Toreon partner of CYSSDE: New cybersecurity consortium to fund penetration testing across the EU

Written by Laurent Dupont

Toreon partner of CYSSDE: New cybersecurity consortium to fund penetration testing across the EU

Press Release 

Leuven, 1 July 2024 – In a bid to bolster the cybersecurity of critical infrastructure organizations across Europe, the European Commission is rolling out a new initiative under the NIS2 and CER directives. The newly established CYSSDE consortium has been tasked with improving methodologies to identify and address vulnerabilities, backed by a substantial funding pool exceeding €4 million.

CYSSDE, a European consortium of cybersecurity experts, collaborates closely with the European Cybersecurity Competence Centre and Network (ECCC) and national cybersecurity coordination centers (NCCs).

Key partners include Spain’s NCC INCIBE and Romania’s DNSC, with the Belgian cybersecurity organization LSEC at the helm.

CYSSDE

To enhance cyber resilience and ensure compliance with NIS2, CER, and the Cyber Resilience Act (CRA), the European Commission has mandated CYSSDE to conduct 230 penetration tests (pen tests) on European companies. CYSSDE will manage a funding envelope of over €4 million to facilitate this.

A pentest simulates a cyberattack on a computer system to uncover vulnerabilities. These tests reveal security weaknesses, enabling companies to fortify their defenses and mitigate potential attack damage.

Research has shown that 80% of known vulnerabilities are found in over 60% of European organizations providing essential services (NIS2) and in 90% of SMEs aiming to boost their cyber resilience. The planned pentests will help identify and address weaknesses in European infrastructure more effectively.

The CYSSDE project complements the efforts of various EU member states through activities such as:

  • Organizing open calls in member states, targeting national cybersecurity centers (NCCs) and pentesting service providers to promote the funding envelope;
  • Allocating Financial Support to Third Parties (FSTP) projects: a CYSSDE selection committee will identify organizations eligible for funding, with grants up to €200,000;
  • Assisting critical infrastructure organizations in evaluating potential vulnerabilities in applications, devices, systems, or cloud environments;
  • Mapping the capacity and capabilities of pen testing across member states;
  • Supporting organisations in understanding NIS2, CER and CRA expectations regarding vulnerability assessments;
  • Enhancing methodologies and use cases for pen tests and vulnerability research.

“With the support of NCCs in various member states, we’re aiming to select around twenty pen testing service providers to conduct at least 230 tests across the EU. CYSSDE will streamline the process by providing necessary capacity and guiding the search for pentest candidates in member states, ensuring capacity across all member states,” said Ulrich Seldeslachts, Managing Director of LSEC and project initiator.

Technical partners Ceeyu, Cyber Ranges, and Toreon are all involved in addition to LSEC, INCIBE, and DNSC. Fundingbox will support the organization of open calls.

How to participate in CYSSDE?

Organizations falling under the NIS2 or CER (Critical Entities Resilience Directive) can register with CYSSDE. They can confidentially submit their research proposals to organizations conducting vulnerability analyses.

From October, companies or research centers investigating vulnerabilities can participate in the open calls. A selection process will follow, with CYSSDE providing financial and expert support for the pentests. Companies can pre-register on the CYSSDE website to receive invitations for the open calls and information sessions.

Other European cybersecurity organizations or sector representatives are welcome to join as CYSSDE partners to share findings and results.

About CYSSDE

CYSSDE is a European consortium of cybersecurity organizations led by cybersecurity innovator LSEC – Leaders in Security and the ECCC. CYSSDE maps and addresses cyber resilience in the EU under the NIS2 and CER directives. The initiative builds on technical expertise and other innovation projects such as CYSSME.eu, DIGITALIS, IIoTSBOM, OpenCloudification, APAX, CSAI, FIRE, CSFR, CS4SME and more. CYSSDE manages a funding envelope exceeding €6 million.

More on CYSSDE

About LSEC

LSEC – Leaders In Security, is an internationally renowned digital security catalyst and a not-for-profit organization with the objective of promoting information security and expertise in the Benelux region and Europe. Founded by the University of Leuven and supported by the Flemish Government Agency for Entrepreneurship and Innovation as well as the European Commission’s Horizon Europe and DIGITAL Europe programs, LSEC is leading a unique pan-European private partnership that interacts with public institutions. LSEC connects security industry experts, research institutes and universities, government agencies, end users, funding bodies, and technical experts who are driving national and European research agendas. LSEC activities aim to raise cybersecurity awareness, support innovation and competitiveness in the European digital security market, and promote the visibility of its members.

Contact details

Ulrich Seldeslachts, Managing Director LSEC vzw
info@cyssde.eu
+32 16 79 85 85

Start typing and press Enter to search

Shopping Cart