1. Digital Security: Cybersecurity, Privacy, Trust Gustav Kalbe Unit H.4, Trust and Security, DG Communications Networks, Content and Technology European Commission

2. H2020  FP7 R&D&I  R&D R&D Policy = Support to Policy 2

3. 3 EU Cybersecurity Policy Cyber Security Strategy Technology / Industry R&DIndustrial strategy. trials, business cases edu. & train. International cybercrime Resilience R&D

4. 4 LEIT Excellence Societal Challenges FET 1-6 7! x-cutting! embedded!

5. LEIT "Technology-driven approach to develop enabling technologies that can be used in multiple areas, industries and services" Scope: Experimentation with innovative research ideas Strategic Vision: Long term goal to replace the current business model to provide security as add-on by a security-by-design approach Outcome: Assist industry to adjust their business model to the strategic vision 5

6. Instrument: Research and Innovation Actions Coordination and Support Action (CSA) Technology readiness level: Next generation technology and generation thereafter Time to market introduction: 5-7 years (indicative) Research and Innovation Actions: Small contribution: between 2 and 4 MEuro (indicative) Large contribution: between 5 and 8 MEuro (indicative) 6 Specificities of LEIT

7. CALL: ICT 32-2014 Cybersecurity, Trustworthy ICT Cryptography (ICT32.a+b) Research & Innovation Actions (small and large) Coordination and Support Actions Security-by-design for end to end security (ICT32.a) Research & Innovation Actions (small and large) 7

8. Call Details Timeline: 11 Dec 2013Publication 23 Apr 2014Submission Deadline (17.00.00) 16-20 Jun 2014Evaluation Sep 2014Information on outcome of the scientific evaluation Dec 2014Signing grant agreements Budget: ICT32.a 37 Meuro (Security-by-Design & Cryptography R&I Actions) ICT32.b 1 Meuro (Cryptography CSA) 8

9. 9 Cryptography – which results? Research projects have to address the key challenges to guarantee the security for the lifespan of the application it supports, to stay ahead of the evolution of the ICT environment and keep pace with the performance increase of ICT technology. net increase in performance reduction in energy or power consumption, validation in realistic application scenarios, Relevance to current trends (cloud, mobile, IoT,etc) methods for provable security against physical attacks security certification.

10. Cryptography – Challenges (1) Resource efficient, real-time and highly secure technology for 1.hardware based cryptography; or 2.homomorphic cryptography. Distributed cryptography including functional cryptography; Cryptographic tools for securely binding applications to software, firmware and hardware environments, with or without adaptation of primitives which are used; 10

11. Cryptography – Challenges (2) Post-quantum cryptography for long-term security; Quantum key distribution (QKD) systems and networks for long-term security-by-design (etc.) addressing: 1.low-bit-rate QKD with low cost components for short- distance; 2.high-bit rate QKD systems, tolerant to noise and loss. 11

12. Cryptography - CSA 12 durable integration and structuring of the European cryptography community; strengthen European excellence in this domain; provide technology watch, joint research agendas and foresight studies; identify technology gaps, market and implementation opportunities; technical expertise to cybersecurity and privacy communities; development of European standards (incl. public sector) solve training needs and skill shortage evaluation and verification of cryptographic protocols and algorithms. open competitions with benchmarking. dissemination and outreach, strengthening the link with institutional stakeholders.

13. 13 Security-by-design "Security-by-design paradigms have to be developed and tested, to provide end-to-end security, across all hardware and software layers of an ICT system and application and business services." Paradigms for complex environments: Highly connected, complex and interoperable networks. Multi-layer and multi-service systems, spanning multiple domains or jurisdictions

14. Security-by-design – what? (1) Aiming at: Platform-independent solutions for context-aware and self- adaptive security Automated security policy governance for run-time verification, customisation and enforcement between operators or virtual entities, Important Considerations: Interaction of Layers Holistic Approach 14

15. Security-by-design – what? (2) Special Attention to: Open and dynamically reconfigurable environments Reliance on other, potentially untrustworthy, providers Importance of Usability: Deployment and implementation with usability in mind against improper use or misconfiguration for higher degrees of trust by users. 15

16. Expected Impact of ICT-32 (1) 16 Macro: New paradigms for the design and implementation. European ICT with a higher level of security and/or privacy. Compliance with Europe's security and privacy legislation. Measurably higher level of security and/or privacy with marginal additional cost. Societal: More user trust in ICT and online services. Better ability of users to detect breaches of security and privacy. Better privacy protection and legal compliance with privacy rules More resilient critical infrastructures and services.

17. Expected Impact of ICT-32 (2) 17 Research: User empowerment in new generation of ICT Security and privacy as a built-in feature Easier understanding and management for users. Simpler implementation of cryptographic primitives. New ICT technology approaches more secure than traditional ones

18. Security and Privacy LEIT ICT Have a look! ICT 1 – 2014: Smart Cyber-Physical Systems (privacy/security by design) ICT 4 – 2015: Customised and low power computing (security) ICT 5 – 2014: Smart Networks and novel Internet Architectures (security, trust, privacy) ICT 7 – 2014: Advanced Cloud Infrastructures and Services (security, privacy) ICT 14 – 2014: Advanced 5G Network Infrastructure for the Future Internet ICT 22 – 2014: Multimodal and Natural computer interaction (Robotics, security) ICT 26 – 2014: Photonics KET ICT 30 – 2015: Internet of Things and Platforms for Connected Smart Objects (security) EUB 1 – 2015: Cloud Computing, including security aspects (Joint Call with Brazil) EUJ 4 – 2014: Experimentation and development on federated Japan – EU testbeds (Joint Call with Japan) 18

19. Societal Challenges 19 Focus on addressing the needs of end-users. The extent of end-user participation is an important factor when evaluating the proposal's impact. Activities directly aiming at producing plans and arrangements or designs for new, altered or improved products, processes or services. Prototyping, testing, demonstrating, piloting, large- scale product validation and market replication.

20. Secure Societies Calls (CP-2014/2015) 2014: DS 1 – Privacy DS 2 – Access Control DS 6 – Risk management & assurance models Call deadline: 28 August 2014 (pending approval) Budget: 47 M€ 2015: DS 3 – Role of ICT in Critical Infrastructure Protection DS 4 – Secure information sharing DS 5 – Trust eServices 20

21. Contacts Leadership in enabling and industrial technologies (LEIT) ICT 32-2014 Cybersecurity, Trustworthy ICT gustav.kalbe@ec.europa.eu martin.muehleck@ec.europa.eu Societal Challenge 7 Secure societies – Protecting freedom and security of Europe and its citizens DS 1 – DS 6 gustav.kalbe@ec.europa.eu aristoteles.tzafalias@ec.europa.eu DRS 1 – DRS 23, FCT 1 – FCT 17, BES 1 – BES 14 michel.bosco@ec.europa.eu 21

22. Thank you for your attention

23. In summary... R&I to address user needs R&I to support compliance R&I = incentive to increase security R&I complementary to legal instruments R&I for European competitiveness of ICT industries => H2020 Digital Security WPs 23