TOPIC : Building blocks for resilience in evolving ICT systems
|Publication date:||27 October 2017|
|Focus area:||Boosting the effectiveness of the Security Union (SU)|
|Types of action:||RIA Research and Innovation action|
|DeadlineModel: Planned opening date:||single-stage 25 July 2019||Deadline:||19 November 2019 17:00:00|
|Time Zone : (Brussels time)|
Topic DescriptionSpecific Challenge:
Algorithms, software and hardware systems must be designed having security, privacy, data protection and accountability in mind from their design phase in a measurable manner. Relevant challenges include: (a) to develop mechanisms that measure the performance of ICT systems with regards to cybersecurity and privacy and (b) to enhance control and trust of the consumer of digital products and services with innovative tools aiming to ensure the accountability of the security and privacy levels in the algorithms, in the software, and ultimately in the ICT systems, products and services across the supply chain.Scope:
Proposals are invited against at least one of the following three subtopics:
a) Cybersecurity/privacy audit, certification and standardisation
Innovative approaches to (i) design and develop automated security validation and testing, exploiting the knowledge of architecture, code, and development environments (e.g. white box) (ii) design and develop automated security verification at code level, focusing on scalable taint analysis, information-flow analysis, control-flow integrity, security policy, and considering the relation to secure development lifecycles, (iii) develop mechanisms, key performance indicators and measures that ease the process of certification at the level of services and (iv) develop mechanisms to better audit and analyse open source and/or open license software, and ICT systems with respect to cybersecurity and digital privacy.
b) Trusted supply chains of ICT systems
Innovative approaches to (i) develop advanced, evidence based, dynamic methods and tools for better forecasting, detecting and preventing propagated vulnerabilities, (ii) estimate both dynamically and accurately supply chain cyber security and privacy risks, (iii) design and develop security, privacy and accountability measures and mitigation strategies for all entities involved in the supply chain, (iv) design and develop techniques, methods and tools to better audit complex algorithms (e.g. search engines), interconnected ICT components/systems (v) devise methods to develop resilient systems out of potentially insecure components and (vi) devise security assurance methodologies and metrics to define security claims for composed systems and certification methods, allowing harmonisation and mutual recognition based on evidence and not only on trust.
The trusted supply chain for ICT systems/components should be considered by proposals in its entirety, in particular by addressing the IoT ecosystems/devices that are part of the supply chain.
c) Designing and developing privacy-friendly and secure software and hardware
Innovative approaches to establish methods and tools for (i) security and privacy requirements engineering (including dynamic threat modelling/ attack trees, attack ontologies, dynamic taxonomies and dynamic, evidence based risk analysis), (ii) embedded algorithmic accountability (in order to monitor the security, privacy and transparency of the algorithms/software/systems/services), (iii) system-wide consistency including connection between models, security/privacy/accountability objectives, policies, and functional implementations, (iv) metrics to assess a secure, reliable and privacy-friendly development, (v) secure, privacy-friendly and accountability-enabled programming languages (including machine languages), hardware design languages, development frameworks, as well as secure compilation and execution, (vi) novel, secure and privacy-friendly IoT architectures enabling consistent trustworthy and accountable authentication, authorization and accounting services across all IoT devices/ecosystems with enhancement of Public Key Infrastructures (PKIs) aiming to support PKI services (e.g. registration, revocation) for IoT devices.
For each of the sub-topics above, the outcome of the proposals is expected to lead to development up to Technology Readiness level (TRL) 5.
The Commission considers that proposals requesting a contribution from the EU of between EUR 4 and 5 million would allow this area to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
For grants awarded under this topic for Research and Innovation Action the Commission or Agency may object to a transfer of ownership or the exclusive licensing of results to a third party established in a third country not associated to Horizon 2020. The respective option of Article 30.3 of the Model Grant Agreement will be applied.Expected Impact:
- Improved market opportunities for the EU vendors of security components.
- Increased trust both by developers using/integrating the ICT components and by the end-users of IT systems and services.
- Protect the privacy of citizens and trustworthiness of ICT .
- Acceleration of the development and implementation of certification processes.
- Advanced cybersecurity products and services will be developed improving trust in the Digital Single Market.
- The use of more harmonized certification schemes will increase the business cases for cybersecurity services as they will become more reliable.
- Validation platforms will provide assessments with less effort compared with nowadays and assure a better compliance with relevant regulations and standards.
Topic conditions and documents
1. Eligible countries: described in Annex A of the Work Programme.
A number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon 2020 projects. See the information in the Online Manual.
Proposal page limits and layout: please refer to Part B of the proposal template in the submission system below.
- Evaluation criteria, scoring and thresholds are described in Annex H of the Work Programme.
- Submission and evaluation processes are described in the Online Manual.
4. Indicative time for evaluation and grant agreements:
Information on the outcome of evaluation (single-stage call): maximum 5 months from the deadline for submission.
Signature of grant agreements: maximum 8 months from the deadline for submission.
5. Proposal templates, evaluation forms and model grant agreements (MGA):
Research and Innovation Action:
6. Additional provisions:
For grants awarded under this topic the Commission may object to a transfer of ownership or the exclusive licensing of results to a third party established in a third country not associated to Horizon 2020. The respective option of Article 30.3 of the Model Grant Agreement will be applied.
Members of consortium are required to conclude a consortium agreement, in principle prior to the signature of the grant agreement.
8. Additional documents:
1. Introduction WP 2018-20
5. Introduction to Leadership in enabling and industrial technologies (LEITs) WP 2018-20
5i. Information and communication technologies (ICT) WP 2018-20
18. Dissemination, Exploitation and Evaluation WP 2018-20
7. Open access must be granted to all scientific publications resulting from Horizon 2020 actions.
Where relevant, proposals should also provide information on how the participants will manage the research data generated and/or collected during the project, such as details on what types of data the project will generate, whether and how this data will be exploited or made accessible for verification and re-use, and how it will be curated and preserved.
Open access to research data
The Open Research Data Pilot has been extended to cover all Horizon 2020 topics for which the submission is opened on 26 July 2016 or later. Projects funded under this topic will therefore by default provide open access to the research data they generate, except if they decide to opt-out under the conditions described in Annex L of the Work Programme. Projects can opt-out at any stage, that is both before and after the grant signature.
Note that the evaluation phase proposals will not be evaluated more favourably because they plan to open or share their data, and will not be penalised for opting out.
Open research data sharing applies to the data needed to validate the results presented in scientific publications. Additionally, projects can choose to make other data available open access and need to describe their approach in a Data Management Plan.
Projects need to create a Data Management Plan (DMP), except if they opt-out of making their research data open access. A first version of the DMP must be provided as an early deliverable within six months of the project and should be updated during the project as appropriate. The Commission already provides guidance documents, including a template for DMPs. See the Online Manual.
Eligibility of costs: costs related to data management and data sharing are eligible for reimbursement during the project duration.
The legal requirements for projects participating in this pilot are in the article 29.3 of the Model Grant Agreement.
LEARs, Account Administrators or self-registrants can publish partner requests for open and forthcoming topics after logging into the Participant Portal.
The submission system is planned to be opened on the date stated on the topic header.
H2020 Online Manual is your guide on the procedures from proposal submission to managing your grant.
Participant Portal FAQ – Submission of proposals.
National Contact Points (NCP) - contact your NCP for further assistance in your national language(s).
Research Enquiry Service – ask questions about any aspect of European research in general and the EU Research Framework Programmes in particular.
Enterprise Europe Network – contact your EEN national contact for advice to businesses with special focus on SMEs. The support includes guidance on the EU research funding.
IT Helpdesk - contact the Participant Portal IT helpdesk for questions such as forgotten passwords, access rights and roles, technical aspects of submission of proposals, etc.
European IPR Helpdesk assists you on intellectual property issues
CEN and CENELEC, the European Standards Organisations, advise you how to tackle standardisation in your project proposal. Contact CEN-CENELEC Research Helpdesk at email@example.com
Partner Search Services help you find a partner organisation for your proposal.
Ideal-IST partner search facility