Home » R&I Project Hub » R&I Project Hub

R&I Project Hub


COBALT proposes the introduction of a Common Certification Model (CCM) for European industries, leveraging existing standards and composing a unified cybersecurity namespace for ICT processes. The proposal will uphold the paradigm of Digital Twinning (DT) via the creation of Digital Threads and extend it in a vertical agnostic approach across different industries, including Quantum computing (involving FHG’s Quantum Computer) and I4.0.


Cybersecurity certification as introduced by the EU Cybersecurity Act (EUCSA) will play a crucial role in increasing the trust to and security of ICT Products, ICT Services and ICT Processes. Cybersecurity certification is a complex process, posing a variety of challenges to the different interested parties.


According to the EU Cyber Resilience Act, “hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of EUR 5.5 trillion by 2021”. This is due to a low level of cybersecurity, reflected by widespread vulnerabilities and inadequate approaches for identifying and mitigating the rapidly and constantly evolving cyber threats and vulnerabilities, as well as ensuring continuous compliance with regulations, industry standards, and best practices.


Cloud-based services have grown from basic computing services to complex ecosystems, comprising (virtual) infrastructure, business processes and application code. These advanced services also increasingly leverage the usage of Artificial Intelligence, including Machine Learning or Natural Language Processing techniques, raising the complexity even higher. Due to the cascade of dependencies among the different products and services, the need arose to bring more agility to the certification process of cloud-based services, e.g.


Organisations across the sectors significantly benefit from digital transformation to support evolving business models, services and customer experience. Despite the benefits of digital infrastructure adoption, there are numerous security challenges that could pose any digital disruption and risks for the critical service delivery and overall business continuity.


The convergence of Information Technology (IT) with Operational Technology (OT) environments for digitising mission-critical stability and flexibility of Electrical Power and Energy System (EPES) operations as well as new Ancillary Services (AS) business markets through Distributed Renewable Energy Sources (DRES), has undoubtedly expanded the cyber-attack spectrum in modern power grids with intrinsic cyber-physical properties.


The exciting frontiers opened by the development of quantum computers (QC) come at the cost of breaking the foundations of current digital security. The research community is working to the definition of post-quantum cryptography (PQC) to counteract this threat. However, the transition to PQC is delicate and takes time because it impacts many functions, algorithms, and protocols in a-priori unknown cascade of dependencies.


In the last three decades, public key cryptography has become an indispensable component of global communication digital infrastructure. These networks support a plethora of applications that are important to our economy, our security, and our way of life, such as mobile phones, internet commerce, social networks, and cloud computing. In such a connected world, the ability of individuals, businesses and governments to communicate securely is of the utmost importance.


DOSS elaborates a secure-by-design methodology and implements related technology for complex IoT architectures, based on supply chain monitoring, component testing and architecture modelling.


With AI-enhanced components being deployed everywhere, including the very toolchains used for secure software development, the traditional security focus on software and hardware assets can no longer guarantee “secure services, processes and products, [and] digital infrastructures” in the EU Strategic Plan 2021-2024.