The IDUNN project, lays the foundations to face the new EU Cybersecurity Act

This text introduces common cybersecurity standards for connected devices

  • The European Commission has published the first draft, which aims to establish a common cybersecurity regulation for digital products and associated services marketed in the EU and will be the world’s first ‘Internet of Things’ or IoT legislation.
  • One of the modules developed under the IDUNN project will help to address this new regulation.
  • Led by Ikerlan, the European project started last year with a budget of more than €5M with the aim of making all components with embedded software in the industry cybersecure.
  • Also participating are: S21Sec Group, Fagor Arrasate, the GAIA Cluster, University of Oulu, Bittium, Mondragon Assembly, Offis, DIN, Cosynth and Mondragon Goi Eskola Politeknikoa being partners from Spain, France, Finland and Germany.


19th of December.- With a budget of more than €5M and a duration of three years, the IDUNN project, led by the Basque technology center IKERLAN, aims to create a cognitive detection system (artificial intelligence application that ‘learns’ on its own to interpret new external attacks), which analyzes and deals with new cyberthreats.  Its aim is therefore to make the operational technologies present in the industrial sector resistant to cyber-attacks today and in the future.

 This is a leading project in the European industrial field. Its partners believe that it will have a crucial impact on the productivity of any industry by being able to make use of secure ICT chains. The consortium now announces that, in addition, one of the modules developed within the framework of IDUNN will help companies to face the vulnerability analysis requirements that the new European Cyber-Resilience Law will bring.

The European Commission has already published a first draft of this law that will establish common cybersecurity standards for digital products and associated services marketed in the EU. The next steps will be the passage of the regulation through the European Parliament and the Council, which will examine, debate and propose amendments. Once approved, the regulation will be implemented in two phases.

From the IDUNN project, they remind that as different economic sectors have become more dependent on digital technologies in the execution of their business, the opportunities provided by digital connectivity also expose economies to cyber threats.

Given this reality, the number, complexity, scale and impact of cybersecurity events are also growing. “When everything is connected, a cybersecurity incident can affect an entire system, disrupting many economic and social activities. The Cyber Resilience Act introduces rules to protect digital products that are not covered by any previous regulations. In this way, it will be the first legislation (‘Internet of Things or IoT) in the world”, remind the entities participating in IDUNN.

It should be noted that hardware and software products are increasingly the target of cyber-attacks, which has led to an estimated global annual cost of cybercrime of 5.5 trillion euros by 2021.


How will IDUNN help to face this new European law?

According to the consortium, IDUNN will help to meet the needs of the new European Cyber Resilience Law thanks to the pioneering developments being carried out within the project. More specifically, progress will be made on an application of a detection system resulting from a collection of microservices that process in real time the set of abnormal and suspicious activities in the network of industrial environments with the aim of detecting incidents or threats.

“This application will perform automated detection. The vulnerabilities identified will be classified, based on their severity, so that a risk assessment and reporting can then be performed. For example, the detection system will detect the assets that could be affected by a possible attack and their level of criticality,” they explain.

Recently, project partners met in Oulu to discuss the evolution of the project and the progress of the different modules, with the participation of representatives of all the project participants.