Programme Category
Programme Name
Programme Description
The European Defence Fund (EDF) is the Commission’s initiative to support collaborative defence research and development, and to foster an innovative and competitive defence industrial base.
Identifier Code
Call
Summary
Unmanned vehicles (UxV) such as drones, ground vehicles, and surface/underwater vessels are bound to become an integral part of military operations. From a security perspective, this poses various new challenges that need to be properly resolved to deploy these vehicles in real missions and exploit their full potential.
The cyber-physical nature of UxVs affects security in various way. It brings the attack surface of a typical computer (network) into a new context where successful cyber-attacks can have serious consequences in the physical world, while imposing new physical and operational constraints on available and well-established cyber security controls. New attack vectors emerge, and threat models need to be revised.
Designing appropriate security controls for UxVs requires capabilities to identify and evaluate complex trade-offs between data protection, cybersecurity and assured autonomy to best support a mission. Automating parts of the analysis process is necessary to handle the complexity of this task, including processing large amount of data, reducing costs and risks associated with testing physical systems, and producing structured and traceable documentation.
Existing security and safety approaches may be tailored to suit UxVs so that they can be made both secure and robust against well-known deliberate and accidental threats, however new solutions are expected. An additional challenge is whether UxVs can be made resilient in the sense that they can still react in a way that minimises the consequences, and possibly allows for alternative ways to complete the mission autonomously, in the presence of a successful cyber-attack.
Detailed Call Description
If autonomous capabilities that rely heavily on sensor data to make their decisions are employed, the environment itself can become a new attack vector, as it can be manipulated to exploit vulnerabilities in these new capabilities. Sensors themselves become a new part of the threat model, and the protection of confidentiality of data on the vehicles needs to be weighed against the protection of the availability of effectors and actuators and the integrity of control information. This call topic contributes to the STEP objectives, as defined in STEP Regulation, in the target investment area of deep and digital technologies.
The capability of UxVs to be resilient so that they can minimise the consequences of an cyber-attack, and allowing for alternative ways to complete the mission autonomously, is called in this context autonomous cyber defence, which is consisting of four main components: monitoring, detecting, reacting, and reconfiguring (or learn). A central part of this capability is the ability to monitor the system and detect potentially harmful anomalies, but also to understand the risk associated with both their impact and possible responses. For instance, if a malware was detected on a UxV trying to exfiltrate classified data, and the source was a malicious component critical for flight, the system might have to evaluate the risk and feasibility associated to either:
- preventing a breach of confidentiality by shutting down the malicious component and crash onto the ground, thus possibly damaging people or infrastructure;
- accepting the loss of data to prevent the UxV from crashing;
- or reconfiguring itself to perform an emergency landing while gradually shutting down the rotors in time to prevent significant data leakage.
A “risk-evaluation engine” is central to this capability to generate risk-based courses of actions (CoA) that take into consideration the effect of each action on the various assets connected to the UxV that need to be protected. This includes the mission goals the UxV supports, the confidential information on the UxV and the safety of the UxV itself and its surroundings. This presupposes a sufficient understanding of the UxV´s systems, its interactions, the environment and the dependencies between the UxV´s capabilities and the mission. Additionally, the anomalies should be detected with a high degree of precision to estimate their potential effect before they compromise the UxV beyond repair.
Call Total Budget
Thematic Categories
- Information and Communication Technologies
- Information Technology
- Justice - Security
- Research, Technological Development and Innovation
Eligibility for Participation
- Legal Entities
- Other Beneficiaries
- Private Bodies
- Researchers/Research Centers/Institutions
Eligibility For Participation Notes
In order to be eligible, all applicants (beneficiaries and affiliated entities) must cumulatively:
- be legal entities (public or private bodies)
- be established in one of the eligible countries, i.e.:
- EU Member States (including overseas countries and territories (OCTs)
- non-EU countries:
- listed EEA countries (‘EDF associated countries’; list of participating countries)
- have their executive management structure established in eligible countries
- not be subject to control by a non-associated third country or non-associated third-country entity (unless they can provide guarantees – see Annex 2 – approved by the Member State or EDF associated country where they are established)
Consortium composition – For all topics under this call, proposals must be submitted by: minimum 3 independent applicants (beneficiaries; not affiliated entities) from 3 different eligible countries.
Call Opening Date
Call Closing Date
National Contact Point(s)
Ministry of Defense
Address: 172-174 Strovolos Avenue, 2048 Strovolos, Nicosia
Telephone: 22 807500
Email: defence@mod.gov.cy
Website: https://mod.gov.cy/
Department of Research and Innovation
Telephones: 22 807755, 22 807754
Email: research.innovation@mod.gov.cy
EU Contact Point
For help related to this call, please contact: DEFIS-EDF-PROPOSALS@ec.europa.eu