Electronic Soft-Identities (E-Ids) State-of-the-art and Multi-Morphed E-Ids, an Explorative Study

The scientific contribution of this report is twofold: on a side it provide a first, explorative overview of the state of the art in the world of soft-identity management systems, and on the other he present the first outcomes of a research activity aiming at proposing a solution to address trust and privacy protection issues related to identity and personal data provided by citizens in a smart environment. Our proposed solution combines identity management, trust negotiation, and usage control. The concept of identity management allows creation of less privacy sensitive soft identities derived from hard identities with high assurance. Trust negotiation techniques are used during the authentication phase to support the identity establishment process between the entities in the smart city. After the identity is established we use usage control policies to govern the exchange of identity and personal data in a privacy friendly manner.JRC.G.6 - Digital Citizen Securit

Blockchain in Energy Communities, A proof of concept

This report aims at exploring the use of the distributed ledger paradigm to incentive the participation of the citizen to a truly free, open and interoperable energy market, producing a feasibility study and a first demo testbed, taking also into consideration privacy, cybersecurity and big-data issues of the smart-home in the Energy market context. This study is intended to support point 4.1, 4.2 and 4.3 of the DSM (COM(2015)192) and point 2.2 of the Energy Union package (COM(2015)80.JRC.E.3-Cyber and Digital Citizens' Securit

Blockchain in the Energy Sector

This report describes the technical implementations of the Administrative Agreement between DG ENER and DG JRC, called Enerchain. In particular it presents the results of the experimental tests and of the results carried out to implement workpackage 4 and and workpackage 5 as defined in the technical annex of this administrative arrangement.JRC.E.3 - Cyber and Digital Citizens' Securit

Blockchain in the Energy Sector

In this report, we analyse from a technical and legislative point of view the most promising applications of Distributed Ledger Technology to the electrical energy sector, as they were selected from the previous work performed in the AA between DG ENER and DG JRC, called Enerchain. Namely these use cases are smart metering, energy communities, flexibility services, certification of origin, and electro mobility. The outcome of the analysis is a short-list of conceptual applications of DLT to various trending topics and research areas in the energy sector. In this report we also describe the related energy regulatory packages, and ICT regulatory framework and discuss our blockchain considerations.JRC.E.3 - Cyber and Digital Citizens' Securit

Blockchain solutions for the energy transition, Experimental evidence and policy recommendations

This report summarises the main outcomes of several experimental studies carried out by the Joint Research Centre on blockchain solutions for energy systems. It presents considerations and recommendations for European policymakers regarding blockchain deployment across the energy value chain. The outcomes of this report come from a multi-year project funded through an explicit request of the European Parliament to the European Commission, with experiments conducted in the Joint Research Centre smart grids and cybersecurity laboratories.JRC.E.3 - Cyber and Digital Citizens' Securit

Cybersecurity, our digital anchor

The Report ‘Cybersecurity – Our Digital Anchor’ brings together research from different disciplinary fields of the Joint Research Centre (JRC), the European Commission's science and knowledge service. It provides multidimensional insights into the growth of cybersecurity over the last 40 years, identifying weaknesses in the current digital evolution and their impacts on European citizens and industry. The report also sets out the elements that potentially could be used to shape a brighter and more secure future for Europe’s digital society, taking into account the new cybersecurity challenges triggered by the COVID-19 crisis. According to some projections, cybercrime will cost the world EUR 5.5 trillion by the end of 2020, up from EUR 2.7 trillion in 2015, due in part to the exploitation of the COVID-19 pandemic by cyber criminals. This figure represents the largest transfer of economic wealth in history, more profitable than the global trade in all major illegal drugs combined, putting at risk incentives for innovation and investment. Furthermore, cyber threats have moved beyond cybercrime and have become a matter of national security. The report addresses relevant issues, including: - Critical infrastructures: today, digital technologies are at the heart of all our critical infrastructures. Hence, their cybersecurity is already – and will become increasingly – a matter of critical infrastructure protection (see the cases of Estonia and Ukraine). - Magnitude of impact: the number of citizens, organisations and businesses impacted simultaneously by a single attack can be huge. - Complexity and duration of attacks: attacks are becoming more and more complex, demonstrating attackers’ enhanced planning capabilities. Moreover, attacks are often only detected post-mortem . - Computational power: the spread of malware also able to infect mobile and Internet of Things (IoT) devices (as in the case of Mirai botnet), hugely increases the distributed computational power of the attacks (especially in the case of denial of services (DoS)). The same phenomenon makes the eradication of an attack much more difficult. - Societal aspects: cyber threats can have a potentially massive impact on society, up to the point of undermining the trust citizens have in digital services. As such services are intertwined with our daily life, any successful cybersecurity strategy must take into consideration the human and, more generally, societal aspects. This report shows how the evolution of cybersecurity has always been determined by a type of cause-and-effect trend: the rise in new digital technologies followed by the discovery of new vulnerabilities, for which new cybersecurity measures must be identified. However, the magnitude and impacts of today's cyber attacks are now so critical that the digital society must prepare itself before attacks happen. Cybersecurity resilience along with measures to deter attacks and new ways to avoid software vulnerabilities should be enhanced, developed and supported. The ‘leitmotiv’ of this report is the need for a paradigm shift in the way cybersecurity is designed and deployed, to make it more proactive and better linked to societal needs. Given that data flows and information are the lifeblood of today’s digital society, cybersecurity is essential for ensuring that digital services work safely and securely while simultaneously guaranteeing citizens’ privacy and data protection. Thus, cybersecurity is evolving from a technological ‘option’ to a societal must. From big data to hyperconnectivity, from edge computing to the IoT, to artificial intelligence (AI), quantum computing and blockchain technologies, the ‘nitty-gritty’ details of cybersecurity implementation will always remain field-specific due to specific sectoral constraints. This brings with it inherent risks of a digital society with heterogeneous and inconsistent levels of security. To counteract this, we argue for a coherent, cross-sectoral and cross-societal cybersecurity strategy which can be implemented across all layers of European society. This strategy should cover not only the technological aspects but also the societal dimensions of ‘behaving in a cyber-secure way’. Consequently, the report concludes by presenting a series of possible actions instrumental to building a European digital society secure by design.JRC.T.2 - Cybersecurity and Digital Technologie

Artificial Intelligence at the JRC

This document presents the contributions presented at the first internal workshop on Artificial Intelligence (AI), organized by the Joint Research Centre (JRC) of the European Commission. This workshop was held on 23rd May at the premises of the JRC in Ispra (Italy), with video-conference to all JRC's sites. The workshop aimed to gather JRC specialists on AI to share their experience, to identify opportunities for meeting the EC demands on AI, and explore synergies among different JRC's working groups on AI. The full-day session workshop was organized around three main topical strands entitled Policy support, New Initiatives and Technology Development. Contributions covered a wide range of areas, including applications of AI to Cybersecurity, Transport, Environment, Health and other specific issues. This report is structured according to those main topics of study. According to the JRC Director General Vladimír Šucha: "The workshop was very stimulating and interesting presenting a broad spectrum of activities and competencies across JRC. It gave a great opportunity to build a strong and hopefully useful position in the field of AI/ML". While the first part of the workshop was mainly informative, in the second part we collectively discussed about JRC priorities and the set-up of a Community of Practice (now available at https://webgate.ec.europa.eu/connected/groups/community-of-practice-ai-and-big-data) dealing with AI and Big Data. Finally, the preliminary results of the online survey were presented. All colleagues were excellent in communicating their scientific activity in a flash and efficient way.JRC.B.6 - Digital Econom

Personal Data Breaches. A Feasibility Study on a Cyber Exercise

The Directive 2009/136/EC (amending Directive 2002/58/EC) introduces a new obligation for the providers of electronic communication services to notify data breaches to the competent authorities and the individuals affected by the data breach. In particular, in the context of the European Single Market a data breach easily discloses a cross-border dimension which should be addressed specifically within the scope of the above mentioned Directive. Immediate notifications involving various actors and across various fields of competences and scope will obviously require well-planned and coordinated processes of communication. Hence these processes should be continuously tested and further improved. Nevertheless little experience does exist which is the driving force to plan for structured exercises concerning the applicability of the Directive. It is therefore of utmost interest to start undertaking a personal data breach exercise similar to other cyber exercises. This document contains a feasibility study with which such a personal data breach exercise could be started. The feasibility study proposed an executable first plan, its key elements, a provisional timeline and, most importantly, a summary of human and financial resources needed.JRC.G.6-Digital Citizen Securit