New CYSSDE cybersecurity consortium to fund penetration testing across the EU

Leuven, July 1st 2024

In a bid to bolster the cybersecurity of critical infrastructure organisations across Europe, the European Commission is rolling out a new initiative under the NIS2 and CER directives. The newly established CYSSDE consortium has been tasked with improving methodologies to identify and address vulnerabilities, backed by a substantial funding pool exceeding €4 million.

CYSSDE, a European consortium of cybersecurity experts, collaborates closely with the European Cybersecurity Competence Centre and Network (ECCC) and national cybersecurity coordination centres (NCCs).

Key partners include Spain’s NCC INCIBE and Romania’s DNSC, with the Belgian cybersecurity organisation LSEC at the helm.

To enhance cyber resilience and ensure compliance with NIS2, CER and the Cyber Resilience Act (CRA), the European Commission has mandated CYSSDE to conduct 230 penetration tests (pentests) on European companies. CYSSDE will manage a funding envelope of over €4 million to facilitate this.

A pentest simulates a cyberattack on a computer system to uncover vulnerabilities. These tests reveal security weaknesses, enabling companies to fortify their defences and mitigate potential attack damage.

Research has shown that 80% of known vulnerabilities are found in over 60% of European organisations providing essential services (NIS2) and in 90% of SMEs aiming to boost their cyber resilience. The planned pentests will help identify and address weaknesses in European infrastructure more effectively.

The CYSSDE project complements the efforts of various EU member states through activities such as:

  • organising open calls in member states, targeting national cybersecurity centres (NCCs) and pentesting service providers to promote the funding envelope;
  • allocating Financial Support to Third Parties (FSTP) projects: a CYSSDE selection committee will identify organisations eligible for funding, with grants up to €200,000;
  • assisting critical infrastructure organisations in evaluating potential vulnerabilities in applications, devices, systems or cloud environments;
  • mapping the capacity and capabilities of pentesting across member states;
  • supporting organisations in understanding NIS2, CER and CRA expectations regarding vulnerability assessments;
  • enhancing methodologies and use cases for pentests and vulnerability research.

“With the support of NCCs in various member states, we’re aiming to select around twenty pentesting service providers to conduct at least 230 tests across the EU. CYSSDE will streamline the process by providing necessary capacity and guiding the search for pentest candidates in member states, ensuring capacity across all member states,” said Ulrich Seldeslachts, Managing Director of LSEC and project initiator.

Technical partners Ceeyu, Cyber Ranges and Toreon are all involved in addition to LSEC, INCIBE and DNSC. Fundingbox will support the organisation of open calls.

How to participate in CYSSDE?

Organisations falling under the NIS2 or CER (Critical Entities Resilience Directive) can register with CYSSDE. They can confidentially submit their research proposals to organisations conducting vulnerability analyses.

From October, companies or research centres investigating vulnerabilities can participate in the open calls. A selection process will follow, with CYSSDE providing financial and expert support for the pentests. Companies can pre-register on the CYSSDE website to receive invitations for the open calls and information sessions.

Other European cybersecurity organisations or sector representatives are welcome to join as CYSSDE partners to share findings and results.

About CYSSDE

CYSSDE is a European consortium of cybersecurity organisations led by cybersecurity innovator LSEC – Leaders in Security and the ECCC. CYSSDE maps and addresses cyber resilience in the EU under the NIS2 and CER directives. The initiative builds on technical expertise and other innovation projects such as CYSSME.eu, DIGITALIS, IIoTSBOM, OpenCloudification, APAX, CSAI, FIRE, CSFR, CS4SME and more. CYSSDE manages a funding envelope exceeding €6 million.

More information at https://cyssde.eu/.

About LSEC

LSEC – Leaders In Security, is an internationally renowned digital security catalyst and a not-for-profit organization with the objective of promoting information security and expertise in the Benelux region and Europe. Founded by the University of Leuven and supported by the Flemish Government Agency for Entrepreneurship and Innovation as well as the European Commission’s Horizon Europe and DIGITAL Europe programs, LSEC is leading a unique pan-European private partnership that interacts with public institutions. LSEC connects security industry experts, research institutes and universities, government agencies, end users, funding bodies, and technical experts who are driving national and European research agendas. LSEC activities aim to raise cybersecurity awareness, support innovation and competitiveness in the European digital security market, and promote the visibility of its members.

More information at https://lsec.eu

Contact details

Ulrich Seldeslachts

[email protected]

+32 16 79 85 85


Partners of CYSSDE are  Ceeyu (BE), Cyber Ranges (CY), DNSC (RO), Fundingbox (PL & ES), LSEC (BE), INCIBE (ES) and Toreon (BE).