Reflections on financing European cyberdefence

Building cybersecurity is expensive. In a threat environment that is changing daily, newer and newer defence technologies are emerging that would need to be operated in a highly skills-scarce environment. Moreover, new cybersecurity technologies require knowledge that may not be available in the professional domain, such as artificial intelligence. However, compliance requirements such as NIS2 mean that building adequate defence cannot be neglected and money must be invested in this area.

The European Union has recognised that cyberdefence for European businesses is significantly underdeveloped, with a lack of skilled staff, European products on the market and a slow pace in bringing the latest developments to the mainstream. In order to avoid this competitive disadvantage, significant resources are available in the financial cycle from 2021 onwards to improve European cybersecurity, but these are poorly understood. We would therefore like to give some tips for those who want to build a high-quality Security Operation Centre and NIS2 compliant cyberdefence not only on their own budget.

Among the many possibilities, let’s get to know the Digital Europe Programme! This budget totals €7.5 billion, spread over five different areas. These are artificial intelligence, supercomputing, cybersecurity, digital skills development and ensuring widespread access to digital technologies. For the period 2023-24, €375 million is available for cybersecurity alone. A drop in the ocean, you might say, but still a relatively easy amount to access, not only for national cybersecurity centres but also for SOCs working with them, including those providing services to the private sector. For example, the call promises a 75% grant for procurement within joint tenders, which is not a negligible contribution considering the cost of modern solutions. But for example, €30 million is already available for NIS2 organisations in 2023 to help them prepare, typically at a 50% funding intensity. The EU’s key idea, in line with the European Cybersecurity Strategy, is therefore to support critical infrastructures covered by NIS2, in addition to public CSIRTs and private SOCs, to achieve the grand goal of European cyber resilience.

Other interesting features of the Digital Europe programme include the Digital Innovation Hubs (EDIH), which started operating at the end of 2022 and beginning of 2023. These aim, among other things, to help small and medium-sized enterprises access the latest cybersecurity knowledge. To this end, they organise training courses and provide free or low-cost services that can help interested parties to improve their cybersecurity in a meaningful way. Such hubs are available in all European countries and are well embedded in their own cybersecurity ecosystem, so whether you are a prospective customer or a potential service provider, it is worth contacting them to help you build successful national networks.

Finally, there is the Cybersecurity Skills Academy initiative, also to be launched in 2023, which aims to establish a single set of European educational requirements and an extensive list showing clearly where and what cybersecurity skills can be acquired. As a SOC operator or an organisation covered by NIS2, it may be worthwhile to seek out these training centres and access professionals with skills under the European Cybersecurity Skills Framework through them.

It is therefore important for the European Union to strengthen regional and national cyber defences. And access to resources can be greatly facilitated by the National Coordination Centres to be set up in 2023. The following steps are therefore recommended for SOCs or organisations covered by NIS2:

• If you have decided to invest in a cybersecurity product or service, it is worth first contacting a local European Digital Innovation Hub and consulting them about what cutting-edge solutions you should be thinking about. A list of EDIHs can be found here: https://european-digital-innovation-hubs.ec.europa.eu/edih-catalogue
• It is then worth checking what current calls for proposals are or will be launched in the near future. The goals and budgets are available here: https://digital-strategy.ec.europa.eu/en/activities/work-programmes-digital
• Once you have made your choice, the texts of the specific calls can be found on the European Union’s Funding and Tender opportunities portal: https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/home
• Finally, we recommend the Cybersecurity Skills Academy website, which will take you to the training centres where the professionals you are interested in are trained: https://digital-skills-jobs.europa.eu/en/cybersecurity-skills-academy

And if you get stuck anywhere, you should visit the National Coordination Centre for help navigating the sea of options: https://cybersecurity-centre.europa.eu/nccs_en