Author INCIBE
This study has been elaborated with the collaboration of several agents who represent the
national cybersecurity research & innovation ecosystem. [Appendix I STUDY
PARTICIPANTS] contains a complete list of the organisations and their representatives
who collaborated in the study.
May 2015
This publication belongs to INCIBE (Spanish National Cybersecurity Institute) and is subject to a Creative Commons Attribution-
NonCommercial 3.0 Spain licence. As such, the copying, distribution, and public communication of this study is permitted under the following
conditions:
• Attribution. The content of this report may be fully or partially reproduced by third parties, provided that they cite its origin and
make express reference to INCIBE or CERTSI and its website: http://www.incibe.es. This attribution shall, under no circumstance, indicate that
INCIBE supports this third party or supports the use that it makes of its study.
• Non-commercial Use. The original material and the studies deriving therefrom may be distributed, copied, and exhibited, provided
that their use is not for commercial purposes.
When re-using or distributing the study, the terms of the licence of this study must be made clear. Some of these terms may be waived if
permission is obtained from CERTSI as the copyright owner. Complete licence text: http://creativecommons.org/licenses/by-nc-sa/3.0/es/
Network of excellence on cybersecurity R&D+i
Summary report Page 3 of 81
TABLE OF CONTENTS
1 BACKGROUND AND MOTIVATION .............................................................................. 5
1.1 Context and study objective ........................................................................................ 5
1.2 Structure ...................................................................................................................... 6
1.3 Main conclusions ......................................................................................................... 6
2 ANALYSIS FRAMEWORK ........................................................................................... 13
2.1 Analysis model ........................................................................................................... 13
2.2 Methodology .............................................................................................................. 13
2.3 Initial considerations .................................................................................................. 15
3 COMPETITIVE POSITIONING OF THE CYBERSECURITY RESEARCH & INNOVACION
ECOSYSTEM ................................................................................................................ 17
3.1 Map of Stakeholders & Agents .................................................................................. 17
3.2 Analysis of the institutional, legal, and economic context ........................................ 19
3.3 Characterisation of the cybersecurity research & innovation ecosystem ................ 21
3.3.1 Resources ............................................................................................................ 21
3.3.2 R&D+i value creation model ............................................................................... 24
3.3.3 Results ................................................................................................................. 27
3.4 Cybersecurity research & innovation ecosystem relationship model ....................... 28
3.4.1 Main national collaborative models or networks ............................................... 28
3.4.2 Main international collaboration models or networks ....................................... 30
3.5 Factors limiting cybersecurity R&D+i competitiveness ............................................. 31
3.5.1 General and structural weaknesses and obstacles ............................................. 32
3.5.2 Specific cybersecurity weaknesses and obstacles .............................................. 32
3.5.3 Conclusions ......................................................................................................... 33
3.6 SWOT analysis of the cybersecurity research & innovation ecosystem .................... 35
3.7 Action plan for the increase in the cybersecurity research & innovation ecosystem’s
competitiveness ............................................................................................................... 37
4 OPPORTUNITY ANALYSIS AND SWOT OF THE CREATION OF A NETWORK of excellence
ON CYBERSECURITY R&D+i ......................................................................................... 42
4.1 Opportunity Analysis.................................................................................................. 42
4.2 SWOT.......................................................................................................................... 42
5 NETWORK OF EXCELLENCE MODEL ALTERNATIVES ................................................... 44
5.1 Multicriteria assessment of the Excellence network model alternatives ................. 46
5.2 Presentation and validation of alternatives with the interested parties .................. 47
6 MODELLING THE NETWORK ..................................................................................... 49
6.1 Strategic formulation of the network ........................................................................ 52
6.1.1 Mission, vision, and values .................................................................................. 52
6.1.2 Strategic objectives, action lines, and measures ................................................ 54
6.2 Strategic alignment with the Cybersecurity Cluster in Spain project ........................ 55
7 ACTION PLAN: short-, medium-, and long-term actions roadmap ............................. 57
Network of excellence on cybersecurity R&D+i
Summary report Page 4 of 81
7.1 Phase 0: Collaborative definition ............................................................................... 57
7.2 Phase 1: Starting the pilot programme...................................................................... 58
7.3 Phase 2: Deployment ................................................................................................. 59
7.4 Phase 3: Stabilisation ................................................................................................. 59
7.5 Cross-disciplinary phase: Management of the implementation ............................... 59
7.6 Action Plan Schedule ................................................................................................. 60
APPENDIX I STUDY PARTICIPANTS .............................................................................. 61
AI.1 INTERVIEWS .......................................................................................................... 61
AI.2 QUESTIONNAIRES ................................................................................................. 62
AI.3 PARTICIPANTS IN THE Focus GroupS .................................................................... 65
AI.3.1 FIRST Focus Group ......................................................................................... 65
AI.3.2 SECOND Focus Group .................................................................................... 65
APPENDIX II STRATEGIC LINES OF ACTION AND MEASURES ......................................... 66
APPENDIX III DOCUMENT SOURCES CONSULTED ......................................................... 69
APPENDIX IV AGENTS OF THE CYBERSECURITY R&D+i ECOSYSTEM IN SPAIN ............... 75
APPENDIX V COLLABORATIVE NETWORKS ANALYSED ................................................. 80
Network of excellence on cybersecurity R&D+i
Summary report Page 5 of 81
1 BACKGROUND AND MOTIVATION
1.1 Context and study objective
The Spanish National Cybersecurity Institute (INCIBE) is an organisation dependent on the
Ministry of Industry, Energy, and Tourism (MINETUR), through the State Department of
Telecommunications and for the Information Society (SETSI), and it is the benchmark
institution with regard to the development of cybersecurity, and of digital trust for the
general public, for RedIRIS (the Spanish academic and research network), and for
businesses, especially sectors of strategic importance..
In the framework of the Trust in the Digital Domain, which is part of the Digital Agenda
for Spain, INCIBE has driven the elaboration of the “feasibility study and design of a
network of centres of excellence in cybersecurity R&D+i”.
The objective of this study is to understand the context and dynamics through which
cybersecurity R&D+i is conducted in Spain, in order to determine the suitability and
relevance of the creation of a network of centres of excellence in cybersecurity R&D+i.
The future network would be aimed at overcoming the fragmentation of research,
combining the critical mass of the best scientific and technological capacities, assets and
talents, thus promoting an improvement in the competitiveness of the Spanish R&D+i
cybersecurity ecosystem.
This document presents a summary of the main results obtained after the study has been
carried out.
The study has been carried out with a participative, collaborative, and consensual
approach.
The characterisation of an ecosystem such as the cybersecurity one, which is very
complex and diverse, would not make sense without considering the vision, experience,
and opinion of its agents, who really know the dynamics and capacities of the ecosystem
itself, and its deficiencies, weaknesses, and issues. As such, the study has been carried out
with the participation and “intelligence” of the ecosystem as its driving force.
A group of representative agents belonging to the four main types of organisations that
form any ecosystem of this type, has collaborated in the study: Public Administration,
Academia, R&D+i Support Organisations and Industry. These agents have contributed
providing their vision on the current state of the ecosystem, and the issues and challenges
that cybersecurity faces.
The study reflects the “global intelligence”, materialised in the visions and opinions with
general consensus and majority backing from participants in the study. As such, the
representativeness of the results obtained has been ensured.
Network of excellence on cybersecurity R&D+i
Summary report Page 6 of 81
This “Intelligence” has actively participated throughout the study, not only in the
identification of the state of the art in cybersecurity R&D+i and the challenges that our
country must address to improve its positioning, but also in the identification, validation,
and agreed definition of the basic premises and the mission that should guide the
creation of the future Network of Excellence, as well as the objectives that would be
included in its agenda.
1.2 Structure
The contents of this document have been structured in accordance with the logic
followed during the execution of the study:
Firstly, it is presented in an executive summary way, the main conclusions, in terms of
positioning of the cybersecurity research & innovation ecosystem and the challenges that
must be addressed, the feasibility of the creation of a Network of Excellence, and the
strategic elements that should guide its creation and activity.
The [ANALYSIS FRAMEWORK] section illustrates the methodology that guided the
preparation of the study. The main results of the analysis and assessment of the
ecosystem, in terms of resources available, value production dynamics, and results
obtained are displayed below. This analysis is complemented with the state of the art in
terms of the collaboration dynamics and models present in the ecosystem.
As a result of that analysis and assessment, it is discussed the main constraints and
challenges that the ecosystem must face to improve its competitiveness, as well as a
proposed action plan to address this improvement.
This cybersecurity R&D+i ecosystem shaping allows to advance towards the next step, to
determine the suitability and feasibility of establishing a Network of Excellence,
promoting a leap forward in the value production and results of the ecosystem.
Main network model alternatives that respond to the challenges posed are presented,
collaboratively considered to be the most feasible and suitable for the future network.
The study concludes with the strategic characterisation of the network (mission, values
and strategic goals) and an action plan for the implementation of its activities over the
coming years.
As additional information, the study includes appendices detailing the study participants,
the documentary sources consulted, a look at the map of R&D+i agents in cybersecurity in
Spain, and the details of the collaborative models analysed.
1.3 Main conclusions
The opportunity: positioning Spanish R&D+i on the global stage
In general, and taking into account the limitations in terms of quantifying cybersecurity, it
should be highlighted that Spain does not have a clear R&D+i positioning at an
Network of excellence on cybersecurity R&D+i
Summary report Page 7 of 81
international level, and it is not considered one of the “best in class” in any of the
scientific-technological areas in which cybersecurity could be included1.
Our country is behind other European countries, which is evidence of a major
technological gap both in research and transference. The differentiating factors of the
leading countries (the United States, Israel, and the United Kingdom) are policies and
clear research focal points, as well as medium- and long-term investment in R&D+i, which
allows the maturation necessary for obtaining returns. This gap also exists in Europe,
where Spain is behind countries such as France, Germany, and the Netherlands.
In our ecosystem, a series of limitations explain this weak positioning and shape an
environment that does not allow us to position ourselves amongst the world leaders in
cybersecurity.
Many challenges ahead
Our ecosystem must overcome these limitations (challenges) and address the
improvement of its competitiveness and results. These challenges, which are profoundly
important and have a major impact, along with the dearth of networks and collaboration
models in cybersecurity R&D+i, constitute an opportunity and explain the need to create
a Network of Excellence which, through the connection, pooling, and exploitation of
assets, responds to these challenges.
The network would undoubtedly play a key role in the future of the ecosystem, and it will
allow the first steps to be taken towards a more cohesive and united ecosystem with
greater synergy, resulting in higher levels of R&D+i.
Many of these challenges are related to the structural and circumstantial weaknesses of
the Science and Technology System, which, in the last few years, have not accompanied
the driving forwards of such a strategic and critical sector; on one hand, the financial crisis
has resulted in a restriction of the budget appropriation in R&D+i, which has obviously
affected cybersecurity; on the other hand, the structural weaknesses of the Science and
Technology System and cultural factors (risk aversion, poor collaboration culture) slow
down R&D+i in our country.
Likewise, there are also specific R&D+i challenges in cybersecurity, since many elements
still need to be developed in our country. The State must establish a focus or a clear
strategy with regard to the priorities from which R&D+i can be constructed, reverse the
budgetary shortage trend, and develop a more extensive internal market, through a
greater drive in the demand for cybersecurity solutions, mainly by the Public
Administrations and the State.
1 In the framework of the study, the following have been identified as large groups of scientific-technological areas: research, mobility, hardware, cyber-defence/cyber-attack, secure coding, and procedures/operations.
Network of excellence on cybersecurity R&D+i
Summary report Page 8 of 81
Making the most of the momentum created, and developing the ecosystem’s capacities
to enter a new stage of cybersecurity in Spain
However, the major capacities of our country in R&D+i, the awareness that the ecosystem
agents have about the need to tackle the challenges, along with a great willingness on the
part of the latter to get involved on a new stage for R&D+i in cybersecurity, favour the
ecosystem, since they are fuel that will allow a step to be taken towards a new stage.
This willingness of the ecosystem to develop the new generation of cybersecurity must be
accompanied by the changes and actions that the Public Administration, in its role as
facilitator and promoter, must take without fail for this step forward to become a reality.
Elements such as the development of strategies with specific focal points, the establishing
of a specific R&D+i Agenda, positioning in the European Union, and the necessary
development in regulations or certifications, are part of the contextual conditions that
this change requires.
In addition, for a “winning solution”, it is necessary to take this challenge seriously, with
clear commitments and well-defined budgets, far from theoretical proposals and
statements of intent that do not produce tangible and real results.
A brief review of the state of the art of R&D+i in cybersecurity
The current R&D+i situation in cybersecurity will allow us to outline the challenges faced
by the ecosystem, in which the network will play a key role.
A dynamic sector with many opportunities
The cybersecurity sector presents many opportunities, with some factors standing out,
such as:
The increase in the number, type and sophistication of the threats.
The greater number of vulnerabilities, due to the increasingly widespread use of
technology (particularly mobile technology and cloud solutions).
A growing awareness of organisations and consumers about security risks.
Regulations, which impose obligations regarding the protection of personal data,
and information, and the infrastructure that supports it.
A regulatory framework that has taken the first steps, but which must set the focus
points and priorities
Cybersecurity is a key issue on the Spanish governmental agenda; the Government of
Spain aligns itself with the issues raised by the European Union (Cybersecurity Strategy of
Network of excellence on cybersecurity R&D+i
Summary report Page 9 of 81
the European Union), establishing a series of strategies with commitments regarding
cybercrime, public administration security and cyber-defence2.
Despite these strategies being an important step forward, they are high-level proposals
that result in statements of intent which define the problem and provide general
solutions, but they must be specific and well-grounded.
The absence of thematic focal points or priorities in these strategies is particularly
remarkable. The agents taking part in the study consider that a clear development of
R&D+i in cybersecurity is necessary, with a focus and funding, setting out the priorities
and the “path” to follow, in order that the ecosystem may point in the direction
established. Many agents who participated in the study are calling for the creation of a
cybersecurity R&D+i - specific programme or agenda.
The legislation in force at the date of this study is marked by the development of specific
regulatory aspects, although, as with the case of the strategies, there is still a long way to
go. In the future, It should be expected the regulatory framework to become a much
broader element as cybersecurity policies are created.
An ecosystem with a broad capacity to generate more value
Our ecosystem is broad and diverse, since it includes more than 300 agents (from science,
industry, administration, and R&D+i support organisations). However, it is strongly
fragmented and disconnected, since the relationship dynamics between its agents are
more one-off than general and without a specific focus on its activity. In short, it is an
ecosystem that does not use all of the potential synergies that collaboration, which
probably means that it is operating far below its capacity.
R&D+i results are poor in terms of transference and applicability to the market. This
means that many publications and patents do not become products or services that are
applied in the market. The poor incentives of the Science and Technology System for
transferring the results of research to the market is one of the main limiting factors for
reversing this trend.
Transference-specialised agents (R&D+i Support Organisations) must lead the process of
transference and commercialisation of the research results to the industry, promoting an
in-depth review of the transference mechanisms and incentives.
However, and despite all of these limiting factors, it is a relatively young ecosystem with
many assets, and therefore, there is a long journey ahead and much room for
improvement in the exploitation and development of its capacities.
2 The National Cybersecurity Strategy (ECSN), part of the National Security Strategy (ESN), the Maritime Security Strategy, and also part
of the ESN, with specific action relating to maritime cybersecurity, and the Digital Agenda for Spain (inspired by the Digital Agenda for
Europe) develop the Digital Trust Plan, implementing digital trust actions.
Network of excellence on cybersecurity R&D+i
Summary report Page 10 of 81
A poor financial framework for R&D+i
Spain is clearly weak in terms of funding, with investment levels that are lower than those
of the leading countries3. There is therefore a loss of competitiveness in the industry and
in the research system, with a long-term impact, since the results of R&D+i returns are
felt over a relatively long period of time.
Despite the R&D+i Strategy (2013-2016 Spanish National Plan for Scientific and Technical
Research and Innovation) mentioning cybersecurity as a thematic priority, its scope is not
specified in terms of budgetary resources, and it is considered to have “limited funding”.
The private sector has also shown signs of budgetary restriction as a result of the financial
crisis, with major cuts in R&D+i investment.
Lastly, the lack of traction from the Administration, not only regarding the low level of
specificity in cybersecurity policies, but also in terms of the absence of budgets in the
public organisations, which have to implement these solutions in their own agencies,
aggravates the problem, and adds a “request” dimension to the already complex
budgetary situation.
A smaller market in Spain that limits the growth of R&D+i solutions
The low levels of demand for cybersecurity solutions in Spain result in a smaller market.
The lack of awareness about the need for protection against cyber-attacks by consumers,
companies, and the Public Administration (civil, defence, and intelligence) is a key factor
that would explain this low demand. It is therefore necessary to continue making
progress in the cybersecurity culture in our country.
Furthermore, the agents participating in the study call for actions aimed at strengthening
Spanish solutions and a better traction from the Public Administration in the demand for
innovative solutions.
Talent as one of the great concerns
The main issue of talent in Spain, given its recurrence in the conversations with the
agents of the ecosystem that participated in the study, is the human capital flight to other
countries in search of better opportunities. This poses a very concerning situation, given
that cybersecurity is a field that requires specialised talent, in which the training of
professionals requires time and maturity. This is occurring in a context in which there is
expected to be a strong need for professionals over the coming years.
One of the main factors contributing to slowing down the capacity of the ecosystem to
retain and recognise talent is shortcomings in the Science and Technology System, whose
precarious remuneration does not contribute to creating a perception of research as a
professional option. In addition, there is a need to organise and structure talent, through
3 Recommendations report of the High-level Expert Group for the Digital Agenda for Spain, published in 2012.
Network of excellence on cybersecurity R&D+i
Summary report Page 11 of 81
specific approaches for the training of cybersecurity researchers and professionals, which
allow an itinerary and a clear training profile to be established.
The role of the future Network of Excellence
In the light of the diagnostic of the ecosystem, the network could play a key role in the
search for and implementation of the solutions that respond to the challenges posed,
leading to a strong, cohesive, and robust system with the capacity to position itself in the
“winner’s league”.
Following the collaborative process carried out with the ecosystem agents, it has been
firstly identified that the network could collaborate in the resolution of the following
challenges:
Definition of an R&D+i cybersecurity plan or agenda on a national level, as well as a
plan for Spain’s positioning in the Horizon 2020 programme.
Identification of the research incentive mechanisms.
Awareness-raising about the need to protect information, systems, and networks
against cyber threats and cyber-attacks.
Identification of the capacities, potential, and level of excellence of the ecosystem.
Review of the talent attraction and retention mechanisms that contribute to
stemming the brain drain.
Identification of the common points of interest in the ecosystem and the generation
of collaboration incentives around them.
Identification of the market needs for the development of solutions with a
commercial focus.
Mission and Objectives of the Network of Excellence
During the network’s strategic formulation process, the following were highlighted as key
elements of the network’s activity:
Specific objectives, both in the long- and short-term, with a focus on R&D+i and on
the transference of the research results to the market.
Response capacity in a context in which the speed of technological change requires
a flexible, open, and quick response. It is not only technologies that advance at an
exponential rate, but also cyber threats and cyber-attacks.
Coordination with the Government and Public Administrations responsible for the
development of cybersecurity in order to be able to generate the appropriate
responses in a coordinated and collaborative manner.
Network of excellence on cybersecurity R&D+i
Summary report Page 12 of 81
Excellence as the key component governing the Network.
Developing R&D+i resources as the core mission of the Network
The network’s main objective will be to contribute to the improvement of
competitiveness, to seek the development of solutions that respond to the needs of the
market. As such, it will work actively to overcome the fragmentation of the ecosystem,
through actions that allow the ecosystem’s capacities to be exploited in a collaborative,
synergetic, and joint manner.
On the date of preparation of this document, the establishing of the Network’s mission in
strategic objectives, action lines, and specific measures, are the subject of debate and
consensus with the agents collaborating in the study. All this is specified in [Appendix II:
Strategic lines of action and measures], but it also could have some changes in a future.
Network of excellence on cybersecurity R&D+i
Summary report Page 13 of 81
2 ANALYSIS FRAMEWORK
2.1 Analysis model
The process for the creation of the study has been carried out using the following general
analysis model, which reflects the group of assets, agents, and dynamics that allow value
to be produced in the cybersecurity research & innovation ecosystem.
Figure 1: General analysis model.
From this perspective, a simplified representation of the ecosystem has been used, to be
seen as a “system” which, through available resources, generates value in its main
results.
Resources: what elements does the ecosystem have that produce value?
Results: what is the real result and the value produced by the ecosystem?
R&D+i value creation model: what value production “vehicle” does the ecosystem
have?
2.2 Methodology
The methodology for carrying out the study is based on two approaches:
Collective thinking exercise with different key agents of the ecosystem that
contributed their vision and perspective. Participants belong to different groups,
including experts, companies, universities, technological centres, and public
Network of excellence on cybersecurity R&D+i
Summary report Page 14 of 81
institutions in order to assure the representativeness of the study. They took part
through the following mechanisms:
o Individual, private, and anonymous interviews, in order to obtain free
opinions from a total of 18 ecosystem agents (15 national and 3
international).
o Submission of questionnaires to be completed by a total of 65 ecosystem
agents.
o Comparison with INCIBE of the results obtained in the collective thinking
exercise, through a Think Tank session. The objective of this session was to
align the aspects of the Network outlined by the Collective Intelligence
with the strategic documents that explain both this study and the initiative
of creating the Network of Excellence.
o Focus Group Sessions aimed at generating free and guided discussion to
finalise important aspects of the Network with the greatest degree of
consensus possible. Two sessions were held with the participation of a
group of relevant agents.
Appendix I STUDY PARTICIPANTS includes the list of the organisations and
individuals who collaborated in the preparation of this study.
To complement these opinions, a comparison with analytical information and
document sources available for cybersecurity was carried out both at a national
and international level, from the different sources of information.
Appendix III DOCUMENT SOURCES CONSULTED includes the detail of the sources
analysed during the preparation of the study.
The objective of this combined analysis has been, in the first phase, to launch a divergent
analysis, allowing the identification of the group of potential solution scenarios, in order
to, in a second phase, converge towards the more feasible scenarios in the development
and implementation of the future Network of Centres of Excellence in cybersecurity
R&D+i.
Network of excellence on cybersecurity R&D+i
Summary report Page 15 of 81
Figure 2: Analysis methodology.
2.3 Initial considerations
The interpretation of the study results must be carried out bearing in mind a series of
elements that determine them.
Firstly, cybersecurity is a relatively new and emerging concept, which involves the virtual
absence of studies and specific statistics that allow a systematic analysis to be carried
out.
Moreover, it is a cross-sectional area, with applications in practically all fields of
Information and Communications Technologies (ICT) and in all production sectors, which
makes it difficult to obtain financial data to quantify both the industry and its R&D+i
level4.
Lastly, it is a concept that both due to its many applications and its implications
(regulation, civil, military, and technological) is very wide in its interpretations. More
specifically, in the area of R&D+i, the plurality of agents in the scientific-technological
and knowledge areas5, increased the complexity of the study. This problem, in addition
to the lack of data, means that the analysis of R&D+i in cybersecurity has not been able to
be carried out globally and systematically.
As a result, in the analysis carried out, there has not been the availability of data and
statistics that would be necessary to thoroughly evaluate R&D+i in cybersecurity from a
5 The absence of public sources and statistics that allow us to evaluate cybersecurity in detail made it impossible to carry out an evaluation of the research capacity and excellence in our country.
Network of excellence on cybersecurity R&D+i
Summary report Page 16 of 81
quantitative point of view. Research based on the knowledge of the ecosystem by INCIBE
and the agents who participated in the study has been conducted to overcome this
difficulty.
Network of excellence on cybersecurity R&D+i
Summary report Page 17 of 81
3 COMPETITIVE POSITIONING OF THE CYBERSECURITY
RESEARCH & INNOVACION ECOSYSTEM
3.1 Map of Stakeholders & Agents
To put into context the current situation of the cybersecurity research & innovation
ecosystem, one of the first tasks to undertake is to outline the map of agents both at a
national and international level.
It is necessary to highlight the lack of formal and structured sources of information that
compile and characterise all of the ecosystem agents comprehensively. In order for this
not to affect the creation of the report, hard work was required during the agent
identification process, using both the knowledge available (expert collaborators,
interviewed/surveyed agents, and INCIBE), as well as the references shown in the various
document sources analysed.
The cybersecurity research & innovation ecosystem is a complex ecosystem consisting of
many agents with different roles, who interact with each other: Public Administrations,
the Academic Sector, R&D+i Support Organisations, and the Industry.
Figure 3: Type of cybersecurity research & innovation ecosystem agents.
The Public Administrations consist of both civil and military organisations with different
roles:
Consultation role. These both civil and military non-governmental organisations are
generally supranational, which carry out reflection processes and mark out the
Network of excellence on cybersecurity R&D+i
Summary report Page 18 of 81
main lines of cybersecurity in the institutional and political sphere. Amongst other
elements, they formulate recommendations and design global standards with the
objective of creating a common framework that combines visions with regard to
the development of cybersecurity in the different nations.
Communication role. Aimed at the communication, sharing, and pooling of various
issues in the area of cybersecurity.
Strategic role. Country governments fall into this category, such as institutions,
whose mission is to design strategies and public policies on this issue and make
them operational. The institutions of the European Union that form policies are
also included.
Funding role. Governmental agents in charge of financially and economically
covering cybersecurity. In the sphere of this study, the agents that fund the R&D+i
activities have been only strictly considered.
Legislative role. Agents who define the legal framework in which cybersecurity
activities are managed.
The Public Administration’s demand-inducing role in two ways:
It demands security for the protection of the information managed by the
administration itself.
It demands protection and security solutions in the area of defence and national
intelligence.
The agents of the Academic Sector are the basic core of the scientific research and
technological development system. This category includes universities (with their
associated research groups) and (public and private) research centres.
R&D+i Support Organisations contribute to making the system dynamic, providing
interaction between the scientific and technological settings for the dissemination and
generalisation of R&D+i processes. Specifically, three types were considered:
Research Results Transference Offices (OTRIs), whose objective is to contribute to
the commercialisation of the R&D+i results generated in the university and
research centres.
Technological Centres (TC) which, in line with the requirements of the business,
develop technological research and development projects, contributing to the
transference of research results, promoting cooperative research between the
companies and increasing their technological level and competitiveness.
Network of excellence on cybersecurity R&D+i
Summary report Page 19 of 81
Technological Innovation Support Centres (CAIT), whose objective is to facilitate
the application of knowledge generated in research institutions and technological
centres, through their mediation to companies.
The Industry and companies are analysed from two perspectives:
Companies that carry out their business in the area of cybersecurity.
Business associations that, through the union and collaboration between their
partners and members, seek to obtain synergies, economies of scale, and the
carrying out of joint R&D+i activities.
Below, the map of the Spanish R&D+i Ecosystem is shown, identifying the number of
agents that exist within each agent category:
Figure 4: Map of agents of the cybersecurity research & innovation ecosystem in Spain.
Appendix IV AGENTS OF THE CYBERSECURITY R&D+i ECOSYSTEM IN SPAIN of this document
provides a list of the agents identified by each category.
3.2 Analysis of the institutional, legal, and economic context
Within the analysis model proposed for analysing the Cybersecurity research &
innovation ecosystem, the first element to take into account is the context in which it is
managed, which could be accepted as the “general rules of play” that define the
perimeter of cybersecurity development.
Network of excellence on cybersecurity R&D+i
Summary report Page 20 of 81
Figure 5: General analysis model: context.
In the international scope, it is important to highlight that the first steps have been taken
in recognising cybersecurity as a key issue on the governmental agendas, with high-level
strategic guidelines being established to address it. These guidelines need to be reviewed
constantly and continuously, given the speed of change in information technologies and
cyber threats.
The European Union recognises the importance of cybersecurity in its main line of
strategy, the Europe 2020 strategy, although it explicitly recognises that Member States
must establish their own national strategies in this area.
In Spain, it must highlighted that, despite the Spanish State having recognised
cybersecurity as a key issue on the governmental agenda, the reality is that the strategies
designed are high-level proposals that result in statements of intentions that define the
challenges and provide general solutions, but they must be specific and well-grounded.
Indeed, one of the characteristics of the different initiatives6 that the Government of
Spain has undertaken in relation to cybersecurity, is the absence of thematic focal points
or specific priorities.
This lack of specificity may be a disadvantage in the development of cybersecurity, with a
general scenario being proposed where it is difficult for ecosystem agents to establish an
action strategy.
In the legal sphere, the scenario is similar to the context, given that it is an element that
is developed in parallel to the advancement and implementation of strategies in
6 The Digital Agenda for Spain, the National Security Strategy (ESN), the National Cybersecurity Strategy (ECSN), and the Maritime Security Strategy (with a specific action in cybersecurity).
Network of excellence on cybersecurity R&D+i
Summary report Page 21 of 81
cybersecurity. As such, there is a long way to go, and the advancement and speed will be
marked by the degree of strategic and political development.
Specifically, there are various elements that could be highlighted as requiring
development:
Alignment of the Spanish and European legal frameworks, as a critical element for
the detection and coordinated pursuit of cyber threats and cyber-attacks.
The specific obligations in the protection of critical infrastructure.
Regulatory developments aimed at driving forward the European digital market.
The regulation of security aspects in Electronic Administration and interoperability
in the exchange of electronic information between administrators.
Lastly, with regard to funding of R&D+i, cybersecurity is one of the thematic priorities of
the European R&D+i programme (Horizon 2020), which has budgetary allocations and
specific development areas.
At the State level, it can be concluded that cybersecurity receives lower levels of
investment than leading countries (the United States, the United Kingdom, and Israel). In
the absence of a specific cybersecurity R&D+i plan, the 2013-2016 State Plan for
Scientific, Technical, and Innovation Research is the main source of funding for R&D+i
activities in this field. This plan recognises this area as key, although there is only partial
information about the budgetary allocation for this priority7.
3.3 Characterisation of the cybersecurity research & innovation ecosystem
This section assesses the different elements that, in addition to the context, form the
cybersecurity research & innovation ecosystem. Specifically, it is analysed the resources,
the value creation model and the results produced by this model.
3.3.1 Resources
The resources represent the basic elements available in the research & innovation
ecosystem for the creation of value, represented by the market, science and knowledge,
talent and funding.
7 Through a request made to the Ministry of the Economy and Competitiveness on the degree of project execution in cybersecurity,
we received the following data: 1) General Directorate of Scientific and Technical Research (DGICT). 27 projects funded during the
2009-2013 period, for a total amount of 3.3 million euros. 2) General Directorate of Innovation and Competitiveness (DGIC): in the
2014 call for Collaboration Challenges, 11 projects were funded in Challenge 8, Security, Protection, and Defence, for a total amount of
7.8 million euros. Additionally, during the 2010-2012 period, a total of 18 projects were funded in the framework of the sub-
programme INNPACTO, for an amount of 20 million euros.
Network of excellence on cybersecurity R&D+i
Summary report Page 22 of 81
Figure 6: Resources.
Market
In general, the Spanish industry is characterised by high fragmentation and diversity in
the category of companies, from large driving companies (national and international) to
niche companies.
It can be concluded that the volume of companies is smaller in comparison to other
economic sectors, although there are no public statistics that allow quantification of the
company census.
It is necessary to make an effort in the Spanish industry to overcome the technological
gap and to position the country on the global arena, since our industry as a whole is very
far from both the main industrial leaders (the United States and Israel) and the second
line of competitors (the United Kingdom, the Netherlands, France, and Germany,
amongst others).
Lastly, the poor cybersecurity culture in Spain and the Administration’s low driving
capacity for demand are other limiting factors for the industry’s capacity to generate and
commercialise cybersecurity solutions. Both elements result in a smaller domestic market
that limits the development possibilities for the industry. In an international context, Latin
America is the main focal point for opportunity for our industry.
Science and knowledge
We should highlight the existence of critical mass in research in Spain, with 110 research
groups in 42 universities and 3 research centres dedicated to cybersecurity being
identified.
The diversity of scientific-technological areas (despite many of the research groups being
dedicated to cryptography-related areas), and the disconnection and lack of collaboration
Network of excellence on cybersecurity R&D+i
Summary report Page 23 of 81
between agents, disperses the research capacity and means with no specific and defined
strengths from an aggregate level.
Indeed, Spain does not appear in the Best in Class about research and transference in
any of the cybersecurity scientific-technological areas.
Talent
The main element that characterises the talent of cybersecurity in Spain is the important
human capital loss on behalf of other countries, due to the better opportunities offered
by our competitors.
Furthermore, the Science and Technology system has a series of weaknesses and
shortcomings, which are limiting factors for the process of recruiting and retaining
research personnel and they contribute to accelerating the human capital flight:
“Precariousness” of the hiring and grants policy for research personnel, which does
not contribute to improving research professionals’ perception of it as a
professional option.
The research personnel replacement ratio in the Academic Sector is much lower
than loss of staff, resulting in a net reduction in the volume of research talent
available.
The low driving force in domestic demand for cybersecurity (consumers, companies, and
the Administration) is an element that limits the development of the industry and,
therefore, the demand for talent.
Favourable elements are the availability of a good level of talent. However, many agents
participating in the initiative consider it to be necessary to improve the talent training
and recruitment plans in cybersecurity, with a more specific focus being generated in this
field and with the labour market (industry) needs being incorporated into these plans.
Lastly, it is important to highlight the forecast of a high demand for professionals over
the coming years, given the great opportunities offered by cybersecurity.
Funding
In Spain, in the absence of a specific R&D+i plan in the field of cybersecurity, it can be
highlighted that, despite the State policies (and those of some regions) establishing
security as one of the thematic priorities for R&D+i, the level of financial support can
only be partially evaluated.
Funding cuts in science has led, not only to the reduction in funding for projects, but also
a limit in the research personnel of the institutions.
Given this situation, the European Union’s Horizon 2020 programme is practically the
only route for funding R&D+i. The 2013-2016 State Scientific, Technical, and Innovation
Research Plan is considered to have “limited funding”.
Network of excellence on cybersecurity R&D+i
Summary report Page 24 of 81
Another of the means used by the Academic Sector to obtain funds is collaboration with
companies (R&D contracts); however, due to the current issue of disconnection between
science and business in our country, this means of funding is still low.
3.3.2 R&D+i value creation model
This model is fuelled by the resources of culture, talent, science and knowledge and
transference and it adds value to them or takes value away from them depending on how
the elements of the value production model are configured for producing a result.
Figure 7: cybersecurity R&D+i value creation model.
Culture
Collaborative culture. The collaborative culture in our country is low, which reduces
the ecosystem’s capacity to produce value through joint R&D+i projects.
Entrepreneurship culture. Spain has a risk-aversion culture, which implies relatively
low entrepreneurship levels. The agents participating in the study indicate the
need to work and strengthen this element from the earliest stages of the
education system.
Cybersecurity culture. Companies and the market in general are not aware of the
need to protect themselves and prevent attacks. This situation results in a reduced
domestic market, which leads to low levels of demand for cybersecurity solutions
in the three main groups that demand solutions (consumers, companies, and
Public Administration). The search for international markets, such as Latin
America, is a possible alternative to this lack of internal demand.
Network of excellence on cybersecurity R&D+i
Summary report Page 25 of 81
Talent
The cybersecurity talent-generating model begins in the university system, although some
of the participating agents call for the need to develop a cybersecurity culture and
professional vocations from the earliest stages of the educational system.
As a starting point, it must be borne in mind that this talent requires a high specialised
training, after graduation from university, and as such, the preparation and maturation of
professionals in this field requires time. Furthermore, since it is a cross-sectional
discipline, it does not have a specific training focus, which results in an unclear
professional profile.
There is a large potential volume of talent, since any IT technician or
telecommunications engineer, with the correct training can become a cybersecurity
professional. However, to develop all of this potential, a specific and “guided” training
process is demanded, which is aligned with the national roadmap in this subject, which
guarantees that there are professionals who are trained for our country’s future
challenges.
This alignment of university with cybersecurity should be formulated through closer
contact with the industry, matching the needs of the market with academic training,
which is the model followed by some leading countries in this field (the United States).
Likewise, the future planned steps in the certification of professionals in cybersecurity
will be an element that will contribute positively to distinguishing talent.
Science and knowledge
The cybersecurity research & innovation ecosystem in Spain is characterised by its
amplitude, diversity, fragmentation, dispersal and by not having clear relationship
dynamics between its agents.
However, since it is relatively young, we can expect a positive evolution in the use and
development of these research capacities. It is therefore necessary to make progress in
terms of greater levels of collaboration in common objectives, which will increase the
positioning of our ecosystem both nationally and internationally.
In addition to the lack of collaboration, there are other elements that hinder its research
capacity, allowing it to extract all of its potential: the lack of a specific R&D+i plan for
cybersecurity and the poor budgetary allocation to science.
Lastly, it will be necessary to work on a series of elements that allow the creation of solid
foundations in order to increase the contribution of value in cybersecurity R&D+i:
Knowledge of the capacities and potential of R&D+i in Spain as the first step for
boosting the research.
An increase in collaboration between agents.
Network of excellence on cybersecurity R&D+i
Summary report Page 26 of 81
A better definition of the policies (focal points) and public budgetary allocations.
Relaunching of instruments that enable and empower the role of the Public
Administration as a driving force of the demand for cybersecurity. Innovative
public purchasing and the early demand for innovative solutions are useful
elements for boosting the development of leading solutions.
Transference
The weaknesses of our country in the process of transferring the results of research to the
market and the now traditional disconnection between science and the market are
recurring themes in the debate on the Spanish Science and Technology System.
The levels of transference to the market, which cannot be assessed objectively, due to the
lack of public data, are relatively poor in the opinion of the agents and experts who
participated in the study, who point to some elements as causes of this situation:
The Academic Sector indicates the poor incentives for researchers to implement
transference. However, the agents who specialise in transference must play a
key role in the commercialisation of the research results to the industry.
Another of the elements indicated is the ease that proximity between companies
and research centres provides to the transference process, which is complicated
for geographical regions that are far from the main business centres, since the
business network does not usually have an R&D+i culture, and it is more focussed
on surviving the crisis than promoting it.
In the sphere of cybersecurity, there is also the fact that companies and the market
in general are not aware of the need to protect themselves and prevent attacks.
Transference on an international level is complicated, since the sovereignty of
countries in cybersecurity affects the transference process, not only in terms of
military and intelligence aspects, but also in solutions in the civil sphere.
The solution to the lack of transference has to take into account various elements:
The carrying out of joint projects that have common interests both for science and
the industry.
Making the research capacity and potential of the Academic Sector known to the
industry.
Revision of the transference agents’ model, establishing the incentives that allow a
real transference.
Network of excellence on cybersecurity R&D+i
Summary report Page 27 of 81
3.3.3 Results
Figure 8: Results.
The results reflect how the research & innovation ecosystem adds or subtracts value to or
from the resources. In accordance with the analysis model proposed, there are four main
result categories to generate: publications, patents, technological companies and
reference, with the latter term being understood to mean the ecosystem’s capacity to
position itself as excellent and a reference within the scientific-technological panorama of
cybersecurity.
In general, the diversity of scientific-technological areas (despite many research groups
being dedicated to areas related to cryptography) and the disconnection and lack of
collaboration between research & innovation ecosystem agents, means that the results
of the research are dispersed and do not have specific and defined strengths.
As a result, the Spanish cybersecurity research & innovation ecosystem is not a
reference at an international level in any scientific-technological area that includes
cybersecurity (which does not imply that there is not reference at the individual level of
researchers, universities, or research groups).
The agents participating in the study perceive that the results of R&D+i in cybersecurity
are poor. Perhaps the production of publications and patents are the elements that have
the most volume, although the lack of applicability and transference to the market means
that, in practice, these results are not transformed into financial value and do not reach
the market. This low applicability may be due to various factors:
Lack of specific research strategies with practical approaches for application.
In the research system, there are no clear incentives for transference to the market
and there is no defined an entrepreneurship model.
Network of excellence on cybersecurity R&D+i
Summary report Page 28 of 81
3.4 Cybersecurity research & innovation ecosystem relationship model
In this section, an analysis of the relationship model is presented as dynamics, models,
and collaborative relationships between the different cybersecurity research &
innovation ecosystem agents.
In order to achieve this, an illustrated vision of the agents participating in the initiative on
the relationship dynamics in the ecosystem has been made. These visions will be
complemented by an analysis of the main collaborative networks identified in our
country. Lastly, due to its value as a source of best practices and inspiring experiences, an
analysis of the main international networks is included.
Appendix V COLLABORATIVE NETWORKS ANALYSED includes a list of the national and
international collaborative networks.
3.4.1 Main national collaborative models or networks
Generally, in Spain the collaboration culture is relatively poor, which is an initial limiting
element for the development of cybersecurity R&D+i collaboration.
As mentioned before, the research & innovation ecosystem is characterised by its
amplitude, diversity, and disconnection, which makes it difficult to systematically
identify the collaboration and relationship dynamics between its agents. The evidence
available indicates that a relationship model collaboration between agents is on a one-off
basis, without existing indications of global and comprehensive collaboration in the
ecosystem.
The agents participating in the initiative consider that in Spain, in comparison with other
countries, R&D+i collaboration is low, mainly due to cultural aspects, added to the
funding situation, which does not help the creation of collaboration ties through
ecosystem agents carrying out joint projects.
There is a certain mood of pessimism with regard to the existing collaboration models,
since it is considered that they do not fulfil vitally important premises, such as showing a
real commitment to R&D+i materialised in budgets, or establishing clear business
objectives, that result in collaboration for the development of marketable solutions.
Lastly, participants indicate the existence of collaboration in European R&D+i funding
programmes (Horizon 2020 and previously, the Seventh Framework Programme).
However, Spain’s returns in these programmes are not in line with its capacities, and as
such, it is necessary to continue working on the development of a proactive strategy to
position Spain in Horizon 2020 and in the European Union organisations involved in
designing the priorities of the aforementioned programme.
Three main types of collaboration result from the analysis of the collaborative networks in
Spain:
Network of excellence on cybersecurity R&D+i
Summary report Page 29 of 81
Collaboration between science (universities and research groups) and the industry,
which are increasingly common but at a level that is lower than other sectors
(perhaps because cybersecurity is an emerging sector), and it is more one-off than
general8. Many of these collaborations are organised in the context of funding
programmes (mainly Horizon 2020), for the development of joint programmes.
Collaboration between universities, with the A-4U Alliance being notable (strategic
association between the Autonomous University of Barcelona, the Autonomous
University of Madrid, Carlos III University of Madrid, and Pompeo Fabre University
of Barcelona).
The main goal of collaborative networks is to be a meeting point between the
agents of the ecosystem to achieve a global and integrating vision. Most networks
provide for public-private participation. However, there are also collaboration
networks with members who belong exclusively to the private sector.
As a general characterisation of the relationship models in our country, it can be
concluded the following:
Given the emerging nature of the cybersecurity sector in our country, the networks
identified are relatively young (with the oldest being around ten years old).
Most of the identified relationships focus on activities related to dissemination,
training or the implementation of working groups with no detection of networks that
exclusively focus on R&D+i.
The networks identified are of a general nature (ICT security in general), without
having a specific focus on the cybersecurity field.
The most advanced networks are those linked to the industrial sector, which is clearly
positioned as the sector that is most involved in cooperation.
They have a marked institutional nature although they integrate all categories of
agents of the ecosystem (Public Administrations, Academic Sector, the Industry, and
R&D+i Support Organisations).
They are non-profit entities (with the information available it is unable to identify
their legal form), and they are open to all interested agents, but with not member
admission criteria detected.
8 Specific examples of alliances have been identified, such as that of INDRA’s Cybersecurity Chair and the Carlos III University of Madrid or the agreement signed by S21sec and the Institute of Forensic Sciences and Security of the Autonomous University of Madrid.
Network of excellence on cybersecurity R&D+i
Summary report Page 30 of 81
In general, they are networks funded through membership fees and sponsorship,
with some being funded by the government.
Lastly, it is necessary to highlight the important role of the one-off events that bring
together the main agents of the ecosystem, which are excellent opportunities for them to
network and develop the assets and advances in cybersecurity.
In this regard, since it is a reference in the sector, the International Information Security
Conference (ENISE) organised by INCIBE deserves a special mention, which is now in its
eighth edition.
Furthermore, INCIBE is currently organising an annual event, Cybercamp, whose objective
is to attract talent in the sphere of cybersecurity through various technical tests and some
online activities like cybersecurity challenges; the aim is therefore to bring together the
best talent in this area, and have the participation of the best students in cybersecurity
training programmes in Spain, as well as the best international talent.
3.4.2 Main international collaboration models or networks
In the international sphere, the collaboration models and networks are at a more
advanced stage than in Spain, mainly due to other countries more cooperative culture.
The analysis of the networks is firstly organised around the European initiatives, and later
main characteristics of the networks internationally are illustrated, focussing on the
success stories of the United States and Israel.
3.4.2.1 European collaboration models or networks
Many initiatives have been carried out in Europe seeking the ideas generation and
pooling the different agents with an active role in cybersecurity. There are two main
categories within these networks:
Networks linked to the industry: These are led by the industry9 but bring together
members of the academic sector, R&D+i support organisations and consumer
associations. Basically, these networks work to achieve the following objectives:
o To increase competitiveness, building up innovative ideas to create business
opportunities.
o To develop a strategic agenda for R&D+i in Europe that is presented to the
European Union, favouring alignment between its objectives and the main
strategic lines established for R&D+i.
o To promote the interoperability of technological solutions.
9 Networks consisting of European ICT companies, such as Gemalto, Microsoft, Nokia, Philips and companies linked to the energy sector, such as Alliander, E.ON, KPN and DNV KEMA.
Network of excellence on cybersecurity R&D+i
Summary report Page 31 of 81
Networks linked to the European Union, where the latter plays a role as a cohesive
element and facilitator of collaboration in the public-private sphere. These networks
are characterised by having a marked political and institutional character, integrating
all the active agents in cybersecurity. The main objectives of these networks is the
exchange of information and the creation of best practices.
3.4.2.2 Other international collaboration models or networks
The long history of the leading countries in cybersecurity (the United States and Israel),
linked to the awareness and involvement of their authorities in the development of these
types of networks, has contributed to the existence of very solid networks in these
countries.
The role of the United States as a worldwide reference is highlighted, since it approaches
collaboration from a comprehensive perspective. There are two main types of network:
those led by governmental organisations and sectorial networks (led by the industry and
participated in by the administration); both include amongst their members the main
reference companies in the sector, and accept any type of agent who works directly or
indirectly in the sphere of the network’s activity.
The services offered are usually aimed at the dissemination of information, advice, and
training.
These networks are aimed at boosting R&D+i, placing special focus on strategic elements
in the case of governmental networks, and establishing demands for cybersecurity in the
case of sectorial networks.
Sectorial networks are usually aimed at the industrial and energy sector, and include the
main interests of the industry to conduct them through R&D.
Lastly, it is necessary to highlight the many international cybersecurity events that have
taken place to improve the networking between agents of the international ecosystem,
and promote new collaborations.
3.5 Factors limiting cybersecurity R&D+i competitiveness
This section discusses the weaknesses and obstacles detected in relation to cybersecurity
R&D+i, which constitute, along with the other conclusions, the base from which the
ecosystem’s SWOT (presented in the following section) will be created. To facilitate
comprehension, these elements have been organised into two main groups:
General and structural weaknesses and obstacles. These are not specific
cybersecurity elements, but rather general elements that mainly affect the
foundations of the economy and society. With regard to this initiative, we
principally include the deficiencies of the Spanish Science and Technology Systems
and of the (mainly collaborative and entrepreneurial) culture of our country.
Network of excellence on cybersecurity R&D+i
Summary report Page 32 of 81
Specific cybersecurity weaknesses and obstacles, which, although they can be
reproduced in other areas, are more specific.
3.5.1 General and structural weaknesses and obstacles
Complex environment to perform R&D+i in Spain, due to major cuts in funding in
the Science and Technology System, which affects not only the execution of R&D+i
projects, but also the hiring of research personnel.
The Science and Technology System provides opportunities to improve the
research incentives.
The precariousness of the Science and Technology System’s budget does not
contribute to making research a professional option.
Disconnection between science and business.
Very inadequate research results transference system, which requires a review by
the agents involved in this work.
Transference complexity at an international level, particularly in cybersecurity
solutions related to government defence and intelligence.
Risk aversion culture, which hinders entrepreneurship.
3.5.2 Specific cybersecurity weaknesses and obstacles
General context. Lack of public data and statistics to allow a comprehensive and
structured analysis and assessment to be carried out on cybersecurity in Spain.
Cultural context. Low cybersecurity culture, both in the Administration itself and in
companies and the general public, which limits the demand and development of
solutions by the industry.
Strategic context
The Spanish cybersecurity strategies are established as a State priority.
However, it is necessary to ground these proposals in specific actions,
priorities, and focal points.
Lack of a specific cybersecurity R&D+i programme.
Regulation context. Regulation developments, some elements of which are still in
their infancy, must be driven forward as an aspect that catalyses the demand for
solutions and development in this area.
Network of excellence on cybersecurity R&D+i
Summary report Page 33 of 81
Financial context
Cuts to funding in the Science and Technology System that affect
cybersecurity.
Lower R&D+i investment levels than in other European countries and
lower than leaders in cybersecurity, which puts our country at a clear
disadvantage, while it hinders the competitiveness of the sector in the
medium and long term.
Market. Small cybersecurity market size in Spain due to the low demand for
solutions, both from companies and from the Administration, with the latter being
an important agent for driving forward solutions in this area.
Ecosystem characterisation
Spain does not have a clear positioning in the international cybersecurity
scene, and it is behind the leading countries and many reference European
countries (the United Kingdom, France, Germany, and the Netherlands).
Extensive, diverse, fragmented, and disconnected ecosystem, without
clear relationship dynamics between its agents, no specific focal point, and
low levels of collaboration. A wide potential for use and development of
capacities through collaboration and the generation of synergies between
agents.
Poor collaboration between the Academic Sector and the industry.
Complexity of transference on an international level, particularly in terms
of cybersecurity solutions related to defence and intelligence.
Poor results and assessment of results of cybersecurity R&D+i in Spain.
Brain drain to other countries with better opportunities and remuneration.
Training processes that should be reviewed to adapt to the needs of the
market.
3.5.3 Conclusions
When carrying out an assessment of the limiting factors in accordance with their impact,
it can be observed that many of these factors have a high impact on the competitiveness
of cybersecurity R&D+i, particularly those relating to:
Socioeconomic context, such as funding cuts, the lack of operational strategies or
specific R&D+i plans, and cultural aspects related to cybersecurity.
Network of excellence on cybersecurity R&D+i
Summary report Page 34 of 81
Poor results and assessment of R&D+i.
International positioning and the small size of the domestic market.
Talent limitations, since it is leaving Spain or the lack of alignment between the
existing profiles and the demand for them by the industry.
Nature Limiting Factor Impact
General/Specific Funding cuts, which limit the execution of R&D+i projects.
General/Specific Funding cuts, which limit the hiring and attraction of research talent.
Specific R&D+i investment levels that are lower than in other European countries or those of cybersecurity leaders.
Specific A low cybersecurity culture.
Specific A cybersecurity strategy that is not specific or operational.
Specific Lack of a specific cybersecurity R&D+i plan.
Specific Poor cybersecurity R&D+i results.
Specific Poor assessment of R&D+i results.
Specific Weak positioning of Spain in cybersecurity on an international level.
Specific Small cybersecurity market size in Spain (low demand for cybersecurity solutions).
Specific Brain drain to other locations.
Specific Training processes that are not adapted to the needs of the market.
Structural Disconnection between science and business.
Structural Low culture of cooperation.
Structural Inefficient research results transference system.
Structural Risk averse culture.
Specific Lack of public data and statistics.
Specific Regulation developments in their infancy
Specific Complexity of transference on an international level.
Table 1- Assessment of the impact of limiting factors identified in terms of competitiveness
As secondary aspects, with a lower impact on competitiveness, highlight the emerging
nature of cybersecurity as an industry (with the resulting lack of regulatory
development), the difficulty of accessing data to characterise cybersecurity, and the
difficulty of carrying out international transference.
Lastly, there are structural limiting factors in the Science and Technology System that
hinder the development of R&D+i in general, such as the traditional disconnection
between science and business (exacerbated by inefficient research results transference)
Network of excellence on cybersecurity R&D+i
Summary report Page 35 of 81
or the existence of a poor culture of collaboration, which prevents the potential and
synergies existing in the ecosystem from being developed.
3.6 SWOT analysis of the cybersecurity research & innovation ecosystem
In this section, the internal and external analysis of the cybersecurity research &
innovation ecosystem is presented, materialised through the SWOT (Strengths,
Weaknesses, Opportunities, and Threats) technique.
Strength is Spain’s competitive capacity, which gives the cybersecurity research &
innovation ecosystem an advantage.
Weakness are the qualities that the cybersecurity research & innovation ecosystem
has but it is not capable to manage and places the ecosystem at a competitive
disadvantage.
Opportunity is a favourable characteristic resulting from the effective use of
strengths to improve the positioning of the ecosystem.
Threat is defined as an external competitor, event, or force that works against the
ecosystem’s positioning.
Before presenting the SWOT analysis, it is necessary to highlight a series of specific initial
premises and conditions of cybersecurity that are, therefore, an intrinsic part of the
dynamics to which the research & innovation ecosystem is subject:
A changing sector, both due to the continuous advance of cyber threats and the
evolution of the technology itself.
An industry with high fragmentation (large companies vs. niche companies) showing
a high trend towards concentration.
A strong requirement for specialised talent who require a long period of training
and certain maturity in the exercising of the profession.
Heavy investment in infrastructure is not required to carry out cybersecurity R&D+i
activities.
The SWOT analysis is displayed below:
Network of excellence on cybersecurity R&D+i
Summary report Page 36 of 81
Network of excellence on cybersecurity R&D+i
Summary report Page 37 of 81
3.7 Action plan for the increase in the cybersecurity research & innovation ecosystem’s competitiveness
In this section, we present the actions identified to promote the research, technological
development, and innovation in cybersecurity. The base for identifying these actions are
two main elements already illustrated in this document:
On the one hand, the [Factors limiting cybersecurity R&D+i competitiveness], which
must be addressed through actions that allow their mitigation.
On the other hand, the [SWOT analysis of the cybersecurity ]. Using this analysis, a
series of actions aimed at the following were identified:
o Correcting weaknesses. Conversion strategies.
o Addressing threats. Defensive strategies.
o Maintaining strengths. Strategies for maintaining competitive
advantages.
o Exploiting opportunities. Strategies for strengthening.
Network of excellence on cybersecurity R&D+i
Summary report Page 38 of 81
Figure 9: “CAME” actions definition matrix.
Below, we display each of the actions defined, placed in their corresponding strategy
category, with an assessment of the degree of impact and the difficulty of
implementation (high, medium, low). Lastly, we indicate which actions are (fully or
partially) within the scope of the network:
Network of excellence on cybersecurity R&D+i
Summary report Page 39 of 81
Figure 10: Characterisation of the actions.
The characterisation of the actions shows that most are included within the conversion
strategies focused on correcting weaknesses, some of which are structural weaknesses
of the Science and Technology System.
In turn, these actions can have an active role in defensive strategies (actions to address
the existing threats), since in many cases the threats identified are the result of
weaknesses in the cybersecurity research & innovation ecosystem.
The results of this characterisation are shown on a positioning matrix, which will allow
the positioning of each action to be identified, in the form of a user-friendly graphic.
Network of excellence on cybersecurity R&D+i
Summary report Page 40 of 81
Figure 11: Matrix prioritising the actions of the Action Plan.
As can be observed in the matrix, in line with the impact and the difficulty of
implementation, the actions can be organised into four main groups:
Actions for immediate application: These actions will be carried out in the short term,
since their impact on the competitiveness of the ecosystem is high and the difficulty
to implement them is low. Specifically, these are actions relating to the identification
of common points of interest in the ecosystem and market needs for generating
collaboration, as well as those relating to the definition of programmes for the
acceleration of entrepreneurship.
Actions for medium-term application: They can be carried out in the medium term,
since the difficulty to implement them is medium. These actions are aimed at making
the cybersecurity country strategy operational, identifying research focal points,
identifying the existing assets and the needs of the industry, as well as the actions
aimed at retaining talent.
Long-term strategic actions: Despite the fact that carrying them out would have a
high impact on competitiveness, they are difficult to implement. These actions relate
to the increase in cybersecurity R&D+i funding, and the improved efficiency and
results orientation of existing research support organisations.
Network of excellence on cybersecurity R&D+i
Summary report Page 41 of 81
Non-priority actions: Given their medium or low level of impact, they are not
considered to be priorities.
Network of excellence on cybersecurity R&D+i
Summary report Page 42 of 81
4 OPPORTUNITY ANALYSIS AND SWOT OF THE CREATION OF
A NETWORK OF EXCELLENCE ON CYBERSECURITY R&D+i
In this section, we identify the factors that are opportunities for the creation of a network
of excellence on cybersecurity R&D+i in Spain.
4.1 Opportunity Analysis
Due to the lack of global collaboration models and networks specific to cybersecurity
R&D+i, there is a clear opportunity for the creation of a network of centres of excellence
in this area in Spain.
This network can play a key role not only in bringing together and enhancing the
capacities of the ecosystem, but also in improving Spain’s positioning internationally.
All agents participating in the study are in general agreement about the need to establish
a network in Spain that pools all R&D+i resources.
We consider that the network should have specific objectives, both in the long and short
term, a clear orientation towards practicality, and a focus on R&D+i and transference, as
well as identifying issues and opportunities and the channels for addressing them.
It is relevant to highlight the importance of identifying the capacities and expertise of all
agents of the ecosystem, as well as a common objective for all of its members, with an
environment of trust being created to favour the creation of ideas, knowledge exchange,
and the development of joint projects.
4.2 SWOT
The SWOT analysis schematically illustrates the vision of the main participants in the
study on the opportunity and feasibility with regard to the creation of a network of
excellence on cybersecurity R&D+i in Spain.
Network of excellence on cybersecurity R&D+i
Summary report Page 43 of 81
Weaknesses Threats
Fragmented and disconnected ecosystem.
There are no thematic focal points in cybersecurity
(non-operational strategies and the lack of specific
R&D+i plans for the sector).
Public policies are not specific.
Poor collaboration culture.
Lack of alignment between Universities and Businesses.
Poor coordination between Ministries and
cybersecurity agents.
Low talent retention level.
Research personnel remuneration programmes offer
little incentive to establishing a career in research.
Complex and changing environment, both in terms of threats
and in technologies, which requires high flexibility and a high
response capacity.
Financial crisis, which has restricted both public and private
funding.
The heavy investment of other countries in cybersecurity puts
the network at a disadvantage with respect to the networks of
those countries in terms of its positioning in the global arena.
Strengths Opportunities
Research critical mass.
Good professional and research talent.
A certain level of excellence in the cybersecurity
research system.
Capacities of the ecosystem to perform R&D+i, both at
the Academic Sector level and at an industry level.
High awareness-raising activity in society with regard to
cybersecurity by public sector agents.
Absence of similar networks in Spain.
Interest of the European Union in this initiative, which may be
a good opportunity for positioning Spain.
The ecosystem agents consider it as a need, which creates
good willingness to participate.
Cultural and educational opportunities in relation to
entrepreneurship and the promotion of cybersecurity
vocations.
Room for improvement in the efficiency of the research
results transference system.
Much room for development in the research results market.
Signs of improvement in the process of connection between
universities and businesses, as well as in the collaboration
between public and private agents.
Extensive focus on cybersecurity in the European R&D+i
promotion programme (Horizon 2020).
Positioning of Spain in the community strategies and European
objectives in cybersecurity R&D+i, both at country level and at
agent level.
The development and adopting of standards and processes for
technical certification.
Table 2 SWOT analysis on the creation of a network of excellence on cybersecurity R&D+i
Network of excellence on cybersecurity R&D+i
Summary report Page 44 of 81
5 NETWORK OF EXCELLENCE MODEL ALTERNATIVES
The proposal of Network of Excellence model alternatives has been carried out taking into
account the vision of the different agents participating in the study to outline the best
possible network model for this particular case.
According to those agents, the network model must comply with two initial premises:
Participation of all types of agents in the ecosystem (Public Administrators, R&D+i
Support Organisations, Cybersecurity Industry, and Academia).
Allowing different collaboration models (public – private, private – private, public -
public).
The opinion is not unanimous with regard to the most appropriate network model: while
some agents interviewed point to the suitability of an open model, the majority opinion,
in which excellence is established as the standard term, indicates the need for a closed
model.
Additional considerations of the participating agents include the following elements:
Importance of the presence of sectorial key players.
Closed model (entry filters).
o Selective and “excellent” core with the best in their field, and those with the
greatest contribution potential (based on objective criteria).
o Proven R&D+i ability.
o Excellence, rigour, expertise. Only agents contributing with: capacities,
competence, and potential.
Very open models may have low activity and poor results.
A mixed model would allow the whole ecosystem to participate and excellence to
be created simultaneously.
With respect to subnets (hubs), the agents indicate that:
o They should not necessarily be constructed based on areas of knowledge.
o They must have specific activities in accordance with needs.
o Hubs must provide clear value.
Network of excellence on cybersecurity R&D+i
Summary report Page 45 of 81
Lastly, with regard to the leadership and coordination of the network, INCIBE is
marked as a candidate if is able to maintain a role of non-intervening facilitator.
Some additional considerations of the collective intelligence indicate:
o There should be a network management model distributed and shared.
o There should be connection between hubs.
o The network must evolve by itself but be driven forward and supported by
the administration (leadership “from outside”).
Keeping those considerations in mind, these are the different possible alternatives of the
Network model:
Figure 12 Network model alternatives
Cross-disciplinary network: Focussed on many scientific-technological areas10, it could
bring together all (or some) of the agents of the ecosystem, seeking a horizontal
connection between all of them11.
This category of network, given its open nature, could have a general activity (since it
covers many scientific-technological areas). Consequentially, the results of this activity,
would also be expected to be general in nature, making it impossible to generate critical
mass and reference in specific areas.
The mass participation of agents could lead to a certain inoperability, both in terms of
decision-making and in operation.
Specialised Network, which specialises in one or several scientific-technological areas,
bringing together all (or some) of the R&D+i agents who specialise in this/these area/s.
10 Such as research, mobility, hardware, cyber-defence/cyber-attack, secure coding, and procedures and operations.
11 A total of 314 agents were identified: 20 Public Administrations, 110 research groups in 42 Universities, 3 Research
Centres, 2 Technology Centres., 43 Research Results Transference Offices (OTRI), 8 Business associations, 3 Certifying
organisations and 125 companies (identified in the framework of the “Study on the feasibility and opportunity of a
cybersecurity technology centre and its strategic integrating plan” project).
Network of excellence on cybersecurity R&D+i
Summary report Page 46 of 81
This model seeks a vertical connection between agents, which work in their area of
specialisation, thus allowing a clear focus and its efforts and resources to be
concentrated.
Driver hub network: A variant of the specialised network model, this model consists of
specialised hubs:
The philosophy of the hubs is to focus on the cybersecurity excellence. Its members
will be the “best in their field”, guaranteeing a maximum contribution to the value
of the ecosystem. As such, only agents who are reference and excellent in the area
of specialisation of each hub may be members.
Hubs will be interconnected, and will consist of a “node framework” which, in the
form of a large network, connects different parts of the ecosystem, creating an
excellent global critical mass.
Two types of hubs can be identified:
o Skilled hubs in scientific-technological areas and sectorial areas, for
applications of cybersecurity, etc.
o General or cross-disciplinary hubs, such as entrepreneurship, funding, etc.
The creation of hubs (particularly with regard to subjects), their development, and
evolution will to a large extent depend on the evolution of the ecosystem, its agents, and
the priorities and activities that are determined to be essential in the network.
These types of networks allow a focus on excellence, although, in the context of
cybersecurity, it may require time, since it will be necessary to determine what are the
most excellent or strategic subjects or areas on which to develop the hubs, a decision that
must be agreed with the ecosystem, always under the paradigm of excellence.
Mixed Network (cross-disciplinary–hub). This is a hybrid model that combines the cross-
disciplinary network with the driver hub network. This allows the whole ecosystem to be
brought together through the cross-disciplinary part while simultaneously considering
excellent agents through specific thematic hubs. This combines the advantages and the
qualities of the cross-disciplinary and hub models, while discarding the disadvantages of
the cross-disciplinary network through the focal points established in the hubs.
5.1 Multicriteria assessment of the Excellence network model alternatives
Each of the alternatives has advantages and disadvantages, which will be the basis for
prioritising alternatives and supporting the final decision on the future Network model:
Network of excellence on cybersecurity R&D+i
Summary report Page 47 of 81
Figure 13 Assessment of the excellence network model alternatives
5.2 Presentation and validation of alternatives with the interested parties
Using the collective thinking exercise, It has been validated the main findings and
alternatives of the network model with a small group of agents (Focus Group), and
concluded that the most suitable model is the mixed model that contains a general part
and a specialised part formed by driver hubs.
The cross-disciplinary part could bring together all agents that want to participate.
This is the part of the network that could be in charge of collaborating in the
drawing up of the cybersecurity R&D+i Strategic Plan/Spanish Cybersecurity R&D+i
Agenda and other national strategic documents.
The hub part would be a closed model that would only integrate the best into each
hub (there would be entry and retention criteria for access to each hub, and as
such, an agent that no longer complies with the retention conditions should leave
the hub).
Network of excellence on cybersecurity R&D+i
Summary report Page 48 of 81
According to INCIBE, the network is designed as a “Network of Excellent Agents that
provides services to the whole ecosystem” where “the big helps the small”; as such, the
group of excellent agents (members with a decision-making capacity) may provide
services to the whole community (of non-excellent agents/associates, which do not have
a decision-making capacity), obtaining an ecosystem that gradually achieves greater levels
of excellence.
NOTE: It should be highlighted that the network model selected (mixed model) had a high level of
consensus amongst the participating agents, although it could be subject to modifications during
the development and defining of the Network.
Network of excellence on cybersecurity R&D+i
Summary report Page 49 of 81
6 MODELLING THE NETWORK
In line with the collaborative approach that has been maintained throughout all of the
activities carried out in the framework of this initiative, the strategic modelling was
carried out using the elements identified during the collective thinking exercise. These
elements were validated with a small group of agents (Focus Group), and constitute the
approach to the strategic modelling described in this section.
However, this initial approach must be grounded and implemented in a Strategic Network
Plan, which will establish the foundations for the operation of the network over the
coming years. This plan, once prepared, should be widely backed by the research &
innovation ecosystem agents.
Lastly, both the strategic modelling and the Strategic Network Plan should be aligned with
the results of the “Study on the feasibility and opportunity of a Cybersecurity Cluster in
Spain and its strategic integrating plan”, with the aim of using the synergies and
complementarities between the two initiatives.
As a starting point, the main results of the collective intelligence of the ecosystem agents
and of INCIBE’s vision in relation to the network’s strategic modelling are displayed.
In general, the agents participating in the study are really interested about the creation
of a network and participation in it, while recognising the complexity in the design and
implementation of an initiative of this kind.
The following aspects must be taken into account:
o Pooling of R&D+i resources (country-positioning), including the reuse of
existing initiatives and networks to achieve synergies (connecting link:
INCIBE).
o The network must not only state its intent.
o High-level leadership.
o Incentives and real commitment (budget).
o International connection.
With respect to the objectives, the agents indicate:
o General and common objectives, not individual.
Network of excellence on cybersecurity R&D+i
Summary report Page 50 of 81
o A focus on specific objectives, avoiding dispersal. A focus on R&D and
transference (bring products to the market) in the medium and long term,
and on the creation and development of R&D+i projects.
o Global approach (no regionalism) and business approach (focus on results).
o Mark the direction: identify needs and provide a solution.
o Practical collaboration, that goes beyond hollow agreements.
o Collaborate in the definition of the cybersecurity strategy through a
Strategic cybersecurity R&D+i Plan or a Spanish cybersecurity R&D+i
Agenda.
o Training: align the training needs with the industry: definition of the profile
of the cybersecurity professional.
Services to be offered by the network:
o Focus on R&D and transference.
o Model based on specific and practical projects and challenges.
o Funding of excellent proposals, demanding requisites in the selection
process.
o Specific R&D programme (National Plan or other mechanisms).
o H2020 type approach: proposals and an expert panel to design work plans
on each subject.
o Early-adopters panel to design strands of work and solve market problems.
o Ideas factory to be materialized in consortiums and joint collaboration.
o Minimum infrastructure (access to H2020, administrative support, etc.).
o Technological monitoring is not necessary.
o Avoid dilutions in networking, lobbying and pooling without specific
objectives.
o Transference and flow between agents and individuals.
o Talent (professional and research) attraction.
o Training.
Network of excellence on cybersecurity R&D+i
Summary report Page 51 of 81
o Permanent meetings.
o Knowledge exchange.
According to INCIBE, the network should be characterised by:
Being focussed on R&D+i results to be transferred to the industry.
Focus on excellence in R&D+i.
o Focus on the detection, attraction, retention, and promotion of research
professionals.
o The differentiating value of the network. Capacity to influence in the
European Union (through the presence of INCIBE in European working
groups).
o Development of resources to address the needs of the industry.
o The network must have a marked commercial focus (not focused on
theoretical research).
In relation to the services that the network can offer, INCIBE highlights:
o The execution of differential projects.
o The certification of service providers (consultancy, technological
enhancement, etc.)
o Studies/Prospective studies: trends, annual studies, etc.
o Competitive intelligence.
o The certification of research groups.
o The network will not fund projects, but rather, it will provide access to
funding
o Provision of resources to the ecosystem (infrastructure, databases, etc.).
o Provision of funds for disruptive (“non-feasible”) projects that provide
guarantees to entrepreneurs.
INCIBE considers that the network must be self-sustaining (it will be supported
when it is launched, but it must subsequently be independent through
agreements or other actions). It is therefore necessary to define how to return the
results of the funding/investment in the network.
Network of excellence on cybersecurity R&D+i
Summary report Page 52 of 81
6.1 Strategic formulation of the network
The strategic formulation of the network has been prepared based on the Balance Score
Card methodology, allowing to define the strategy from a global point of view (mission,
vision, and values) and making it operational in strategic objectives, lines of action and
measures.
Figure 14: Network strategic formulation process.
Each of these elements has undergone a validation, implementation, and consensus
process with a group of agents of the ecosystem (Focus Group session).
6.1.1 Mission, vision, and values
6.1.1.1 Mission
The mission of the network of excellence will be guided by the following key aspects:
Competitiveness.
Development and use of capacities and resources.
Development of solutions for the market.
Transference.
Excellence in R&D+i.
Contribution to cooperation and collaboration between agents, bringing together
the research & innovation ecosystem.
Agents participating in the study highlight the appropriateness of including the word
excellence in the name of the network, given that it facilitates the fund attraction process
Network of excellence on cybersecurity R&D+i
Summary report Page 53 of 81
and the network’s positioning. Likewise, excellence must not only be focussed on science,
but also, at bringing solutions to the market.
With regard to the R&D+i concept, they specify that research does not only include
applied research, but also basic research, which is clearly necessary in cybersecurity.
Some approaches to the cybersecurity R&D+i Centres of Excellence network mission
could be:
1. “Development of the excellent research resources of cybersecurity R&D+i in Spain,
achieving the development of solutions that respond to the needs of the market,
improving the sector’s competitiveness, and combining efforts to overcome the
fragmentation existing”.
2. “Boosting cybersecurity R&D+i through the pooling of the excellent resources of
the ecosystem to drive forward cybersecurity in Spain and achieve the
transference of the results of the research to the market”.
3. ”Identify the ecosystem’s needs and priorities and define and use the ecosystem’s
capacities”.
6.1.1.2 Vision
The vision of the Network of Excellence should be focused into achieving positioning in
the international ecosystem.
The study participants consider this something fundamental to go beyond Spanish
borders and provide the network with an international dimension (Europe and other
regions) and propose that a Plan be developed for the development of institutional
relations with international agents.
Possible alternatives to the definition of the network’s vision are as follows:
1. “Position Spain as a reference in cybersecurity on the international stage”.
2. “Position the cybersecurity research & innovation ecosystem within the global
arena as a competitive ecosystem, with high levels of transference and
technological value and a high degree of collaboration and connection between its
agents”.
6.1.1.3 Values
Excellence, practicality, rigour, transparency12, trust, team spirit, and an international
dimension.
12 Need for the existence of different levels of transparency and confidentiality within the network.
Network of excellence on cybersecurity R&D+i
Summary report Page 54 of 81
6.1.2 Strategic objectives, action lines, and measures
The strategic objectives, action lines, and measures of the network must be fully in line
with the mission, vision, and values, since they constitute the grounding and
implementation of them.
The objectives finally identified (agreed with the agents of the ecosystem that attended
the Focus Group sessions) are:
1. To position cybersecurity R&D+i on a European and international level.
2. To develop innovative solutions through R&D+i.
3. To boost technological transference from research to the market in collaboration
with the Cybersecurity Cluster in Spain.
4. Identify, attract, generate, and retain the talent of professionals in cybersecurity on
a national level.
The strategic objectives are outlined in action lines and measures that implement the
specific activities to be performed by the Network.
NOTE: The action lines and measures or specific activities to be carried out by the network
are, on the date that this document is drafted, subject of debate and consensus between
those collaborating on this initiative. Since it is an ongoing process, there may be changes
to these action lines and measures; APPENDIX II STRATEGIC LINES OF ACTION AND
MEASURES has a more detailed description of these action lines and measures.
Generally speaking, different categories of measures have been identified:
Studies and prospective studies that help to clarify important aspects that may
guide future specific initiatives.
Holding of specific events that can be used as a showcase in which both the
network in particular and the ecosystem in general can display the Spanish
ecosystem’s capacities in this area.
Awards for research of excellence.
Communication, dissemination, and institutional relations to establish the
relationship strategy and position the ecosystem’s network both nationally and in
Europe.
Detection of excellent and high-potential research ideas/projects, designing a
mechanism for their assessment and development in R&D+i projects.
Network of excellence on cybersecurity R&D+i
Summary report Page 55 of 81
A catalogue or repositories with the research available and its associated
exploitation rights, to facilitate its commercialisation.
Administrative support for project management, putting the ecosystem agents in
contact and supporting the R&D+i projects proposal preparation phase.
6.2 Strategic alignment with the Cybersecurity Cluster in Spain project
The initiatives that INCIBE is carrying out in cybersecurity must be connected,
coordinated, and synchronised to take advantage of the synergies and economies of
scale. In this regard, we can highlight the close relationship between the Network of
Excellence on cybersecurity R&D+i and the Cybersecurity Cluster in Spain initiative.
In this section, we broadly describe the main points of intersection and synergies
between the two initiatives; however, since both are undergoing development, the
coordination must be dynamic and constant over time.
The strategic objective of the network of excellence 1. Positioning cybersecurity
R&D+i on a European and international level must be participated by the relevant
agents of the Cluster’s industry, such that the positioning may consider an
extended view of the industry’s needs, and the latter may be properly reflected in
the cybersecurity strategies.
The strategic objective of the Network of Excellence 4. Identifying, attracting,
generating, and retaining the talent of cybersecurity professionals at a national
level is also a focal point of the Cybersecurity Cluster in Spain, and as such, both
initiatives must place special focus on coordination and cooperation in this sphere.
With regard to training, the Network of Excellence, during the collective validation
of the strategic objectives and measures, discarded the direct implementation of
training actions, since they are provided by other ecosystem agents. Instead, it
was agreed that the network must play an active role in the detection of training
needs. In the case that the Cluster in the end decided to implement training
actions, they should be closely coordinated and provided with the needs detected
by the Network.
Actions linked to entrepreneurship. During the validation of the network’s
objectives with the ecosystem agents, it was agreed that should be led and
coordinated by the Cybersecurity Cluster in Spain.
The network must work closely with the Cluster with regard to everything related to
the strategic objective of the network. 3. Boost the technological transference
from research to the market in collaboration with the Cybersecurity Cluster in
Spain. For specific measures relating to the development of projects (search and
selection of research results for their transference to the market), it is necessary
Network of excellence on cybersecurity R&D+i
Summary report Page 56 of 81
to highlight the extensive possibilities for collaboration between the two
initiatives, such that the network can perform the first filters (select ideas with
potential, carry out a technological validation) with the support of the Cluster to
perform the business validation.
In the measures related to networking, events, and other positioning actions, both
initiatives must analyse the measures to be executed, seeking synergies and even
the possibility of the joint holding of these types of activities.
Lastly, it will be highly recommended that all measures to be implemented by the
Network in terms of studies and analysis be coordinated with the Cybersecurity
Cluster in Spain in all cases in which these studies have an impact on or are
related to the cybersecurity industry.
Network of excellence on cybersecurity R&D+i
Summary report Page 57 of 81
7 ACTION PLAN: SHORT-, MEDIUM-, AND LONG-TERM
ACTIONS ROADMAP
The action Plan for the implementation of the network consists of four main phases.
Phases 0 and 1 will be carried out during the first year of the network (2015), such that at
the end of this year, the network will have begun its activities. From 2016, the network
will go into full operation.
Below, we illustrate the phases of the Action Plan, as well as the activities to be carried
out in each of them:
Figure 15: Action Plan Phases.
The network’s Strategic Plan is the main axis of activity, establishing strategic objectives,
action lines, and measures to execute. It should be highlighted that the measures of this
plan, which are currently being defined, will be implemented over two years (2015 and
2016). From 2017, the Strategic Plan must be reviewed, in order to define the new actions
to be executed in the framework of the strategy.
7.1 Phase 0: Collaborative definition
This phase constitutes the process of collaboration and participation with the ecosystem
for the definition, consensus, and support of the key subjects of the network. The
following key premises has been agreed:
The suitability of a mixed network, with a cross-disciplinary part and another
consisting of specialised hubs.
Network of excellence on cybersecurity R&D+i
Summary report Page 58 of 81
The participation in the network of all types of agents existing in the ecosystem
(science, administration, industry, R&D+i support agents).
The need to establish entry and exit criteria, based on excellence, for the members
in the specialised hubs.
The appropriateness of creating a strategic cybersecurity R&D+i Plan.
Name of the network.
Strategic formulation. Mission, vision, and values, strategic objectives, action lines,
and measures to be carried out in 2015.
Services or activities to implement.
Sustainability model, namely the sources of income, as well as financing needs. It
will be necessary to continue thinking about this issue in the future, given its
complexity.
Participation and expansion model: definition of member entry and exit criteria,
both in its cross-disciplinary part and in its hub part. It will be necessary to
continue thinking about this issue in the future, given its complexity.
7.2 Phase 1: Starting the pilot programme
The activities to carry out during this phase will be a starting point for beginning activities
and they will be implemented in the network’s Strategic Plan for 2015. During this phase,
INCIBE will act as coordinator.
The aforementioned Strategic Plan will consider two main types of actions:
Implementation of the measures to execute in 2015.
Network creation activities in terms of its legal and operational aspects:
o Constitution of the legal form.
o Government model. This activity will include the selection of the members
of the executive committee, the constitution of government bodies and
the formal drafting of the Network’s Statutes.
o Management model, through the definition of the Management
Committee, its roles and functions, as well as the areas of activity of the
network in the cross-disciplinary hub.
Network of excellence on cybersecurity R&D+i
Summary report Page 59 of 81
o Performance of other activities that are necessary for the implementation
of the network, such as the preparation of physical and technological
infrastructure.
o Creation of the cross-disciplinary hub.
7.3 Phase 2: Deployment
This phase, which will run throughout 2016, will be oriented to the expansion of the
activity. On the one hand it will give continuity to the measures established in the
Strategic Plan, which began in 2015 and on the other, it will define the thematic hubs of
which the network will consist. With regard to the hubs, the following activities must be
addressed:
The priorities and strategic objectives of each hub, in line with the national and
European cybersecurity strategies.
With the strategic objectives of each of the hubs as starting point, measures to be
executed and activity areas matching those objectives will be defined.
The collaboration and cooperation model.
The participation and expansion model (access and retention criteria).
Lastly, in this phase, deployment of logical infrastructure will be continued, which began
during phase 1 and network personnel will be recruited.
7.4 Phase 3: Stabilisation
During this phase, the network will be stabilised and will be fully operational, both in the
cross-disciplinary and hub parts.
During this phase, it is not possible to anticipate the activities that may arise, apart from
the daily operations and updating of the network’s Strategic Plan, since this will be
subject to the evolution of the network.
7.5 Cross-disciplinary phase: Management of the implementation
The management of the implementation will be extended to all of the phases with the
exception of the stabilisation phase and is aimed at providing the network with a model
for the management, evaluation, and follow-up of the network strategy.
To execute these activities, the creation of a strategic office is recommended, which will
provide an overview of the network, beyond the execution of specific measures,
contributing the methodologies, tools, techniques and the management model for
supporting the strategy. This office will act on three levels:
Network of excellence on cybersecurity R&D+i
Summary report Page 60 of 81
Strategic management. From the network strategy defined for the next few years,
the office will manage the execution of the strategic objectives.
Tactical management, aimed at defining specific measures, their budget, and the
associated resources.
Operational management, aimed at the management, supervision and control of
the measures to execute, as well as the activities to execute within each measure.
It will also be aimed at executing activities that support the daily operation of the
network.
7.6 Action Plan Schedule
This section displays the general schedule of the Action Plan.
Figure 16: General schedule of the Action Plan.
Network of excellence on cybersecurity R&D+i
Summary report Page 61 of 81
APPENDIX I STUDY PARTICIPANTS
AI.1 INTERVIEWS
Organisation/Institution/Company Person interviewed
Position
Agency of Business Innovation, Funding, and Internationalisation of Castilla y León
Carlos Escudero Martínez
Department Director
Agency of Business Innovation, Funding, and Internationalisation of Castilla y León
Javier García Díez N/A
Innovative Business Association for Network Security and Information Systems
Tomás Castro President
Galician Innovation Agency Manuel Varela Rey Director
Galician Innovation Agency Sonia Pazos Álvarez Director of the Centres Area
Carnegie Mellon University (Software Engineering Institute - CERT Division)
Robert C. Seacord Secure Coding Manager
Industrial Cybersecurity Centre Samuel Linares Director
National Centre of Excellence in Cybersecurity Álvaro Ortigosa Director
CISCO David Fuertes N/A
European Commission – Directorate-General for Communications Networks, Content and Technology Trust and Security
Martin Muehleck Programme Officer – EU policies at DG CNECT
Spanish National Research Council (CSIC) Luis Hernández Encinas
Tenured Scientist
CriptoLab. Cryptology Laboratory of the Polytechnic University of Madrid
Jorge Dávila Muro Director
IE Business School Peter Bryant Assistant Professor of Entrepreneurship
Indra Jorge López Hernández-Ardieta
Head of the Cybersecurity Research group
Inixa Security Julio Rilo Director
Spanish National Cybersecurity Institute (INCIBE) – Ministry of Industry, Energy, and Tourism
Raúl Riesco Granadino
Manager of Innovation and Talent in Operations Management
S21sec José Alemán Law Enforcement and Defence Line of Business Manager
S2GRUPO Miguel Juan Managing Partner
Tecnalia José Javier Larrañeta Head of the area of security in infrastructure
Carlos III University – Computer Security Lab Juan Manuel Estévez Tapiador
Full University Professor
University of Granada Pedro García Teodoro
Professor attached to the UGR Cybersecurity Group
University of Oviedo Santos González Jiménez
Algebra Professor
University of Vigo - Gradiant Fernando Pérez-González
University of Vigo Professor
University of Vigo - Gradiant Juan Ramón Troncoso
Postdoctoral Researcher at the University of Vigo
European University of Madrid Mª Teresa Villalba de Benito
Full Professor/Researcher and Director of the University Master’s in ICT Security
Network of excellence on cybersecurity R&D+i
Summary report Page 62 of 81
Organisation/Institution/Company Person interviewed
Position
Polytechnic University of Madrid Victor Villagrá
Full Professor and Researcher in Management and Security of Telecommunication Networks and Services.
AI.2 QUESTIONNAIRES
Organisation/Institution/Company Person surveyed Position
Innovative Business Association for Network
Security and Information Systems Roberto Vidal President (and CEO of Xeridia)
Innovative Business Association for Network
Security and Information Systems Tomás Castro President
Association of Electronics, Information and
Communications Technologies,
Telecommunications and Digital Content
Companies
Aida Millán Project Coordinator
Association of Electronics, Information and
Communications Technologies,
Telecommunications and Digital Content
Companies
Javier Vendrell García R&D Manager
National Cybersecurity and Technological
Expertise Association (ANCITE) José Luis Narbona President
Industrial Cybersecurity Centre Ignacio Paredes Head of Studies and Research
National Centre for the Protection of Critical
Infrastructure Miguel Ángel Abad
Head of the Cybersecurity
Service
Centre for Industrial Technological
Development Maite Boyero Egido
Spanish delegate of Secure
Societies and the national
contact and of the H2020
Framework Programme
Cartif Technological Centre Mónica Antón Coordinator of International
Projects
CITIC – Andalusian Innovation and Information
and Communication Technologies Centre Desireé Bellido Deputy Director
Spanish Confederation of Information and
Communications Technologies and Electronics Gloria Díaz Manager
Spanish National Research Council (CSIC) Victor Antonio
Gayoso Martínez Doctor
Security Team for the Coordination of
Emergencies in Telematic Networks (esCERT)-
Polytechnic University of Catalonia
Kenan Rhoton Collaborator
Security Team for the Coordination of Manel Rodero N/A
Network of excellence on cybersecurity R&D+i
Summary report Page 63 of 81
Organisation/Institution/Company Person surveyed Position
Emergencies in Telematic Networks (esCERT)-
Polytechnic University of Catalonia
Security Team for the Coordination of
Emergencies in Telematic Networks (esCERT)-
Polytechnic University of Catalonia
Manuel García-
Cervigón Gutiérrez N/A
Security Team for the Coordination of
Emergencies in Telematic Networks (esCERT)-
Polytechnic University of Catalonia
Sandra Marsà N/A
Innovation 4 Security Rafael Ortega Director General
Joint command of Cyber-defence of the Armed
Forces-Chief of Staff of Defence
Carlos Gómez López
de Medina Division general
Permanent observatory for cybersecurity of
the World Federation of Scientists Henning Wegener Director
PANDA Salvador Sánchez
Taboada
Cyber Defense Strategic Sales
Director
S21SEC Irene Eguinoa Research Manager
Tecnalia Ana Ayerbe Director of the IT
Competitiveness Business Area
Telefónica Manuel Carpio Director of Information Security
Autonomous University of Madrid Jorge E. López de
Vergara Méndez Full University Professor
University of Castilla La Mancha Francisco Ruiz Doctor
Complutense University of Madrid- Analysis,
Security, and Systems Group (GASS)
Luis Javier García
Villalba Director
University of Alcalá de Henares Juan Ramón Velasco
Pérez Professor
University of Alicante Antonio Zamora
Gómez
Professor, Doctor and Director of
the Cryptology and Computer
Security group
University of Alicante Francisco Maciá
Pérez
Vice Chancellor for Information
Technology
University of La Laguna Pino Caballero Gil Doctor
University of Málaga José Mª Troya Linero Professor
University of Mondragón Roberto
Uribeetxeberria
Research and Transference
Coordinator
University of Murcia Gregorio Martínez
Pérez University professor
University of Sevilla Rafael Martínez
Gasca Full Professor
Network of excellence on cybersecurity R&D+i
Summary report Page 64 of 81
Organisation/Institution/Company Person surveyed Position
University of Valladolid Helena Castán
Lanaspa Full Professor
University of the Basque Country/Euskal
Herriko Unibertsitatea
Alejandro Muñoz
Mateos N/A
University of the Basque Country/Euskal
Herriko Unibertsitatea
Begoña Blanco
Jáuregui Professor
University of the Basque Country/Euskal
Herriko Unibertsitatea Eduardo Jacob Professor
University of the Basque Country/Euskal
Herriko Unibertsitatea Iñaki Goirizelaia Professor
University of the Basque Country/Euskal
Herriko Unibertsitatea
José Luis Martín
González
Professor of Electronic
Technology
European University of Madrid Juan José Escribano
Academic Director ITIA:
Industrial, Aerospace
Communications, and ICT area
Polytechnic University of Madrid Ana Gómez Oliva University Professor
Polytechnic University of Madrid Carlos Alberto Lopez
Barreiro Professor
Polytechnic University of Madrid Fernando Alonso Professor
Polytechnic University of Madrid Julio Berrocal Doctor
Public University of Navarra Eduardo Magaña
Lizarrondo
Full Professor of Telematics
Engineering (Automation and
Computing Department)
Autonomous University of Barcelona Jaume Pujol
Capdevila University School Professor
University of the Balearic Islands Guillem Femenias
Nadal Senior Researcher
Open University of Catalonia David Megías
Jiménez Doctor
Polytechnic University of Catalonia Javier Herranz N/A
Polytechnic University of Catalonia Jorge García Vidal N/A
Polytechnic University of Catalonia Miguel Soriano N/A
Polytechnic University of Valencia Carlos Miguel
Tavares Calafate Full Professor
Pompeu Fabra University Ángel Lozano N/A
Rovira i Virgili University Josep Domingo-
Ferrer Professor
Network of excellence on cybersecurity R&D+i
Summary report Page 65 of 81
AI.3 PARTICIPANTS IN THE FOCUS GROUPS
AI.3.1 FIRST FOCUS GROUP
LIST OF FOCUS GROUP 1 ATTENDEES
ORGANISATION ATTENDEE
Agency of Business Innovation, Funding, and Internationalisation of Castilla y León (ADE)
Carlos Escudero Martínez
Innovative Business Association for Network Security and Information Systems (Cybersecurity AEI)
Tomás Castro
Spanish National Research Council (CSIC) Luis Hernández Encinas
Indra Jorge López Hernández-Ardieta
Inixa Security Julio Rilo Blanco
S21sec José Alemán
S2GRUPO José M. Rosell
Carlos III University - Computer Security Lab (COSEC) Juan Manuel Estévez Tapiador
University of Oviedo Santos González Jiménez
University of Vigo - Gradiant Fernando Pérez-González
University of Vigo - Gradiant Juan Ramón Troncoso
AI.3.2 SECOND FOCUS GROUP
LIST OF FOCUS GROUP 2 ATTENDEES
ORGANISATION ATTENDEE
Agency of Business Innovation, Funding, and Internationalisation of Castilla y León (ADE)
Carlos Escudero Martínez
Spanish National Research Council (CSIC) Luis Hernández Encinas
Indra Jorge López Hernández-Ardieta
Inixa Security Julio Rilo Blanco
Tecnalia José Javier Larrañeta
S21sec José Alemán
S2GRUPO Miguel Juan
Tecnalia Ana Ayerbe
University of León Miguel Carriegos Vieira
University of Vigo - Gradiant Fernando Pérez-González
University of Vigo - Gradiant Juan Troncoso
Polytechnic University of Madrid Victor Villagrá
Network of excellence on cybersecurity R&D+i
Summary report Page 66 of 81
APPENDIX II STRATEGIC LINES OF ACTION AND
MEASURES
For each of the objectives or strategic areas identified, this appendix contains the lines of
action and briefly describes the associated measures. The Strategic Plan for the network,
once finished, will include further explanations and specifications for each of these
measures.
NOTE: The specific lines of action and measures or activities to be implemented by the network
are, at the time of creating this document, subject of debate and consensus among those
collaborating on this initiative. This document is susceptible to modifications given that it is a
work in progress.
The strategic formulation results in a total of 4 strategic objectives, 9 lines of action and
22 measures:
MEASURES ASSOCIATED WITH THE STRATEGIC OBJECTIVES OF THE NETWORK
STRATEGIC OBJECTIVE LINE OF ACTION MEASURE
1. Position cybersecurity R&D+i in Spain at the European and International levels
L.1 Classification of the cybersecurity R&D+i sector in Spain and its position in the global context
M.1 Definition of a cybersecurity R&D+i knowledge map from a dual perspective: Large-scale perspective: General classification of the ecosystem, through activity dynamics, context and scope of action, which the ecosystem develops under. Small-scale perspective: Map of agents that provides information on each agent in the ecosystem regarding their capacities, knowledge, abilities, experience and potential in cybersecurity R&D+i material
L.2 Development of a National Strategic Agenda regarding cybersecurity R&D+i
M.2 Analysis and diagnosis of obstacles and inhibitors (problems or challenges) as well as driving factors and social, technological, economic and regulatory incentives to encourage research in the field of cybersecurity R&D+i
M.3 Detect problems and demands with no solutions in the market actually that affect end-users (public administrations, Defence, Law Enforcement agencies, strategic sectors, citizens) for the generation of R&D+i joint projects between the industry and science sectors It is worthwhile to mention the relevance of sophisticated demand (CERTs, Defence, Finance, etc.) whose unmet challenges represent opportunities and business models have high global potential. M.4 Identification of priorities in cybersecurity R&D+i research (focus points and R&D+i lines of action)
Network of excellence on cybersecurity R&D+i
Summary report Page 67 of 81
MEASURES ASSOCIATED WITH THE STRATEGIC OBJECTIVES OF THE NETWORK
STRATEGIC OBJECTIVE LINE OF ACTION MEASURE
M.5 Definition and proposal for the creation of network nodes of expertise based on the results of the Strategic Agenda. Review and alignment of the network of excellence’s Strategic Plan (R&D+i / Transference / Internationalisation) in line with the Spanish and European Strategic Agendas regarding cybersecurity R&D+i
L.3 Brand reputation and positioning strategies in the national and international cybersecurity ecosystems
M.6 Definition of the Network P.R. Model and Communications Plan
M.7 Plan for publications and participation in international conferences and platforms
2. Develop innovative
solutions through R&D+i
L.4 Innovation stimulus
M.8 Support for implementing idea incubators and
identification and resolution programs for
challenges in cybersecurity (crowdsourcing and
access to high market potential challenges --
identified by the sophisticated demand in
cybersecurity)
L.5 Impulse and stimulus for the development of R&D+i Projects based on the Strategic Agenda
M.9 Act as a facilitator, mediator and catalyst in order to find ways to finance and support R&D+i projects M.10 Administrative support in project management Networking mechanisms and contacting with ecosystem agents, in addition to support and consulting during the preparation and improvement of proposals regarding calls for R&D+i competitive projects. M.11 Facilitate technological infrastructures to enable management and execution (remote laboratory) of R&D+i projects among participants on the Network, thus promoting an increase in activity and cooperation concerning cybersecurity R&D+i projects
L.6 Recognition of excellence in R&D+i
M.12 Awards for cybersecurity research
excellence. Design of candidate evaluation and
selection mechanisms, call for proposals for
recognition, event celebration and communication
campaigns
3. Promote the transference of technology from research to market, in collaboration with the Cybersecurity Cluster in Spain
L.7 Support enhancement and transference of technology in collaboration with Cybersecurity Cluster in Spain
M.13 Business project acceleration program (detection of excellent R&D+i results as well as results which have high potential for transference to market) in collaboration with the Cybersecurity Cluster in Spain M.14 Creation of a repository for the results of Cybersecurity national research with available research knowledge and its associated exploitation rights in order to facilitate the marketing and commercialization of that research
Network of excellence on cybersecurity R&D+i
Summary report Page 68 of 81
MEASURES ASSOCIATED WITH THE STRATEGIC OBJECTIVES OF THE NETWORK
STRATEGIC OBJECTIVE LINE OF ACTION MEASURE
M.15 Collaboration with the Cybersecurity Cluster in Spain for the creation of a catalogue of suppliers of technological appraisal and transference services that meet certain requirements demanded by the Network of excellence. A repository for ecosystem agents that need these services, guaranteeing access to suppliers who meet specific quality and solvency requirements
M.16 Holding conferences/events for entrepreneurs (Pitch Elevator, Pitch To Market, etc.) Organization and celebration of the event as well as associated communication campaigns
M.17 National cybersecurity R&D+i conferences A
scientific meeting point in which the network in
particular and the ecosystem in general can show
their capacities both in the areas of knowledge and
talent as well as in research results and potential
transference to market. Synergy with other
initiatives and Network of excellence measures
4. Identify, attract, generate and retain cybersecurity research talent at a national level
L.8 Identification of needs for research talent promotion in cybersecurity
M.18 Define the profile and abilities of the cybersecurity research professional Participatory process to determine the skills, capacities and basic abilities that the profile of the Network cybersecurity researcher should have, especially in the fields of R&D+i, training and the entrepreneurial profile. M.19 Differential analysis of cybersecurity training programs to meet needs for talent development in cybersecurity. Analysis of both curriculum needs (demanded profiles in both science and industry) as well as training requirements Collaboration with Administration - Science - Market
L.9 Detection and review of mechanisms for talent retention
M.20 Collaboration with other ecosystem agents in activities to promote, identify, recruit, attract and retain talent regarding cybersecurity professional opportunities. M.21 Talent recruitment/exchange within the ecosystem Identify and specify mechanisms for retaining, recruiting and exchanging research talent within and to the national ecosystem M22. Encourage and facilitate access to Network research talent by the Cybersecurity Cluster in Spain. Collaboration with industry research professionals for both cybersecurity solution development and innovative services.
Network of excellence on cybersecurity R&D+i
Summary report Page 69 of 81
APPENDIX III DOCUMENT SOURCES CONSULTED
Agencia Española de Protección de Datos (AEPD) (http://www.agpd.es/).
Agencia Europea de Defensa (EDA) (http://www.eda.europa.eu/).
Agencia Europea de la Seguridad de las Redes y la Información (ENISA)
(http://europa.eu/abouteu/agencies/regulatory_agencies_bodies/policy_agencies/enisa/inde
x_es.htm).
Agenda Digital Europea. Unión Europea.
Agenda Digital para España. 2013/2014. Ministerio de Industria, Energía y Turismo,
Ministerio de Hacienda y Administraciones Públicas.
Centro Criptológico Nacional (CCN) (https://www.ccn.cni.es/).
Centro de Ciberseguridad Industrial (https://www.cci-es.org/).
Centro de Excelencia para la Cooperación en Ciberdefensa (CCDCOE)
(https://www.ccdcoe.org/).
Centro Nacional de Inteligencia (CNI) (http://www.cni.es/).
Centro Nacional para la Protección de las Infraestructuras Críticas (CNPIC)
(http://www.cnpic-es.es/).
Centro para el Desarrollo Tecnológico Industrial (CDTI) (https://www.cdti.es/).
Cibersecurity Coordination Group (CSCG)
(http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Security/Pages/Cyber
security.aspx).
Ciberseguridad en España: una propuesta para su gestión. Enrique Fojón Chamorro y
Ángel F. Sanz Villalba. Real Instituto ElCano.
Comisión Europea (http://ec.europa.eu/index_es.htm).
Competitive analysis of the UK cyber security sector. 29 de julio de 2013. Pierre
Audoin Consultants.
Congreso Cybercamp 2014 (http://cybercamp.es/).
Cybercamp (https://cybercamp.es).
Network of excellence on cybersecurity R&D+i
Summary report Page 70 of 81
Cybercrime Centres of Excellence Network for Training Research and Education
(http://www.2centre.eu/).
Cybersecurity policy making at a turning point, Analysing a new generation of national
cybersecurity strategies for the Internet economy. 2012. Organización para la
Cooperación y el Desarrollo Económico (OCDE).
CyberTech Israel (http://www.cybertechisrael.com/).
ENISA (http://www.enisa.es/).
Estrategia de Seguridad Marítima Nacional. 2013. Departamento de Seguridad
Nacional, Presidencia del Gobierno.
Estrategia de Seguridad Nacional. 2013. Presidencia del Gobierno.
Estrategia Española de Ciberseguridad. 2013. Presidencia del Gobierno.
Estrategia Europea de Ciberseguridad. 2012. European Union Agency for Network and
Information Security (ENISA).
Estrategia Regional de Investigación e Innovación para una Especialización Inteligente.
RIS3 de Castilla y León. 2014- 2020. 16 de abril de 2014.
European Association for e-identity and Security EEMA (https://www.eema.org/).
European Network for Cybersecurity (https://www.encs.eu/).
European Public Private Partnership for Resilience (http://www.enisa.europa.eu/).
European Research Council (ERC) (http://erc.europa.eu/).
European Technology Platform on Industrial Safety (http://www.industrialsafety-tp.org/).
Europol (https://www.europol.europa.eu/).
Grupo de Expertos de Alto Nivel de la Agenda Digital para España. Informe de
recomendaciones del Grupo de Expertos de Alto Nivel para la Agenda Digital para
España. 18 de junio de 2012.
Guía rápida Horizonte 2020. Centro para el Desarrollo Tecnológico Industrial (CDTI).
Horizon 2020. Work Programme 2014 – 2015. Leadership in enabling and industrial
technologies. Unión Europea.
Network of excellence on cybersecurity R&D+i
Summary report Page 71 of 81
Horizon 2020. Work Programme 2014 – 2015. Leadership in enabling and industrial
technologies. Information and Communication Technologies. Unión Europea.
Horizon 2020. Work Programme 2014 – 2015. Secure societies – Protecting freedom
and security of Europe and its citizens. Unión Europea.
Horizonte 2020 (http://www.eshorizonte2020.es/).
IETF (https://www.ietf.org/).
II Plan Autonómico de Investigación, Desarrollo y Transferencia de Conocimientos.
Gobierno de Aragón.
III Plan Riojano de I+D+i. 2008-2011. Gobierno de la Rioja.
Information Technology Service Management Forum (http://www.itsmf.es/).
Informe anual 2012. Centro para el Desarrollo Tecnológico Industrial (CDTI).
Informe SISE 2010. Análisis de las convocatorias del Plan Nacional 2008-2011
correspondientes al año 2010. Ministerio de Ciencia e Innovación.
Instituto Nacional de Ciberseguridad (http://www.incibe.es/).
Interactive energy Roadmap (https://www.controlsystemsroadmap.net/).
Interpol (http://www.interpol.int/).
INTERPOL World (http://www.interpol-world.com/).
ISMS Forum Spain (https://www.ismsforum.es/).
IV Plan Regional de Investigación Científica e Innovación Tecnológica 2005-2008.
Comunidad de Madrid.
La ciberseguridad en la Unión Europea. 2014. Henning Wegener-Instituto Español de
Estudios Estratégicos.
La nueva Ley de la Ciencia, la Tecnología y la Innovación. Aspectos relativos a la
propiedad industrial e intelectual. Gonçalves Pereira. Cuatrecasas.
Mando Conjunto de Ciberdefensa de las Fuerzas Armadas (MCCD)
(http://www.emad.mde.es/CIBERDEFENSA/).
Mapa de ruta de la Ciberseguridad Industrial en España 2013–2018. 2013. Centro de
Ciberseguridad Industrial (CCI).
Network of excellence on cybersecurity R&D+i
Summary report Page 72 of 81
Ministerio de Defensa (http://www.defensa.gob.es/).
Ministerio de Economía y Competitividad
(http://www.mineco.gob.es/portal/site/mineco/).
Ministerio de Hacienda (http://www.minhap.gob.es/es-ES/Paginas/Home.aspx).
Ministerio de Industria (http://www.minetur.gob.es/es-ES/Paginas/index.aspx).
Ministerio de Interior (http://www.interior.gob.es/).
Ministerio de Presidencia (http://www.mpr.gob.es/Paginas/index.aspx).
MSP on ICT standardization (https://ec.europa.eu/digital-agenda/en/european-multi-
stakeholder-platform-ict-standardisation).
Network and information Security Public-Private Platform
(http://www.enisa.europa.eu/).
Organización de Naciones Unidas (ONU) (http://www.un.org/es/).
Organización del Tratado del Atlántico Norte (OTAN) (http://www.nato.int/).
Organización para la Cooperación y el Desarrollo Económico (OCDE)
(http://www.oecd.org/centrodemexico/inicio/).
Organización para la Seguridad y la cooperación en Europa (OSCE)
(http://www.osce.org/).
Parlamento Europeo (http://www.europarl.es/).
Plan Andaluz de Investigación, Desarrollo e Innovación 2007-2013. Junta de Andalucía.
Plan Avanza 2 Ministerio de Industria, Turismo y Comercio; Secretaria de Estado de
Telecomunicaciones y Sociedad de la Información.
Plan de actuación 2013 del Plan Estatal de Investigación Científica, Técnica y de
Innovación. 2013–2016.
Plan de Ciencia Tecnología e Innovación 2013-2017. Septiembre de 2013. Principado
de Asturias.
Plan de Ciencia, Tecnología e Innovación 2009-2012. Illes Balears.
Plan de Ciencia, Tecnología e Innovación. 2011-2014. 2011. Región de Murcia.
Network of excellence on cybersecurity R&D+i
Summary report Page 73 of 81
Plan de Confianza en el Ámbito Digital. 2013. Ministerio de Industria, Energía y
Turismo.
Plan de Desarrollo e Innovación del Sector TIC. 2013. Ministerio de Industria, Energía y
Turismo.
Plan de Innovación de 2014 – 2016. Cantabria.
Plan de Internacionalización de Empresas Tecnológicas. Junio 2013. Ministerio de
Industria, Energía y Turismo.
Plan de Investigación e Innovación 2010-2013. Generalitat de Catalunya.
Plan Estatal de Investigación Científica, Técnica y de Innovación. 2013–2016.
Ministerio de Economía y competitividad.
Plan Galego de Investigación, Innovación e Crecemento 2011-2015. Xunta de Galicia.
Plan General Estratégico de Ciencia y Tecnología 2010-2015. Generalitat Valenciana.
Plan Regional de Investigación Científica: Desarrollo Tecnológico e Innovación 2011-
2015. Castilla - La Mancha.
Plataforma Tecnológica Española de Seguridad Industrial (http://www.pesi-
seguridadindustrial.org/).
Plataforma Tecnológica Española de Tecnologías para Seguridad y Confianza
(http://esec.imasdtic.es/).
Proyecto Fire (http://www.trustworthyictonfire.com/).
Proyecto Forward (http://www.ict-forward.eu/).
Red Temática de Criptografía y Seguridad de la Información
(http://www.criptored.upm.es/criptored.htm).
Servicio Europeo de Acción Exterior (EEAS) (http://www.eeas.europa.eu/).
Syssec Network of Excellence (www.syssec-project.eu/).
The 2013 (ISC), Global Information Security Workforce Study. Frost & Sullivan.
The National Energy Sector Cybersecurity Organization (http://www.energysec.org/).
The Networking and Information Technology Research and Development Program
(https://www.nitrd.gov/).
Network of excellence on cybersecurity R&D+i
Summary report Page 74 of 81
Trust In Digital Life (http://www.trustindigitallife.eu/).
V Plan Regional de Investigación, Desarrollo Tecnológico e Innovación 2014 – 2017.
Gobierno de Extremadura.
Network of excellence on cybersecurity R&D+i
Summary report Page 75 of 81
APPENDIX IV AGENTS OF THE CYBERSECURITY R&D+i
ECOSYSTEM IN SPAIN
This appendix displays a list of Spanish ecosystem agents identified during the course of
this study, completing the section of the document [3.1 Map of Stakeholders & Agents].
Public Administrations
Military organisations
Ministry of Defence: Armed Forces Intelligence Centre (CIFAS)
Ministry of Defence: Joint Command of Armed Forces Cyber-defence (MCCD)
Civil organisations
National Security Council: Committee Specialising in Maritime Security
National Security Council: Situation Specialist Committee
Ministry of the Economy and Competitiveness: Centre for Industrial Technological Development (CDTI)
Ministry of Finance and Public Administrations
Ministry of Industry, Energy, and Tourism: ENISA
Ministry of Industry, Energy, and Tourism: Spanish National Cybersecurity Institute (INCIBE)
Ministry of Justice: Spanish Data Protection Agency (AEPD)
Ministry for the Presidency. National Intelligence Centre (CNI): National Cryptological Centre (CCN)
Ministry of the Interior: National Centre for Critical Infrastructure Protection (CNPIC)
Ministry of the Interior: State Security Bodies and Forces
Other autonomous organisations: Autonomous Data Protection Agencies (Madrid, Catalonia and the Basque
Country)
Other autonomous organisations: Departments and Agencies competent in R&D+i
Other autonomous organisations: Autonomous Security Bodies and Forces
Academic Sector
42 universities (Universities registered by the Ministry of Education, Culture, and Sport that work in cybersecurity-
related disciplines)
Network of excellence on cybersecurity R&D+i
Summary report Page 76 of 81
Research group Organisation/Institution
Cryptography and Information Security Research Group (GiCSI) Spanish National Research
Council
Services and Networks Integration Group Polytechnic University School of
Mataró
Telematic Services Engineering Group
Group on Modern Heuristics for the Optimisation and Design of
Communications Networks
Electronic Engineering Group applied to Intelligent Spaces and Transport
Information Engineering Research Unit
University of Alcalá de Henares
Group of the Electronics and Systems Department Alfonso X El Sabio University
High Performance Computing and Networking
Digital System Lab
Autonomous University of
Madrid
Security Group of Information and Communications Technologies
SoftLab
Communications Services and Networks
Identification Technologies University Group
Carlos III University of Madrid
Analysis, Security, and Systems Group
Formal Design and Analysis of Software Systems
Complutense University of
Madrid
Cryptology and Computer Security Group
Networks and Middleware Group
Industrial IT and Computer Networks
University of Alicante
Applied IT Group University of Almería
Management IT
Mobile Communications and Network Design Laboratory University of Cantabria
Alarcos Group
Computer Networks and Architecture
Security Research and Information Systems Auditing Group
High Performance Architecture and Networks
University of Castilla la Mancha
Prinia (Automation and IT Engineering Projects) University of Córdoba
Computer architecture and logical design Group
Advanced Communications and Applied Telematics Engineering Research
Group
University of Extremadura
Telematics and Communications University of Granada
Cryptology Group University of la Laguna
Systems Engineering and Automation Group University of la Rioja
Information and communications systems University of las Palmas de Gran
Canaria
Organisation and Use of Digital Content
Supervision, control, and automation of Industrial Processes University of León
Network of excellence on cybersecurity R&D+i
Summary report Page 77 of 81
Intelligent Management Systems
Knowledge Engineering
Flexible Information Systems
Robotics
Artificial Vision and Pattern Recognition
Engineering of Manufacturing Processes
Advanced Information Systems
Software Engineering Group
Information and Communications Technologies Application Group University of Málaga
Telematics Group
Communications and Signal Theory University of Mondragón
Architecture and Parallel Computing
Intelligent Systems and Telematics
Information and Communications Systems
University of Murcia
Innovation Centre
Multimedia Distributions Systems Group
Algebra, Encrypting, and Cryptography Group
Communications and Signal Theory Group
Communications and Software Engineering Group
Web Engineering Group
Services, New Technologies, and Regional Development Group
Economic Modelling Statistical-Econometrics Techniques Group
Telecommunications Research Thematic Association
Cryptography, IT Security, and Auditing of Information Systems
University Institute of Industrial Technology of Asturias
University of Oviedo
Biomedicine, Intelligent IT Systems, and Educational Technology Group
Cryptography, Information Security, and Discrete Mathematics University of Salamanca
QUIVIR Group University of Seville
Languages, IT Systems, and Computer Assisted Learning Team University of Vigo
Communications Technology Group.
Computer and Neural Networks Vision Group
Discrete Events Systems Engineering Group
Robotics, Perception and Real Time Group
Group of Distributed Information Systems
University of Zaragoza
NQAS Group
I2T Group
Computer Networks
Research Group in Applied Electronics
University of the Basque
Country/Euskal Herriko
Unibertsitatea
DEUSTEK2
D4K - Deusto for Knowledge Deusto University
Intelligent Systems Research Group European University of Madrid
Network of excellence on cybersecurity R&D+i
Summary report Page 78 of 81
Mobile and Wireless Communications Technologies Systems Structure Miguel Hernández University of
Elche
Systems and Software Engineering National Distance Education
University
Analysis and Development of Electrical Energy Systems
Division of Systems and Electronic Engineering
Telematics Engineering
Polytechnic University of
Cartagena
Telematics Systems for the Information Society and Knowledge Group
Cryptology laboratory Group
Telecommunication and Internet Networks and Services Group
Integrated Systems laboratory Group
Information and Communications Technology Research Group
Next Generation Internet
Processes Improvement and Security
Communications and Signal Automation
Next Generation Internet
Telecommunication and Internet Networks and Services
Microwave Group
Privacy and Security in Information Systems Group
Polytechnic University of
Madrid
IT Systems Comillas Pontifical University
Networks, Systems, and Telematics Services Group Public University of Navarra
Group of the Information and Communications Engineering Department Autonomous University of
Barcelona
Communications and Distributed Systems University of Girona
Telematics Engineering
Software Processes Improvement Group
Security and Electronic Commerce
University of the Balearic
Islands
Cryptography and Graphs University of Lleida
K-ryptography and Information Security for Open Networks
Privacy and IP Protection Open University of Catalonia
Network Security Group
Networks of Computers and Distributed Systems
Mathematics Applied to Cryptography
Telematics Services
Polytechnic University of
Catalonia
Computer Networks Group
INGENIO
Polytechnic University of
Valencia
Wireless Communications
Research Group in Telecommunications Technologies and Strategies
Networks and Communications Research Group
Pompeu Fabra University
CRISES Group Rovira i Virgili University
Network of excellence on cybersecurity R&D+i
Summary report Page 79 of 81
Research Centres
Research Centre for Technological Risk Management (CIGTR)
Vicomtech-IK4 Research Centre
Research Centre: Tecnalia
Spanish National Research Council (CSIC)
R&D+i Support Organisations
Technological Centres: Gradiant
Technological Centres: Tecnalia
Research results transference offices (OTRI). An office has been inventoried in each of the 42 universities identified
as universities related to cybersecurity. The OTRI Spanish National Research Council (CSIC) are added to the latter.
Industry
Business associations
Cybersecurity AEI
Innovative Business Groups (AEI)
Spanish Association of Defence, Aeronautical and Space Technological Companies (TEDAE)
National Association of Cybersecurity and Technological Expertise (ANCITE)
Association for the Protection of Critical Infrastructure (APIC)
Basque Information Security and Privacy Association (Pribatua)
Spanish Confederation of Information and Communications Technology and Electronics Businesses (Conectic)
No cON Name
Certifying organisations
European Committee for Electrotechnical Standarization (CENELEC)
European Committee for Standarization (CEN)
European Telecommunications Standards Institute (ETSI)
Network of excellence on cybersecurity R&D+i
Summary report Page 80 of 81
APPENDIX V COLLABORATIVE NETWORKS ANALYSED
This section provides a list of the collaborative networks analysed in this study:
National collaborative networks
o Spanish technological platform for security and trust (esec-ametic)
o Spanish Technological Platform of Industrial Security (PESI)
o Industrial Cybersecurity Centre (CCI)
o ISMS Forum Spain
o Cryptography and information security thematic network (Criptored)
o Information Technology Service Management Forum (ISMF Forum)
European collaborative networks
o SysSec Network of Excellence
o European Public Private Partnership for Resilience
o Cybercrime Centres of Excellence Network for Training Research and
Education
o Trust in Digital Life
o European Network for Cybersecurity
International collaborative networks
o The Networking and Information Technology Research and Development
Program (NITRD)
o The National Energy Sector Cybersecurity Organization (EnergySec)
o Interactivity energy Roadmap (ieRoadmap)
o The Open Web Application Security Project (OWASP)