SPARTA at the 47th edition of the Cybersecurity Breakfast
2nd Sep 2021
The 47th edition of the Cybersecurity Breakfast was organized in cooperation with the SPARTA project. It was focused on lessons learned while effectively transforming cybersecurity research into innovation.
The agenda was divided in 3 parts:
- A keynote by Dr Mart Noorma, Science and Development Director at Milrem Robotics, Professor of Space and Defense Technology at University of Tartu (Estonia), on “Lessons learned from a highly innovative company, working for years with both academy and industry researchers to build unmanned ground systems”.
- Focused highlights provided by senior leaders in the domain
- Jacques Klein, Chief Scientist in Software Engineering and Mobile Security, University of Luxembourg (Luxembourg): “How realistic is it for researchers to access real world data for academic research, and then open innovation purposes?”
- François Thill, Director Cybersecurity and Digital Technologies at the Ministry of the Economy (Luxembourg): “A MECO initiative to foster data sharing and usage between ecosystem partners for creating innovative cybersecurity services: the cybersecurity dataspace”
- Florent Kirchner, SPARTA Strategic Director (France): “SPARTA lessons on cross-border and cross-verticals cooperation between researchers in cybersecurity - The quest for bootstrapping an autonomous EU industry”
- Fabio Martinelli, SPARTA Partnerships Director (Italy): “Rules and principles for building a successful community around partnerships in cybersecurity research and innovation - The SPARTA Experiment”
- A round table moderated by Pascal Steichen, CEO of SECURITYMADEIN.LU, during which the presenters were joined by Sheila Becker, Head of Network & Information Systems’ Security at ILR (“Institut Luxembourgeois de Régulation”).
SUMMARY In his keynote, Dr Mart Noorma shared the lessons he learned through his experience at Milrem Robotics, a leading startup developing innovative systems for defense and civilian applications and established in 4 European countries. He mentioned the difficulty to reach a clear understanding of stakeholder needs as one of the core obstacles for transforming research into innovation. This major challenge is at the heart of Milrem Robotics’ reliance on collaboration and cooperation with companies and defense organizations such as the European Defense Agency. In the specific context of his company, Dr Noorma also highlighted the importance of autonomy for those who produce and use technologies, reminding that some countries do not have the means of producing their own technology and thus use technologies produced by non-democratic leaders such as China or Russia. He stressed the impact of regulatory or legal uncertainty generated by the existence of a “grey zone” between what is clearly legal and ethical and what is clearly not, as this ambiguity generates opportunities for non-democratic nations to cause harm. It also slows down innovation on Democratic countries’ side, as they will look for clarity before investing in emerging technologies that would otherwise be forbidden. This will require a better situational awareness and the clarification of rules and regulations. He concluded on the positive outcomes of diversity and openness, which both enable faster and more sustainable evolution. His final remarks were aimed at interoperability, modularity and standardization as relevant challenges for SMEs that want to succeed in innovation ventures.
In the next presentation, Jacques Klein brought forward the SnT model (Interdisciplinary Centre for Security, Reliability and Trust, Université du Luxembourg), that led to successful technology transfers through several spin-offs companies and 36 partnerships. The work of PhDs on industrial projects in direct collaboration with companies allowed an almost immediate conversion of research into innovation as its outcome was relevant for a significant share of the market. Focusing on data, he highlighted the fact that most of the existing data sharing platforms, such as the MISP platform, are highly specialized and focus usually on one category of usage for the data (i.e. threats and vulnerabilities’ sharing). He also described a common albeit overlooked paradox: even though access to data is crucial to researchers, they do not share their data to protect their potential commercial interests, thus slowing down the entire research community. He concluded by pointing out that access for researchers and private entities to realistic data of the field to assess and validate their products would be a means of fostering innovation. He therefore asked researchers to put their data in properly secured data lakes due to the benefits it would bring it terms of business development.
From the perspective of Luxembourg’s Ministry of the Economy, Francois Thill then shared his insights about Luxembourg’s data-driven innovation strategy starting with one observation: data only gets true value when it is combined to other factors. The main concern he raises regarding the sharing of data is the protection of rights such as privacy, trade secrets and Intellectual Property (IP). To illustrate possible ways to overcome these challenges and foster data sharing, he mentioned the EU initiative GAIA-X, an interoperable cloud framework aiming at fostering the creation of “dataspaces” through not only technically interoperable infrastructures, but also through the adoption of standards fit for purpose, and effective governance principles to protect and manage data. He presented the new IPCEI (Important Project of Common European Interest) project on cloud services as another European multi-nations’ initiative that will allow the development of new cybersecurity services and promote seamless interactions within the cloud. He concluded by adding that a common governance framework at EU level to coordinate the exchange of data on technical, legal and ethical aspects would be critical to overcome some of the current challenges regarding data sharing. He highlighted the relevance of such needed changes for the cybersecurity field, which is one of the most dependent on high value data processing.
From a SPARTA perspective, building a successful community is another challenge to overcome in order to facilitate the shift from research to actual innovation. Fabio Martinelli, as SPARTA partnerships director, has been learning from this experience a few rules and principles to bring together people and infrastructures to create a strong ecosystem. He stressed the impact of the ongoing pandemic on community building efforts and how it increased the need for a common working environment to facilitate collaboration, leading to the creation of an online cyber-range that allows to experiment, test tools and train people. Being able to share data and services in a single “virtual location” has become a necessity for research, innovation and business purposes. A virtual learning center that was also put together to address the skills shortage observed in EU, by reducing the fragmentation of the offer and easing access to consistent materials and courses. As a wide-scale project such as SPARTA generates a significant administrative burden, the SPARTA Associates program was designed to allow interested organization to join the community and contribute to the infrastructures in a less constraining way. Through all these initiatives, SPARTA was able to gather more than 90 Associates and Friends from 14 different countries, including end-users, industry actors, universities and technology organizations, beyond the 44 initial partners who signed the Grant Agreement from the European Commission.
ROUNDTABLE While joining the other participants and sharing the main takeaways of her career, Sheila Becker, Head of Network & Information Systems Security at ILR, reflected one of the SPARTA’s core principles: “Alone you can do good stuff, together you can do awesome stuff”. Cybersecurity is now such a broad and complex field that it seems indeed difficult to perform meangingful research and innovation alone.
The discussion on the current situation in terms of innovation in cybersecurity and possible ways of increasing the flow from research to innovation, led Jacques Klein to stress the difficulty for researchers to get financial funding. From the perspective of the Luxembourg’s Ministry of the Economy, Francois Thill added that investments are indeed available, notably in Luxembourg, and highlighted the strong focus placed by the Ministry on collaboration around data and the importance it gives to open-source projects. Mart Noorma then synthesized these two observations by adding that as the Ministry only funds projects that are close-to-market, early involvement of academia, industry and end-users is crucial. The funding schemes should foster them to come together at a very early stage of projects, and this principle is, as confirmed by Fabio Martinelli, well integrated into the SPARTA strategy. Another issue that is raised by Sheila Becker regarding the integration of end-users into the innovation process is that the theoretical nature of research topics often results in a lack of alignment with the needs of end-users and governmental bodies. She thus suggests that end-users should lead research topics, allowing easier design of applicable solutions.
The cybersecurity domain also presents some specific challenges. Francois Thill highlighted first the necessity to provide researchers with quality, real-time data in order to address actual issues. This is difficult because of legal constraints and intellectual property protection needs. Sheila Becker then raised the issue of Human Resources (HR) in the cybersecurity sector. As the vice-chair of Women Cyber Force in Luxembourg, part of the European program Women4Cyber, she explained that even if the objective of making cybersecurity more inclusive and reach gender-equality is very important, the main aim is still to address the lack of a skilled workforce in the sector through several initiatives, such as innovative trainings and the building of a community In order to address this lack of human resources, Fabio Martinelli stressed the importance of making learning and knowledge dissemination more accessible.
To the next question regarding the obstacles for getting more cybersecurity startups in Europe, Dr. Maart Noorma answered by pointing out a paradox in the European market: while there are more and more cyber-risks, SMEs have no budget for cybersecurity and can only afford cheap solutions if any, a sign that the market is far from being mature.
As SPARTA is part of the preparative work for the creation of the European competence center and the network of national cybersecurity competence centers, Fabio Martinelli once again highlighted the necessity to build strong national communities within a strong Europe, and to keep the knowledge we contributed to create within this community. Francois Thill then added that investment in cybersecurity is now a question of survival, and stressed the fundamental role of robust and usable cybersecurity certification schemes to allow startups to prove compliance and promote their solutions.
Finally, talking about the instruments that are available in Europe to help finance such proofs of concept, Francois Thill underlined the role of Digital Innovation Hubs, and in particular the E-DIH project, which should help European suppliers to cover the needs of companies in specific industry verticals. He also came back to the “Dataspace” as one of the possible solutions to foster innovation in cybersecurity. Luxembourg service-oriented economy is a good example, in which data is the key to understand and solve security problems, and identify and follow the evolution of cybersecurity threats. Rights and obligations however go hand in hand with the use of data, making necessary the creation of national data exchange platforms and the implementation of a strong governance framework, with clear rules and trust. It will have to be interoperable at European level.
As a conclusion to this workshop, participants exposed their main takeaways: while Dr. Mart Noorma reminded the crucial character of data, Fabio Martinelli insisted on the necessity to create a wide ecosystem. Jacques Klein presented data, collaboration, funding and skills as the four pillars of a strong market, while Francois Thill observed that “there is money, a market with needs, researchers with skills” and that they only need to be brought together under ethical rules and regulation. Finally, Sheila Becker qualified this by adding that beyond rules, there is also a need for designing the right incentives for collaboration.