Prevention, detection, response and mitigation of the combination of physical and cyber threats to the critical infrastructure of Europe
Disruptions in the operation of our countries’ infrastructure may put at risk the functioning of our societies and their economies. Such disruptions may result from many kinds of hazards and physical and/or cyber-attacks on installations and systems. Recent events demonstrate the increased interconnection among the impact of hazards, of the two kinds of attacks and, conversely, the usefulness for operators to combine cyber and physical security-solutions to protect installations of the critical infrastructure of Europe: A comprehensive, yet installation-specific approach is needed to secure the integrity of existing or future, public or private, connected and interdependent installations. Since the global financial crisis has imposed unprecedented budgetary restrictions on both the public and private sectors, new security solutions must be more efficient and cost-effective than the ones currently available.
Proposals should focus on one of the following critical infrastructures: Water Systems, Energy Infrastructure (power plants and distribution), Transport Infrastructure and means of transportation, Communication Infrastructure, Health Services, Financial Services.
Proposals should cover: prevention, detection, response, and in case of failure, mitigation of consequences (including novel installation designs) over the life span of the infrastructure, with a view to achieving the security and resilience of all functions performed by the installations, and of neighbouring populations and the environment. They should not only address in details all aspects of both physical (e.g. bombing, plane or drone overflights and crashes, spreading of fires, floods, seismic activity, space radiations, etc.) and cyber threats and incidents, but also systemic security management issues and the combinations of physical and cyber threats and incidents, their interconnections, and their cascading effects. Innovative methods should be proposed for sharing information with the public in the vicinity of the installations, and the protection of rescue teams, security teams and monitoring teams.
Only the installations not covered in 2016 will remain eligible in 2017. A list of topics that remain eligible in 2017 will be published in due time in the section "Topic Conditions & Documents" for this topic on the Participant Portal.
The participation of SMEs is strongly encouraged.
In line with the EU's strategy for international cooperation in research and innovation international cooperation is encouraged, and in particular with international research partners involved in ongoing discussions and workshops, with the European Commission. Legal entities established in countries not listed in General Annex A and international organisations will be eligible for funding only when the Commission deems participation of the entity essential for carrying out the action.
The outcome of the proposal is expected to lead to development up to Technology Readiness Level (TRL) 7; please see part G of the General Annexes.
Indicative budget: The Commission considers that proposals requesting a contribution from the EU of € 8million would allow this topic to be addressed appropriately. Nonetheless this does not preclude the submission and selection of proposals requesting other amounts.
A maximum of one project will be selected per critical infrastructure listed in the “Scope” section of this topic over the 2016-2017 period.
- State-of-the-art analysis of physical/cyber detection technologies and risk scenarios, in the context of a specific critical infrastructure.
- Analysis of both physical and cyber vulnerabilities of a specific critical infrastructure, including the combination of both real situation awareness and cyber situation awareness within the environment of the infrastructure.
- Innovative (novel or improved), integrated, and incremental solutions to prevent, detect, respond and mitigate physical and cyber threats to a specific Critical Infrastructure.
- Innovative approaches to monitoring the environment, to protecting and communicating with the inhabitants in the vicinity of the critical infrastructure.
- In situ demonstrations of efficient and cost-effective solutions.
- Security risk management plans integrating systemic and both physical and cyber aspects.
- Tools, concepts, and technologies for combatting both physical and cyber threats to a specific critical infrastructure.
- Where relevant, test beds for industrial automation and control system for critical infrastructure in Europe, to measure the performance of critical infrastructure systems, when equipped with cyber and physical security protective measures, against prevailing standards and guidelines
- Test results and validation of models of a specific critical infrastructure against physical and cyber threats.
- Establishment and dissemination throughout the relevant user communities of specific models for information sharing on incidents, threats and vulnerabilities with respect to both physical and cyber threats.
- Convergence of safety and security standards, and the pre-establishment of certification mechanisms.
- Contributions to relevant sectorial frameworks or regulatory initiatives.