Home » Cybersecurity and Privacy Project Clusters » Critical Infrastructure

Critical Infrastructure


Critical infrastructure is an asset or system which is essential for providing vital economic and social functions: health, food, security, transport, energy, information systems, financial services, etc. The damage to critical infrastructure, its destruction or disruption by natural disasters, terrorism, criminal activity or malicious behaviour, may have a significant negative impact on the security of the EU and the well-being of its citizens. The concern for cybersecurity lies in giving continuity to the activity and services provided to citizens. Minimal service disruption can have a high impact on an organization and consequently large numbers of people. In turn, the target of cyberattacks has changed. The economic benefit sought by cybercriminals goes to the background, their intentions go far beyond obtaining money through illicit activity, their ambition is increasing. The current cybercriminal looks for vulnerabilities in critical infrastructure systems in order to obtain relevant information, take control of an activity or an entire organization and what could be worse, paralyze or end the activity. Therefore, security and protection measures become essential in an increasingly complex, interconnected and constantly evolving environment.

The projects in this cluster seek to provide solutions to cybersecurity challenges in critical infrastructures, also complying with the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union. This initiative is synergistic with ECSCI (European Cluster for Securing Critical Infrastructures)[MR1] , which fosters emerging disruptive solutions for security problems through collaboration and innovation between projects that seek to protect critical infrastructure and services, highlighting the different approaches between grouped projects and establishing close and productive connections with closely related and complementary H2020 projects.

Cluster Objectives

Some of the main goals of the projects included in the cluster are the following:

  • Enhance information security, data privacy, and cybersecurity practice within critical infrastructures.
  • Encourage organisations to invest, to substitute/upgrade “obsolete” assets, adopting a “security and privacy-by-design” approach.
  • Support Member States’ efforts to mandatory include measures on cybersecurity in their national risk assessment plans.
  • Raise awareness and promote broad discussions in the critical sectors, since cooperation and trust among stakeholders and the Member States are key when it comes to cybersecurity, due to the potential cascading and cross-border effects.
  • Exchange best practices between the Member States on identification, mitigation and management of cyber risks under the NIS Directive.

Who benefits?

  • Financial institutions, Fintechs and Regtechs
  • Healthcare organizations
  • Energy producers, operators and distributors
  • Water utility operators
  • Manufacturers of ICT devices for critical infrastructures
  • Policymakers
  • Ordinary citizens, since they benefit from increasing the cybersecurity of services they consume


The challenges of this macro sector include the challenges of all the sectors it encompasses, such as those that occur in the health, energy or finance cluster:

  • Increased dependence on ICT systems in any business from any sector
  • The Implementation of a multitude of security and technical standards
  • Outdated or unsecured systems
  • Obsolete hardware
  • Lack of talent
  • Security holes from the design
  • Increase in number of connected devices
  • Network protection
  • Lack of preparation and awareness
  • Higher number of cyberattacks
  • Greater legal requirements

Innovations and solutions


Critical-Chains is a 3-year research and innovation programme funded with the support of the European Commission Horizon 2020 Programme with a focus on IoT & Blockchain-Enabled Security Framework for Fintech Integrated New Generation Cyber-Physical Systems to support the Financial Sector. The Critical-Chains Consortium represents strong chemistry of relevant expertise and an inclusive set of stakeholders comprising end-users (customers), CERTS, the financial sector (Banks & CCPs) and the Insurance sector. The project aims at developing a novel triangular accountability model and integrated framework supporting accountable, effective, accessible, fast, secure and privacy-preserving financial contracts and transactions to protect against illicit transactions, illegal money trafficking and fraud on FinTech e-operations. This is an innovative cloud-based “X-as-a Service” solution stack including several Cyber-Physical Security Layers already validated through the first pilots, as follows:

  • Multi-Factor Hardware-Assisted Authentication as-a-Service (Auth-as-a-Service)
  • Blockchain Core Data Integrity Layer (Blockchain-as-a-Service (BCaaS)
  • Cryptography-as-a-Service (CRYPTaaS)
  • Data and Information Security and Privacy preservation at all layers of cloud through Hardware (HW) Security Module (HSM) and effective IoT connectivity enhanced with beyond Bluetooth Low Energy 5.0 chip combined within "as-a-Service" model (HwSaaS) and Transactions Flow Modelling As-a-Service (FMaaS).


CyberSANE aims to contribute towards the emerging need to improve the level of prevention, preparedness, reaction and resilience to cyber incidents and threats of the CIIs.

  • An advanced, configurable and adaptable, Security and Privacy Incident Handling system (CyberSANE system)
  • thoroughly assess the vulnerabilities
  • evaluate the probability of cyber-attacks
  • identify the relationships between indicators of compromise, threats, and adversaries
  • estimate the cascading effects of the attacks
  • provide technical assistance and guidance on investigating and handling complex, interrelated cybersecurity incidents and data breaches
  • combine and analyse all security incident-related information in an effective and accurate manner
  • share information and warnings with all stakeholders

This approach is validated with three use cases: Solar Energy Production, Storage & Distribution Service, Solar Energy Production, Storage & Distribution Service and Real-time patient monitoring and treatment service.


CYBERWISER.eu is an educational, collaborative, real-time civil cyber range platform where cybersecurity competitions will take place, making it the EU’s reference, authoritative, independent cybersecurity platform for professional training. Users can play the role of attackers and/or defenders in different scalable and configurable scenarios, composed of a set of virtual resources representing a company ICT infrastructure. They are currently offering 4 courses with different levels of learning from basic to advance and they are validating the project with 3 full-scale pilots: Energy Generation And Distribution, Railroad Transport and Professional And Academic Training.

They also offer a cybersecurity assessment service for SMEs and the Cybersecurity Professional Register, where professionals of any age can promote their specific skill sets and experiences in cybersecurity courses taken and qualifications.


EnergyShield project will:

  • Fill the gap between cybersecurity general requirements and EPES specific requirements to protect the power grid against cyber-attacks.
  • Address requirements of EPES operators such as:
    • Provide a broad set of tools to address different levels of cyberattacks, privacy attacks and data breaches (assessment, monitoring and management of security threats and insights).
    • Provide solutions against disruption attacks aimed to threaten the continuity of energy operations via an innovative and adaptive toolkit designed to secure critical infrastructures and provide a set of functionalities that could be implemented domain-agnostic.
    • Enable critical infrastructure operators to share early warnings on cybersecurity risks and incidents as well as to report major security incidents on their core services.


It develops, demonstrates and brings to market an integrated, intelligent, collaborative and predictive approach to the security of critical infrastructures in the financial sector. To this end, FINSEC will introduce, implement and validate a novel reference architecture for the integrated physical and cybersecurity of critical infrastructures, which will enable handling of dynamic, advanced and asymmetric attacks, while at the same time boosting financial organizations’ compliance to security standards and regulations.


Addressing the current fragmentation of available security solutions and technology, InfraStress provides an integrated framework including cyber and physical threat detection, integrated C/P Situational Awareness, Threat Intelligence, and an innovative methodology for resilience assessment – all tailored to each site. Their solutions include:

  • Physical threats and hazards detection and protection systems
  • Cyber threat detection and protection systems
  • Human sensors and crowdsensing
  • Integration of existing and novel cyber-physical detection systems and sensors
  • Situational picture for integrated cyber-physical protection of industrial sensitive sites and plants
  • Cyber and physical threat intelligence and prediction
  • Prevention and preparedness decision support services
  • CIP Monitoring and early warning services
  • Response, mitigation and recovery decision support services
  • Post-event analysis services
  • Information sharing and distribution to relevant stakeholder
  • Stress test services

The InfraStress solutions will be tested and demonstrated in 5 pilot sites, with a participative approach involving the owners, operators and stakeholders.


The PANACEA project has developed, with three European Healthcare Centres, a people-centric toolkit of nine tools, to assess and improve the cybersecurity readiness of healthcare socio-technical systems (ICT, networked medical devices, staff) and medical device/system lifecycles. It includes software-based innovative tools:

  • dynamic risk assessment, based on a multi-layer attack graph model including “human” and “business” layers, and automatic generation of mitigation recommendations,
  • inter-organizational secure information and heavy images sharing,
  • regulatory compliant security-by-design and certification of systems/medical devices,
  • machine-to-machine and smartphone-based facial identification (also with masks).

It also includes non-technical tools, influencing staff behaviour and supporting the management through:

  • contextualized risk governance models,
  • educational voiceless videos,
  • methodology to produce behavioural “nudges”,
  • methodology to maximize cybersecurity return-on-investment,
  • guidance for the contextualised deployment of previous tools.

Potential integrated use of the nine tools’ is a further innovative feature, supporting full plan-do-check-act and multi-disciplinary approaches to cybersecurity preparedness.

8. ReAct

ReAct aims to improve the resilience of computing systems and critical infrastructures via a two-pronged approach:

  • Vulnerability Discovery: several of our computing systems have vulnerabilities, which in the colorful language of computers are usually called “bugs”. Cyber attackers exploit these bugs in order to gain access to remote computing systems and perform all sorts of unlawful business. By developing sophisticated fuzzing approaches, ReAct researchers are able to find (and patch) vulnerabilities very early in the system implementation process and thus create more robust and resilient operational computing systems.
  • Prediction: although it is difficult to predict when and how computers will be compromised, ReAct researchers have developed a highly accurate prediction approach that is able to foretell which computers have higher probabilities of being compromised. This prediction can be used to pinpoint, isolate, and eventually fortify especially vulnerable computers.


RESISTO platform is an innovative solution for Communication CIs holistic situation awareness and enhanced resilience (aligned with ECSO objectives). Based on an Integrated Risk and Resilience analysis management and improvement process availing all resilience cycle phases (prepare, prevent, detect, absorb, etc.) and technical resilience capabilities (sense, model, infer, act, adopt). RESISTO implements an innovative Decision Support System to protect communication infrastructures from combined cyber-physical threats exploiting the Software-Defined Security model on a suite of state of the art cyber/physical security components (Blockchain, Machine Learning, IoT security, Airborne threat detection, holistic audio-video analytics) and services (Responsible Disclosure Framework) for detection and reaction in presence of attacks or natural disasters. Through RESISTO, Communications Operators will be able to implement a set of mitigation actions and countermeasures that significantly reduce the impact of negative events in terms of performance losses, social consequences, and cascading effects in particular by bouncing efficiently back to original and forward to operational states of operation.

10. SDN-microSENSE:

SDN-microSENSE project will contribute towards

  • Preventing and addressing disruptions to the underlying infrastructures of EPES microgrids
  • Achieving resilient and secure operations in the face of various cyber threats, data breaches and failures
  • Realizing secure and flexible trading management
  • Distributed and effective IT cyber-defence systems for large-scale EPESs
  • Privacy-preserving information sharing among energy operators and actors
  • Formulating recommendations for standardisation and certification of EPESs


It has developed an all-hazards risk management framework (based on the EU ISO Risk Management Framework (ISO 31000:2009), for the physical and cyber protection of water critical infrastructures. Prevention, detection, response and mitigation of relevant risks are taken into account to generate modular solutions (technologies, tools and guidelines) embedded into an integrated, scalable, adaptable and modular software platform. The STOP-IT platform is structured in nine modules clustering technological solutions and analysis tools that can be further distinguished in strategic/tactical tools and operational tools:

  • Strategic and tactical tools are simulation tools developed to support risk managers and decision-makers in increasing preparedness against the impact of cyber-physical threats on the service to be provided. They allow to generate customised scenarios of attack, assess their associated risk in terms of service disruption and compute the effectiveness of risk reduction measures to increase the system's resilience.
  • Operational tools support the near real-time or real-time operation of the cyber-physical integrated system by providing an extensive list of technologies to detect anomalies of different nature, such as jamming attacks, IT and physical intrusions, abnormal behaviours, loss of data availability and integrity.

Furthermore, the STOP-IT project enhances the practical knowledge on cyber-physical protection of water critical infrastructure through advanced, interactive and modular training activities.


  • Increased regulatory and standards compliance.
  • Increased resilience of European Critical Infrastructures.
  • Increased capability to maintain cybersecurity preparedness.
  • Increased capability to reduce technological vulnerability/non-compliance.
  • Increased business continuity and citizens’ trust.
  • Increased effectiveness of cybersecurity solutions through usability advancements and increased automation.
  • Increased cybersecurity awareness.
  • Improved capability to monitor and analyze real-time data.
  • Improved reaction time and effectiveness rate of countermeasures implementation.

Join the CI Project Cluster                        Joint Webinar

Joint Recommendations Report                Concertation Meeting Webinar Series


On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.