Projects

TANGO will establish a stronger cross-sector data sharing, in a citizen-centric, secure and trustworthy manner, by developing innovative solutions while addressing environmental degradation and climate change challenges. The overall outcome is a novel platform exhibiting the following capabilities: user-friendly, secure, trustworthy, compliant, fair, transparent, accountable and environmentally sustainable data management, having at its core technology components for distributed, privacy preserving and environmentally sustainable data collection, processing, analysis, sharing and storage. This platform will promote trustworthy and digitally enabled interactions across society, for people as well as for businesses. TANGO will leverage the power of emerging digital technologies to strengthen the privacy for citizens and private/public organisations, reduce costs and improve productivity. It will unlock the innovation potential of digital technologies for decentralised, privacy-preserving applications, while making accessible and demonstrating this potential within the GAIA-X and EOSC ecosystem. With 37 key partners from 13 countries, TANGO, is uniquely positioned to provide a high impact solution within the transport, e-commerce, finance, public administration, tourism and industrial domains supporting numerous beneficiaries across Europe. Through the provision of TANGO technologies, a trustworthy environment will be designed acting as a gatekeeper to information and data flows. Citizens and public/private organisations will be empowered to act and interact providing data both online and offline. TANGO will focus its activities on 3 main pillars: (i) the deployment of trustworthy, accountable and privacy-preserving data- sharing technologies and platforms; (ii) the creation of data governance models and frameworks; (iii) the improvement of data availability, quality and interoperability – both in domain-specific settings and across sectors.

Artificial Intelligence (AI) is rapidly becoming part of people's lives at home. Smart speakers, smart thermostats, security cameras with face recognition, and in the near future, brain-computer interfaces and elderly care companion robots can have considerable benefits to energy efficiency, comfort, and even health. However, **AI also introduces new cyber security risks**, which users are not prepared for. When a user faces a security threat such as receiving a phishing email or visiting a watering hole website, there are often visual and behavioural cues that can raise their suspicion, and there are known cyber hygiene measures they can follow. In contrast, for AI enabled devices, such as those found in a smart home, this is rarely the case, because they are designed to be minimalist and seamless. Also, there are no equivalent cyber hygiene measures for AI security risks to advise users given the emerging nature of this technology. The aim of CHAI is to help the individual protect themselves against security risks in AI enabled environments. CHAI argues that in AI enabled domestic life, new cyber hygiene measures need supporting by diagnostic tools that allow users to identify security attacks and appropriate training. This will be achieved through the following goals: (i) to identify and demonstrate the novel security breaches introduced by AI in the home; and to assess the social, psychological and neuroscientific factors that may influence an individual's susceptibility in the context of these breaches; (ii) to employ and improve the use of methods already proposed in AI for improving the explainability of AI decisions in order to provide diagnostic information that allows users to identify AI security breaches; (iii) to develop new cyber hygiene measures, i.e. diagnostic and actionable steps that users may take to address a breach, optimised to the user and situation in terms of their cost (in usability, difficulty in implementing, mental effort, and even monetary if needing further software/hardware to be installed) using mathematical techniques; (iv) to co-design a novel cyber hygiene training programme with users of home technology that supports the use of Explainable AI while personalising and optimising the training to match each individual. Empirical research will be carried out in participating households to evaluate the effectiveness of this training approach. CHAI focuses on the social housing sector, which is introducing several AI initiatives, such as housing management chatbots, building maintenance bots, and smart thermostats to tackle fuel poverty. While these initiatives can result in cost cuts and facilitate property management (e.g. temperature and humidity controllers), residents have no control over these changes and often do not have the digital literacy to respond to security risks and breaches. If an AI system's integrity or availability is breached this could affect the physical privacy of tenants (e.g. life patterns of behaviour), as well as their emotional and physical safety (e.g. temperature, electrical appliances' control). CHAI has chosen to focus on this population because of its heightened vulnerability with respect to security. With a view to deeply integrating CHAI in real-life settings, we approached leading industrial partners: (i) Gas Tag, AI developers for gas supply smart appliances in social housing, will support the examination of realistic AI applications that are currently in place or expected to be introduced in the near future in the home; (ii) Security awareness training providers, Bob's Business, whose current clients include over 70,000 employees in the UK Government, will co-design cyber hygiene training programmes and webinars; and (iii) Housing technology sector representative, Housing Technology, will help recruit participant households and social housing associations for experiments and offer its dissemination channels in the housing sector.

MERIT is addressing the complete cyber security management lifecycle, including asset pricing, threat-based risk assessment and optimal risk control constrained by a financial budget. The value of MERIT to practitioners is to **increase the effectiveness of cyber security budget spending** as decided by Chief Information Security Officers (CISOs) and boards of directors. This effectiveness refers to both time to make a decision as well as financial savings.

The health sector's increasing dependence on digital information and communication infrastructures renders it vulnerable to threats to privacy and cybersecurity, especially as the theft of health data has become particularly lucrative for cyber criminals. At the same time, a breach of integrity of health data can have **dramatic consequences for the patients affected**. CUREX addresses comprehensively the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess the realistic cybersecurity and privacy risks they are exposed to and **suggest mathematically optimal strategies for addressing these risks with safeguards tailored specifically for each business case and application**. CUREX is fully GDPR compliant by design. At its core, a decentralised architecture enhanced with a private blockchain infrastructure ensures the integrity of the risk assessment process and of all data transactions that occur between the diverse range of stakeholders involved. Crucially, CUREX expands beyond technical measures and places emphasis also on improving cyber hygiene through training and raising awareness activities for a healthcare institution’s personnel. Its validation focuses on the highly challenging condition of (cross-border) health data exchange, spanning **patient cross-border mobility**, **remote healthcare**, and **data exchange for research**. CUREX consortium will also utilise the outcomes of the well-known MyHealthMyData project in a dedicated demonstration that will use their blockchain-enabled platform which will control the actual data exchange. We envisage that CUREX will impact the European market developing one of the first blockchain platform for risk assessment management under the GDPR.

SECONDO addresses the question “How can decisions about **cyber security investments** and **cyber insurance** pricing be optimised?” SECONDO will support professionals who seek cyber security investments, developed to support human decision making, and a complete well-founded security strategy. This is a timely research problem, as the rapid growth of cyber-attacks is expected to continue its upwards trajectory. Such growth presents a prominent threat to normal business operations and the EU society itself. On the other hand, an interesting, well-known, finding is that an organisation's computer systems may be less secure than a competitor's, despite having spent more money in securing them. Budget setting, cyber security investment choices and cyber insurance, in the face of uncertainties, are highly challenging tasks with massive business implications. SECONDO aims to make impact on the operation of EU businesses who often: (i) have a limited cyber security budget; and (ii) ignore the importance of cyber insurance. Cyber insurance can play a critical role to the mitigation of cyber risk. This can be done by imposing a cost on firms' cyber risk through a premium that they have to pay and the potential for paying a smaller premium should they reduce their current cyber security risk. SECONDO has a cross-disciplinary nature, combining mathematical and engineering insights to empower innovative software. Apart from the novel research results, the project will offer a software platform to narrow the gap between theoretical understanding and practice. To achieve this, the four industrial project partners will (i) lead the part of the project where industrial needs will be entered as input to the requirements collection phase, and, (ii) provide their innovative software for risk assessment. The three academic partners will work together to (i) design and thoroughly describe the proposed methodologies, but also (ii) contribute to their software development.

Over the last decade, cyber-attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted which may leverage zero-day exploits and highly creative interdisciplinary attack methods. As our society is becoming increasingly dependent on Critical INfrastructures (CIN), new technologies are needed to increase our detection and response capabilities. Detecting and responding to such attacks by a highly motivated, skilled and well-funded attacker has however been proven highly challenging. One of the most vulnerable and high-impact CIN is the Smart Grid. Smart Grid is considered as the next-generation power system, which promises self-healing, resilience, sustainability and efficiency to the energy Critical Infrastructures (CIN). However, securing smart grids against cyber-attacks is of vital importance for National Security and Public Safety, since the collapse of an energy production utility may cause human lives, millions of euros, denial of a very important and common good such as energy and days or even months of recovering. To this end, SPEAR aims at a) detecting and responding to cyber-attacks using new technologies and capabilities, b) detecting threat and anomalies timely, c) developing all-in-one security detection solutions, d) leveraging advanced forensics subject to privacy-preserving, e) confronting Advanced Persistent Threat (APT) and targeted attacks in smart grids, f) increasing the resilience of the smart grid innovation, g) alleviating the lack of trust in smart grid operators and h) empowering EU-wide consensus. Within SPEAR, four proof-of-concept Use Cases are planned in order to validate and assess the implemented security and privacy tools.

SESAME targets innovations around three central elements in 5G: the placement of network intelligence and applications in the network edge through Network Functions Virtualisation (NFV) and Edge Cloud Computing; the substantial evolution of the Small Cell concept, already mainstream in 4G but expected to deliver its full potential in the challenging high dense 5G scenarios; and the consolidation of multi-tenancy in communications infrastructures, allowing several operators/service providers to engage in new sharing models of both access capacity and edge computing capabilities. SESAME proposes the Cloud-Enabled Small Cell (CESC) concept, a new multi-operator enabled Small Cell that integrates a virtualised execution platform (i.e. the Light DC) for deploying Virtual Network Functions (NVFs), supporting powerful self-x management and executing novel applications and services inside the access network infrastructure. The Light DC will feature low-power processors and hardware accelerators for time critical operations and will build a high manageable clustered edge computing infrastructure. This approach will allow new stakeholders to dynamically enter the value chain by acting as 'host-neutral' providers in high traffic areas where densification of multiple networks is not practical. The optimal management of a CESC deployment is a key challenge of SESAME, for which new orchestration, NFV management, virtualisation of management views per tenant, self-x features and radio access management techniques will be developed. After designing, specifying and developing the architecture and all the involved CESC modules, SESAME will culminate with a prototype with all functionalities for proving the concept in relevant use cases. Besides, CESC will be formulated consistently and synergistically with other 5G-PPP components through coordination with the corresponding projects.