The objective of the μDEVOPS project is to form an international and inter-sectoral network of organisations working on a joint research programme in the field of Software Quality Assurance (SQA) for Microservice Development Operations (μDevOps) engineering processes. The project will involve early-stage and experienced researchers giving them the opportunity to develop and exchange skills and knowledge to progress towards key advances in the μDevOps SQA field and strengthen collaborative research between different countries and sectors. The proposed action intends first to promote a cultural shift that places testing as a key cornerstone between the development and operation phases. Toward this long-term objective, the proposers will implement a joint research program aimed at i) fostering knowledge development and exchange between participants, ii) creating a long-lasting research network and iii) boosting research and innovation capacity of participating organisations. The knowledge exchange program will focus, as main scientific objective, on the study, definition and implementation of a testing process for μDevOps that integrates algorithms, techniques and methods for: i) model-based context learning, aimed at context-aware testing; ii) in-vivo reliability, performance and security sampling-based testing driven by the learnt context; iii) risk assessment aimed at estimating, based on test results and field data, the business risk associated with the usage (and possible failure) of each functionality, thus supporting risk-based prioritisation of SQA tasks. In the long term, the project aims at implementing the know-how and breakthroughs for novel products, methodologies and services and creating strategic bases to deal with the SQA challenges in modern software production practices. This will enable participating SMEs to resist market competition, proposing new methods and tools for agile development , V&V and maintenance along the whole chain of SQA

InfraStress addresses cyber-physical (C/P) security of Sensitive Industrial Plants and Sites (SIPS) Critical Infrastructures (CI) and improves resilience and protection capabilities of SIPS exposed to large scale, combined, C/P threats and hazards, and guarantee continuity of operations, while minimizing cascading effects in the infrastructure itself, the environment, other CIs, and citizens in vicinity, at reasonable cost. In fact, InfraStress will develop TRL4+ solutions from preceding research and innovation towards TRL7 level producing maximum adoption of the proposed methods and solutions. Addressing the current fragmentation of available security solutions and technology, InfraStress will provide an integrated framework including cyber and physical threat detection, integrated C/P Situational Awareness, Threat Intelligence, and an innovative methodology for resilience assessment – all tailored to each site. InfraStress adopts a user-driven approach carried out through: a) delivery of usable and user-friendly Services and Applications for C/P protection and resilience; b) technical activities driven by and receiving active input from end users, i.e. SIPS and relevant stakeholders; c) a comprehensive set of 5 real-world Pilots and Evaluation activities to be carried out by User partners. InfraStress matches key impacts not only in response to the Work Programme Call but also at Strategic, Socio-economic and Market levels. In fact InfraStress was conceived since the beginning with a strong business vision in mind and will carry out effective exploitation actions ensureing successful go-to-market. Tailored activities are also planned to rise a a culture of participatory security to involve all stakeholders including companies, workers, public authorities, citizens and civil society. InfraStress involves 27 partners of excellence from 11 countries with very cross-cutting and complementary competences and excellent track records, including 5 SIPS operators.

ENSURESEC is a sociotechnical solution for safeguarding the Digital Single Market’s e-commerce operations against cyber and physical threats. It combines an automatic, rigorous, distributed and open-source toolkit for protecting e-commerce, with monitoring of the impact of threats in physical space and a campaign for training SMEs and citizens aimed at creating awareness and trust. ENSURESEC addresses the whole gamut of modern e-commerce, from standard physical products purchased online and delivered via post, to entirely virtual products or services delivered online. It addresses threats ranging from maliciously modifying web e-commerce applications or rendering them unavailable to legitimate customers, to delivery issues or fraud committed by insiders or customers. It achieves this by focusing on the common software and physical sensor interfaces that sit along the e-commerce, payment and delivery ecosystem. At technical level, it integrates proven state-of-the-art inductive (machine learning) with deductive (formal methods) reasoning tools and techniques so that e-commerce operations are protected by design, as well as through continuous monitoring, response, recovery and mitigation measures at run-time. Importantly, trust of the infrastructure’s operations among its users is established, benefiting from distributed ledger technology ensuring transparency of the operations and that information has not been modified. Although ENSURESEC innovations are applicable to any critical infrastructure that relies and is monitored by networked software systems, its design and integration philosophy make it uniquely prepared to protect distributed and evolving e-commerce infrastructures with its various forms of payment and delivery (virtual, online and physical). ENSURESEC also enhances citizens’ resilience to threats and their trust in e-commerce companies, especially SMEs, thus contributing towards the vision of a reliable and trusted digital single market.

Cyber threats are the most significant and growing risk for public administrations (PA). However, technological, organisational and structural issues hamper the ability, especially for local PAs (LPAs) to improve their cyber security level. Budget constraints and evolving legal, ethical, societal and privacy regulations render the situation even more complex. COMPACT’s goal is to empower local LPAs to become the main actors of their cyber-resilience improvement process. COMPACT’s objectives are to 1) increase awareness, skills and protection; 2) foster information exchange between European LPAs; 3) link LPAs to major EU initiatives, including the newly created cyber-security private-public partnership. COMPACT innovates at technological level and at process level – an important dimension in engaging LPA employees in the improvement of cyber-resilience. At technological level, COMPACT innovates in real time security monitoring, security awareness training, information sharing, cyber-security gamification, risk assessment, and threat intelligence. At process level, COMPACT adapts the Plan-Do-Check-Act cycle for LPAs to do iterative removal of security bottlenecks and achieve compliance to EN ISO/IEC 27001 and BS ISO/IEC 27005. COMPACT delivers an integrated platform with 4 types of tools/services – 1) risk assessment, 2) education, 3) monitoring, and 4) knowledge sharing – characterized by a high degree of usability by non IT experts and automation. It protects LPAs’ investments by interoperating with market solutions from major vendors. It eases deployment and adoption by being both cloud-enabled (i.e. it addresses cloud specific issues) and cloud-ready (i.e. it can be deployed – if users wish– on the cloud). COMPACT validates its results through 5 challenging use cases provided by 5 users in 4 European countries. 90% of COMPACT solutions will achieve TRL7 and the residual part TRL6.