The assurance of security, privacy, reliability and safety features is key-point to unlock the enormous potential that the connected vehicles systems paradigm i.e., the dynamic Cyberphysical system of highly-equipped infrastructure-connected vehicles with numerous third-party components, can offer towards safer transportation. The emerging systems expose a variety of wireless-communication and hardware interfaces which result in a large attack surface; thus, attempts to assess the degree of confidence that security needs are satisfied come with prohibited cost for automotive stakeholders and OEMs. SAFERtec project will leverage a highly-skilled consortium to first model the varying exposure of a prototype connected vehicle system to numerous threats appearing under two generic instances of the increasingly pervasive V2I setting. One relates to road-side unit communication while the other involves the interaction with cloud application and passengers' smart devices. Then, adopting a systematic vertical approach SAFERtec will obtain an in-depth look of the possible vulnerabilities performing penetration-testing on individual hardware components and upper-layer V2I applications. Considering the available security mechanisms a third party provider already applies to each module, SAFERtec will determine a corresponding protection profile as a summary of the identified risks. An innovative framework appropriately designed for unified and thus, cost-effective use across all modules will employ statistical tools and security metrics to quantify the involved security assurance levels and also feed the incomplete automotive standards. Research on dependability methods will then allow the framework's transition from individual modules to the connected vehicle system. All above results will be incorporated and made available through an open-access toolkit that will pave the way towards the cost-effective identification of security assurance levels for connected vehicle systems.

With AI-enhanced components being deployed everywhere, including the very toolchains used for secure software development, the traditional security focus on software and hardware assets can no longer guarantee secure services, processes and products, [and] digital infrastructures in the EU Strategic Plan 2021-2024. Sec4AI4Sec wants to develop security-by-design testing and assurance techniques for AI-augmented systems, their software and AI assets. AI-augment systems provide an opportunity to democratize security expertise and give access to intelligent, automated secure coding and testing, by enabling novel capabilities, lowering development costs and increasing software quality (AI4Sec). They are also a risk: AI-augmented systems are vulnerable to new security technical threats specific to AI-based software, in particular where matters of fairness or explainability are important (Sec4AI). Sec4AI4Sec addresses these challenges to the fullest extent: AI for better security, security for better AI. The Sec4AI4Sec project will address these two facets of AI to achieve a deep scientific, economic and technological impact, while contributing to addressing key societal issues. It will validate its approach on three key scenarios of the EU Digital Compass towards Digital Sovereignty: 5G core virtualization, Autonomy for safety systems in aviation and security and Quality for 3rd party software assessment and certification. Sec4AI4Sec assembled a team with 5 leading Universities (Amsterdam, Cagliari, Hamburg, Lugano, Trento), 2 innovative SMEs (FrontEndART, Pluribus One), 3 Large Enterprises (Airbus, SAP, Thales) and 1 Center for digital innovation (Cefriel). The project will generate a set of innovative techniques and open-source tools, new methodologies for secure design and certification of AI-augmented systems, as well as reference benchmarks that can be used to standardize the assessment of research results in the secure software research community.

With the emergence of the digitization of information, ICT infrastructure and communications gave an unprecedented push towards the realization of truly interconnected passenger transport ecosystems at city-level. The emerging notion of multimodality supports a plethora of diverse transport services, typically offered from a central location. There however, the complex interconnected infrastructures ease the cyber-threats propagation while the underlying mosaic of fleets, personal hand-held devices and non-standardized data types increase the system's attack surface and require the authorities collaboration to proactively handle severe incidents. CitySCAPE leverages the skills and mature technology of its 15-partner consortium to systematically explore all different cybersecurity dimensions of multimodal transport. These dimensions will drive a characterization of the cyber-threats in the ICT multimodal transport, extended to the close-by power and financial sector. Innovative software tools will be introduced to estimate the threats propagation in the system. Then, CitySCAPE will realize a modular software toolkit enabled to be seamlessly integrated into any multimodal transport system to: a)detect suspicious traffic-data values and identify persistent threats; b)evaluate an attack's impact in technical and notably in financial terms; c)combine external knowledge and internally-observed activities to enhance the predictability of zero-day attacks; d)instantiate a networked overlay to circulate informative notifications to CERT authorities and support their interplay. The CitySCAPE solution will be tested over a timely set of use-cases involving ticketing applications, cyber-fraud and location data in the regional transport system of two European cities, where extensive experiments will showcase its effectiveness. The findings will steer training sessions of expert/non-expert audience and shape a strong standardization contribution to security (labelling) protocols.