April 10, 2024,  INFOBALT, the largest national association of ICT organizations, organised the highly anticipated “National Cyber Security Forum: NIS2 Directive Adoption”. The event aimed to introduce the NIS2 directive and its adoption perspectives to both the public and private sectors of Lithuania.

The main goal of the forum was to offer insights into the NIS2 directive, shedding light on its implications for various types of organizations. Moreover, the aim was to motivate national stakeholders to kickstart actionable measures immediately following the event.

Additionally, an interactive session was organized to foster discussions specifically focused on enhancing the resilience of both the private and public sectors against cyber attacks.

With an overwhelming response, the conference attracted over 200 participants, showcasing a keen interest in understanding the NIS2 directive and its potential impact on organizational finances, processes and resourses.

In the light of this, L3CE introduced the EU instruments aligned with the goals of the NIS2 Directive, offering support to the most vulnerable segment of business entities, SMEs.

• The CYSSME www.cyssme.eu project offers targeted assistance, employing an efficient and subsidized approach tailored to the specific cyber challenges and risk profiles faced by small businesses.
• Meanwhile, the EAGLE www.projecteagle.eu project delivers free training sessions to over 100 SMEs, covering crucial topics such as cybersecurity, cyber threats, and cybercrime.
• Additionally, DIH4Lithuania www.edih4lt.lt project offers training, educational programs, and digitalization services catered to the industry and SMEs in Western Lithuania.
• REWIRE www.rewireproject.eu project developed a set of trainings based on ENISA European Cybersecurity Skills Framework and made them available for wider audience.

With over 4000 Lithuanian organizations set to be impacted by the NIS2 directive.  Thus, consolidation of existing tools, initiatives, projects and expertise in the field could significantly help in streamlining this challenging process and minimizing disruptions to business activities.

Leuven, 1 February 2024

The European Commission has incorporated the newly established CYSSME collaboration into its Digital Europe funding programme. CYSSME has been granted a three-year mandate and a substantial subsidy package to aid in enhancing the cybersecurity of European SMEs. CYSSME stands for Cybersecurity and Data Protection for Small, Medium and Micro Enterprises.

The CYSSME partners believe that Europe possesses all the technology required to optimally protect SMEs, but there is a lack of awareness and personalised support for these enterprises. In recent years, the number of SMEs affected has doubled annually, according to CYSSME’s initiator, Ulrich Seldeslachts: ‘Research and development are fully established in Europe: there is ample indigenous technology available. But we still need to work on getting these technologies adopted. A one-size-fits-all approach to cyber resilience doesn’t work, and self-assessment by SMEs doesn’t always result in accurate and expert security. We need a more targeted approach with a personalised strategy for each company.’

All security components from Europe

CYSSME has noted that not all companies are digitalising at the same pace, and many SMEs also view cybersecurity as a barrier to digital transformation. CYSSME will therefore individually analyse the cybersecurity and data protection for each SME that requests support in order to examine their needs and requirements. This will be followed by long-term support with customised solutions based on the needs identified.

For this, CYSSME will provide a multi-layered security system that SMEs can then maintain simply and autonomously. Some components have received EU funding and all have been developed in Europe. They are available in a European Cybersecurity app store, which includes open-source and commercial software.

Focus on companies in digital transformation

CYSSME’s focus is on SMEs in the technology, industry, retail and e-commerce sectors – sectors that contribute to successful digital transformations, labour mobility and productivity in Europe. SMEs from other sectors are also welcome, especially in light of the relatively new NIS2 Directive that requires companies in critical sectors to improve their security.

A CYSSME project can start with an intake interview and initial cybersecurity audit by experienced experts. Companies that already know what they want and need straight away are equally well supported with technology and assistance.

A more comprehensive maturity assessment will subsequently serve as the basis for a roadmap and further optimisations. CYSSME will assign a mentor to guide each company, and participating SMEs will receive a plan with all the necessary implementations and interim objectives, as well as ongoing advice, training and knowledge transfer. The aim is to help participating companies become self-sufficient in cybersecurity within 3 to 6 months.

Best practices as a starting point

CYSSME emphasises that each SME will receive a tailored approach, with the experiences being compiled into a series of best practices; recommendations that are evaluated for relevance to each individual company. These detailed recommendations will be made publicly available, even for those not yet participating in CYSSME. CYSSME will ensure that no information is released that could be exploited by hackers to target individual companies.

How to participate in CYSSME

Any SME within the EU may submit an application, which will be assessed by CYSSME. The final selection will be based on the applicant’s needs and sector, and the commitment they are willing to make. CYSSME requires that an SME allocates sufficient time to fully refine its cybersecurity in a short period, and applicants will need to provide certain guarantees in this regard. CYSSME further expects each SME to participate very actively in raising awareness about cybersecurity. Agreements on this are also made in advance.

In principle, companies with more than 250 employees or more than €50 million in consolidated turnover are not eligible for CYSSME. Exceptions may be made for companies that need to comply with the NIS2 Directive.

Up to more than €20,000 grant per SME

European SMEs looking to actively enhance their cybersecurity can receive partial funding for CYSSME’s services. There is a grant budget of around €20,000 available per company or organisation. CYSSME anticipates that this will enable it to offer services to around 300 companies, based on the just over €7 million it has received from European funding.

Any SME that completes the initial phase of a cybersecurity project with CYSSME within six months of starting can receive a grant to fund services for preliminary studies, technology, installation and integration, coaching, training and project documentation. This applies to businesses of all sizes, from micro-enterprises with just a few employees to medium-sized or large organisations.

Companies and organisations can submit an online application for a cybersecurity project via this application form: https://cyssme.eu/getting-started/.

About CYSSME, www.cyssme.eu

Smaller businesses are equally exposed to online threats but have far fewer resources to adequately protect themselves. The European CYSSME project provides assistance with an effective and affordable approach that is fully tailored to each company’s challenges and risk profile. Thanks to CYSSME, participating companies can swiftly identify their security priorities, learn how to mitigate risks, and navigate the online world safely.

This project has been funded by the European Union’s Digital Europe programme under grant agreement 101128101.

The Digital Europe funding programme has entrusted the project coordination to the European Cybersecurity Competence Centre (ECCC), which will collaborate with the National Cybersecurity Coordination Centres (NCCs) of the member states for this purpose.

CYSSME consortium partners are AXS Guard, Better Access, Ceeyu, Cross-Border Commerce Europe, CyberTrust Austria, Exalens, L3CE, LSEC,  Lupasafe, NoCode-X, Toreon, and UNIZO. 

Contact details

Ulrich Seldeslachts

contact@cyssme.eu

Introduction – a Football match

On a cool October evening, the S.Darius & S. Girenas football stadium in Kaunas, Lithuania was buzzing with excitement as football fans gathered to witness the thrilling match of the Hungary and Lithuania football teams. Amidst the celebrations, cheers and festive atmosphere that typically accompanies such events, there still exists the potential for violence, threats to safety, and clashes between police and football fans. Hence, the crucial responsibility of safeguarding the event’s security rested with the national police force.

Within this challenging context, the innovative FusionSec technology underwent rigorous testing and validation in an operational setting by the Lithuanian police. This innovation is designed to equip police patrols with the tools needed to be exceptionally well-prepared for managing incidents and achieving security goals.

Facilitating innovations in public space protection

The development of innovation was made possible through the funding of SecurIT (New industrial value chain for Fase, Secure and Resilient cities, and Territories) project funded by EU Horizon 2020 research and innovation program.

SecurIT supports financially and with other means promising innovations developed by SMEs in three distinct security domains- public space protection, sensitive infrastructure protection and enhancing disaster resilience.

FusionSec (360º multi-force event planning and coordination) idea was proposed by Lithuanian police and implemented by a consortium of two SMEs, UAB Iterato (Lithuania), and Nuuk Technologies SL. (Spain). The project gained recognition of SecurIT Selection Committee, being considered as the promising innovation that effectively addresses up to date challenges in the realm of public space protection.

To guarantee a seamless and all-encompassing innovation development process, Lithuanian Cybercrime Center of Excellence for Training, Research and Education (L3CE), a partner within the SecurIT project, facilitated the collaboration among diverse stakeholders. L3CE involvement included the task of identifying essential gaps and needs critical to the Lithuanian police, guiding and facilitation of every stage of the innovation development process, providing consulting and in-depth analysis of the legal, ethical, and social acceptance aspects that are critical factors in the adoption and integration of the innovation into operational environment.

FusionSec platform

FusionSec is a cutting-edge communication platform for planning and coordination of public events requiring the cooperation of different public safety forces and volunteers as well as citizens. It was specifically designed to integrate various devices for real-time data streaming to command-and-control rooms thereby promoting elevated situational awareness and facilitating a streamlined and effective decision-making process.

It offers an advanced set of features, making it an ideal solution for addressing the complex challenges of public space protection.

The power of collaborative development of solutions

A big part of the success story of FusionSec comes from the close cooperation between the technology development team and the Lithuanian police, allowing the technology providers to gain invaluable insights into internal processes and challenges associated with different aspects of planning and organizing security of public events.

From the outset, the engagement of the Lithuanian police was highly active, emphasizing communication and co-creation between the technology providers and practitioners. This collaborative effort ensured that the technology aligned with the real needs, operational requirements, and expectations of all involved stakeholders.

It’s worth mentioning, that the football game in S. Darius & S.Girenas stadium provided an excellent opportunity to test and facilitate the transition of innovation from the controlled environment of a laboratory to the dynamic real-world context.

The testing and validation of FusionSec platform followed a similar approach, where the technology providers closely shadowed the practitioners, explaining the complexity of how the technology functions. The feedback loop from the police was instrumental in pinpointing the necessary improvements and adjustments, making the solution more mature, user-friendly, and aligned with the internal processes of police.

Success Story

The innovation was developed within an exceptionally short timeframe of just 12 months, starting from the initial idea and culminating in the creation of a functional demonstrator. This rapid development was made possible due to the huge commitment and professionalism of all the involved parties, including UAB Iterato, Nuuk Technologies SL., L3CE and the Lithuanian police.

The technology garnered significant attention from the Latvian police, which made a special visit to observe the technology demonstration.

It is noteworthy to highlight, that the FusionSec platform has already recognized significant market opportunities. Potential users of the FusionSec platform, namely port of Klaipėda, actively participated in a demonstration to acquire a deeper understanding of how this cutting-edge technology can be integrated into their operational endeavors.

What’s next?

Naturally, innovation is now in prototype stage, but the police are considering the potential for a sustained collaboration with the technology provider. Intention is to continue the partnership until the technology attains the requisite level of maturity and is deemed ready for operational deployment.

SecureIT has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No 101005292. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union. Neither the European Union nor the granting authority can be held responsible for them.

The 18th International Conference on Critical Information Infrastructures Security, known as CRITIS2023, recently took place at the Laurea University of Applied Sciences in the Helsinki metropolitan region in Finland. This prestigious event, held from September 13th to 15th, brought together a diverse group of experts, including researchers, infrastructure operators, industry leaders, and government representatives. The conference served as a platform for discussing the critical challenges facing information infrastructure security and showcased innovative projects from various organizations, including the Lithuanian Cybercrime Centre of Excellence for Training, Research & Education (L3CE).

During the conference Evaldas from L3CE delivered an insightful presentation on the challenges surrounding the innovation uptake of Lithuanian cyber capabilities. This presentation shed light on the evolving landscape of cybersecurity, emphasizing the importance of adaptability and innovation in the face of emerging threats.

Furthermore, Evaldas took the opportunity to introduce several ongoing projects in which L3CE is actively involved. These projects represent a collaborative effort to enhance the cybersecurity landscape and strengthen critical information infrastructures. Projects that Evaldas introduced were: STARLIGHT, PROJECT CYSSME, PROJECT REWIRE, PROJECT EAGLE and EDIH4LT.

These projects collectively underline L3CE’s commitment to advancing the field of cybersecurity and contributing to the safety and security of critical information infrastructures. CRITIS2023 provided a valuable platform for sharing insights, fostering dialogue with stakeholders, and inspiring the next generation of researchers in this multidisciplinary research field.

CRITIS2023 was a resounding success, bringing together experts and organizations dedicated to safeguarding critical information infrastructures. L3CE’s active participation and presentation of ongoing projects highlighted the organization’s dedication to innovation and its vital role in addressing the evolving cyber challenges of our interconnected world.

In the 14-15th of June 2023, the partners of the REWIRE project convened in Barcelona for their Plenary meeting. The primary objective of this project is to provide tangible recommendations and solutions that address the existing skill gaps between industry demands and sectoral training offerings. By doing so, it aims to bolster growth, innovation, and competitiveness in the domain of Cybersecurity.

As the REWIRE project progresses into its third year of implementation, numerous critical subjects were discussed, with a particular focus on ensuring the sustainability of its outcomes. Notably, among the outputs of the REWIRE activities are customized training courses designed to cater to specific profiles identified by the European Cybersecurity Skills Framework (ECSF) established by ENISA.

During the sustainability session, Project EAGLE was presented as an exemplar initiative that stands to benefit from the REWIRE project. By adopting some of the training materials developed by REWIRE, Project EAGLE can enhance their expertise in relevant areas. Such collaboration represents a noteworthy instance of knowledge transfer and the effective utilization of attained results from one project to further the goals of another.