Strengthened EU cybersecurity capacities and European Union sovereignty in digital technologies
As the cybersecurity threat landscape is evolving, with more sophisticated attacks taking place, with impacts, among others, on data privacy, there is a need for all stakeholders to keep pace with the developments, strengthening their capacities. The European Union is up to this task, with European Union Agency for Cybersecurity (ENISA) providing guidance to European entities for protection of privacy and cybersecurity. There is also the need for digital technologies developed in the EU, to reduce reliance on externally sourced cybersecurity software and technological solutions, which can be compromised, or compromisable. ENCRYPT responds directly to all these needs, since Privacy-Preserving (PP) technologies that will be developed within the project, will support cybersecurity companies to process Cyber-Threat Information (CTI) data stored in data spaces across Europe. As more companies will be willing to share their data, due to the privacy guarantees offered, this will lead to a higher level of cybersecurity in Europe.
More resilient digital infrastructures, systems and processes
Privacy is an integral part of cybersecurity, and as such, any loss of privacy can have significant effects on digital infrastructures, systems, and processes. Consider, for instance, a case where highly sensitive patient medical data stored by a medical centre, and processed by a third-party service provider, contain information that lead to the reidentification of the patient. This would render the medical centre unreliable, disrupting its services and potentially impacting negatively the whole sector. At a larger scale, this could be the case for data stored in the common European Data Spaces. Lack of robust, reliable privacy preserving technologies ensuring the anonymity of data subjects can affect the trust of citizens and end-users in data sharing policies, and the reduction in data being shared. ENCRYPT adoption by European organizations will significantly reduce the risk of privacy breaches in operations where personal data are used or stored, minimizing the service outage and the resulting economic damage. Likewise, lack of privacy breaches will lead to increased trust of citizens and data owners to such systems The ENCRYPT framework further contributes by providing a user-friendly way to deploy PP technologies.
Increased software, hardware and supply chain security
CTI intelligence extraction plays an instrumental role in the analysis of cyberattacks on software, hardware and supply chain. Considering that CTI data may contain sensitive information, PP technologies are necessitated in order to ensure the protection of privacy of the data subjects. ENCRYPT indirectly contributes towards this impact, by providing the means for privacy-preserving processing of CTI data, which in turn highly facilitates their capability to identify similarities and differences in vast quantities of information and detect deceptions to produce accurate, timely, and relevant intelligence, allowing for a faster, more targeted response in cyber threats.
Secured disruptive technologies
Disruptive technologies, such edge computing and federated learning, Natural Language Processing (NLP) at the edge, and robotics hold the key for the transformation of the future. Progress can be impeded, though, by shortcuts in the area of privacy protection. Currently voice recordings from personal devices such as digital assistants are sent to the cloud for processing, despite the fact that they are considered as sensitive data. Similarly, digital health applications still rely on anonymisation techniques to process data, risking the re-identification of data subjects. Robotics use cloud resources to analyse the environment. Crowd sourcing of information is of huge importance in all these use cases employing disruptive technologies, but it comes with the caveat of the loss of privacy by data subjects. ENCRYPT contributes to this through the provisioning of technologies allowing the General Data Protection Regulation (GDPR) compliant processing of sensitive information in federated environments.
Reinforced awareness and a common cyber security management and culture
Despite the importance of data and privacy protection, there is a lack of understanding and knowledge on what should be protected, and how. Furthermore, considering the fact that data subjects share sensitive data with multiple parties, and on multiple sectors, there is the need for a common privacy management. On the technological front, ENCRYPT contributes to these needs through a number of architectural components (i.e., AI-based recommendation system, the cyber and risk governance methodology, and software tool for building Knowledge Graphs).