CCAT

Project website

Project start date:

Project end date:

Cybersecurity Certification and Assessment Tools

Cybersecurity regulations are tightening, and the complex demands of the Cybersecurity Act and Cyber Resilience Act present significant challenges for both tech developers and regulators. With this in mind, the EU-funded CCAT project will enhance four academic open-source tools to support continuous security checks and regulatory compliance. These include TLS-Scanner for TLS security, SCRUTINY for cryptographic evaluation, ALVIE for testing embedded systems, and sec-certs for analysing certification landscapes. By adapting these tools for real-world use and aligning them with EU rules, CCAT aims to increase trust and resilience in the digital single market. The aim is also to empower producers, consumers, and regulators to better understand, assess, and improve cybersecurity.

Objective

Cybersecurity regulations are becoming increasingly complex. The Cybersecurity Act (CSA) introduces an EU-wide cybersecurity certification framework, while the Cyber Resilience Act (CRA) sets mandatory cybersecurity requirements for products with digital components. A reliable and flexible set of tools is essential for continuous security assessment and navigating these evolving regulations.

In the CCAT project, we propose adapting four open-source tools, developed in academic cybersecurity research, to support the implementation of new regulations: (1) TLS-Scanner for assessing security in TLS clients and servers; (2) SCRUTINY for evaluating cryptographic implementations, software libraries, and hardware, including black-box setups; (3) ALVIE for testing embedded security architectures against vulnerabilities; (4) sec-certs for analysing certification landscapes and evaluating the relationships between certified products and actual vulnerabilities.

CCAT will enhance these tools to meet the needs of various users involved in or dependent on cybersecurity assessment and certification. The CCAT methodology builds upon: (1) Relevant feedback for purpose-driven enhancements enabled by collaboration with users applying the CCAT tools in diverse application scenarios. (2) Robust usable security research exploring and collaboratively improving user interaction with the tools. (3) Aligning the tools with the emerging EU security certification landscape.

CCAT tools aim to empower both ICT producers and consumers, fostering a more transparent, accountable, and resilient digital environment. Regulatory bodies can use these tools to assess the effectiveness of cybersecurity certifications, verify the security of specific implementations, and ensure the EU digital single market cybersecurity.

The project funded under Grant Agreement No. 101225878 is supported by the European Cybersecurity Competence Centre.

eccc-logo-web-purpose-desktop.png

EN_Co-fundedbytheEU_RGB_POS.png

Current projects:

AKIT

AKIT is an English-Estonian data protection and information security lexicon (Andmekaitse ja infoturbe leksikon).

CHESS

CHESS will integrate leading cybersecurity institutions and capitalise on the strengths of both regions to address important Europe-wide challenges.

Distributed Identity, Distributed Trust

In this project, we propose improved principles and techniques for identity management, clarifying the questions about trust and accountability.

FAMOUS

The project aims at maximizing synergies, standardization and interoperability capabilities of armoured vehicles to address highly demanding requirements while introducing innovative and promising new technologies and concepts.

PAI-MACHINE

Synthesis of machine-optimized cryptographic protocols with applications in secure machine learning systems.

STORE

STORE project aims to develop AI-based image recognition systems while also constructing a shared database of annotated defence images that can be used to train such systems.

EUCINF

EUCINF aims to create a comprehensive European library of adaptable software components that can be seamlessly integrated into Cyber and Information Warfare (CIW) systems. These components will possess capabilities in detection, analysis, fusion, and threat targeting, thus bolstering the functions of Cyber and Operational Centers.

Future-proof and trustworthy remote electronic voting

This project explores new technologies for remote electronic voting, focusing on enhancing the Estonian Internet voting system's security and resilience. It addresses extending zero-knowledge proofs, improving post-quantum resistance, and examining social trust and environmental impacts.

HYDIS

The project will identify suitable counter-hypersonic interceptor concepts and mature the technologies that enable implementation respectively. It will further create the industrial network to develop the future counter-hypersonic missile systems.

EXAI

EXAI's objective is to create methods for building trustworthy AI systems based on foundation models, and to ensure these serve the best interests of society.

JOCONDE

The European statistics authority Eurostat has selected Cybernetica to build a multi-party secure private Computing-as-a-Service platform for processing confidential data across organisations and countries.

ECYSAP EYE

ECYSAP EYE supports military analysts and decision-makers by linking cyber situations to mission progress through targeted mission engineering processes for identifying, analyzing, and addressing risks, opportunities, and options across all operational levels.

BalticSeaH2

The project creates Europe’s first cross-border hydrogen valley to cut CO2 and boost self-sufficiency. Cybernetica develops H2Pool, a Secure-by-Design crypto-secure marketplace validated through data synthesis of existing data.

AI-WASP

AI-WASP (Artificial Intelligence Warfare Adaptive Swarm Platform) focuses on developing AI technologies for swarming capabilities in collaborative autonomous platforms.

IMUGS2

iMUGS2 develops scalable, secure and interoperable unmanned ground vehicle (UGV) systems for European defence forces.

GARUDA

The project aims to develop the next generation of collaborative aerial platforms.

CCAT

The Cybersecurity Certification and Assessment Tools (CCAT) project is enhancing four open-source cybersecurity tools to support continuous security assessment and regulatory compliance with the EU's Cybersecurity Act and Cyber Resilience Act, empowering producers, consumers, and regulators to better evaluate and improve digital security.

Past projects:

CyberSec4Europe

The project will test and demonstrate potential governance structures for the network of competence centres using the best practices examples of participants like CERN.

DATABIO

DataBio demonstrates that enabling data-driven decisionmaking in agriculture, forestry and fishing increases productivity and has a measurable impact to both the economy and the environment.

ELIKO

Development a radio surveillance platform and an adaptive radio network.

NAPLES

NAPLES demonstrates how to seamlessly add security analysis and optimization capabilities on top of Business Process Management tools.

IUT27-1

IUT27-1 is centered on systems’ security with a focus on Secure Multiparty Computation, Structured Risk Assessment of information and related systems, and Internet voting.

EXCITE

EXCITE will advance foundational theories of model verification and data analysis.

OCEAN2020

The support of maritime surveillance and interdiction missions.

PRACTICE

PRACTICE will mitigate insider threats and stop data leakage for computations in the cloud while maintaining economies of scale.

PRIST

Privacy-preserving statistical studies on linked databases.

STACC

The objective is to turn STACC into a leading and economically independent R&D organisation.

SafeCloud

SafeCloud aimed to re-architect cloud infrastructures with a focus on partitioning and entanglement.

SUNFISH

The SUNFISH project will develop and integrate software enabling secure cloud federation as required by European Public Sector bodies.

TREsPASS

The goal of TREsPASS was to create a mart ‘attack navigator’, which will trace potential weak points within an organization or a given infrastructure.

UaESMC

The UaESMC project focused on methods for making secure computation more practical in the real world.

MANTICUS APOLLO

MANTICUS APOLLO focused on creating the theoretical foundation for a transnational and comprehensive situational awareness capability for coordinating national defense.

SYSFLEX

SysFlex will identify issues and solutions associated with integrating large-scale renewable energy and create a plan to assist system operators across Europe.

INTERRFACE

INTERFACE aims to achieve greater coordination between TSOs and DSOs to ensure a cost-effective and secure supply of electricity.

ONENET

Creating a reliable architecture that enables the European electrical system to function as a single system.

MAITT

MAITT will prototype machine learning and AI-powered public domain service delivery in domains that are of importance to the state.

DANCE

Data protection synthesis of test databases using secure computing technology.

PROVENANCE

Creating techniques for constructing zero-knowledge proofs for government interactions with citizens, companies or other governments.

New technologies in voting

The project seeks to map the effects emerging technologies have on voting and offer solutions to potential problems.

M-VOTING

Analysing the changes in e-voting risk analysis in a situation where voting from a smart device is possible.

BELIEVE

Analyzing the impact of biometric facial recognition measures on the e-voting system in ensuring freedom of choice and its applicability in the Estonian e-voting system

EIS

The Estonian information security standard aims to develop and promote the level of information security of the Estonian public authorities as well as private businesses.

KYPSIS

Study of applicability of cryptographic algorithms in information systems, their spread and assessment of the strength of already implemented cryptographic algorithms.

LESCA

Creation of a tool to convert a Datalog-like program to a SecreC program (privacy-preserving computation based on Sharemind MPC platform).

WEBEXTENSIONS

Analysis of the Open-eID architecture design offer including the formulation of system security requirements, review and verification of the protocol set in terms of fixed requirements.

SEVILLA

Creation of programmable secure multi-party computation and applications.

CDOC 2.0

Analysis for Estonia's new file encryption standard CDOC2.0 and general architecture design.

eeCloud

Implementation of the Estonian Government Cloud.

SPoF2 - Part 3 eID Infrastructure Trust Model

Analysis of and recommendation for the Estonian eID trust model.

Vessel Traffic and Maritime Surveillance System

The project aims to bring to market a new TDOA technology and develop a maritime traffic surveillance product for the international market.

VORMSI

Research & development of a security threat information sharing and correlation system for transnational use.

ECYSAP

Implementation of high maturity cyber situational awareness platform for military use.

Eurostat-Cybernetica project ESTAT 2019.0232

The project created a proof-of-concept solution for the secure private processing of longitudinal Mobile Network Operator data in support of official statistics.

CoNurse

The project aims to expand the functionalities of CoNurse through developing a stochastic model for implementing smart and dynamic protocol delivery.

Smart Wallet (eKukkur)

The aim of this project is to make the necessary preparations and create the necessary commercial and technological base for the provision of next-generation eID services in accordance with the updated version of eIDAS.

Minerva

De-risking machine learning technology for cyber security applications in cooperation with European Space Agency.

LAGO

This project aims to deliver the foundation for a trusted EU Fighting Crime and Terrorism (FCT) Research Data Ecosystem (RDE) to address the so-called “Data Issue” in the FCT research landscape.

TEADAL

TEADAL will enable the creation of trusted, verifiable, and energy-efficient data flows, both inside a data lake and across federated data lakes, based on a shared approach for defining, enforcing, and tracking data governance requirements with specific emphasis on privacy/confidentiality.

ShareSat

The secure cooperation service, ShareSat, will enable owners of space object tracking catalogues to cooperate in a confidential manner, without revealing classified ephemerides even to the organisation providing analysis for collision avoidance or manoeuvre planning.

EU-GUARDIAN

AI-based solution that operates and automates large parts of incident management and cyber defence processes.

OPTIMISM

Analysis of technological solutions of positive credit register project aimed to analyse technological solutions of the positive credit register that would provide sufficient privacy guarantees during the creation and launch of the system.

VÕIME

Analysis determined whether and how the capability for evaluating cryptographic security solutions can be developed in Estonia.

Are you OK with optional cookies? We use statistical and marketing cookies to offer you a better browsing experience and optimise our marketing costs. We value your privacy, so optional cookies aren't activated unless you accept. Learn more about Privacy Notice.