Deliverables

R2.1.1 PESTLE Analysis results (Public – Download this PDF)

Improving the availability and quality of cybersecurity education plays a fundamental role in addressing the current global cybersecurity skills shortage and the demand for cybersecurity professionals. Despite these pressing needs, the reasons for the inability of academia to produce enough graduates with the skills needed at the cybersecurity industry level are still not well understood. We used a PESTLE analysis to explore the factors impacting cybersecurity education from 6 different angles, i.e., Political, Economic, Social, Technological, Legal, and Environmental. In our analysis, 31 different factors affecting cybersecurity education and skills development were revealed. These factors were collected from a European- and Country-level point of view. It is important to notice that this analysis highlights areas that should be addressed in the future. 

R2.2.1 Stakeholder database (Confidential)

The Stakeholders Database (SDB) document aims to assemble a curated dataset about the key project stakeholders, since the REWIRE project relies on incremental collaboration and communication with its relevant stakeholders in the consortium countries and Europe generally. The SDB contains structured information about organizations and individuals operating at local, regional national and European levels which can provide required and necessary insights and inputs for the implementation of multiple REWIRE tasks. The Stakeholders Database was developed in a joint effort with the WP7 team, by requesting the REWIRE consortium partners to update the existing database entries with additional information on existing stakeholders, as well as to add additional stakeholders to use as a base for research in Task 2.2 Skills Needs Analysis.

R2.2.2 Cybersecurity Skills Needs Analysis (Public – Download the PDF)

Finding a scalable methodology for identifying cyber security skills needs is challenging due to a lack of reliable sources of direct information and a lack of a unified terminology across different industry sectors. The R 2.2.2 Cybersecurity Skills Needs Analysis approach relies on creating a data set of job advertisements labelled by the set of skills that the individual job advertisements seek for. The labelled data set was used for training a natural language processing (NLP) machine learning model to be able to predict what skills a particular job ad is seeking. The developed methodology was tested on a set of job advertisements collected from online job ad portals and found that the NLP model has a sufficiently high accuracy for making it a good candidate for automated skills needs analysis. 

R2.2.3 Methodology to anticipate future needs (Public – Download the PDF)

The R 2.2.3 Methodology to Anticipate Future Needs document describes the insights of pilot projects and other valuable sources and methodology applied, giving an overview and proposal of the most valuable methodological approaches. Facing the tremendous speed of new technology development and worrying increase in the number of cyberattacks, it is essential to include and evaluate all possible factors that could contribute to the creation of a long-lasting methodology. However, one of the main challenges missing is a unified cybersecurity skills framework. Having a shared vision is essential to develop long-lasting model and methodology to forecast future cybersecurity skills needs. Combining previous work with a newly created stakeholder survey and automated job ads analysis based on machine learning, methodology for anticipating future needs will also be adjusted to reflect actual market needs.

R2.3.1 Cybersecurity Skills Strategy (Public – Download the PDF)

The R 2.3.1 Cybersecurity Skills Strategy document aims to define strategic directions and action items required for achieving key strategic objectives in order to address skills demand and foster supply in the cybersecurity field. It was developed considering the results of the PESTLE Analysis, the Cybersecurity Skills Needs Analysis, and the preliminary results of the Methodology to Anticipate Future Needs. In the Cybersecurity Skills Strategy, three strategic priorities were defined and the goal is to address all three by seeing them as closely interrelated and dependent on each other. Achieving all three strategic priorities ensures an increase of awareness and attraction of potential cybersecurity talents and guiding them forward and meeting market needs that are expressed using simple and relevant taxonomy. 

R3.1.1 Governance model for the organization (Confidential)

This deliverable studies the different possibilities for establishing the governance of a European cybersecurity skills framework, based on the existing examples of previous organizations.

R3.1.2 Governance processes and procedures (Confidential)

This deliverable describes the processes and procedures that would enable a sustainable operation of the organization.

R3.2.1 European Cybersecurity Blueprint (Public) – Download the PDF

This deliverable describes a European Cybersecurity Blueprint, aiming at stimulating cybersecurity education in Europe. It covers all elements of cybersecurity education that are considered relevant by the REWIRE project. The first element is a skills framework, describing the various job profiles, skills and knowledge relevant for cybersecurity, in an organized manner, and building upon already existing work (ENISA ECSF, ESCO, and output from the pilot projects). The second element is a study of the attractiveness of the cybersecurity sector, describing an analysis of the cybersecurity job market and the demand for cybersecurity professionals. The third element is an analysis of tools for skills identification, enabling interested parties to provide better job descriptions and courses descriptions. The fourth element is an analysis of tools for skills development, identifying courses and programs for acquiring skills and knowledge, as well as career pathways to enable skills development over time. The blueprint concludes with an analysis of a governance framework, describing how such a cybersecurity skills framework could be maintained in the long term for the benefit of the European community.

R3.3.1 Cybersecurity skills Framework (Public) – Download the PDF

This deliverable presents the REWIRE Cybersecurity Skills Framework, drawing on ENISA skills framework version 2 (draft version 0.5), considering the classification of European Skills, Competences, Qualifications and Occupations (ESCO) and other existing competence frameworks.

R3.4.1 Mapping the framework to existing courses and schemes (Public) – Download the PDF

This deliverable deals with the mapping of existing cybersecurity training courses, universities curricula, and certification schemes to the ENISA cybersecurity framework. To make the mapping possible, REWIRE groups are introduced that also allow a better understanding and analysis of the ENISA framework. Moreover, a new web application, namely the Curricula Profiler, is proposed since provides an easier and more user-friendly mapping of skills and existing courses than a Portable Document Format (PDF) report.

R3.5.1 Cybersecurity career pathway analysis (Public) – Download the PDF

This deliverable contains the results of the analysis of the 12 role profiles that fed into the European Cybersecurity Skills Framework, with the aim to identify the interconnections between them. The interconnections and relationships between the roles is a crucial step for the development of the career pathways or career propagation paths.

R3.6.1 European Cybersecurity Blueprint v2 (Public)

R3.6.1 European Cybersecurity Blueprint v3 (Public)

R4.1.1 Cyberrange Establishment methodology and roadmap (Public – Download the PDF)

This deliverable aims at providing the infrastructure and expert knowledge for activities utilizing Cyber Ranges and provide the trainings and relevant certification schemes on selected occupational profiles (from the R3.3.1 – Cybersecurity Skills Framework). Its goal is to create the REWIRE Cyber Range platform for the design, exchange and implementation of cyber-exercises for different levels and profiles considering the skills to be acquired. It includes an analysis of the existing Cyber Ranges for educational purposes considering their taxonomy and architectures. Related Use cases have been also analysed; a selection of the capabilities required for the REWIRE Cyber Range; and a detailed specification of the REWIRE Cyber Range platform and the roadmap associated to its deployment.

R4.1.2 REWIRE Cyberrange (Public – Download the PDF)

This deliverable briefly covers components of the deployed REWIRE Cyber Range Platform and provides access descriptions and links for the platform’s general documentation that is publicly accessible in a GIT repository. The REWIRE Cyber Range Platform will be used for the hands-on exercises in REWIRE courses. The REWIRE CRP will be accessible by students through the REWIRE Virtual Learning Environment, where the exercises will be launched

R4.2.1 REWIRE Curricula and Training Framework (Public)

R4.2.2 Training courses material (Public)

R4.2.3 Training courses material suitable for VOOC delivery (Public)

R4.3.1 REWIRE Cyber range scenario development framework (Public – Download the PDF)

Several approaches exist for creating hands-on exercises to achieve learning goals. This document focuses on defining basic knowledge for scenario-based learning in cyber ranges and defines a scenario design process and its implementation in the KYPO Cyber Range Platform (CRP). Moreover, the document describes the open content and web-based Scenario Sharing Platform where cybersecurity scenarios and exercises can be shared.

R4.3.2 REWIRE Scenario Sharing Platform (Public)

R4.4.1 Technical Specifications for the REWIRE VLE (Public – Download the PDF)

The REWIRE VLE will act as the main point for delivering the project’s training activities in the form of VOOCs. It will be based on the already deployed WordPress technology and will expand the REWIRE website with LMS functionalities. This deliverable presents the technical and contextual requirements for the REWIRE VLE, which will host the REWIRE VOOCs.

R4.4.2 REWIRE VLE (Public)

R4.5.1 Results of the 1st Cybersecurity VOOCs delivery (Public)

R4.5.2 Results of the 2nd Cybersecurity VOOCs delivery (Public)

R4.6.1 Cybersecurity Skills Certification Scheme Core (Public)

R4.6.2 Cybersecurity Skills Qualification Standards (Public)

R4.6.3 Cybersecurity Skills Certification Scheme Examination material (Public)

R4.6.4 Cybersecurity Skills Certificates (Confidential)

R4.6.5 Cybersecurity Skills Assessment Recommendation (Public – Download the PDF)

This deliverable, presents the developments and theoretical information regarding Cybersecurity skills assessment, builds on the information extracted from the CONCORDIA project and identifies the different assessment methods for cybersecurity knowledge and skills. The information contained within this recommendation, will be used as input in the following activities of the REWIRE project for Cybersecurity Skills Certification.

R5.1.1 CyberABILITY platform (Public)

R5.2.1 Annual Cybersecurity Skills Trends Reports (Public)

The Annual Cybersecurity Skills Trends Reports aim to provide insights into the demand and supply of skills in Member State and EU level, trends, mobility of skills, emerging new skills and systematic gaps that require broader action.

R5.2.1 Annual Cybersecurity Skills Trends Report I – Download the PDF

The first part of the report addresses the issue of cybersecurity skills gaps. The skills gap analysis is essential for detecting inadequacies of cybersecurity specialist’s competencies. The results of the REWIRE stakeholder survey are presented in this report identifying the main deficiencies in cybersecurity skills. As a second step, the results of Concordia, SPARTA, CYBERSec4Europe and ECHO pilot projects’ analysis are included to present different perspectives on emerging cybersecurity skills. The second part of the report addresses the main cybersecurity threats trends identified over the reporting period. To identify the threats trends and cybersecurity risk management practices, several projects have been commissioned by various countries, e. g. New Zealand, Australia, United Kingdom and regional organizations like ENISA. Contemporary cybersecurity risk management practices are driven by compliance requirements, which force organizations to focus on security controls and vulnerabilities. Using the ENISA report as a guide, the report focuses on the threat lifecycle, the various parties involved, and the skills needed at each stage to mitigate the threat. Due to a lack of threat analysis and threat driven skills management, the most impactful threats and vulnerabilities are not properly tackled.

R5.3. REWIRE Fiches (Public)

The REWIRE Fiches aim to underpin and illustrate the REWIRE strategy by identifying, documenting, and promoting concrete best and good practices at national and regional level with the objective of addressing skills shortages and mismatches as well as fostering multi-stakeholder partnerships in the field of cybersecurity. The REWIRE Fiches will be made up of a series of fiches presented every six months. To carry out the REWIRE Fiches and achieve its objective, a wide range of initiatives or actions aimed at addressing the cybersecurity skills gap and shortage has been identified so that a much broader spectrum has been obtained. The next steps will consist of deepening the analysis of all the collected initiatives and developing a method to evaluate which of them meet the requirements of being considered an example of best or good practice. 

• R5.3.1 REWIRE Fiche I – Download the PDF
• R5.3.1 REWIRE Fiche II – Download the PDF

R5.4. Policy Recommendations (Public)

The Policy Recommendations will be composed of different Policy Briefs presented every six months. Each of these Policy Briefs will aim at conveying the implications of project outputs for policy and practice. The content of the different Policy Briefs will cover the main areas that need to be addressed in the future, such as the European Cybersecurity Skills Framework, the lack of cooperation among stakeholders or the lack of awareness of cybersecurity risks. The purpose will be to implement the solutions of the European Cybersecurity Blueprint proposed through WP3 by facilitating its implementation and making policy recommendations on the different topics to be dealt with. 

• R5.4.1 – REWIRE Policy Recommendation I – Download the PDF
• R5.4.2 – REWIRE Policy Recommendation II – Download the PDF

R5.5.1 Cybersecurity SSA Network building/Campaign (Public)

R5.5.2 Cybersecurity SSA Network building/Campaign Assessment Report (Public)

R5.6.1 National Cybersecurity Events List (Public)

R5.6.2 REWIRE National Endorsement Events (Public)

R5.7.1 Action Plan for the Blueprint sustainability (Public)

R6.1 Quality Assurance Plan (Confidential)

The QA plan contains the evaluation methods and procedures that will be applied during the REWIRE project for assessing and improving the project process, impact and deliverables.

R6.2 Quality Assurance Reports (Confidential)

Short reports are prepared by the Quality Assurance Committee to be presented before each project meeting (i.e. every 8 months months) to the Management Board. The reports contain findings and recommendations for the improvement of the project implementation.

R6.3 Impact Evaluation Reports (Public)

The Impact Evaluation Reports summarize the major achievements of the REWIRE project and discuss whether the project objectives had been met.

• Download IE Report No.1
• Download IE Report No. 2

R7.1 Stakeholders Analysis (Confidential)

The Stakeholder Analysis document was aimed to identify and develop a comprehensive map of all stakeholders that have either a direct or indirect interest, influence, and impact, at local, regional, national, and European levels. This analysis is used to inform the communication, dissemination and exploitations plans and strategies, allowing the development of tailored approaches based on the stakeholders’ level of influence and importance. This report focuses on those categories of stakeholders considered as the most relevant in the field of Cybersecurity, based on the project goals and objectives, namely: End Users-ICT Professionals; VET providers & Networks; Academia/ Research Institutes; Industrial/ Sectorial partners/Companies/Industry Associations; Certification & Standardization Bodies; Governments/ Authorities/ Policymakers. 

R7.2 Targeting key policymakers (Confidential)

The main objective of the Targeting Key Policymakers document was to develop a map of the key policy makers that have either a direct or indirect interest, influence, and impact in the REWIRE project and to determine these levels of influence and importance in order to inform the dissemination and exploitation strategies and plans. The mapping will also be used in Task 5.4 related to policy recommendations targeting the entities and individuals mapped. It consisted in a three-fold process, namely: (1) mapping stakeholders broadly speaking, i.e. policy makers involved in decision-making processes related to either education and training or cybersecurity; (2) identifying level of importance and influence, and (3) analysis of the information collected and distribution of stakeholders in 4 different groups, based on the level of influence and importance.  

R7.3 Dissemination Plan (Confidential)

The aim of the Dissemination plan is to establish and run the highest possible visibility and communication infrastructure of the project. The dissemination activities, which have been planned based on an initial dissemination roadmap are structured in a way that serves this objective. In all stages of the project (beginning of the project, design of the European Cybersecurity Blueprint, Blueprint Toolbox – Tools, end of the project and after the implementation of it), primary, secondary and key stakeholders will be reached out through communication material and channels (logos that have been created; website that is linked to the social media pages of the REWIRE project; websites and social media of partners which will be used as a communicator; newsletters; flyers; posters; banners; fiches; policy recommendations; networking and synergies with all types of stakeholders).  

R7.4 REWIRE website (Public – Website link)

The REWIRE Website embeds all important sections such as a homepage, project description and its objectives, results with a download option for the public deliverables, and partners’ section with a link to the website page of each one, blueprint, training (cyber range, online courses, certification), cyberABILITY, a media corner with the portfolio of dissemination material, news with a subsection for the newsletters, and contact with details of the coordinator and the general email address. The page includes the privacy policy according to the DGPR regulations and cookies policy. The REWIRE Website abides by the Web Content Accessibility Guidelines (WCAG) 2.0 in order to be accessible by disabled people and other stakeholders. Finally, the project website is linked to the social media pages of the REWIRE project, namely Facebook, Twitter, LinkedIn, and YouTube. 

R7.5 Portfolio of dissemination material (Public – Media corner)

The REWIRE dissemination portfolio includes a brochure, a poster, a banner, templates for short articles about the project and the finalised deliverables in MS Word format together with the template for short presentations in MS PowerPoint format to be used for dissemination at project meetings, events, conferences, etc. The different templates and graphic designed documents are created in such a way that the content could be easily translatable in all EU languages. They have originally been created in English and consequently translated in German and French so that they are available in all EU official languages (EN, FR, DE). Following a first version of the flyer created at the beginning of the project implementation stating its objectives and foreseen activities, a new one will be created in a second stage at the end of the project implementation stating its results. 

R7.6 REWIRE International conference (Public)

R7.7 Exploitation Plan (Confidential)