1 How can the ECHO project help to raise protection against cybersecurity dangers?
2 What are the main fields of activity in project ECHO?
3 Why is ECHO different from the other 3 H2020 Cybersecurity projects?
4 How does the four cyber pilot projects cooperate together? And what do they want to achieve together?
5 What does the ECHO project expect to achieve in cybersecurity during the next 4 years?
6 How can I support the ECHO project to reach its goals?
Questions of citizens
Questions of companies
Questions of decision makers
Questions of EU
1 How can the ECHO project help to raise protection against cybersecurity dangers?#
ECHO project will provide protection against cyber security threats through the collaborative development, adoption and tailoring of instruments for assessment of assets/ cyber-security related needs/ critical vulnerabilities, early warning, and the development of curricula and hands-on training of specialists and non-specialists, inter-sector technology roadmaps and information sharing governance models:
- BY boosting the awareness and education regarding cyber security through the ECHO Cyberskill Framework.
- BY delivering a common reference model and training curriculum.
- BY building an ECHO Early Warning System, that promotes collaboration, provides alerts of incidents and shares other cybersecurity relevant data to trusted partners within the ECHO Network. The ECHO Early Warning System well improve reaction time drastically, through early detection based upon a library of common trends.
- BY creating a complex and integrated framework for developing new cyber technologies, including: a set of technological roadmaps, a network of cyber ranges for developing and testing innovative technologies, a set of rules and procedures for obtaining standardized certification.
- The ECHO Federated Cyber Ranges will create a learning environment for companies and governments to train on multiple attack scenarios, so as to be better prepared in the event of a real attack.
- BY creating a framework of necessary skills, vulnerabilities and community to turn to when in need.
- BY Empowering the workforce enrolled in the frontline of cyber protection with the necessary competences to carry out the job.
- BY creating a network of expertise from multi-sector business for acquiring requirements, dependencies and weaknesses across disciplines.
- BY developing a self-sustained network of European centres that provide different types of cybersecurity services.
- BY building up an information & communication infrastructure to support cyber incident reaction.
- BY contributing to information sharing and collaboration among cybersecurity centres by developing a complex and integrated infrastructure in support of cyber incidents.
- BY injecting a multi-sectoral perspective in each product or service that is developed during the project, thus making them usable in a large range of economic sectors as well as enabling their further development or enrichment.
- BY creating certification scheme ensuring the necessary measures to minimize risk have been taken.
- BY providing a reliable and efficient European scale project that solve in an efficient way the demonstration scenarios defined.
The added value of ECHO is the “effective and efficient multi-sector collaboration” of thirty partners from sixteen different European countries, with the intention of addressing one of the current main problems encountered by worldwide associations, companies, governments citizens. ECHO suggests the right approach that Europe should take to address problems affecting crucial aspects of the life of its citizens.
2 What are the main fields of activity in project ECHO?#
- Network Development and Operation: the project will deliver a European spread network of research & development & training centres for the cybersecurity sector, which will be fully operational and self-sustainable due to a customized governance model specifically developed and optimized for ECHO.
- Cybersecurity Research & Development: based on a multi-level, multi-sector, in-depth analysis of cyber security challenges and opportunities, ECHO aims to provide support systems for benchmark initiatives and/or investments in cyber defence; such systems include a multi-sectoral assessment framework, an information sharing infrastructure, a simulation environment portal and technology certification guidelines
- Cybersecurity Technology: ECHO will go beyond analysing current cybersecurity technologies and their applicability/constraints for different economic sectors, raising the stakes to a state-of-the-art ambition of identifying 6 technology roadmaps which will be used to deliver up to 4 technology innovations (early prototypes).
- ECHO Federated Cyber Range: multi-sector simulation for training, R&D and certification test
- ECHO Cyberskills Framework: curriculum development and training
- ECHO Early Warning System: coordination of incident response
- ECHO Security Certification Scheme: creating an EU Security Certification Framework
- Cybersecurity Education & Training; on-line & face-to-face training curriculum and content, training methodologies
- ECHO Multi-sector Assessment Framework: transversal and inter-sector analysis of security needs.
3 Why is ECHO different from the other 3 H2020 Cybersecurity projects?#
Because ECHO delivers:
- A transversal and vertical (specific economic sectors related) cybersecurity skills framework;
- Inter-sector technology roadmaps.
- The ECHO Early Warning System (link) for collaboration and communication among partners
- The ECHO Federated Cyber Ranges (link), a system to connect existing cyber range capabilities into a common simulation environment.
4 How does the four cyber pilot projects cooperate together? And what do they want to achieve together?#
The 4 pilots are engaged on a strict collaboration program, orchestrated by the European Commission. A common website was established to support dissemination and communication activities. The four projects collectively aim to develop a European cybersecurity agenda for research and innovation, paving the way for a secure digital Europe, as well as addressing all upcoming cybersecurity challenges arising from the emerging technologies (e.g. IoT, artificial intelligence, quantum, HPCs, block chain) and used with respect to critical sectors (e.g. transport, energy, health, financial, manufacturing, defence).
5 What does the ECHO project expect to achieve in cybersecurity during the next 4 years?#
The ECHO network, with its thirteen existing competence centres will work together in three fields for improving the skills and abilities of stakeholders for effective cyber defence in European Union:
- Increasing and spreading knowledge and awareness of cyber threats. We have the ambition to greatly contribute to a substantial increase in cyber security knowledge sharing throughout Europe. We believe, that with better trained individuals, professionals and security specialists we can act more effectively to secure the EU’s cyberspace.
- Creating and maintaining a solid knowledgebase on sectorial and inter-sectorial approaches for cybersecurity. It is essential to focus on cyber technologies research & development and increase knowledge of inter-sectoral dependencies. Therefore, we will collect practical and innovative solutions for interrelated sectors and cluster independent initiatives on cybersecurity.
- Developing practices and methods and implementing instruments to strengthen protection. We will develop innovative products (ECHO Early Warning System and ECHO Federation of Ranges) to support information sharing, training, emulation and testing, at a multi-sector and multi-domain level. We will also develop innovative technology roadmaps in response to the multisector assessment analysis conducted throughout the Project. These roadmaps have the ambition to push advances in the state-of-the-art of cybersecurity tools and frameworks. And, last but not least, we will create a certification scheme for ensuring the necessary measures to minimize risk.
6 How can I support the ECHO project to reach its goals?#
If you are general public:
- Share your knowledge about the project with other people in your circle of influence
- Stay connected with our dissemination channels (facebook, twitter, instagram, youtube) and provide feedback on any outcomes that impact you as a citizen
- Explore the cybersecurity issues that result from the project deliverables and learn how they can affect your personal life
If you are a cybersecurity professional:
- Share your knowledge about the project with other people in your professional circle
- Provide specialized feedback on the deliverables resulting from the project implementation
- Apply for our training programmes when they become publicly available
- Re-share our social media postings within your social media networks
If you are a general organization:
- Use the project’s dissemination channels (website, social media channels, press releases) to get informed about cybersecurity issues which may affect your economic activity
- Request access to our free tools and use them to define your cyber profile, then feed us with your conclusions, comments, suggestions
If you are an organization involved in cybersecurity:
- Provide specialized feedback on the deliverables resulting from the project implementation
- Explore the possibility of becoming a member of our ECHO Network and receive member rights according to your level of partnership. We are developing different engagement packages for new partners and associates of our network of centres of competences: please contact firstname.lastname@example.org for further information.
- Re-share our social media postings within your social media networks.
7 Why is cybersecurity so important in everyday life?#
- Due to the exponentially increasing number of Information Technology and Communication (IT&C) systems that are embedding themselves ever deeper in our physical lives people and organizations alike are practically developing digital alter egos. Just as we have grown to rely on physical security systems to protect us, we must now consider “cyber” security to protect our digital lives.
- Because we interact with the surrounding world using technology that is becoming increasingly interconnected.
- Because today every aspect of human life is connected or represented in the cyber space. Even when offline your data is exposed somewhere digitally, and thus a constant potential target of cyber-attack.
- Nowadays having a computer or a phone that is full of personal information is a common thing. Moreover, vast amounts of personal data including security, health, personal, and financial information is stored forever on the internet, and is insecure unless suitable precautions are taken.
Some tips for citizens to avoid the most common cyber attacks :
- Don’t react or respond to suspicious emails asking you to disclose your sensitive data,
- Don’t visit suspicious sites or open email attachments, pop-ups or links if you are unsure of their source and authenticity
- Utilise multifactor authentication and complex passwords, changing them regularly. Avoid using the same password for multiple accounts/sites
- Keep your system up to date.
- Stay informed about the latest threats.
8 What harm can it really be if I do not make use of cybersecurity systems?#
IT systems are horizontal in human society and affect the lives of most people. Hence, cybersecurity has an increasing importance for governments, organization and single citizens alike. By failing to make use of cyber security systems, you are exposed to a wide range of digital threats. Conscious or unconscious violation of basic cyber-behavioural rules and cyber hygiene could lead to the theft of your personal data or sensitive business information. The most common form of attacks are:
- Hijacking of user names and passwords
- Digital theft or fraudulent use of personal data for monetary gain
- Damage to credit rating
- Fraudulent Purchases
Social Security Fraud
- Sale of personal data for illicit or illegal purposes.
In addition, personal data can be corrupted (Malware), stolen (Phishing) fraudulently used or taken hostage (ransomware). Organisations and individual can also be exposed to Denial of Service (DOS) or to Distributed Denial of Service (DDOS) attacks.
According to a recent survey conducted by Kaspersky Labs, there are even reports of people experiencing “digital exhaustion”, due to being overwhelmed by the struggle to protect their digital privacy.
9 What can I do to protect myself from cybersecurity attacks?#
- Keep your secrets, secret. Don’t share your personal information online unless you are certain that you are dealing with a safe website (always check for https protocol). IUnderstand who is using your date – you can start from listing your main regular suppliers (telecommunication companies, energy companies, e-traders) and find out what kind of personal data they keep and how they process it. Delete your browsing history or cookies on a regular basis.
- Just don’t click. Do not click links in emails. If you think the email is legitimate, whether from a third-party retailer or primary retailer, it’s better to navigate to the site and log on directly.
- Keep your system up to date. Hackers can more easily gain access to your system if you haven’t installed updates or security patches as they become available -look for more sophisticated solutions and technologies to have better cybersecurity. It is fundamental to always keep a good security posture in all your interactions with IT systems. Antiviruses must always be updated and activated in all our IT devices, as well as personal firewalls. You can protect yourself by raising your awareness of common best practises and adopting efficient countermeasures to reduce your online risk exposure.
- Always stay well-informed. Proactively seek to stay up-to-date on cybersecurity threats, cyberattack counter-measures, cyber risk mitigation solutions, cybersecurity technologies. Learn about cybersecurity, include it in your daily news feed. Upgrade your digital skills, technologies and methods (processes, procedures) to safely interact with others in the digital dimension.
- Evaluate the risk. You need to identify all possibly connected devices (as these may be prone to breaches) and assess the likelihood of a cyberattack. The evaluation doesn’t have to be limited to your personal devices and to the ones of your immediate family, but also, if possible, to those of your extended family and the circle of close friends.
- Education is key. Knowing what constitutes a cyber risk is the first step to understanding how to better protect yourself. From there on you can take the necessary measures to reduce your exposure to vulnerabilities and attacks so that it is minimal. In addition, good discipline and best practises are fundamental, the majority of successful attacks (phishing, for example) rely upon a lack of understanding and basic education of safe and secure use of IT infrastructure.
- Always have a backup. If all else fails, have a backup of all your files to ensure that you can be back to normal in no time.
10 Why is cybersecurity important for companies?#
- Cybersecurity is important for companies because it helps them to protect their competitive advantage in a technology driven world, safeguarding their market position, while ensuring the continuity of the business and business operations.
- Cybersecurity is more critical for companies than it is for individuals, due to the vast amount of sensitive data they collect, including personal and commercially sensitive information.
- A successful cyber-attack can cause serious damage to a system which could lead to significant monetary losses in restoring the data.
Many types of organizations, including business and governmental, are at risk of cyber-attacks.
11 What can I do to protect my company from cybersecurity attacks?#
Embrace digital transformation with a clear, holistic and well-defined strategy. To aid with this we provide the following advice on protecting your company from cybersecurity attacks:
- Secure your hardware. Protect all devices with a complicated password and share it with the device user only. Monitor the critical systems and create best practices to minimize the risk. Assess critical operations, resources and their inter, and outer, dependencies and invest in their protection.
- Use robust anti-malware and firewall software. With ransomware featuring as the most prevalent cyber security risk to small businesses today, protecting a business from ransomware and other types of malware is vital. While effective anti-malware tools catch and isolate software viruses when they strike, preventing these viruses from entering your database in the first place is critical.
- Encrypt and back up dat.: Be sure to encrypt all sensitive data, including customer information, employee information and all business data. After encryption, backing up all data is another key way of protecting your company from security breaches. Prioritise, which are the most important business processes of the organization in order to focus cybersecurity activities to protect these processes and the underlying IT infrastructure. Make sure, you understand what is sensitive data and what is not.
- Invest in cyber security insurance. The losses that can be incurred from data breaches are best mitigated by investing in cyber security insurance. Consider security as an opportunity and a necessary expense to protect the company from major possible damages. Invest in people skills, technology and reorganisation.
- Create a security-focused workplace culture. Raise awareness about cyber security on top management level. Educate your staff on the dangers of unsecured networks, organise mandatory trainings, teach avoidance of unsecured websites, discourage password sharing, restrict network admin rights. Make sure you’ve got the right partners and platforms. Implement a Security Policy that should be followed by all employees. Designate a Cybersecurity Officer (within the IT Department) with clear responsibilities on monitoring cyber-attacks and incident reaction.
- The number of Cyber security threats and the subsequent cost of combating them are increasing exponentially. The WannaCry attacks occurred in May 2017 and are a significant example: the ransomware inscribed itself on roughly 300,000 computers and other digital software in over 150 countries creating a huge impact. It was later called the “largest such cyber assault of its kind.”
- Not only are the number of attacks increasing but also their degree of severity. According a PwC report, attacks are “becoming progressively more destructive and target a broadening array of information and attack vectors.”
- Organisations involved in critical activities relating to a country’s economic, social and military role in the world. If such an organization would be subject to data leaks due to cybersecurity breaches, then the future of an entire nation may be jeopardized (think of military “secrets” for example). The severity of a cyberattack on Private and Public organisations involved in critical activities such as economic, social and defence cannot be overstated.
12 Why is cybersecurity important for national governments in Europe?#
Cyber Attacks can be a threat to the democratic values of the EU (e.g. corruption of votes)
- Cybersecurity is very of increasing important for national governments and agencies because they rely due to their reliance on the market economy to provide e-services for their citizens. The eE-services provided by national governments are gaining momentum and becoming increasingly widespread, with the clear trend for them to be the prevalent form of interaction between authorities and the citizen in the future. eGovernment is, thus in turn raising the importance of cyber defence.
- All governments rely on the market economy to provide services for their citizens. When companies are under cyber threat, the economy is jeopardized, therefore national governments are interested in securing the digital economic environment.
- The e-services provided by national governments are gaining momentum and becoming more widespread, with the clear trend for them to be the prevalent form of interaction between authorities and the citizen. eGovernment is first and foremost about processing personal data, thus making it extremely important for cyber defence.
- There are almost daily reports of significant cyber breaches at institutions that have the responsibility for protecting sensitive personal data of citizens or those providing essential services. The larger the organization is, the more likely it is to be or become the target of a cyber-attack. Whether public or private; local, national or international – every organization has valuable assets that are of interest to Hackers, be them independent or organised.
13 What can national governments do to protect their countries from cybersecurity attacks?#
- Participate in pan-European mechanisms, networks and initiatives with focus on cybersecurity
- Cooperate with other governments in preparing common cyber defence systems
- Allocate resources to comply with European regulations and directives such as the General Data Protection Regulation and the EU Cyber Security Act
- Identify the most active local organizations in cybersecurity and develop partnership mechanisms in order to create a national cyber protection shield and a national cyberattack response agency
- Provide individuals with free face-to-face assistance and cybersecurity support
- Clear guidelines and provide government sanctioned security software, ensuring it is easily accessible.
- Work with mobile phone providers to ensure security-related software updates can be patched and issued via their trusted channels.
- Prompting users to install these by communicating the need for such updates using carefully crafted text messages
- Improve National Security Strategies
- Enforce laws that guarantee that the necessary measures have been taken
- Establish, update and implement cyber-security policy that involves every single person and organization
- Organize awareness raising campaigns for the general public, schools, and companies
- Create Certifications schemes
- Invest in cybersecurity research and technology development
- Encourage the sharing on the cyber crimes evolution and the investments on resources to protect the national cyber border.
14 What are the biggest challenges of using cybersecurity in Europe?#
Cybersecurity expertise shortage: We need more people with cybersecurity knowledge and skills in the market, both in the private and public sector to hunt down and respond to cyber threats.
Scattered knowledge across many organizations and nations.
Lack of cooperation between personnel from different sectors regarding cybersecurity.
Legislations and plans are still based nationally: we need to work together on a plan to pool knowledge.
- The European Union has to work to promote cyber resilience across the European Union. The EU must lead the change towards a common and shared approach to tackling the problem of cyber-attacks, draw up plans and create laws.
- Inability to capitalize on Europe’s cybersecurity knowledge is one of the main challenges which we have to face and solve as European citizens. No single European government or organization has enough resources to overcome the cybersecurity challenges alone. Multi-national projects such as ECHO are essential in order to start unifying European cybersecurity knowledge and expertise. “
Shortage of distributed cyber defence centres capable of pooling resources to detect and respond to cybercrimes threatening all sectors across EU countries.
There is also a need to improve and develop:
- Interoperability of the technologies
- Early education on the cybersecurity topics
- Standards and good practices applicable and appropriate (feasible) at each level of society and economy.
15 Why is cybersecurity so important for the European Union?#
Cyberattacks could cause increasing damage to companies, governments and individuals. Human society (is becoming more and more dependent on IT systems, and therefore increasing vulnerability to cyberattacks).
The European Union is an economic and political union that needs to ensure that business is empowered, and that people, goods and services move freely within the borders of EU.
The lack of high-level regulation at the national level could have an effect on the entire union.
Europe has a large number of IT companies offering a myriad of services to European citizens, the majority of which rely on IT infrastructure which need to be properly protected. Therefore, the European Union should establish mandatory minimum standards for security.
16 What can we do together to protect European Union from cybersecurity attacks?#
Cyber security starts with every single citizen. Everybody should understand the importance of cyber security and the far-reaching impact that a data breach can have. Everyone should have and understanding of, and implement suitable countermeasures to ensure the security or their data.
Therefore, we all have to promote cyber security awareness in Europe. We should agree on common security practices, promote a collaborative environment and communication, to share expert knowledge and skills. Governmental awareness programs and projects should be established, and effective security strategies should be developed and implemented. Government should collaborated with with each other in preparing common cyber defence systems, programs and policies, invest in cybersecurity research and technology development, and participate in pan-European mechanisms, networks, initiatives to protect the European Union together.