CONVERGENCE REPORT

Dec 18, 2023

One of the objectives in the aftermath of the four cybersecurity pilot projects is to strengthen the cybersecurity community in Europe and working to that end are representatives from TDL, the EU-CHECK (led by CNRS) and CyberSecPro projects.

The event focused on some of the main drivers of these initiatives, from skills and education to market trends in innovation, as well as emerging initiatives from the EU itself such as the AI Act, the Cybersecurity Resilience Act and the European Digital Identity Framework (eIDAS 2.0).

And to business ... the proceedings

The overall focus was forward-looking, on what is to come over the next two years, to support driving the European digital identity and cybersecurity community and to provide guidance to the NCCs on what to expect.

The theme of the first day of the conference was capacity building in Europe, and drew largely from the work that originated in the four pilots (CyberSec4Europe, SPARTA, ECHO and CONCORDIA) and has been carried on in the CyberSecPro, EU-CHECK and ECCO projects as well as ECSO.

The afternoon session opened with a welcome address from Martin Friedrich Reinhardt on behalf of the Representation of the State of Hessen to the EU at whose venue the event was hosted. David Goodman, on behalf of Trust in Digital Life (TDL) the conference organiser, thanked Martin for his support over several years and wished him well in his new post. David continued with an explanation of what TDL is and outlined the rationale and agenda for the two days.

The first session covered skills and education, moderated by Kai Rannenberg from Goethe University Frankfurt with four contrasting perspectives presented by:

Christos Douligeris, Professor, Department of Informatics, University of Piraeus Research Centre
Arnaud de Vibraye, Junior Manager for Skills and Human Factors, European Cyber Security Organisation (ECSO)
Vasia Liagkou, Assistant Professor, Computer Technology Institute, Patras (CTI)
Marko Hölbl, Associate Professor and Vice Dean for Research, University of Maribor

One of the recurring themes of the two days was that Europe needs far more skilled people in new technologies and cybersecurity in particular. One question that came up several times was why AI is clearly perceived to be more interesting, more fun by the public at large than cybersecurity. And while the answers may be apparent, how to reverse the trend is less so.

After coffee and conversation, Evangelos Markatos from FORTH introduced a panel looking at roadmapping and the future directions of research and innovation including civilian, dual use, space-based assets and of course AI.

Arthur van der Wees, Arthur's Legal B.V.
Fabio Martinelli, Research Director, Italian National Research Council (CNR)
Theodora Tsikrika, Senior Researcher, Information Technologies Institute (ITI), Centre for Research and Technology Hellas (CERTH)
Christos Douligeris, Professor, Department of Informatics, University of Piraeus Research Centre

As the afternoon drew to a close, the evening began with a social hour of drinks and snacks before the event attendees and guests gathered for the evening panel, the topic of which was 'Challenges facing the European Cybersecurity Competence Centre (ECCC)'.

As the Representation of the State of Hessen to the EU were again the hosts for the evening, Martin Friedrich Reinhardt provided a very well-considered welcome address. Martin was followed by Amardeo Sarma, former TDL chair who gave a brief introduction to the association and formally handed over chair responsibilities to Svetla Nikova who in turn announced that the TDL Board of Directors had appointed Amardeo as Honorary President.

The opening keynote address was given by Tamara Tafra, Minister Counsellor for Cyber Issues, Hybrid Threats & Disinformation at the PermRep of Croatia to the EU who has had many years of experience working with cybersecurity legislation planning and processing through the European Institutions.

David Goodman, who was moderator for the evening, invited the rest of the speakers − Katarzyna Prusak–Górniak,Ellen Stassart, Panagiotis Marzelas and Claudio Teixeira − to come to the stage to form the panel together with Tamara.

David invited each of them in turn to address the challenges facing the ECCC, in the context of what the expected to be on the desk of the newly appointed director, Luca Tagliaretti, when he starts at the post on 1 February. All had unique insights into what could - and should - be in Luca's inbox: from Katarzyna, as deputy chair of the ECCC Governing Board which has taken a considerable load in the setting up of the Centre, to Ellen as head of the Belgian Head of the National Cybersecurity Coordination Centre, from Panagiotis from the European Security and Defence College to Claudio representing the European Consumer Organisation the umbrella consumers' group which brings together 45 European consumer organisations from 32 countries.

At the end of panel, Afonso Ferreira from CNRS was invited to say a few words about the EU-CHECK project which was the sponsor of the reception that followed.

In the forward looking spirit of the event as a whole, the theme of the following day, Friday, 1 December, was emerging technologies and regulations. After a welcome back! David Goodman introduced the opening keynote from Roberto Cascella from the European Cyber Security Organisation (ECSO) who gave an in-depth introduction to the ECCO (European Cybersecurity COmmunity) project.

The first session was 'looking to the future' based on a collaboration that took place at the FOSAD Summer School at the end of August in Bertinoro, Italy between the EU-CHECK project and the summer school students who spent a couple of hours evaluating how they saw the threats and opportunities in the year 2050. Jarno Salonen, from VTT Technical Research Centre of Finland who led the summer school forum, together with Koen Teuven, a PhD student from Eindhoven University of Technology representing the student body, gave an impactful report on the resultsemerging from Bertinoro.

With a different eye on the future, the moderator, Afonso Ferreira, introduced Shukun Tokas, a research scientist from SINTEF DIGITAL who spoke about trustworthy metaverse based on her fascinating personal experience of meetings in the metaverse with other avatars and the conclusions about privacy.

The next session was scheduled to be a report and a follow up on the TDL roundtable held on 14 November on the subject of 'Certification and Standards: Policy Tools for Trust', which primarily addressed the challenges that the Cybersecurity Resilience Act (CRA) and the AI Act will introduce. Unfortunately, Lars Bruckner from NEC Europe was unfortunately unwell and unable to attend. In his place, David Goodman presented some edited highlights, more of which can be found in the roundtable report.

The next session on European data and identity strategies followed coffee with four contrasting perspectives on the EU's raft of data- and digital identity-related legislation, the emergence of the EU digital identity wallets, with some real world reminders of the implementation challenges and finally an analysis of decentralised identity strategies in the context of eIDAS 2.0, the European digital identity framework.

Katryna Dow, CEO and Founder, Meeco
Esther Makaay, Business & eID Analyst/Architect, Signicat
Muhamed Turkanović, Associate Professor, University of Maribor
Cristian Lepore, Scientific Researcher, Institut de Recherche en Informatique de Toulouse, IRIT

After a sumptuous lunch, Svetla Nikova gathered the conference participants to listen to a discussion between four eminent experts on the contentious issues associated with Article 45 of the proposed eIDAS regulation. Entitled 'eIDAS, certificates and cryptographic keys: a matter of trust', the issue is that the legislation would allow governments to control how web browsers protect users - a feature that would force browsers to consider the certification authorities chosen by Member States as trusted. In response to this an open letter was signed by over 300 security experts explaining the issues, including members of the panel. However, not every, notably QTSPs (qualified trust service providers) agree that there is a problem. The benefit of having an in-person discussion is that by the end peace reigned and there was qualified acceptance of the different views across the panel.

Bart Preneel, Full Professor, KU Leuven
Thomas Rössler, Executive Vice President Products and Solutions, CRYPTAS it Security GmbH / CEO and Founder PrimeSign GmbH
Dennis Jackson, Staff Cryptography Engineer, Mozilla
Jaap-Henk Hoepman, Digital Security Associate Professor, Radboud University Nijmegen

The final session brought together three individuals to consider where the new and emerging technologies might lead the EU in terms of new regulatory initiatives during the next Commission which will come into effect in the second half of 2024. Can we expect fresh legislation to emerge or are the existing laws so well-crafted and targeted that it should only be necessary to tweak them? Only time will tell!

Joanna Świątkowska, COO, European Cyber Security Organisation (ECSO)
Ioannis Legouras, Director, Helmholtz Brussels Office
Marco Barros Lourenço, Research and Innovation Team Lead, European Union Agency for Cybersecurity (ENISA)

The conference wound up with an inspirational and comprehensive tour de force on the opportunities and challenges presented by the intersection of cybersecurity and AI from our closing keynote speaker, Bart Preneel.

It was a fitting way to end an event that probed many of the key technologies and initiatives that will have a significant impact on the future of digital Europe for the foreseeable future.