CYRUS project prepares for cybersecurity pilot trainings
Cybersecurity competence framework in place
The CYRUS project, focusing on enhancing cybersecurity in the transport and manufacturing sector, has completed its initial research and analysis phase. The project partners came together to assess progress and plan the next steps: personalised, work-based pilot trainings, which will be tested in 2024.
A study involving interviews with 79 organisations from the transport and manufacturing sector gave valuable guidance. Compared with the minimum levels of knowledge that the best practices from the regulatory bodies ENISA (European Union Agency for Cybersecurity) and NIST (National Institute of Standards and Technology) recommend, the study showed lower results.
Overall, it highlighted the importance of raising awareness through training programmes, particularly among non-technical positions, including management roles.
“It is very common to point out that individuals represent the weak spot, the main issue in the cybersecurity chain, “says Bruno De Rosa from Union Internationale des Chemins de Fer (UIC). “Instead, we should positively overturn this perspective and start considering humans as the solution, a key asset towards cyber preparedness and defence”.
Identifying potential cyber threats
The CYRUS team researched cyber threat scenarios and identified who in terms of job roles needs to be trained in cybersecurity to mitigate risks. Common threats identified include data leakage attacks, ransomware attacks and insider threats. Small and mid-sized enterprises (SMEs) were spotted as particularly vulnerable.
Developing the cybersecurity competence framework
The project partners established the cybersecurity competence framework based on the research findings. This framework facilitates smoother transitions from education to work, aligns individual skills with market demands, outlines career pathways and identifies employable skills.
Next Steps: Pilot trainings
On the basis of the results, the project partners will develop and launch pilot trainings. They will cover technical skills, including cybersecurity requirements and practical exercises as well as methodological and organisational aspects such as vulnerability and integrated risk assessment.
Given the effectiveness of active learning methods, the training approach will include elements like teaching other learners, hands-on simulations and group discussions to ensure optimal knowledge retention.
The CYRUS project proposes a novel training system, where a complete set of skills to be vigilant, to identify and to respond to cyber-attacks will be delivered. The framework exploits innovative methods for training implementation. Virtualisation-dedicated cyber-range simulations in operational settings and work-based learning will allow timely and efficient course delivery, overcome the current hindrance, and raise interest in the awareness program and good practices.
The European research project was launched 1 January 2023, will run for three years and is led by Deep Blue S.r.l. The funding framework is provided by the European Health and Digital Executive Agency (HaDEA) as part of the European Union’s DIGITAL-2022-TRAINING-02 research and innovation programme under grant agreement No 101100733.
Project partners are: Deep Blue S.r.l. (Italy), Cefriel S.r.l. (Italy), Stichting VU (Netherlands), G & N Silensec Ltd (Cyprus), The Polish Platform for Homeland Security (Poland), EIT Manufacturing Central gGmbH (Germany), Italienische Handelshammer für Deutschland (Germany), Union Internationale des Chemins de Fer (France), European Federation for Welding, Joining and Cutting (Belgium), Universitatea Spiru Haret (Romania), Viesoji Istaiga Lietuvos Inovaciju Centras (Lithuania)
Co-Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Health and Digital Executive Agency (HADEA). Neither the European Union nor the granting authority can be held responsible for them.
EIT Manufacturing Central gGmbH