal. Contact CEN-CENELEC Research Helpdesk at

The European Charter for Researchers and the Code of Conduct for their recruitment

Partner Search Services help you find a partner organisation for your proposal.