CYSSDE – CyberSecurity Deployment Preparedness Support, Capacity and Capabilities is a European collaboration by a consortium of European CyberSecurity experts in collaboration with the leading European innovation support coordinator LSEC – Leaders In Security. It aims to tackle the challenge of the 80% known vulnerabilities found within 64% of the identified Essential Services Operators that will be impacted by
NIS2, and the 92% of SMEs that indicate that they are not capable of improving their CyberSecurity resilience by themselves. With CYSSDE, the project will complement efforts by the Member States by: (1) Organising open calls to support the Member States in increasing the CyberSecurity maturity and resilience of their Essential Service Operators and related SMEs? 2) Developing Methods, Scenarios and Use Cases that serve as the basis to define the requirements to NIS2. Supported NCCs in different Member States, the aim is to work with at least 23 selected and supported Pen Testing organisations with capabilities that have executed at least 230 Pen Tests and Vulnerability assessments for both Essential Services Operators and SMEs. CYSSDE will identifiy and document assessment capabilities throughout the 27 Member States and will facilitate access and visibility to them, making it easier for the NCCs and Member States to direct demand and reduce capacity gaps.
According to the European Cluster for Securing Critical Infrastructures (ECSCI[1], 2022), modern critical infrastructures (or “critical entities”, as now defined in the new EU-CER Directive[2]) are becoming increasingly complex, turning into distributed, large-scale cyber-physical systems. Cyber-physical attacks are increasing in number, scope, and sophistication, making it difficult to predict their total impact. Thus, addressing cyber security and physical security separately is no longer effective, but more integrated approaches, that consider both physical security risks and cyber-security risks, along with their interrelationships, interactions and cascading effects, are needed to face the challenge of combined cyber-physical attacks[3]. Such challenges require adopted approaches for vulnerability assessments on both cyber, cyber-physical and other control systems. Adding to these challenges are developments such as digital twins, fast-evolving virtualization techniques and the use of various AI capabilities including both proprietary and genAI-based. Critical infrastructures will continue to evolve and therefore require periodical assessments and adoption of the revised infrastructures. CYSSDE will not only target these highly demanding critical infrastructures when it comes to vulnerability assessments, but aims to focus on some specific increments together with Critical Infrastructure operators in order to use those to learn from and adopt them towards Essential Operators and the wider group of SMEs. The CYSSDE project partners have over 20 years of experience in serving Critical Infrastructure Operators (energy, healthcare, transport, water, …), and have already done various vulnerability assessments and pentests, helping them improve their overall Cybersecurity posture and increasing their resilience.
[1] https://eucip.eu/
[2] https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3992
[3] https://shorturl.ac/eucip