Network.training-awareness October 2019

network.training-awareness@internal.sparta.eu

6 participants
5 discussions

[SPARTA - network.training-awareness] Notes from the ECSO Meeting

by Olivier Levillain

Hi, Here are some notes from the ECSO meetings. As in the previous meetings, several documents have been presented, but most of them are not really available (even within ECSO). I will share what I can as soon as the documents are published on the portal. Don't hesitate to ask me about a particular subject. Since writing (or reading) minutes is not always that funny, I tried to send you what I thought was the most relevant, as soon as I could. 1) Cyber Ranges ECSO is working on a document defining what cyber ranges (CRs) are. The document starts by stating that we usually find two different definitions: one describing the CR as a simulation environment, the other one describing CR as a platform. Since the latter contains the idea that a CR is more than a technical piece of software, they prefer it. The document then describes different use cases and different features a CR can have. The idea is to say that, as a car, CRs can be of very different natures (from Formula 1 to family cars to 4x4s). Today, a lot of organizations are looking for cyber ranges for different goals, which can not be done by all cyber ranges. The prurpose of the document is to shed light on a key/buzz word which is not clear for many people. It aims at helping consumers of cyber ranges, but also the providers/researchers to focus on special features/use cases. The document is still a draft, and is still supposed to be internal to ECSO only, but we will have a new version in early November that I will be able to share with SPARTA partners, to gather feedback. ECHO (one of the 4 EC pilotes) has been trying to coordinate the activity. Beyond the survey that was sent earlier, I did not see a lot on this front from ECSO or from ECHO. The survey collected around 50 answers 3 or 4 weeks ago. It is still open, and it seems it would be useful to send the link again (we discussed it on the WP9 list, and it was supposed to have been sent by a Catarina, but I can not find the message in my archives...). 2) A tool to self-assess one's cybersecurity skills Georges Ataya presented an online tool for self-assessment and then see the gap between one's profile and a given role from the NICE framework. We are supposed to get a link to this online tool in the weeks to come. If this happens, I will share it with you. 3) Description of a minimal curriculum for "Cybersecurity for top management and leaders" ECSO SubWG 5.2 is working on a document to define minimum curricula, and they started with the top management and leaders. For now the document has not been shared among ECSO, so we only got the first elements. As soon as I have more on this European Cyber Security Education Framework, I will share it with you. 4) Youth4Cyber A member from Milano presented an initiative to teach cybersecurity (mostly awareness) to young people, through 5 modules aimed at 6-10 years old, 10-14, 14-18, 18-22 and 22-26. They presented the outline of the modules, which all contain 6 to 7 sessions of 45 to 2h each. For now, they only have a 1-slide description for each session, and are looking for funding/work force to produce the content. Since this is an Italian initiative, they would then need to translate it. This initiative may be of interest for T9.4? 5) Awareness campaign by SOGEI SOGEI presented their work on awareness campaigns. It is similar to the material I sent last month on the Awareness Workshop ECSO organized. 6) Women4Cyber ECSO and an SME have created a fondation to lead this initiative. They already won an award from the nordic countries and hope to have chapters in different countries and even regions. 7) Education Map from ENISA Fabio Di Franco presnted the Education Map: more than 500 degrees (it is a list of degrees, and not courses as we thought initially). The website is still under development and should be online in November. It will be possible with a nice UI to apply multiple filters on the following criteria: language, country, delivery method, major topic, deree obtained. Their goal is to get an almost exhaustive list of degrees updated regularly. They also have gathered information about the cost of the courses, the number of graduated people, the maximum capacity of each course, the very coarsed-grain repartition of ECTS (cybersecurity courses, law courses, internship, etc.) They have no intention to produce more detailed information; first because of a lack of resources (Fabio seems the only person involved in the data collection and validation); second, because they are not confortable with a taxonomy of the different topics. Thus, I believe that we can propose something complementary here. Fabio seemed interested. Jan, if you believe it is useful I introduce you to him (electronically), I can do it. 8) Report on Cyber Security Education from ENISA This report offers a critical review of common knowledge about cybersecurity education and HR. It is common knowledge that there is a lack of qualified cyber security professionals. However, maybe the shortage is dominated by a lack of understanding. We must be more precise on the jobs needed. ENISA spots the following issues in cyber security education: - lack of educators - poor interaction with the industry - little understanding of the labour market Yet, it might be useful to recall the goals of universities, which are today torn between teaching people with a holistic vision, and producing market-ready people. We might be mistaken in following the second path too strictly, since we do not know how cybersecurity jobs will evolve (some jobs might soon become irrelevant because of some forms of automation). [As a teacher, I agree with the vision that universities' goal is not only/primarily to produce market-ready people!] ENiSA looked at 387 study programs that were "certified" by a national body (Autstralia, France, UK, USA). Most certifications have the following elements: - check that sufficient hours are put in cybersecurity - check the teaching body's qulaifications - describe the teaching modalities - employment outcomes - etc. 9) Presentation from the pilots 9.1) SPARTA Regarding SPARTA, Edumndas and I briefly presented the documents we (task leaders) prepared together. Concerning the skills matrix, Edmundas was asked to invite ENISA, ECSO and the Program Officer to the coming workshop (I sent him the contacts I had in another mail). I was asked to send the WP9 contacts (task leaders) to the ECSO secreatariat. I will do this shortly. Regarding possible collaborations, beyond the skills workshop, we proposed to exchange documents between ECSO and pilots as much as possible (and I believe we should try and share early when we have no specific constraints). 9.2) CONCORDIA They have been collecting information on short courses with possible filters on an online map (https://www.concordia-h2020.eu/map-courses-cyber-professionals/). Their work tracks 60 courses collected in 3 months (31 from within Concordia and 29 outside). It should be useful to collaborate with them for T9.3, since we were asked by a representative from the DG Connect not to do the same things in different EC pilots. I will study what they proposed to see how we could bring added value. CONCORDIA also worked on Cyber Ranges (which they would like to also put on the map). They would like to create an ecosystem, but they are not after a federation (the woman presenting could not explain more, but this will be discussed at the next meeting with the relevant person from the project). They want to share scenarios and work on an exchange format. Since they were not present the morning for the discussion about the document on Cyber Ranges, they will contribute to the document as soon as they get it. Finally, they asked whether there was interest for an open source Cyber Range. Someone answered that this was mostly relevant for universities. 9.3) CyberSec4Europe They quickyl described their work packages (but without slides). 10) Notes The woman from the DG Connect asked us (pilots) to identify the possible synergies between project and to clearly define what our differences are (especially with regards to education and training). In particular, we were asked not to do the same thing about Cyber Ranges, which seems to be an especially hot topic. Best regards, olivier

5 years, 9 months

[SPARTA - network.training-awareness] Fwd: 5th IEEE European Symposium on Security and Privacy: Call for Workshop

by Jan Hajný

Dear WP9 Partners, As you may already know, the IEEE European Symposium on Security and Privacy will take place in Genova next June. We thought that this may be a unique opportunity to discuss and present the advances in cybersecurity training there, with a particular focus on cyber ranges and curricula. There is the possibility to propose a workshop on this topic, please see the message from Alessandro below. We can also co-locate the WP9 meeting with the event. Would you support that idea and actively participate in such a workshop? Please let me know yes/no very soon so that we can start the process :-) Thank you, Kind regards, Jan —— doc. Ing. Jan Hajný, Ph.D. Advanced Cybersecurity Brno University of Technology Phone: +420 541 146 961 WWW: http://crypto.utko.feec.vutbr.cz <http://crypto.utko.feec.vutbr.cz/> > Začátek přeposílané zprávy: > > Od: Alessandro Armando <alessandro.armando(a)unige.it> > Předmět: 5th IEEE European Symposium on Security and Privacy: Call for Workshop > Datum: 14. října 2019 19:07:18 SELČ > Komu: Jan Hajny <hajny(a)feec.vutbr.cz> > Kopie: Fabio Martinelli <Fabio.Martinelli(a)iit.cnr.it>, Paolo Prinetto <paolo.prinetto(a)polito.it>, Rocco De Nicola <rocco.denicola(a)imtlucca.it> > > Dear Jan, > > the 5th IEEE European Symposium on Security and Privacy (IEEE EuroSP 2020, http://www.ieee-security.org/TC/EuroSP2020/ <http://www.ieee-security.org/TC/EuroSP2020/>) will take place in Genova on June 16-18 (Tue-Thu), 2020. > Pre/Post-conference workshops will take place on June 15 (Mon) and June 19 (Fri). > By this message I would like to draw your attention on the possibility to propose a workshop related to the topics of the SPARTA WP on cybersecurity training you are leading. > I believe a workshop associated with IEEE EuroSP 2020 will be an excellent opportunity to disseminate the wp's results as well as to get feedback by the relevant community. > > The deadline for workshop proposals is November 18, 2019. Details can be found at http://www.ieee-security.org/TC/EuroSP2020/cfw.html <http://www.ieee-security.org/TC/EuroSP2020/cfw.html>. > Please notice that all workshop proposals will be evaluated by the workshop chairs against the Proposal Evaluation Criteria set in the Call for Workshops. > > Please also notice that together with Florent we are planning to organize a SPARTA event (e.g. a project meeting) on June 20 (Saturday) colocated with IEEE EuroSP. > > Should you need more information, please do not hesitate to ask. > > Best Regards, > > alessandro > > -- > Prof. Alessandro Armando > DIBRIS, Università di Genova > Viale Causa 13 > 16145 - Genova > email: alessandro.armando(a)unige.it <mailto:alessandro.armando@unige.it> > phone: +39 3281003201 > > > > -- > Prof. Alessandro Armando > DIBRIS, Università di Genova > Viale Causa 13 > 16145 - Genova > email: alessandro.armando(a)unige.it <mailto:alessandro.armando@unige.it> > phone: +39 3281003201 > > > -- > Le informazioni contenute nella presente comunicazione sono di natura privata e come tali sono da considerarsi riservate ed indirizzate esclusivamente ai destinatari indicati e per le finalità strettamente legate al relativo contenuto. Se avete ricevuto questo messaggio per errore, vi preghiamo di eliminarlo e di inviare una comunicazione all’indirizzo e-mail del mittente. > -- > The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you received this in error, please contact the sender and delete the material.

5 years, 11 months

[SPARTA - network.training-awareness] Task 9.2 Progress, Request for Action

by Jan Hajny

Dear WP9 Partners, Please find the progress monitoring table for WP9 Task 9.2 attached. Please note, that some activities (marked red) are in significant delay (those of CINI and YWH are delayed for over several months). Please consider this message the last call for delivery of the outcomes. Thank you, Kind regards Jan Hajny —— doc. Ing. Jan Hajný, Ph.D. Advanced Cybersecurity Brno University of Technology Phone: +420 541 146 961 WWW: http://crypto.utko.feec.vutbr.cz <http://crypto.utko.feec.vutbr.cz/>

5 years, 11 months

[SPARTA - network.training-awareness] T9.1 workshop

by edmundas＠l3ce.eu

Dear All, As T9.1 is approaching the final stage and most of the work is done, the team would like to invite all interested SPARTA partners to the final alignment workshop. The workshop is intended to be organized as one day or two half days event on-site at MRU. Preliminary agenda is attached. Those, who can join the workshop remotely, connection will be organized. The preliminary dates set are 6th / 7th of November (preliminary 5th was set, but it was moved). Please, mark your interest and availability on: https://doodle.com/poll/2diuwnzbunwvmtmm until the 25th of October. We would like to have as many participants on-site. Presence of cybersecurity end user organizations is especially relevant (e.g. NASK, LMT, KTU Litnet). We will also invite some associated partners (NCC group) and other national and international organizations (ECSO, Lithuanian Cybersecurity center, Lithuanian Arm forces CERT, etc.). The introductory materials for the workshop are also attached to the message (also available at SVN). Best regards, Edmundas & T9.1 team

5 years, 11 months

[SPARTA - network.training-awareness] Fwd: [SPARTA - project.consortium] New schedule for 25th WP meetings

by Jan Hajný

Dear all, Due to the change below we start the WP9 session telco later, at 14:30 CEST. Sorry for troubles. Jan Začátek přeposílané zprávy: > Od: ANTIGNAC Thibaud <Thibaud.ANTIGNAC(a)cea.fr> > Datum: 25. září 2019 12:16:24 SELČ > Komu: "project.consortium(a)internal.sparta.eu" <project.consortium(a)internal.sparta.eu> > Předmět: Re: [SPARTA - project.consortium] New schedule for 25th WP meetings > > Please find attached the map of SPARTA rooms (downstairs, on the mezzanine) > And also an excel file for the new schedule. > > Lunch is at 1pm on 1st floor. > > Best regards, > -- > Thibaud Antignac > CEA List > > > From: ANTIGNAC Thibaud <thibaud.antignac(a)cea.fr> > Date: Wednesday 25 September 2019 at 12:13 > To: "project.consortium(a)internal.sparta.eu" <project.consortium(a)internal.sparta.eu> > Subject: New schedule for 25th WP meetings > > > > > Downstairs, Mezzanine > Meeting Room A > Meeting Room B > Meeting Room C > Hall K > New > 12:00 > Meetings > Roadmap (WP3) > Management (WP13) > T-SHARK (WP4) > Certification (WP11) > 13:00 > > Lunch > Lunch > Lunch > Lunch > 14:30 > Meetings > CAPE + HAIIT-T (WP5+6) > Train & Awar (WP9) > Partnership (WP8) > SAFAIR (WP7) > 16:00 > Meetings > Exploitation (WP10) > Diss & Comm (WP12) > Responsibility (WP2) > > > -- > Thibaud Antignac > CEA List > > -- > project.consortium mailing list > project.consortium(a)server.sparta.eu > http://server.sparta.eu/cgi-bin/mailman/listinfo/project.consortium

6 years

2025

2024

2023

2022

2021

2020

2019

Network.training-awareness October 2019