network of excellence on cybersecurity r&d+i · scientific-technological areas in which...

Author INCIBE

This study has been elaborated with the collaboration of several agents who represent the

national cybersecurity research & innovation ecosystem. [Appendix I STUDY

PARTICIPANTS] contains a complete list of the organisations and their representatives

who collaborated in the study.

May 2015

This publication belongs to INCIBE (Spanish National Cybersecurity Institute) and is subject to a Creative Commons Attribution-

NonCommercial 3.0 Spain licence. As such, the copying, distribution, and public communication of this study is permitted under the following

conditions:

• Attribution. The content of this report may be fully or partially reproduced by third parties, provided that they cite its origin and

make express reference to INCIBE or CERTSI and its website: http://www.incibe.es. This attribution shall, under no circumstance, indicate that

INCIBE supports this third party or supports the use that it makes of its study.

• Non-commercial Use. The original material and the studies deriving therefrom may be distributed, copied, and exhibited, provided

that their use is not for commercial purposes.

When re-using or distributing the study, the terms of the licence of this study must be made clear. Some of these terms may be waived if

permission is obtained from CERTSI as the copyright owner. Complete licence text: http://creativecommons.org/licenses/by-nc-sa/3.0/es/

http://creativecommons.org/licenses/by-nc-sa/3.0/es/

Network of excellence on cybersecurity R&D+i

Summary report of 81

TABLE OF CONTENTS

1 BACKGROUND AND MOTIVATION .............................................................................. 5

1.1 Context and study objective ........................................................................................ 5

1.2 Structure ...................................................................................................................... 6

1.3 Main conclusions ......................................................................................................... 6

2 ANALYSIS FRAMEWORK ........................................................................................... 13

2.1 Analysis model ........................................................................................................... 13

2.2 Methodology .............................................................................................................. 13

2.3 Initial considerations .................................................................................................. 15

3 COMPETITIVE POSITIONING OF THE CYBERSECURITY RESEARCH & INNOVACION

ECOSYSTEM ................................................................................................................ 17

3.1 Map of Stakeholders & Agents .................................................................................. 17

3.2 Analysis of the institutional, legal, and economic context ........................................ 19

3.3 Characterisation of the cybersecurity research & innovation ecosystem ................ 21

3.3.1 Resources ............................................................................................................ 21

3.3.2 R&D+i value creation model ............................................................................... 24

3.3.3 Results ................................................................................................................. 27

3.4 Cybersecurity research & innovation ecosystem relationship model ....................... 28

3.4.1 Main national collaborative models or networks ............................................... 28

3.4.2 Main international collaboration models or networks ....................................... 30

3.5 Factors limiting cybersecurity R&D+i competitiveness ............................................. 31

3.5.1 General and structural weaknesses and obstacles ............................................. 32

3.5.2 Specific cybersecurity weaknesses and obstacles .............................................. 32

3.5.3 Conclusions ......................................................................................................... 33

3.6 SWOT analysis of the cybersecurity research & innovation ecosystem .................... 35

3.7 Action plan for the increase in the cybersecurity research & innovation ecosystem’s

competitiveness ............................................................................................................... 37

4 OPPORTUNITY ANALYSIS AND SWOT OF THE CREATION OF A NETWORK of excellence

ON CYBERSECURITY R&D+i ......................................................................................... 42

4.1 Opportunity Analysis.................................................................................................. 42

4.2 SWOT.......................................................................................................................... 42

5 NETWORK OF EXCELLENCE MODEL ALTERNATIVES ................................................... 44

5.1 Multicriteria assessment of the Excellence network model alternatives ................. 46

5.2 Presentation and validation of alternatives with the interested parties .................. 47

6 MODELLING THE NETWORK ..................................................................................... 49

6.1 Strategic formulation of the network ........................................................................ 52

6.1.1 Mission, vision, and values .................................................................................. 52

6.1.2 Strategic objectives, action lines, and measures ................................................ 54

6.2 Strategic alignment with the Cybersecurity Cluster in Spain project ........................ 55

7 ACTION PLAN: short-, medium-, and long-term actions roadmap ............................. 57



7.1 Phase 0: Collaborative definition ............................................................................... 57

7.2 Phase 1: Starting the pilot programme...................................................................... 58

7.3 Phase 2: Deployment ................................................................................................. 59

7.4 Phase 3: Stabilisation ................................................................................................. 59

7.5 Cross-disciplinary phase: Management of the implementation ............................... 59

7.6 Action Plan Schedule ................................................................................................. 60

APPENDIX I STUDY PARTICIPANTS .............................................................................. 61

AI.1 INTERVIEWS .......................................................................................................... 61

AI.2 QUESTIONNAIRES ................................................................................................. 62

AI.3 PARTICIPANTS IN THE Focus GroupS .................................................................... 65

AI.3.1 FIRST Focus Group ......................................................................................... 65

AI.3.2 SECOND Focus Group .................................................................................... 65

APPENDIX II STRATEGIC LINES OF ACTION AND MEASURES ......................................... 66

APPENDIX III DOCUMENT SOURCES CONSULTED ......................................................... 69

APPENDIX IV AGENTS OF THE CYBERSECURITY R&D+i ECOSYSTEM IN SPAIN ............... 75

APPENDIX V COLLABORATIVE NETWORKS ANALYSED ................................................. 80



1 BACKGROUND AND MOTIVATION

1.1 Context and study objective

The Spanish National Cybersecurity Institute (INCIBE) is an organisation dependent on the

Ministry of Industry, Energy, and Tourism (MINETUR), through the State Department of

Telecommunications and for the Information Society (SETSI), and it is the benchmark

institution with regard to the development of cybersecurity, and of digital trust for the

general public, for RedIRIS (the Spanish academic and research network), and for

businesses, especially sectors of strategic importance..

In the framework of the Trust in the Digital Domain, which is part of the Digital Agenda

for Spain, INCIBE has driven the elaboration of the “feasibility study and design of a

network of centres of excellence in cybersecurity R&D+i”.

The objective of this study is to understand the context and dynamics through which

cybersecurity R&D+i is conducted in Spain, in order to determine the suitability and

relevance of the creation of a network of centres of excellence in cybersecurity R&D+i.

The future network would be aimed at overcoming the fragmentation of research,

combining the critical mass of the best scientific and technological capacities, assets and

talents, thus promoting an improvement in the competitiveness of the Spanish R&D+i

cybersecurity ecosystem.

This document presents a summary of the main results obtained after the study has been

carried out.

The study has been carried out with a participative, collaborative, and consensual

approach.

The characterisation of an ecosystem such as the cybersecurity one, which is very

complex and diverse, would not make sense without considering the vision, experience,

and opinion of its agents, who really know the dynamics and capacities of the ecosystem

itself, and its deficiencies, weaknesses, and issues. As such, the study has been carried out

with the participation and “intelligence” of the ecosystem as its driving force.

A group of representative agents belonging to the four main types of organisations that

form any ecosystem of this type, has collaborated in the study: Public Administration,

Academia, R&D+i Support Organisations and Industry. These agents have contributed

providing their vision on the current state of the ecosystem, and the issues and challenges

that cybersecurity faces.

The study reflects the “global intelligence”, materialised in the visions and opinions with

general consensus and majority backing from participants in the study. As such, the

representativeness of the results obtained has been ensured.



This “Intelligence” has actively participated throughout the study, not only in the

identification of the state of the art in cybersecurity R&D+i and the challenges that our

country must address to improve its positioning, but also in the identification, validation,

and agreed definition of the basic premises and the mission that should guide the

creation of the future Network of Excellence, as well as the objectives that would be

included in its agenda.

1.2 Structure

The contents of this document have been structured in accordance with the logic

followed during the execution of the study:

Firstly, it is presented in an executive summary way, the main conclusions, in terms of

positioning of the cybersecurity research & innovation ecosystem and the challenges that

must be addressed, the feasibility of the creation of a Network of Excellence, and the

strategic elements that should guide its creation and activity.

The [ANALYSIS FRAMEWORK] section illustrates the methodology that guided the

preparation of the study. The main results of the analysis and assessment of the

ecosystem, in terms of resources available, value production dynamics, and results

obtained are displayed below. This analysis is complemented with the state of the art in

terms of the collaboration dynamics and models present in the ecosystem.

As a result of that analysis and assessment, it is discussed the main constraints and

challenges that the ecosystem must face to improve its competitiveness, as well as a

proposed action plan to address this improvement.

This cybersecurity R&D+i ecosystem shaping allows to advance towards the next step, to

determine the suitability and feasibility of establishing a Network of Excellence,

promoting a leap forward in the value production and results of the ecosystem.

Main network model alternatives that respond to the challenges posed are presented,

collaboratively considered to be the most feasible and suitable for the future network.

The study concludes with the strategic characterisation of the network (mission, values

and strategic goals) and an action plan for the implementation of its activities over the

coming years.

As additional information, the study includes appendices detailing the study participants,

the documentary sources consulted, a look at the map of R&D+i agents in cybersecurity in

Spain, and the details of the collaborative models analysed.

1.3 Main conclusions

The opportunity: positioning Spanish R&D+i on the global stage

In general, and taking into account the limitations in terms of quantifying cybersecurity, it

should be highlighted that Spain does not have a clear R&D+i positioning at an



international level, and it is not considered one of the “best in class” in any of the

scientific-technological areas in which cybersecurity could be included1.

Our country is behind other European countries, which is evidence of a major

technological gap both in research and transference. The differentiating factors of the

leading countries (the United States, Israel, and the United Kingdom) are policies and

clear research focal points, as well as medium- and long-term investment in R&D+i, which

allows the maturation necessary for obtaining returns. This gap also exists in Europe,

where Spain is behind countries such as France, Germany, and the Netherlands.

In our ecosystem, a series of limitations explain this weak positioning and shape an

environment that does not allow us to position ourselves amongst the world leaders in

cybersecurity.

Many challenges ahead

Our ecosystem must overcome these limitations (challenges) and address the

improvement of its competitiveness and results. These challenges, which are profoundly

important and have a major impact, along with the dearth of networks and collaboration

models in cybersecurity R&D+i, constitute an opportunity and explain the need to create

a Network of Excellence which, through the connection, pooling, and exploitation of

assets, responds to these challenges.

The network would undoubtedly play a key role in the future of the ecosystem, and it will

allow the first steps to be taken towards a more cohesive and united ecosystem with

greater synergy, resulting in higher levels of R&D+i.

Many of these challenges are related to the structural and circumstantial weaknesses of

the Science and Technology System, which, in the last few years, have not accompanied

the driving forwards of such a strategic and critical sector; on one hand, the financial crisis

has resulted in a restriction of the budget appropriation in R&D+i, which has obviously

affected cybersecurity; on the other hand, the structural weaknesses of the Science and

Technology System and cultural factors (risk aversion, poor collaboration culture) slow

down R&D+i in our country.

Likewise, there are also specific R&D+i challenges in cybersecurity, since many elements

still need to be developed in our country. The State must establish a focus or a clear

strategy with regard to the priorities from which R&D+i can be constructed, reverse the

budgetary shortage trend, and develop a more extensive internal market, through a

greater drive in the demand for cybersecurity solutions, mainly by the Public

Administrations and the State.

1 In the framework of the study, the following have been identified as large groups of scientific-technological areas: research, mobility, hardware, cyber-defence/cyber-attack, secure coding, and procedures/operations.



Making the most of the momentum created, and developing the ecosystem’s capacities

to enter a new stage of cybersecurity in Spain

However, the major capacities of our country in R&D+i, the awareness that the ecosystem

agents have about the need to tackle the challenges, along with a great willingness on the

part of the latter to get involved on a new stage for R&D+i in cybersecurity, favour the

ecosystem, since they are fuel that will allow a step to be taken towards a new stage.

This willingness of the ecosystem to develop the new generation of cybersecurity must be

accompanied by the changes and actions that the Public Administration, in its role as

facilitator and promoter, must take without fail for this step forward to become a reality.

Elements such as the development of strategies with specific focal points, the establishing

of a specific R&D+i Agenda, positioning in the European Union, and the necessary

development in regulations or certifications, are part of the contextual conditions that

this change requires.

In addition, for a “winning solution”, it is necessary to take this challenge seriously, with

clear commitments and well-defined budgets, far from theoretical proposals and

statements of intent that do not produce tangible and real results.

A brief review of the state of the art of R&D+i in cybersecurity

The current R&D+i situation in cybersecurity will allow us to outline the challenges faced

by the ecosystem, in which the network will play a key role.

A dynamic sector with many opportunities

The cybersecurity sector presents many opportunities, with some factors standing out,

such as:

The increase in the number, type and sophistication of the threats.

The greater number of vulnerabilities, due to the increasingly widespread use of

technology (particularly mobile technology and cloud solutions).

A growing awareness of organisations and consumers about security risks.

Regulations, which impose obligations regarding the protection of personal data,

and information, and the infrastructure that supports it.

A regulatory framework that has taken the first steps, but which must set the focus

points and priorities

Cybersecurity is a key issue on the Spanish governmental agenda; the Government of

Spain aligns itself with the issues raised by the European Union (Cybersecurity Strategy of



the European Union), establishing a series of strategies with commitments regarding

cybercrime, public administration security and cyber-defence2.

Despite these strategies being an important step forward, they are high-level proposals

that result in statements of intent which define the problem and provide general

solutions, but they must be specific and well-grounded.

The absence of thematic focal points or priorities in these strategies is particularly

remarkable. The agents taking part in the study consider that a clear development of

R&D+i in cybersecurity is necessary, with a focus and funding, setting out the priorities

and the “path” to follow, in order that the ecosystem may point in the direction

established. Many agents who participated in the study are calling for the creation of a

cybersecurity R&D+i - specific programme or agenda.

The legislation in force at the date of this study is marked by the development of specific

regulatory aspects, although, as with the case of the strategies, there is still a long way to

go. In the future, It should be expected the regulatory framework to become a much

broader element as cybersecurity policies are created.

An ecosystem with a broad capacity to generate more value

Our ecosystem is broad and diverse, since it includes more than 300 agents (from science,

industry, administration, and R&D+i support organisations). However, it is strongly

fragmented and disconnected, since the relationship dynamics between its agents are

more one-off than general and without a specific focus on its activity. In short, it is an

ecosystem that does not use all of the potential synergies that collaboration, which

probably means that it is operating far below its capacity.

R&D+i results are poor in terms of transference and applicability to the market. This

means that many publications and patents do not become products or services that are

applied in the market. The poor incentives of the Science and Technology System for

transferring the results of research to the market is one of the main limiting factors for

reversing this trend.

Transference-specialised agents (R&D+i Support Organisations) must lead the process of

transference and commercialisation of the research results to the industry, promoting an

in-depth review of the transference mechanisms and incentives.

However, and despite all of these limiting factors, it is a relatively young ecosystem with

many assets, and therefore, there is a long journey ahead and much room for

improvement in the exploitation and development of its capacities.

2 The National Cybersecurity Strategy (ECSN), part of the National Security Strategy (ESN), the Maritime Security Strategy, and also part

of the ESN, with specific action relating to maritime cybersecurity, and the Digital Agenda for Spain (inspired by the Digital Agenda for

Europe) develop the Digital Trust Plan, implementing digital trust actions.



A poor financial framework for R&D+i

Spain is clearly weak in terms of funding, with investment levels that are lower than those

of the leading countries3. There is therefore a loss of competitiveness in the industry and

in the research system, with a long-term impact, since the results of R&D+i returns are

felt over a relatively long period of time.

Despite the R&D+i Strategy (2013-2016 Spanish National Plan for Scientific and Technical

Research and Innovation) mentioning cybersecurity as a thematic priority, its scope is not

specified in terms of budgetary resources, and it is considered to have “limited funding”.

The private sector has also shown signs of budgetary restriction as a result of the financial

crisis, with major cuts in R&D+i investment.

Lastly, the lack of traction from the Administration, not only regarding the low level of

specificity in cybersecurity policies, but also in terms of the absence of budgets in the

public organisations, which have to implement these solutions in their own agencies,

aggravates the problem, and adds a “request” dimension to the already complex

budgetary situation.

A smaller market in Spain that limits the growth of R&D+i solutions

The low levels of demand for cybersecurity solutions in Spain result in a smaller market.

The lack of awareness about the need for protection against cyber-attacks by consumers,

companies, and the Public Administration (civil, defence, and intelligence) is a key factor

that would explain this low demand. It is therefore necessary to continue making

progress in the cybersecurity culture in our country.

Furthermore, the agents participating in the study call for actions aimed at strengthening

Spanish solutions and a better traction from the Public Administration in the demand for

innovative solutions.

Talent as one of the great concerns

The main issue of talent in Spain, given its recurrence in the conversations with the

agents of the ecosystem that participated in the study, is the human capital flight to other

countries in search of better opportunities. This poses a very concerning situation, given

that cybersecurity is a field that requires specialised talent, in which the training of

professionals requires time and maturity. This is occurring in a context in which there is

expected to be a strong need for professionals over the coming years.

One of the main factors contributing to slowing down the capacity of the ecosystem to

retain and recognise talent is shortcomings in the Science and Technology System, whose

precarious remuneration does not contribute to creating a perception of research as a

professional option. In addition, there is a need to organise and structure talent, through

3 Recommendations report of the High-level Expert Group for the Digital Agenda for Spain, published in 2012.



specific approaches for the training of cybersecurity researchers and professionals, which

allow an itinerary and a clear training profile to be established.

The role of the future Network of Excellence

In the light of the diagnostic of the ecosystem, the network could play a key role in the

search for and implementation of the solutions that respond to the challenges posed,

leading to a strong, cohesive, and robust system with the capacity to position itself in the

“winner’s league”.

Following the collaborative process carried out with the ecosystem agents, it has been

firstly identified that the network could collaborate in the resolution of the following

challenges:

Definition of an R&D+i cybersecurity plan or agenda on a national level, as well as a

plan for Spain’s positioning in the Horizon 2020 programme.

Identification of the research incentive mechanisms.

Awareness-raising about the need to protect information, systems, and networks

against cyber threats and cyber-attacks.

Identification of the capacities, potential, and level of excellence of the ecosystem.

Review of the talent attraction and retention mechanisms that contribute to

stemming the brain drain.

Identification of the common points of interest in the ecosystem and the generation

of collaboration incentives around them.

Identification of the market needs for the development of solutions with a

commercial focus.

Mission and Objectives of the Network of Excellence

During the network’s strategic formulation process, the following were highlighted as key

elements of the network’s activity:

Specific objectives, both in the long- and short-term, with a focus on R&D+i and on

the transference of the research results to the market.

Response capacity in a context in which the speed of technological change requires

a flexible, open, and quick response. It is not only technologies that advance at an

exponential rate, but also cyber threats and cyber-attacks.

Coordination with the Government and Public Administrations responsible for the

development of cybersecurity in order to be able to generate the appropriate

responses in a coordinated and collaborative manner.



Excellence as the key component governing the Network.

Developing R&D+i resources as the core mission of the Network

The network’s main objective will be to contribute to the improvement of

competitiveness, to seek the development of solutions that respond to the needs of the

market. As such, it will work actively to overcome the fragmentation of the ecosystem,

through actions that allow the ecosystem’s capacities to be exploited in a collaborative,

synergetic, and joint manner.

On the date of preparation of this document, the establishing of the Network’s mission in

strategic objectives, action lines, and specific measures, are the subject of debate and

consensus with the agents collaborating in the study. All this is specified in [Appendix II:

Strategic lines of action and measures], but it also could have some changes in a future.



2 ANALYSIS FRAMEWORK

2.1 Analysis model

The process for the creation of the study has been carried out using the following general

analysis model, which reflects the group of assets, agents, and dynamics that allow value

to be produced in the cybersecurity research & innovation ecosystem.

Figure 1: General analysis model.

From this perspective, a simplified representation of the ecosystem has been used, to be

seen as a “system” which, through available resources, generates value in its main

results.

Resources: what elements does the ecosystem have that produce value?

Results: what is the real result and the value produced by the ecosystem?

R&D+i value creation model: what value production “vehicle” does the ecosystem

have?

2.2 Methodology

The methodology for carrying out the study is based on two approaches:

Collective thinking exercise with different key agents of the ecosystem that

contributed their vision and perspective. Participants belong to different groups,

including experts, companies, universities, technological centres, and public



institutions in order to assure the representativeness of the study. They took part

through the following mechanisms:

o Individual, private, and anonymous interviews, in order to obtain free

opinions from a total of 18 ecosystem agents (15 national and 3

international).

o Submission of questionnaires to be completed by a total of 65 ecosystem

agents.

o Comparison with INCIBE of the results obtained in the collective thinking

exercise, through a Think Tank session. The objective of this session was to

align the aspects of the Network outlined by the Collective Intelligence

with the strategic documents that explain both this study and the initiative

of creating the Network of Excellence.

o Focus Group Sessions aimed at generating free and guided discussion to

finalise important aspects of the Network with the greatest degree of

consensus possible. Two sessions were held with the participation of a

group of relevant agents.

Appendix I STUDY PARTICIPANTS includes the list of the organisations and

individuals who collaborated in the preparation of this study.

To complement these opinions, a comparison with analytical information and

document sources available for cybersecurity was carried out both at a national

and international level, from the different sources of information.

Appendix III DOCUMENT SOURCES CONSULTED includes the detail of the sources

analysed during the preparation of the study.

The objective of this combined analysis has been, in the first phase, to launch a divergent

analysis, allowing the identification of the group of potential solution scenarios, in order

to, in a second phase, converge towards the more feasible scenarios in the development

and implementation of the future Network of Centres of Excellence in cybersecurity

R&D+i.



Figure 2: Analysis methodology.

2.3 Initial considerations

The interpretation of the study results must be carried out bearing in mind a series of

elements that determine them.

Firstly, cybersecurity is a relatively new and emerging concept, which involves the virtual

absence of studies and specific statistics that allow a systematic analysis to be carried

out.

Moreover, it is a cross-sectional area, with applications in practically all fields of

Information and Communications Technologies (ICT) and in all production sectors, which

makes it difficult to obtain financial data to quantify both the industry and its R&D+i

level4.

Lastly, it is a concept that both due to its many applications and its implications

(regulation, civil, military, and technological) is very wide in its interpretations. More

specifically, in the area of R&D+i, the plurality of agents in the scientific-technological

and knowledge areas5, increased the complexity of the study. This problem, in addition

to the lack of data, means that the analysis of R&D+i in cybersecurity has not been able to

be carried out globally and systematically.

As a result, in the analysis carried out, there has not been the availability of data and

statistics that would be necessary to thoroughly evaluate R&D+i in cybersecurity from a

5 The absence of public sources and statistics that allow us to evaluate cybersecurity in detail made it impossible to carry out an evaluation of the research capacity and excellence in our country.



quantitative point of view. Research based on the knowledge of the ecosystem by INCIBE

and the agents who participated in the study has been conducted to overcome this

difficulty.



3 COMPETITIVE POSITIONING OF THE CYBERSECURITY

RESEARCH & INNOVACION ECOSYSTEM

3.1 Map of Stakeholders & Agents

To put into context the current situation of the cybersecurity research & innovation

ecosystem, one of the first tasks to undertake is to outline the map of agents both at a

national and international level.

It is necessary to highlight the lack of formal and structured sources of information that

compile and characterise all of the ecosystem agents comprehensively. In order for this

not to affect the creation of the report, hard work was required during the agent

identification process, using both the knowledge available (expert collaborators,

interviewed/surveyed agents, and INCIBE), as well as the references shown in the various

document sources analysed.

The cybersecurity research & innovation ecosystem is a complex ecosystem consisting of

many agents with different roles, who interact with each other: Public Administrations,

the Academic Sector, R&D+i Support Organisations, and the Industry.

Figure 3: Type of cybersecurity research & innovation ecosystem agents.

The Public Administrations consist of both civil and military organisations with different

roles:

Consultation role. These both civil and military non-governmental organisations are

generally supranational, which carry out reflection processes and mark out the



main lines of cybersecurity in the institutional and political sphere. Amongst other

elements, they formulate recommendations and design global standards with the

objective of creating a common framework that combines visions with regard to

the development of cybersecurity in the different nations.

Communication role. Aimed at the communication, sharing, and pooling of various

issues in the area of cybersecurity.

Strategic role. Country governments fall into this category, such as institutions,

whose mission is to design strategies and public policies on this issue and make

them operational. The institutions of the European Union that form policies are

also included.

Funding role. Governmental agents in charge of financially and economically

covering cybersecurity. In the sphere of this study, the agents that fund the R&D+i

activities have been only strictly considered.

Legislative role. Agents who define the legal framework in which cybersecurity

activities are managed.

The Public Administration’s demand-inducing role in two ways:

It demands security for the protection of the information managed by the

administration itself.

It demands protection and security solutions in the area of defence and national

intelligence.

The agents of the Academic Sector are the basic core of the scientific research and

technological development system. This category includes universities (with their

associated research groups) and (public and private) research centres.

R&D+i Support Organisations contribute to making the system dynamic, providing

interaction between the scientific and technological settings for the dissemination and

generalisation of R&D+i processes. Specifically, three types were considered:

Research Results Transference Offices (OTRIs), whose objective is to contribute to

the commercialisation of the R&D+i results generated in the university and

research centres.

Technological Centres (TC) which, in line with the requirements of the business,

develop technological research and development projects, contributing to the

transference of research results, promoting cooperative research between the

companies and increasing their technological level and competitiveness.



Technological Innovation Support Centres (CAIT), whose objective is to facilitate

the application of knowledge generated in research institutions and technological

centres, through their mediation to companies.

The Industry and companies are analysed from two perspectives:

Companies that carry out their business in the area of cybersecurity.

Business associations that, through the union and collaboration between their

partners and members, seek to obtain synergies, economies of scale, and the

carrying out of joint R&D+i activities.

Below, the map of the Spanish R&D+i Ecosystem is shown, identifying the number of

agents that exist within each agent category:

Figure 4: Map of agents of the cybersecurity research & innovation ecosystem in Spain.

Appendix IV AGENTS OF THE CYBERSECURITY R&D+i ECOSYSTEM IN SPAIN of this document

provides a list of the agents identified by each category.

3.2 Analysis of the institutional, legal, and economic context

Within the analysis model proposed for analysing the Cybersecurity research &

innovation ecosystem, the first element to take into account is the context in which it is

managed, which could be accepted as the “general rules of play” that define the

perimeter of cybersecurity development.



Figure 5: General analysis model: context.

In the international scope, it is important to highlight that the first steps have been taken

in recognising cybersecurity as a key issue on the governmental agendas, with high-level

strategic guidelines being established to address it. These guidelines need to be reviewed

constantly and continuously, given the speed of change in information technologies and

cyber threats.

The European Union recognises the importance of cybersecurity in its main line of

strategy, the Europe 2020 strategy, although it explicitly recognises that Member States

must establish their own national strategies in this area.

In Spain, it must highlighted that, despite the Spanish State having recognised

cybersecurity as a key issue on the governmental agenda, the reality is that the strategies

designed are high-level proposals that result in statements of intentions that define the

challenges and provide general solutions, but they must be specific and well-grounded.

Indeed, one of the characteristics of the different initiatives6 that the Government of

Spain has undertaken in relation to cybersecurity, is the absence of thematic focal points

or specific priorities.

This lack of specificity may be a disadvantage in the development of cybersecurity, with a

general scenario being proposed where it is difficult for ecosystem agents to establish an

action strategy.

In the legal sphere, the scenario is similar to the context, given that it is an element that

is developed in parallel to the advancement and implementation of strategies in

6 The Digital Agenda for Spain, the National Security Strategy (ESN), the National Cybersecurity Strategy (ECSN), and the Maritime Security Strategy (with a specific action in cybersecurity).



cybersecurity. As such, there is a long way to go, and the advancement and speed will be

marked by the degree of strategic and political development.

Specifically, there are various elements that could be highlighted as requiring

development:

Alignment of the Spanish and European legal frameworks, as a critical element for

the detection and coordinated pursuit of cyber threats and cyber-attacks.

The specific obligations in the protection of critical infrastructure.

Regulatory developments aimed at driving forward the European digital market.

The regulation of security aspects in Electronic Administration and interoperability

in the exchange of electronic information between administrators.

Lastly, with regard to funding of R&D+i, cybersecurity is one of the thematic priorities of

the European R&D+i programme (Horizon 2020), which has budgetary allocations and

specific development areas.

At the State level, it can be concluded that cybersecurity receives lower levels of

investment than leading countries (the United States, the United Kingdom, and Israel). In

the absence of a specific cybersecurity R&D+i plan, the 2013-2016 State Plan for

Scientific, Technical, and Innovation Research is the main source of funding for R&D+i

activities in this field. This plan recognises this area as key, although there is only partial

information about the budgetary allocation for this priority7.

3.3 Characterisation of the cybersecurity research & innovation ecosystem

This section assesses the different elements that, in addition to the context, form the

cybersecurity research & innovation ecosystem. Specifically, it is analysed the resources,

the value creation model and the results produced by this model.

3.3.1 Resources

The resources represent the basic elements available in the research & innovation

ecosystem for the creation of value, represented by the market, science and knowledge,

talent and funding.

7 Through a request made to the Ministry of the Economy and Competitiveness on the degree of project execution in cybersecurity,

we received the following data: 1) General Directorate of Scientific and Technical Research (DGICT). 27 projects funded during the

2009-2013 period, for a total amount of 3.3 million euros. 2) General Directorate of Innovation and Competitiveness (DGIC): in the

2014 call for Collaboration Challenges, 11 projects were funded in Challenge 8, Security, Protection, and Defence, for a total amount of

7.8 million euros. Additionally, during the 2010-2012 period, a total of 18 projects were funded in the framework of the sub-

programme INNPACTO, for an amount of 20 million euros.



Figure 6: Resources.

Market

In general, the Spanish industry is characterised by high fragmentation and diversity in

the category of companies, from large driving companies (national and international) to

niche companies.

It can be concluded that the volume of companies is smaller in comparison to other

economic sectors, although there are no public statistics that allow quantification of the

company census.

It is necessary to make an effort in the Spanish industry to overcome the technological

gap and to position the country on the global arena, since our industry as a whole is very

far from both the main industrial leaders (the United States and Israel) and the second

line of competitors (the United Kingdom, the Netherlands, France, and Germany,

amongst others).

Lastly, the poor cybersecurity culture in Spain and the Administration’s low driving

capacity for demand are other limiting factors for the industry’s capacity to generate and

commercialise cybersecurity solutions. Both elements result in a smaller domestic market

that limits the development possibilities for the industry. In an international context, Latin

America is the main focal point for opportunity for our industry.

Science and knowledge

We should highlight the existence of critical mass in research in Spain, with 110 research

groups in 42 universities and 3 research centres dedicated to cybersecurity being

identified.

The diversity of scientific-technological areas (despite many of the research groups being

dedicated to cryptography-related areas), and the disconnection and lack of collaboration



between agents, disperses the research capacity and means with no specific and defined

strengths from an aggregate level.

Indeed, Spain does not appear in the Best in Class about research and transference in

any of the cybersecurity scientific-technological areas.

Talent

The main element that characterises the talent of cybersecurity in Spain is the important

human capital loss on behalf of other countries, due to the better opportunities offered

by our competitors.

Furthermore, the Science and Technology system has a series of weaknesses and

shortcomings, which are limiting factors for the process of recruiting and retaining

research personnel and they contribute to accelerating the human capital flight:

“Precariousness” of the hiring and grants policy for research personnel, which does

not contribute to improving research professionals’ perception of it as a

professional option.

The research personnel replacement ratio in the Academic Sector is much lower

than loss of staff, resulting in a net reduction in the volume of research talent

available.

The low driving force in domestic demand for cybersecurity (consumers, companies, and

the Administration) is an element that limits the development of the industry and,

therefore, the demand for talent.

Favourable elements are the availability of a good level of talent. However, many agents

participating in the initiative consider it to be necessary to improve the talent training

and recruitment plans in cybersecurity, with a more specific focus being generated in this

field and with the labour market (industry) needs being incorporated into these plans.

Lastly, it is important to highlight the forecast of a high demand for professionals over

the coming years, given the great opportunities offered by cybersecurity.

Funding

In Spain, in the absence of a specific R&D+i plan in the field of cybersecurity, it can be

highlighted that, despite the State policies (and those of some regions) establishing

security as one of the thematic priorities for R&D+i, the level of financial support can

only be partially evaluated.

Funding cuts in science has led, not only to the reduction in funding for projects, but also

a limit in the research personnel of the institutions.

Given this situation, the European Union’s Horizon 2020 programme is practically the

only route for funding R&D+i. The 2013-2016 State Scientific, Technical, and Innovation

Research Plan is considered to have “limited funding”.



Another of the means used by the Academic Sector to obtain funds is collaboration with

companies (R&D contracts); however, due to the current issue of disconnection between

science and business in our country, this means of funding is still low.

3.3.2 R&D+i value creation model

This model is fuelled by the resources of culture, talent, science and knowledge and

transference and it adds value to them or takes value away from them depending on how

the elements of the value production model are configured for producing a result.

Figure 7: cybersecurity R&D+i value creation model.

Culture

Collaborative culture. The collaborative culture in our country is low, which reduces

the ecosystem’s capacity to produce value through joint R&D+i projects.

Entrepreneurship culture. Spain has a risk-aversion culture, which implies relatively

low entrepreneurship levels. The agents participating in the study indicate the

need to work and strengthen this element from the earliest stages of the

education system.

Cybersecurity culture. Companies and the market in general are not aware of the

need to protect themselves and prevent attacks. This situation results in a reduced

domestic market, which leads to low levels of demand for cybersecurity solutions

in the three main groups that demand solutions (consumers, companies, and

Public Administration). The search for international markets, such as Latin

America, is a possible alternative to this lack of internal demand.



Talent

The cybersecurity talent-generating model begins in the university system, although some

of the participating agents call for the need to develop a cybersecurity culture and

professional vocations from the earliest stages of the educational system.

As a starting point, it must be borne in mind that this talent requires a high specialised

training, after graduation from university, and as such, the preparation and maturation of

professionals in this field requires time. Furthermore, since it is a cross-sectional

discipline, it does not have a specific training focus, which results in an unclear

professional profile.

There is a large potential volume of talent, since any IT technician or

telecommunications engineer, with the correct training can become a cybersecurity

professional. However, to develop all of this potential, a specific and “guided” training

process is demanded, which is aligned with the national roadmap in this subject, which

guarantees that there are professionals who are trained for our country’s future

challenges.

This alignment of university with cybersecurity should be formulated through closer

contact with the industry, matching the needs of the market with academic training,

which is the model followed by some leading countries in this field (the United States).

Likewise, the future planned steps in the certification of professionals in cybersecurity

will be an element that will contribute positively to distinguishing talent.

Science and knowledge

The cybersecurity research & innovation ecosystem in Spain is characterised by its

amplitude, diversity, fragmentation, dispersal and by not having clear relationship

dynamics between its agents.

However, since it is relatively young, we can expect a positive evolution in the use and

development of these research capacities. It is therefore necessary to make progress in

terms of greater levels of collaboration in common objectives, which will increase the

positioning of our ecosystem both nationally and internationally.

In addition to the lack of collaboration, there are other elements that hinder its research

capacity, allowing it to extract all of its potential: the lack of a specific R&D+i plan for

cybersecurity and the poor budgetary allocation to science.

Lastly, it will be necessary to work on a series of elements that allow the creation of solid

foundations in order to increase the contribution of value in cybersecurity R&D+i:

Knowledge of the capacities and potential of R&D+i in Spain as the first step for

boosting the research.

An increase in collaboration between agents.



A better definition of the policies (focal points) and public budgetary allocations.

Relaunching of instruments that enable and empower the role of the Public

Administration as a driving force of the demand for cybersecurity. Innovative

public purchasing and the early demand for innovative solutions are useful

elements for boosting the development of leading solutions.

Transference

The weaknesses of our country in the process of transferring the results of research to the

market and the now traditional disconnection between science and the market are

recurring themes in the debate on the Spanish Science and Technology System.

The levels of transference to the market, which cannot be assessed objectively, due to the

lack of public data, are relatively poor in the opinion of the agents and experts who

participated in the study, who point to some elements as causes of this situation:

The Academic Sector indicates the poor incentives for researchers to implement

transference. However, the agents who specialise in transference must play a

key role in the commercialisation of the research results to the industry.

Another of the elements indicated is the ease that proximity between companies

and research centres provides to the transference process, which is complicated

for geographical regions that are far from the main business centres, since the

business network does not usually have an R&D+i culture, and it is more focussed

on surviving the crisis than promoting it.

In the sphere of cybersecurity, there is also the fact that companies and the market

in general are not aware of the need to protect themselves and prevent attacks.

Transference on an international level is complicated, since the sovereignty of

countries in cybersecurity affects the transference process, not only in terms of

military and intelligence aspects, but also in solutions in the civil sphere.

The solution to the lack of transference has to take into account various elements:

The carrying out of joint projects that have common interests both for science and

the industry.

Making the research capacity and potential of the Academic Sector known to the

industry.

Revision of the transference agents’ model, establishing the incentives that allow a

real transference.



3.3.3 Results

Figure 8: Results.

The results reflect how the research & innovation ecosystem adds or subtracts value to or

from the resources. In accordance with the analysis model proposed, there are four main

result categories to generate: publications, patents, technological companies and

reference, with the latter term being understood to mean the ecosystem’s capacity to

position itself as excellent and a reference within the scientific-technological panorama of

cybersecurity.

In general, the diversity of scientific-technological areas (despite many research groups

being dedicated to areas related to cryptography) and the disconnection and lack of

collaboration between research & innovation ecosystem agents, means that the results

of the research are dispersed and do not have specific and defined strengths.

As a result, the Spanish cybersecurity research & innovation ecosystem is not a

reference at an international level in any scientific-technological area that includes

cybersecurity (which does not imply that there is not reference at the individual level of

researchers, universities, or research groups).

The agents participating in the study perceive that the results of R&D+i in cybersecurity

are poor. Perhaps the production of publications and patents are the elements that have

the most volume, although the lack of applicability and transference to the market means

that, in practice, these results are not transformed into financial value and do not reach

the market. This low applicability may be due to various factors:

Lack of specific research strategies with practical approaches for application.

In the research system, there are no clear incentives for transference to the market

and there is no defined an entrepreneurship model.



3.4 Cybersecurity research & innovation ecosystem relationship model

In this section, an analysis of the relationship model is presented as dynamics, models,

and collaborative relationships between the different cybersecurity research &

innovation ecosystem agents.

In order to achieve this, an illustrated vision of the agents participating in the initiative on

the relationship dynamics in the ecosystem has been made. These visions will be

complemented by an analysis of the main collaborative networks identified in our

country. Lastly, due to its value as a source of best practices and inspiring experiences, an

analysis of the main international networks is included.

Appendix V COLLABORATIVE NETWORKS ANALYSED includes a list of the national and

international collaborative networks.

3.4.1 Main national collaborative models or networks

Generally, in Spain the collaboration culture is relatively poor, which is an initial limiting

element for the development of cybersecurity R&D+i collaboration.

As mentioned before, the research & innovation ecosystem is characterised by its

amplitude, diversity, and disconnection, which makes it difficult to systematically

identify the collaboration and relationship dynamics between its agents. The evidence

available indicates that a relationship model collaboration between agents is on a one-off

basis, without existing indications of global and comprehensive collaboration in the

ecosystem.

The agents participating in the initiative consider that in Spain, in comparison with other

countries, R&D+i collaboration is low, mainly due to cultural aspects, added to the

funding situation, which does not help the creation of collaboration ties through

ecosystem agents carrying out joint projects.

There is a certain mood of pessimism with regard to the existing collaboration models,

since it is considered that they do not fulfil vitally important premises, such as showing a

real commitment to R&D+i materialised in budgets, or establishing clear business

objectives, that result in collaboration for the development of marketable solutions.

Lastly, participants indicate the existence of collaboration in European R&D+i funding

programmes (Horizon 2020 and previously, the Seventh Framework Programme).

However, Spain’s returns in these programmes are not in line with its capacities, and as

such, it is necessary to continue working on the development of a proactive strategy to

position Spain in Horizon 2020 and in the European Union organisations involved in

designing the priorities of the aforementioned programme.

Three main types of collaboration result from the analysis of the collaborative networks in

Spain:



Collaboration between science (universities and research groups) and the industry,

which are increasingly common but at a level that is lower than other sectors

(perhaps because cybersecurity is an emerging sector), and it is more one-off than

general8. Many of these collaborations are organised in the context of funding

programmes (mainly Horizon 2020), for the development of joint programmes.

Collaboration between universities, with the A-4U Alliance being notable (strategic

association between the Autonomous University of Barcelona, the Autonomous

University of Madrid, Carlos III University of Madrid, and Pompeo Fabre University

of Barcelona).

The main goal of collaborative networks is to be a meeting point between the

agents of the ecosystem to achieve a global and integrating vision. Most networks

provide for public-private participation. However, there are also collaboration

networks with members who belong exclusively to the private sector.

As a general characterisation of the relationship models in our country, it can be

concluded the following:

Given the emerging nature of the cybersecurity sector in our country, the networks

identified are relatively young (with the oldest being around ten years old).

Most of the identified relationships focus on activities related to dissemination,

training or the implementation of working groups with no detection of networks that

exclusively focus on R&D+i.

The networks identified are of a general nature (ICT security in general), without

having a specific focus on the cybersecurity field.

The most advanced networks are those linked to the industrial sector, which is clearly

positioned as the sector that is most involved in cooperation.

They have a marked institutional nature although they integrate all categories of

agents of the ecosystem (Public Administrations, Academic Sector, the Industry, and

R&D+i Support Organisations).

They are non-profit entities (with the information available it is unable to identify

their legal form), and they are open to all interested agents, but with not member

admission criteria detected.

8 Specific examples of alliances have been identified, such as that of INDRA’s Cybersecurity Chair and the Carlos III University of Madrid or the agreement signed by S21sec and the Institute of Forensic Sciences and Security of the Autonomous University of Madrid.



In general, they are networks funded through membership fees and sponsorship,

with some being funded by the government.

Lastly, it is necessary to highlight the important role of the one-off events that bring

together the main agents of the ecosystem, which are excellent opportunities for them to

network and develop the assets and advances in cybersecurity.

In this regard, since it is a reference in the sector, the International Information Security

Conference (ENISE) organised by INCIBE deserves a special mention, which is now in its

eighth edition.

Furthermore, INCIBE is currently organising an annual event, Cybercamp, whose objective

is to attract talent in the sphere of cybersecurity through various technical tests and some

online activities like cybersecurity challenges; the aim is therefore to bring together the

best talent in this area, and have the participation of the best students in cybersecurity

training programmes in Spain, as well as the best international talent.

3.4.2 Main international collaboration models or networks

In the international sphere, the collaboration models and networks are at a more

advanced stage than in Spain, mainly due to other countries more cooperative culture.

The analysis of the networks is firstly organised around the European initiatives, and later

main characteristics of the networks internationally are illustrated, focussing on the

success stories of the United States and Israel.

3.4.2.1 European collaboration models or networks

Many initiatives have been carried out in Europe seeking the ideas generation and

pooling the different agents with an active role in cybersecurity. There are two main

categories within these networks:

Networks linked to the industry: These are led by the industry9 but bring together

members of the academic sector, R&D+i support organisations and consumer

associations. Basically, these networks work to achieve the following objectives:

o To increase competitiveness, building up innovative ideas to create business

opportunities.

o To develop a strategic agenda for R&D+i in Europe that is presented to the

European Union, favouring alignment between its objectives and the main

strategic lines established for R&D+i.

o To promote the interoperability of technological solutions.

9 Networks consisting of European ICT companies, such as Gemalto, Microsoft, Nokia, Philips and companies linked to the energy sector, such as Alliander, E.ON, KPN and DNV KEMA.



Networks linked to the European Union, where the latter plays a role as a cohesive

element and facilitator of collaboration in the public-private sphere. These networks

are characterised by having a marked political and institutional character, integrating

all the active agents in cybersecurity. The main objectives of these networks is the

exchange of information and the creation of best practices.

3.4.2.2 Other international collaboration models or networks

The long history of the leading countries in cybersecurity (the United States and Israel),

linked to the awareness and involvement of their authorities in the development of these

types of networks, has contributed to the existence of very solid networks in these

countries.

The role of the United States as a worldwide reference is highlighted, since it approaches

collaboration from a comprehensive perspective. There are two main types of network:

those led by governmental organisations and sectorial networks (led by the industry and

participated in by the administration); both include amongst their members the main

reference companies in the sector, and accept any type of agent who works directly or

indirectly in the sphere of the network’s activity.

The services offered are usually aimed at the dissemination of information, advice, and

training.

These networks are aimed at boosting R&D+i, placing special focus on strategic elements

in the case of governmental networks, and establishing demands for cybersecurity in the

case of sectorial networks.

Sectorial networks are usually aimed at the industrial and energy sector, and include the

main interests of the industry to conduct them through R&D.

Lastly, it is necessary to highlight the many international cybersecurity events that have

taken place to improve the networking between agents of the international ecosystem,

and promote new collaborations.

3.5 Factors limiting cybersecurity R&D+i competitiveness

This section discusses the weaknesses and obstacles detected in relation to cybersecurity

R&D+i, which constitute, along with the other conclusions, the base from which the

ecosystem’s SWOT (presented in the following section) will be created. To facilitate

comprehension, these elements have been organised into two main groups:

General and structural weaknesses and obstacles. These are not specific

cybersecurity elements, but rather general elements that mainly affect the

foundations of the economy and society. With regard to this initiative, we

principally include the deficiencies of the Spanish Science and Technology Systems

and of the (mainly collaborative and entrepreneurial) culture of our country.



Specific cybersecurity weaknesses and obstacles, which, although they can be

reproduced in other areas, are more specific.

3.5.1 General and structural weaknesses and obstacles

Complex environment to perform R&D+i in Spain, due to major cuts in funding in

the Science and Technology System, which affects not only the execution of R&D+i

projects, but also the hiring of research personnel.

The Science and Technology System provides opportunities to improve the

research incentives.

The precariousness of the Science and Technology System’s budget does not

contribute to making research a professional option.

Disconnection between science and business.

Very inadequate research results transference system, which requires a review by

the agents involved in this work.

Transference complexity at an international level, particularly in cybersecurity

solutions related to government defence and intelligence.

Risk aversion culture, which hinders entrepreneurship.

3.5.2 Specific cybersecurity weaknesses and obstacles

General context. Lack of public data and statistics to allow a comprehensive and

structured analysis and assessment to be carried out on cybersecurity in Spain.

Cultural context. Low cybersecurity culture, both in the Administration itself and in

companies and the general public, which limits the demand and development of

solutions by the industry.

Strategic context

The Spanish cybersecurity strategies are established as a State priority.

However, it is necessary to ground these proposals in specific actions,

priorities, and focal points.

Lack of a specific cybersecurity R&D+i programme.

Regulation context. Regulation developments, some elements of which are still in

their infancy, must be driven forward as an aspect that catalyses the demand for

solutions and development in this area.



Financial context

Cuts to funding in the Science and Technology System that affect

cybersecurity.

Lower R&D+i investment levels than in other European countries and

lower than leaders in cybersecurity, which puts our country at a clear

disadvantage, while it hinders the competitiveness of the sector in the

medium and long term.

Market. Small cybersecurity market size in Spain due to the low demand for

solutions, both from companies and from the Administration, with the latter being

an important agent for driving forward solutions in this area.

Ecosystem characterisation

Spain does not have a clear positioning in the international cybersecurity

scene, and it is behind the leading countries and many reference European

countries (the United Kingdom, France, Germany, and the Netherlands).

Extensive, diverse, fragmented, and disconnected ecosystem, without

clear relationship dynamics between its agents, no specific focal point, and

low levels of collaboration. A wide potential for use and development of

capacities through collaboration and the generation of synergies between

agents.

Poor collaboration between the Academic Sector and the industry.

Complexity of transference on an international level, particularly in terms

of cybersecurity solutions related to defence and intelligence.

Poor results and assessment of results of cybersecurity R&D+i in Spain.

Brain drain to other countries with better opportunities and remuneration.

Training processes that should be reviewed to adapt to the needs of the

market.

3.5.3 Conclusions

When carrying out an assessment of the limiting factors in accordance with their impact,

it can be observed that many of these factors have a high impact on the competitiveness

of cybersecurity R&D+i, particularly those relating to:

Socioeconomic context, such as funding cuts, the lack of operational strategies or

specific R&D+i plans, and cultural aspects related to cybersecurity.



Poor results and assessment of R&D+i.

International positioning and the small size of the domestic market.

Talent limitations, since it is leaving Spain or the lack of alignment between the

existing profiles and the demand for them by the industry.

Nature Limiting Factor Impact

General/Specific Funding cuts, which limit the execution of R&D+i projects.

General/Specific Funding cuts, which limit the hiring and attraction of research talent.

Specific R&D+i investment levels that are lower than in other European countries or those of cybersecurity leaders.

Specific A low cybersecurity culture.

Specific A cybersecurity strategy that is not specific or operational.

Specific Lack of a specific cybersecurity R&D+i plan.

Specific Poor cybersecurity R&D+i results.

Specific Poor assessment of R&D+i results.

Specific Weak positioning of Spain in cybersecurity on an international level.

Specific Small cybersecurity market size in Spain (low demand for cybersecurity solutions).

Specific Brain drain to other locations.

Specific Training processes that are not adapted to the needs of the market.

Structural Disconnection between science and business.

Structural Low culture of cooperation.

Structural Inefficient research results transference system.

Structural Risk averse culture.

Specific Lack of public data and statistics.

Specific Regulation developments in their infancy

Specific Complexity of transference on an international level.

Table 1- Assessment of the impact of limiting factors identified in terms of competitiveness

As secondary aspects, with a lower impact on competitiveness, highlight the emerging

nature of cybersecurity as an industry (with the resulting lack of regulatory

development), the difficulty of accessing data to characterise cybersecurity, and the

difficulty of carrying out international transference.

Lastly, there are structural limiting factors in the Science and Technology System that

hinder the development of R&D+i in general, such as the traditional disconnection

between science and business (exacerbated by inefficient research results transference)



or the existence of a poor culture of collaboration, which prevents the potential and

synergies existing in the ecosystem from being developed.

3.6 SWOT analysis of the cybersecurity research & innovation ecosystem

In this section, the internal and external analysis of the cybersecurity research &

innovation ecosystem is presented, materialised through the SWOT (Strengths,

Weaknesses, Opportunities, and Threats) technique.

Strength is Spain’s competitive capacity, which gives the cybersecurity research &

innovation ecosystem an advantage.

Weakness are the qualities that the cybersecurity research & innovation ecosystem

has but it is not capable to manage and places the ecosystem at a competitive

disadvantage.

Opportunity is a favourable characteristic resulting from the effective use of

strengths to improve the positioning of the ecosystem.

Threat is defined as an external competitor, event, or force that works against the

ecosystem’s positioning.

Before presenting the SWOT analysis, it is necessary to highlight a series of specific initial

premises and conditions of cybersecurity that are, therefore, an intrinsic part of the

dynamics to which the research & innovation ecosystem is subject:

A changing sector, both due to the continuous advance of cyber threats and the

evolution of the technology itself.

An industry with high fragmentation (large companies vs. niche companies) showing

a high trend towards concentration.

A strong requirement for specialised talent who require a long period of training

and certain maturity in the exercising of the profession.

Heavy investment in infrastructure is not required to carry out cybersecurity R&D+i

activities.

The SWOT analysis is displayed below:



3.7 Action plan for the increase in the cybersecurity research & innovation ecosystem’s competitiveness

In this section, we present the actions identified to promote the research, technological

development, and innovation in cybersecurity. The base for identifying these actions are

two main elements already illustrated in this document:

On the one hand, the [Factors limiting cybersecurity R&D+i competitiveness], which

must be addressed through actions that allow their mitigation.

On the other hand, the [SWOT analysis of the cybersecurity ]. Using this analysis, a

series of actions aimed at the following were identified:

o Correcting weaknesses. Conversion strategies.

o Addressing threats. Defensive strategies.

o Maintaining strengths. Strategies for maintaining competitive

advantages.

o Exploiting opportunities. Strategies for strengthening.



Figure 9: “CAME” actions definition matrix.

Below, we display each of the actions defined, placed in their corresponding strategy

category, with an assessment of the degree of impact and the difficulty of

implementation (high, medium, low). Lastly, we indicate which actions are (fully or

partially) within the scope of the network:



Figure 10: Characterisation of the actions.

The characterisation of the actions shows that most are included within the conversion

strategies focused on correcting weaknesses, some of which are structural weaknesses

of the Science and Technology System.

In turn, these actions can have an active role in defensive strategies (actions to address

the existing threats), since in many cases the threats identified are the result of

weaknesses in the cybersecurity research & innovation ecosystem.

The results of this characterisation are shown on a positioning matrix, which will allow

the positioning of each action to be identified, in the form of a user-friendly graphic.



Figure 11: Matrix prioritising the actions of the Action Plan.

As can be observed in the matrix, in line with the impact and the difficulty of

implementation, the actions can be organised into four main groups:

Actions for immediate application: These actions will be carried out in the short term,

since their impact on the competitiveness of the ecosystem is high and the difficulty

to implement them is low. Specifically, these are actions relating to the identification

of common points of interest in the ecosystem and market needs for generating

collaboration, as well as those relating to the definition of programmes for the

acceleration of entrepreneurship.

Actions for medium-term application: They can be carried out in the medium term,

since the difficulty to implement them is medium. These actions are aimed at making

the cybersecurity country strategy operational, identifying research focal points,

identifying the existing assets and the needs of the industry, as well as the actions

aimed at retaining talent.

Long-term strategic actions: Despite the fact that carrying them out would have a

high impact on competitiveness, they are difficult to implement. These actions relate

to the increase in cybersecurity R&D+i funding, and the improved efficiency and

results orientation of existing research support organisations.



Non-priority actions: Given their medium or low level of impact, they are not

considered to be priorities.



4 OPPORTUNITY ANALYSIS AND SWOT OF THE CREATION OF

A NETWORK OF EXCELLENCE ON CYBERSECURITY R&D+i

In this section, we identify the factors that are opportunities for the creation of a network

of excellence on cybersecurity R&D+i in Spain.

4.1 Opportunity Analysis

Due to the lack of global collaboration models and networks specific to cybersecurity

R&D+i, there is a clear opportunity for the creation of a network of centres of excellence

in this area in Spain.

This network can play a key role not only in bringing together and enhancing the

capacities of the ecosystem, but also in improving Spain’s positioning internationally.

All agents participating in the study are in general agreement about the need to establish

a network in Spain that pools all R&D+i resources.

We consider that the network should have specific objectives, both in the long and short

term, a clear orientation towards practicality, and a focus on R&D+i and transference, as

well as identifying issues and opportunities and the channels for addressing them.

It is relevant to highlight the importance of identifying the capacities and expertise of all

agents of the ecosystem, as well as a common objective for all of its members, with an

environment of trust being created to favour the creation of ideas, knowledge exchange,

and the development of joint projects.

4.2 SWOT

The SWOT analysis schematically illustrates the vision of the main participants in the

study on the opportunity and feasibility with regard to the creation of a network of

excellence on cybersecurity R&D+i in Spain.



Weaknesses Threats

Fragmented and disconnected ecosystem.

There are no thematic focal points in cybersecurity

(non-operational strategies and the lack of specific

R&D+i plans for the sector).

Public policies are not specific.

Poor collaboration culture.

Lack of alignment between Universities and Businesses.

Poor coordination between Ministries and

cybersecurity agents.

Low talent retention level.

Research personnel remuneration programmes offer

little incentive to establishing a career in research.

Complex and changing environment, both in terms of threats

and in technologies, which requires high flexibility and a high

response capacity.

Financial crisis, which has restricted both public and private

funding.

The heavy investment of other countries in cybersecurity puts

the network at a disadvantage with respect to the networks of

those countries in terms of its positioning in the global arena.

Strengths Opportunities

Research critical mass.

Good professional and research talent.

A certain level of excellence in the cybersecurity

research system.

Capacities of the ecosystem to perform R&D+i, both at

the Academic Sector level and at an industry level.

High awareness-raising activity in society with regard to

cybersecurity by public sector agents.

Absence of similar networks in Spain.

Interest of the European Union in this initiative, which may be

a good opportunity for positioning Spain.

The ecosystem agents consider it as a need, which creates

good willingness to participate.

Cultural and educational opportunities in relation to

entrepreneurship and the promotion of cybersecurity

vocations.

Room for improvement in the efficiency of the research

results transference system.

Much room for development in the research results market.

Signs of improvement in the process of connection between

universities and businesses, as well as in the collaboration

between public and private agents.

Extensive focus on cybersecurity in the European R&D+i

promotion programme (Horizon 2020).

Positioning of Spain in the community strategies and European

objectives in cybersecurity R&D+i, both at country level and at

agent level.

The development and adopting of standards and processes for

technical certification.

Table 2 SWOT analysis on the creation of a network of excellence on cybersecurity R&D+i



5 NETWORK OF EXCELLENCE MODEL ALTERNATIVES

The proposal of Network of Excellence model alternatives has been carried out taking into

account the vision of the different agents participating in the study to outline the best

possible network model for this particular case.

According to those agents, the network model must comply with two initial premises:

Participation of all types of agents in the ecosystem (Public Administrators, R&D+i

Support Organisations, Cybersecurity Industry, and Academia).

Allowing different collaboration models (public – private, private – private, public -

public).

The opinion is not unanimous with regard to the most appropriate network model: while

some agents interviewed point to the suitability of an open model, the majority opinion,

in which excellence is established as the standard term, indicates the need for a closed

model.

Additional considerations of the participating agents include the following elements:

Importance of the presence of sectorial key players.

Closed model (entry filters).

o Selective and “excellent” core with the best in their field, and those with the

greatest contribution potential (based on objective criteria).

o Proven R&D+i ability.

o Excellence, rigour, expertise. Only agents contributing with: capacities,

competence, and potential.

Very open models may have low activity and poor results.

A mixed model would allow the whole ecosystem to participate and excellence to

be created simultaneously.

With respect to subnets (hubs), the agents indicate that:

o They should not necessarily be constructed based on areas of knowledge.

o They must have specific activities in accordance with needs.

o Hubs must provide clear value.



Lastly, with regard to the leadership and coordination of the network, INCIBE is

marked as a candidate if is able to maintain a role of non-intervening facilitator.

Some additional considerations of the collective intelligence indicate:

o There should be a network management model distributed and shared.

o There should be connection between hubs.

o The network must evolve by itself but be driven forward and supported by

the administration (leadership “from outside”).

Keeping those considerations in mind, these are the different possible alternatives of the

Network model:

Figure 12 Network model alternatives

Cross-disciplinary network: Focussed on many scientific-technological areas10, it could

bring together all (or some) of the agents of the ecosystem, seeking a horizontal

connection between all of them11.

This category of network, given its open nature, could have a general activity (since it

covers many scientific-technological areas). Consequentially, the results of this activity,

would also be expected to be general in nature, making it impossible to generate critical

mass and reference in specific areas.

The mass participation of agents could lead to a certain inoperability, both in terms of

decision-making and in operation.

Specialised Network, which specialises in one or several scientific-technological areas,

bringing together all (or some) of the R&D+i agents who specialise in this/these area/s.

10 Such as research, mobility, hardware, cyber-defence/cyber-attack, secure coding, and procedures and operations.

11 A total of 314 agents were identified: 20 Public Administrations, 110 research groups in 42 Universities, 3 Research

Centres, 2 Technology Centres., 43 Research Results Transference Offices (OTRI), 8 Business associations, 3 Certifying

organisations and 125 companies (identified in the framework of the “Study on the feasibility and opportunity of a

cybersecurity technology centre and its strategic integrating plan” project).



This model seeks a vertical connection between agents, which work in their area of

specialisation, thus allowing a clear focus and its efforts and resources to be

concentrated.

Driver hub network: A variant of the specialised network model, this model consists of

specialised hubs:

The philosophy of the hubs is to focus on the cybersecurity excellence. Its members

will be the “best in their field”, guaranteeing a maximum contribution to the value

of the ecosystem. As such, only agents who are reference and excellent in the area

of specialisation of each hub may be members.

Hubs will be interconnected, and will consist of a “node framework” which, in the

form of a large network, connects different parts of the ecosystem, creating an

excellent global critical mass.

Two types of hubs can be identified:

o Skilled hubs in scientific-technological areas and sectorial areas, for

applications of cybersecurity, etc.

o General or cross-disciplinary hubs, such as entrepreneurship, funding, etc.

The creation of hubs (particularly with regard to subjects), their development, and

evolution will to a large extent depend on the evolution of the ecosystem, its agents, and

the priorities and activities that are determined to be essential in the network.

These types of networks allow a focus on excellence, although, in the context of

cybersecurity, it may require time, since it will be necessary to determine what are the

most excellent or strategic subjects or areas on which to develop the hubs, a decision that

must be agreed with the ecosystem, always under the paradigm of excellence.

Mixed Network (cross-disciplinary–hub). This is a hybrid model that combines the cross-

disciplinary network with the driver hub network. This allows the whole ecosystem to be

brought together through the cross-disciplinary part while simultaneously considering

excellent agents through specific thematic hubs. This combines the advantages and the

qualities of the cross-disciplinary and hub models, while discarding the disadvantages of

the cross-disciplinary network through the focal points established in the hubs.

5.1 Multicriteria assessment of the Excellence network model alternatives

Each of the alternatives has advantages and disadvantages, which will be the basis for

prioritising alternatives and supporting the final decision on the future Network model:



Figure 13 Assessment of the excellence network model alternatives

5.2 Presentation and validation of alternatives with the interested parties

Using the collective thinking exercise, It has been validated the main findings and

alternatives of the network model with a small group of agents (Focus Group), and

concluded that the most suitable model is the mixed model that contains a general part

and a specialised part formed by driver hubs.

The cross-disciplinary part could bring together all agents that want to participate.

This is the part of the network that could be in charge of collaborating in the

drawing up of the cybersecurity R&D+i Strategic Plan/Spanish Cybersecurity R&D+i

Agenda and other national strategic documents.

The hub part would be a closed model that would only integrate the best into each

hub (there would be entry and retention criteria for access to each hub, and as

such, an agent that no longer complies with the retention conditions should leave

the hub).



According to INCIBE, the network is designed as a “Network of Excellent Agents that

provides services to the whole ecosystem” where “the big helps the small”; as such, the

group of excellent agents (members with a decision-making capacity) may provide

services to the whole community (of non-excellent agents/associates, which do not have

a decision-making capacity), obtaining an ecosystem that gradually achieves greater levels

of excellence.

NOTE: It should be highlighted that the network model selected (mixed model) had a high level of

consensus amongst the participating agents, although it could be subject to modifications during

the development and defining of the Network.



6 MODELLING THE NETWORK

In line with the collaborative approach that has been maintained throughout all of the

activities carried out in the framework of this initiative, the strategic modelling was

carried out using the elements identified during the collective thinking exercise. These

elements were validated with a small group of agents (Focus Group), and constitute the

approach to the strategic modelling described in this section.

However, this initial approach must be grounded and implemented in a Strategic Network

Plan, which will establish the foundations for the operation of the network over the

coming years. This plan, once prepared, should be widely backed by the research &

innovation ecosystem agents.

Lastly, both the strategic modelling and the Strategic Network Plan should be aligned with

the results of the “Study on the feasibility and opportunity of a Cybersecurity Cluster in

Spain and its strategic integrating plan”, with the aim of using the synergies and

complementarities between the two initiatives.

As a starting point, the main results of the collective intelligence of the ecosystem agents

and of INCIBE’s vision in relation to the network’s strategic modelling are displayed.

In general, the agents participating in the study are really interested about the creation

of a network and participation in it, while recognising the complexity in the design and

implementation of an initiative of this kind.

The following aspects must be taken into account:

o Pooling of R&D+i resources (country-positioning), including the reuse of

existing initiatives and networks to achieve synergies (connecting link:

INCIBE).

o The network must not only state its intent.

o High-level leadership.

o Incentives and real commitment (budget).

o International connection.

With respect to the objectives, the agents indicate:

o General and common objectives, not individual.



o A focus on specific objectives, avoiding dispersal. A focus on R&D and

transference (bring products to the market) in the medium and long term,

and on the creation and development of R&D+i projects.

o Global approach (no regionalism) and business approach (focus on results).

o Mark the direction: identify needs and provide a solution.

o Practical collaboration, that goes beyond hollow agreements.

o Collaborate in the definition of the cybersecurity strategy through a

Strategic cybersecurity R&D+i Plan or a Spanish cybersecurity R&D+i

Agenda.

o Training: align the training needs with the industry: definition of the profile

of the cybersecurity professional.

Services to be offered by the network:

o Focus on R&D and transference.

o Model based on specific and practical projects and challenges.

o Funding of excellent proposals, demanding requisites in the selection

process.

o Specific R&D programme (National Plan or other mechanisms).

o H2020 type approach: proposals and an expert panel to design work plans

on each subject.

o Early-adopters panel to design strands of work and solve market problems.

o Ideas factory to be materialized in consortiums and joint collaboration.

o Minimum infrastructure (access to H2020, administrative support, etc.).

o Technological monitoring is not necessary.

o Avoid dilutions in networking, lobbying and pooling without specific

objectives.

o Transference and flow between agents and individuals.

o Talent (professional and research) attraction.

o Training.



o Permanent meetings.

o Knowledge exchange.

According to INCIBE, the network should be characterised by:

Being focussed on R&D+i results to be transferred to the industry.

Focus on excellence in R&D+i.

o Focus on the detection, attraction, retention, and promotion of research

professionals.

o The differentiating value of the network. Capacity to influence in the

European Union (through the presence of INCIBE in European working

groups).

o Development of resources to address the needs of the industry.

o The network must have a marked commercial focus (not focused on

theoretical research).

In relation to the services that the network can offer, INCIBE highlights:

o The execution of differential projects.

o The certification of service providers (consultancy, technological

enhancement, etc.)

o Studies/Prospective studies: trends, annual studies, etc.

o Competitive intelligence.

o The certification of research groups.

o The network will not fund projects, but rather, it will provide access to

funding

o Provision of resources to the ecosystem (infrastructure, databases, etc.).

o Provision of funds for disruptive (“non-feasible”) projects that provide

guarantees to entrepreneurs.

INCIBE considers that the network must be self-sustaining (it will be supported

when it is launched, but it must subsequently be independent through

agreements or other actions). It is therefore necessary to define how to return the

results of the funding/investment in the network.



6.1 Strategic formulation of the network

The strategic formulation of the network has been prepared based on the Balance Score

Card methodology, allowing to define the strategy from a global point of view (mission,

vision, and values) and making it operational in strategic objectives, lines of action and

measures.

Figure 14: Network strategic formulation process.

Each of these elements has undergone a validation, implementation, and consensus

process with a group of agents of the ecosystem (Focus Group session).

6.1.1 Mission, vision, and values

6.1.1.1 Mission

The mission of the network of excellence will be guided by the following key aspects:

Competitiveness.

Development and use of capacities and resources.

Development of solutions for the market.

Transference.

Excellence in R&D+i.

Contribution to cooperation and collaboration between agents, bringing together

the research & innovation ecosystem.

Agents participating in the study highlight the appropriateness of including the word

excellence in the name of the network, given that it facilitates the fund attraction process



and the network’s positioning. Likewise, excellence must not only be focussed on science,

but also, at bringing solutions to the market.

With regard to the R&D+i concept, they specify that research does not only include

applied research, but also basic research, which is clearly necessary in cybersecurity.

Some approaches to the cybersecurity R&D+i Centres of Excellence network mission

could be:

1. “Development of the excellent research resources of cybersecurity R&D+i in Spain,

achieving the development of solutions that respond to the needs of the market,

improving the sector’s competitiveness, and combining efforts to overcome the

fragmentation existing”.

2. “Boosting cybersecurity R&D+i through the pooling of the excellent resources of

the ecosystem to drive forward cybersecurity in Spain and achieve the

transference of the results of the research to the market”.

3. ”Identify the ecosystem’s needs and priorities and define and use the ecosystem’s

capacities”.

6.1.1.2 Vision

The vision of the Network of Excellence should be focused into achieving positioning in

the international ecosystem.

The study participants consider this something fundamental to go beyond Spanish

borders and provide the network with an international dimension (Europe and other

regions) and propose that a Plan be developed for the development of institutional

relations with international agents.

Possible alternatives to the definition of the network’s vision are as follows:

1. “Position Spain as a reference in cybersecurity on the international stage”.

2. “Position the cybersecurity research & innovation ecosystem within the global

arena as a competitive ecosystem, with high levels of transference and

technological value and a high degree of collaboration and connection between its

agents”.

6.1.1.3 Values

Excellence, practicality, rigour, transparency12, trust, team spirit, and an international

dimension.

12 Need for the existence of different levels of transparency and confidentiality within the network.



6.1.2 Strategic objectives, action lines, and measures

The strategic objectives, action lines, and measures of the network must be fully in line

with the mission, vision, and values, since they constitute the grounding and

implementation of them.

The objectives finally identified (agreed with the agents of the ecosystem that attended

the Focus Group sessions) are:

1. To position cybersecurity R&D+i on a European and international level.

2. To develop innovative solutions through R&D+i.

3. To boost technological transference from research to the market in collaboration

with the Cybersecurity Cluster in Spain.

4. Identify, attract, generate, and retain the talent of professionals in cybersecurity on

a national level.

The strategic objectives are outlined in action lines and measures that implement the

specific activities to be performed by the Network.

NOTE: The action lines and measures or specific activities to be carried out by the network

are, on the date that this document is drafted, subject of debate and consensus between

those collaborating on this initiative. Since it is an ongoing process, there may be changes

to these action lines and measures; APPENDIX II STRATEGIC LINES OF ACTION AND

MEASURES has a more detailed description of these action lines and measures.

Generally speaking, different categories of measures have been identified:

Studies and prospective studies that help to clarify important aspects that may

guide future specific initiatives.

Holding of specific events that can be used as a showcase in which both the

network in particular and the ecosystem in general can display the Spanish

ecosystem’s capacities in this area.

Awards for research of excellence.

Communication, dissemination, and institutional relations to establish the

relationship strategy and position the ecosystem’s network both nationally and in

Europe.

Detection of excellent and high-potential research ideas/projects, designing a

mechanism for their assessment and development in R&D+i projects.



A catalogue or repositories with the research available and its associated

exploitation rights, to facilitate its commercialisation.

Administrative support for project management, putting the ecosystem agents in

contact and supporting the R&D+i projects proposal preparation phase.

6.2 Strategic alignment with the Cybersecurity Cluster in Spain project

The initiatives that INCIBE is carrying out in cybersecurity must be connected,

coordinated, and synchronised to take advantage of the synergies and economies of

scale. In this regard, we can highlight the close relationship between the Network of

Excellence on cybersecurity R&D+i and the Cybersecurity Cluster in Spain initiative.

In this section, we broadly describe the main points of intersection and synergies

between the two initiatives; however, since both are undergoing development, the

coordination must be dynamic and constant over time.

The strategic objective of the network of excellence 1. Positioning cybersecurity

R&D+i on a European and international level must be participated by the relevant

agents of the Cluster’s industry, such that the positioning may consider an

extended view of the industry’s needs, and the latter may be properly reflected in

the cybersecurity strategies.

The strategic objective of the Network of Excellence 4. Identifying, attracting,

generating, and retaining the talent of cybersecurity professionals at a national

level is also a focal point of the Cybersecurity Cluster in Spain, and as such, both

initiatives must place special focus on coordination and cooperation in this sphere.

With regard to training, the Network of Excellence, during the collective validation

of the strategic objectives and measures, discarded the direct implementation of

training actions, since they are provided by other ecosystem agents. Instead, it

was agreed that the network must play an active role in the detection of training

needs. In the case that the Cluster in the end decided to implement training

actions, they should be closely coordinated and provided with the needs detected

by the Network.

Actions linked to entrepreneurship. During the validation of the network’s

objectives with the ecosystem agents, it was agreed that should be led and

coordinated by the Cybersecurity Cluster in Spain.

The network must work closely with the Cluster with regard to everything related to

the strategic objective of the network. 3. Boost the technological transference

from research to the market in collaboration with the Cybersecurity Cluster in

Spain. For specific measures relating to the development of projects (search and

selection of research results for their transference to the market), it is necessary



to highlight the extensive possibilities for collaboration between the two

initiatives, such that the network can perform the first filters (select ideas with

potential, carry out a technological validation) with the support of the Cluster to

perform the business validation.

In the measures related to networking, events, and other positioning actions, both

initiatives must analyse the measures to be executed, seeking synergies and even

the possibility of the joint holding of these types of activities.

Lastly, it will be highly recommended that all measures to be implemented by the

Network in terms of studies and analysis be coordinated with the Cybersecurity

Cluster in Spain in all cases in which these studies have an impact on or are

related to the cybersecurity industry.



7 ACTION PLAN: SHORT-, MEDIUM-, AND LONG-TERM

ACTIONS ROADMAP

The action Plan for the implementation of the network consists of four main phases.

Phases 0 and 1 will be carried out during the first year of the network (2015), such that at

the end of this year, the network will have begun its activities. From 2016, the network

will go into full operation.

Below, we illustrate the phases of the Action Plan, as well as the activities to be carried

out in each of them:

Figure 15: Action Plan Phases.

The network’s Strategic Plan is the main axis of activity, establishing strategic objectives,

action lines, and measures to execute. It should be highlighted that the measures of this

plan, which are currently being defined, will be implemented over two years (2015 and

2016). From 2017, the Strategic Plan must be reviewed, in order to define the new actions

to be executed in the framework of the strategy.

7.1 Phase 0: Collaborative definition

This phase constitutes the process of collaboration and participation with the ecosystem

for the definition, consensus, and support of the key subjects of the network. The

following key premises has been agreed:

The suitability of a mixed network, with a cross-disciplinary part and another

consisting of specialised hubs.



The participation in the network of all types of agents existing in the ecosystem

(science, administration, industry, R&D+i support agents).

The need to establish entry and exit criteria, based on excellence, for the members

in the specialised hubs.

The appropriateness of creating a strategic cybersecurity R&D+i Plan.

Name of the network.

Strategic formulation. Mission, vision, and values, strategic objectives, action lines,

and measures to be carried out in 2015.

Services or activities to implement.

Sustainability model, namely the sources of income, as well as financing needs. It

will be necessary to continue thinking about this issue in the future, given its

complexity.

Participation and expansion model: definition of member entry and exit criteria,

both in its cross-disciplinary part and in its hub part. It will be necessary to

continue thinking about this issue in the future, given its complexity.

7.2 Phase 1: Starting the pilot programme

The activities to carry out during this phase will be a starting point for beginning activities

and they will be implemented in the network’s Strategic Plan for 2015. During this phase,

INCIBE will act as coordinator.

The aforementioned Strategic Plan will consider two main types of actions:

Implementation of the measures to execute in 2015.

Network creation activities in terms of its legal and operational aspects:

o Constitution of the legal form.

o Government model. This activity will include the selection of the members

of the executive committee, the constitution of government bodies and

the formal drafting of the Network’s Statutes.

o Management model, through the definition of the Management

Committee, its roles and functions, as well as the areas of activity of the

network in the cross-disciplinary hub.



o Performance of other activities that are necessary for the implementation

of the network, such as the preparation of physical and technological

infrastructure.

o Creation of the cross-disciplinary hub.

7.3 Phase 2: Deployment

This phase, which will run throughout 2016, will be oriented to the expansion of the

activity. On the one hand it will give continuity to the measures established in the

Strategic Plan, which began in 2015 and on the other, it will define the thematic hubs of

which the network will consist. With regard to the hubs, the following activities must be

addressed:

The priorities and strategic objectives of each hub, in line with the national and

European cybersecurity strategies.

With the strategic objectives of each of the hubs as starting point, measures to be

executed and activity areas matching those objectives will be defined.

The collaboration and cooperation model.

The participation and expansion model (access and retention criteria).

Lastly, in this phase, deployment of logical infrastructure will be continued, which began

during phase 1 and network personnel will be recruited.

7.4 Phase 3: Stabilisation

During this phase, the network will be stabilised and will be fully operational, both in the

cross-disciplinary and hub parts.

During this phase, it is not possible to anticipate the activities that may arise, apart from

the daily operations and updating of the network’s Strategic Plan, since this will be

subject to the evolution of the network.

7.5 Cross-disciplinary phase: Management of the implementation

The management of the implementation will be extended to all of the phases with the

exception of the stabilisation phase and is aimed at providing the network with a model

for the management, evaluation, and follow-up of the network strategy.

To execute these activities, the creation of a strategic office is recommended, which will

provide an overview of the network, beyond the execution of specific measures,

contributing the methodologies, tools, techniques and the management model for

supporting the strategy. This office will act on three levels:



Strategic management. From the network strategy defined for the next few years,

the office will manage the execution of the strategic objectives.

Tactical management, aimed at defining specific measures, their budget, and the

associated resources.

Operational management, aimed at the management, supervision and control of

the measures to execute, as well as the activities to execute within each measure.

It will also be aimed at executing activities that support the daily operation of the

network.

7.6 Action Plan Schedule

This section displays the general schedule of the Action Plan.

Figure 16: General schedule of the Action Plan.



APPENDIX I STUDY PARTICIPANTS

AI.1 INTERVIEWS

Organisation/Institution/Company Person interviewed

Position

Agency of Business Innovation, Funding, and Internationalisation of Castilla y León

Carlos Escudero Martínez

Department Director

Agency of Business Innovation, Funding, and Internationalisation of Castilla y León

Javier García Díez N/A

Innovative Business Association for Network Security and Information Systems

Tomás Castro President

Galician Innovation Agency Manuel Varela Rey Director

Galician Innovation Agency Sonia Pazos Álvarez Director of the Centres Area

Carnegie Mellon University (Software Engineering Institute - CERT Division)

Robert C. Seacord Secure Coding Manager

Industrial Cybersecurity Centre Samuel Linares Director

National Centre of Excellence in Cybersecurity Álvaro Ortigosa Director

CISCO David Fuertes N/A

European Commission – Directorate-General for Communications Networks, Content and Technology Trust and Security

Martin Muehleck Programme Officer – EU policies at DG CNECT

Spanish National Research Council (CSIC) Luis Hernández Encinas

Tenured Scientist

CriptoLab. Cryptology Laboratory of the Polytechnic University of Madrid

Jorge Dávila Muro Director

IE Business School Peter Bryant Assistant Professor of Entrepreneurship

Indra Jorge López Hernández-Ardieta

Head of the Cybersecurity Research group

Inixa Security Julio Rilo Director

Spanish National Cybersecurity Institute (INCIBE) – Ministry of Industry, Energy, and Tourism

Raúl Riesco Granadino

Manager of Innovation and Talent in Operations Management

S21sec José Alemán Law Enforcement and Defence Line of Business Manager

S2GRUPO Miguel Juan Managing Partner

Tecnalia José Javier Larrañeta Head of the area of security in infrastructure

Carlos III University – Computer Security Lab Juan Manuel Estévez Tapiador

Full University Professor

University of Granada Pedro García Teodoro

Professor attached to the UGR Cybersecurity Group

University of Oviedo Santos González Jiménez

Algebra Professor

University of Vigo - Gradiant Fernando Pérez-González

University of Vigo Professor

University of Vigo - Gradiant Juan Ramón Troncoso

Postdoctoral Researcher at the University of Vigo

European University of Madrid Mª Teresa Villalba de Benito

Full Professor/Researcher and Director of the University Master’s in ICT Security



Organisation/Institution/Company Person interviewed

Position

Polytechnic University of Madrid Victor Villagrá

Full Professor and Researcher in Management and Security of Telecommunication Networks and Services.

AI.2 QUESTIONNAIRES

Organisation/Institution/Company Person surveyed Position

Innovative Business Association for Network

Security and Information Systems Roberto Vidal President (and CEO of Xeridia)

Innovative Business Association for Network

Security and Information Systems Tomás Castro President

Association of Electronics, Information and

Communications Technologies,

Telecommunications and Digital Content

Companies

Aida Millán Project Coordinator

Association of Electronics, Information and

Communications Technologies,

Telecommunications and Digital Content

Companies

Javier Vendrell García R&D Manager

National Cybersecurity and Technological

Expertise Association (ANCITE) José Luis Narbona President

Industrial Cybersecurity Centre Ignacio Paredes Head of Studies and Research

National Centre for the Protection of Critical

Infrastructure Miguel Ángel Abad

Head of the Cybersecurity

Service

Centre for Industrial Technological

Development Maite Boyero Egido

Spanish delegate of Secure

Societies and the national

contact and of the H2020

Framework Programme

Cartif Technological Centre Mónica Antón Coordinator of International

Projects

CITIC – Andalusian Innovation and Information

and Communication Technologies Centre Desireé Bellido Deputy Director

Spanish Confederation of Information and

Communications Technologies and Electronics Gloria Díaz Manager

Spanish National Research Council (CSIC) Victor Antonio

Gayoso Martínez Doctor

Security Team for the Coordination of

Emergencies in Telematic Networks (esCERT)-

Polytechnic University of Catalonia

Kenan Rhoton Collaborator

Security Team for the Coordination of Manel Rodero N/A









Manuel García-

Cervigón Gutiérrez N/A




Sandra Marsà N/A

Innovation 4 Security Rafael Ortega Director General

Joint command of Cyber-defence of the Armed

Forces-Chief of Staff of Defence

Carlos Gómez López

de Medina Division general

Permanent observatory for cybersecurity of

the World Federation of Scientists Henning Wegener Director

PANDA Salvador Sánchez

Taboada

Cyber Defense Strategic Sales

Director

S21SEC Irene Eguinoa Research Manager

Tecnalia Ana Ayerbe Director of the IT

Competitiveness Business Area

Telefónica Manuel Carpio Director of Information Security

Autonomous University of Madrid Jorge E. López de

Vergara Méndez Full University Professor

University of Castilla La Mancha Francisco Ruiz Doctor

Complutense University of Madrid- Analysis,

Security, and Systems Group (GASS)

Luis Javier García

Villalba Director

University of Alcalá de Henares Juan Ramón Velasco

Pérez Professor

University of Alicante Antonio Zamora

Gómez

Professor, Doctor and Director of

the Cryptology and Computer

Security group

University of Alicante Francisco Maciá

Pérez

Vice Chancellor for Information

Technology

University of La Laguna Pino Caballero Gil Doctor

University of Málaga José Mª Troya Linero Professor

University of Mondragón Roberto

Uribeetxeberria

Research and Transference

Coordinator

University of Murcia Gregorio Martínez

Pérez University professor

University of Sevilla Rafael Martínez

Gasca Full Professor




University of Valladolid Helena Castán

Lanaspa Full Professor

University of the Basque Country/Euskal

Herriko Unibertsitatea

Alejandro Muñoz

Mateos N/A



Begoña Blanco

Jáuregui Professor


Herriko Unibertsitatea Eduardo Jacob Professor


Herriko Unibertsitatea Iñaki Goirizelaia Professor



José Luis Martín

González

Professor of Electronic

Technology

European University of Madrid Juan José Escribano

Academic Director ITIA:

Industrial, Aerospace

Communications, and ICT area

Polytechnic University of Madrid Ana Gómez Oliva University Professor

Polytechnic University of Madrid Carlos Alberto Lopez

Barreiro Professor

Polytechnic University of Madrid Fernando Alonso Professor

Polytechnic University of Madrid Julio Berrocal Doctor

Public University of Navarra Eduardo Magaña

Lizarrondo

Full Professor of Telematics

Engineering (Automation and

Computing Department)

Autonomous University of Barcelona Jaume Pujol

Capdevila University School Professor

University of the Balearic Islands Guillem Femenias

Nadal Senior Researcher

Open University of Catalonia David Megías

Jiménez Doctor

Polytechnic University of Catalonia Javier Herranz N/A

Polytechnic University of Catalonia Jorge García Vidal N/A

Polytechnic University of Catalonia Miguel Soriano N/A

Polytechnic University of Valencia Carlos Miguel

Tavares Calafate Full Professor

Pompeu Fabra University Ángel Lozano N/A

Rovira i Virgili University Josep Domingo-

Ferrer Professor



AI.3 PARTICIPANTS IN THE FOCUS GROUPS

AI.3.1 FIRST FOCUS GROUP

LIST OF FOCUS GROUP 1 ATTENDEES

ORGANISATION ATTENDEE

Agency of Business Innovation, Funding, and Internationalisation of Castilla y León (ADE)


Innovative Business Association for Network Security and Information Systems (Cybersecurity AEI)

Tomás Castro



Inixa Security Julio Rilo Blanco

S21sec José Alemán

S2GRUPO José M. Rosell

Carlos III University - Computer Security Lab (COSEC) Juan Manuel Estévez Tapiador

University of Oviedo Santos González Jiménez


University of Vigo - Gradiant Juan Ramón Troncoso

AI.3.2 SECOND FOCUS GROUP

LIST OF FOCUS GROUP 2 ATTENDEES

ORGANISATION ATTENDEE

Agency of Business Innovation, Funding, and Internationalisation of Castilla y León (ADE)




Inixa Security Julio Rilo Blanco

Tecnalia José Javier Larrañeta

S21sec José Alemán

S2GRUPO Miguel Juan

Tecnalia Ana Ayerbe

University of León Miguel Carriegos Vieira


University of Vigo - Gradiant Juan Troncoso

Polytechnic University of Madrid Victor Villagrá



APPENDIX II STRATEGIC LINES OF ACTION AND

MEASURES

For each of the objectives or strategic areas identified, this appendix contains the lines of

action and briefly describes the associated measures. The Strategic Plan for the network,

once finished, will include further explanations and specifications for each of these

measures.

NOTE: The specific lines of action and measures or activities to be implemented by the network

are, at the time of creating this document, subject of debate and consensus among those

collaborating on this initiative. This document is susceptible to modifications given that it is a

work in progress.

The strategic formulation results in a total of 4 strategic objectives, 9 lines of action and

22 measures:

MEASURES ASSOCIATED WITH THE STRATEGIC OBJECTIVES OF THE NETWORK

STRATEGIC OBJECTIVE LINE OF ACTION MEASURE

1. Position cybersecurity R&D+i in Spain at the European and International levels

L.1 Classification of the cybersecurity R&D+i sector in Spain and its position in the global context

M.1 Definition of a cybersecurity R&D+i knowledge map from a dual perspective: Large-scale perspective: General classification of the ecosystem, through activity dynamics, context and scope of action, which the ecosystem develops under. Small-scale perspective: Map of agents that provides information on each agent in the ecosystem regarding their capacities, knowledge, abilities, experience and potential in cybersecurity R&D+i material

L.2 Development of a National Strategic Agenda regarding cybersecurity R&D+i

M.2 Analysis and diagnosis of obstacles and inhibitors (problems or challenges) as well as driving factors and social, technological, economic and regulatory incentives to encourage research in the field of cybersecurity R&D+i

M.3 Detect problems and demands with no solutions in the market actually that affect end-users (public administrations, Defence, Law Enforcement agencies, strategic sectors, citizens) for the generation of R&D+i joint projects between the industry and science sectors It is worthwhile to mention the relevance of sophisticated demand (CERTs, Defence, Finance, etc.) whose unmet challenges represent opportunities and business models have high global potential. M.4 Identification of priorities in cybersecurity R&D+i research (focus points and R&D+i lines of action)





M.5 Definition and proposal for the creation of network nodes of expertise based on the results of the Strategic Agenda. Review and alignment of the network of excellence’s Strategic Plan (R&D+i / Transference / Internationalisation) in line with the Spanish and European Strategic Agendas regarding cybersecurity R&D+i

L.3 Brand reputation and positioning strategies in the national and international cybersecurity ecosystems

M.6 Definition of the Network P.R. Model and Communications Plan

M.7 Plan for publications and participation in international conferences and platforms

2. Develop innovative

solutions through R&D+i

L.4 Innovation stimulus

M.8 Support for implementing idea incubators and

identification and resolution programs for

challenges in cybersecurity (crowdsourcing and

access to high market potential challenges --

identified by the sophisticated demand in

cybersecurity)

L.5 Impulse and stimulus for the development of R&D+i Projects based on the Strategic Agenda

M.9 Act as a facilitator, mediator and catalyst in order to find ways to finance and support R&D+i projects M.10 Administrative support in project management Networking mechanisms and contacting with ecosystem agents, in addition to support and consulting during the preparation and improvement of proposals regarding calls for R&D+i competitive projects. M.11 Facilitate technological infrastructures to enable management and execution (remote laboratory) of R&D+i projects among participants on the Network, thus promoting an increase in activity and cooperation concerning cybersecurity R&D+i projects

L.6 Recognition of excellence in R&D+i

M.12 Awards for cybersecurity research

excellence. Design of candidate evaluation and

selection mechanisms, call for proposals for

recognition, event celebration and communication

campaigns

3. Promote the transference of technology from research to market, in collaboration with the Cybersecurity Cluster in Spain

L.7 Support enhancement and transference of technology in collaboration with Cybersecurity Cluster in Spain

M.13 Business project acceleration program (detection of excellent R&D+i results as well as results which have high potential for transference to market) in collaboration with the Cybersecurity Cluster in Spain M.14 Creation of a repository for the results of Cybersecurity national research with available research knowledge and its associated exploitation rights in order to facilitate the marketing and commercialization of that research





M.15 Collaboration with the Cybersecurity Cluster in Spain for the creation of a catalogue of suppliers of technological appraisal and transference services that meet certain requirements demanded by the Network of excellence. A repository for ecosystem agents that need these services, guaranteeing access to suppliers who meet specific quality and solvency requirements

M.16 Holding conferences/events for entrepreneurs (Pitch Elevator, Pitch To Market, etc.) Organization and celebration of the event as well as associated communication campaigns

M.17 National cybersecurity R&D+i conferences A

scientific meeting point in which the network in

particular and the ecosystem in general can show

their capacities both in the areas of knowledge and

talent as well as in research results and potential

transference to market. Synergy with other

initiatives and Network of excellence measures

4. Identify, attract, generate and retain cybersecurity research talent at a national level

L.8 Identification of needs for research talent promotion in cybersecurity

M.18 Define the profile and abilities of the cybersecurity research professional Participatory process to determine the skills, capacities and basic abilities that the profile of the Network cybersecurity researcher should have, especially in the fields of R&D+i, training and the entrepreneurial profile. M.19 Differential analysis of cybersecurity training programs to meet needs for talent development in cybersecurity. Analysis of both curriculum needs (demanded profiles in both science and industry) as well as training requirements Collaboration with Administration - Science - Market

L.9 Detection and review of mechanisms for talent retention

M.20 Collaboration with other ecosystem agents in activities to promote, identify, recruit, attract and retain talent regarding cybersecurity professional opportunities. M.21 Talent recruitment/exchange within the ecosystem Identify and specify mechanisms for retaining, recruiting and exchanging research talent within and to the national ecosystem M22. Encourage and facilitate access to Network research talent by the Cybersecurity Cluster in Spain. Collaboration with industry research professionals for both cybersecurity solution development and innovative services.



APPENDIX III DOCUMENT SOURCES CONSULTED

Agencia Española de Protección de Datos (AEPD) (http://www.agpd.es/).

Agencia Europea de Defensa (EDA) (http://www.eda.europa.eu/).

Agencia Europea de la Seguridad de las Redes y la Información (ENISA)

(http://europa.eu/abouteu/agencies/regulatory_agencies_bodies/policy_agencies/enisa/inde

x_es.htm).

Agenda Digital Europea. Unión Europea.

Agenda Digital para España. 2013/2014. Ministerio de Industria, Energía y Turismo,

Ministerio de Hacienda y Administraciones Públicas.

Centro Criptológico Nacional (CCN) (https://www.ccn.cni.es/).

Centro de Ciberseguridad Industrial (https://www.cci-es.org/).

Centro de Excelencia para la Cooperación en Ciberdefensa (CCDCOE)

(https://www.ccdcoe.org/).

Centro Nacional de Inteligencia (CNI) (http://www.cni.es/).

Centro Nacional para la Protección de las Infraestructuras Críticas (CNPIC)

(http://www.cnpic-es.es/).

Centro para el Desarrollo Tecnológico Industrial (CDTI) (https://www.cdti.es/).

Cibersecurity Coordination Group (CSCG)

(http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Security/Pages/Cyber

security.aspx).

Ciberseguridad en España: una propuesta para su gestión. Enrique Fojón Chamorro y

Ángel F. Sanz Villalba. Real Instituto ElCano.

Comisión Europea (http://ec.europa.eu/index_es.htm).

Competitive analysis of the UK cyber security sector. 29 de julio de 2013. Pierre

Audoin Consultants.

Congreso Cybercamp 2014 (http://cybercamp.es/).

Cybercamp (https://cybercamp.es).

http://www.agpd.es/

http://www.eda.europa.eu/

http://europa.eu/abouteu/agencies/regulatory_agencies_bodies/policy_agencies/enisa/index_es.htm

http://europa.eu/abouteu/agencies/regulatory_agencies_bodies/policy_agencies/enisa/index_es.htm

https://www.ccn.cni.es/

https://www.cci-es.org/

https://www.ccdcoe.org/

http://www.cni.es/

http://www.cnpic-es.es/

https://www.cdti.es/

http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Security/Pages/Cybersecurity.aspx

http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Security/Pages/Cybersecurity.aspx

http://ec.europa.eu/index_es.htm

http://cybercamp.es/



Cybercrime Centres of Excellence Network for Training Research and Education

(http://www.2centre.eu/).

Cybersecurity policy making at a turning point, Analysing a new generation of national

cybersecurity strategies for the Internet economy. 2012. Organización para la

Cooperación y el Desarrollo Económico (OCDE).

CyberTech Israel (http://www.cybertechisrael.com/).

ENISA (http://www.enisa.es/).

Estrategia de Seguridad Marítima Nacional. 2013. Departamento de Seguridad

Nacional, Presidencia del Gobierno.

Estrategia de Seguridad Nacional. 2013. Presidencia del Gobierno.

Estrategia Española de Ciberseguridad. 2013. Presidencia del Gobierno.

Estrategia Europea de Ciberseguridad. 2012. European Union Agency for Network and

Information Security (ENISA).

Estrategia Regional de Investigación e Innovación para una Especialización Inteligente.

RIS3 de Castilla y León. 2014- 2020. 16 de abril de 2014.

European Association for e-identity and Security EEMA (https://www.eema.org/).

European Network for Cybersecurity (https://www.encs.eu/).

European Public Private Partnership for Resilience (http://www.enisa.europa.eu/).

European Research Council (ERC) (http://erc.europa.eu/).

European Technology Platform on Industrial Safety (http://www.industrialsafety-tp.org/).

Europol (https://www.europol.europa.eu/).

Grupo de Expertos de Alto Nivel de la Agenda Digital para España. Informe de

recomendaciones del Grupo de Expertos de Alto Nivel para la Agenda Digital para

España. 18 de junio de 2012.

Guía rápida Horizonte 2020. Centro para el Desarrollo Tecnológico Industrial (CDTI).

Horizon 2020. Work Programme 2014 – 2015. Leadership in enabling and industrial

technologies. Unión Europea.

http://www.2centre.eu/

http://www.cybertechisrael.com/

https://www.eema.org/

https://www.encs.eu/

http://www.enisa.europa.eu/

http://erc.europa.eu/

http://www.industrialsafety-tp.org/

https://www.europol.europa.eu/



Horizon 2020. Work Programme 2014 – 2015. Leadership in enabling and industrial

technologies. Information and Communication Technologies. Unión Europea.

Horizon 2020. Work Programme 2014 – 2015. Secure societies – Protecting freedom

and security of Europe and its citizens. Unión Europea.

Horizonte 2020 (http://www.eshorizonte2020.es/).

IETF (https://www.ietf.org/).

II Plan Autonómico de Investigación, Desarrollo y Transferencia de Conocimientos.

Gobierno de Aragón.

III Plan Riojano de I+D+i. 2008-2011. Gobierno de la Rioja.

Information Technology Service Management Forum (http://www.itsmf.es/).

Informe anual 2012. Centro para el Desarrollo Tecnológico Industrial (CDTI).

Informe SISE 2010. Análisis de las convocatorias del Plan Nacional 2008-2011

correspondientes al año 2010. Ministerio de Ciencia e Innovación.

Instituto Nacional de Ciberseguridad (http://www.incibe.es/).

Interactive energy Roadmap (https://www.controlsystemsroadmap.net/).

Interpol (http://www.interpol.int/).

INTERPOL World (http://www.interpol-world.com/).

ISMS Forum Spain (https://www.ismsforum.es/).

IV Plan Regional de Investigación Científica e Innovación Tecnológica 2005-2008.

Comunidad de Madrid.

La ciberseguridad en la Unión Europea. 2014. Henning Wegener-Instituto Español de

Estudios Estratégicos.

La nueva Ley de la Ciencia, la Tecnología y la Innovación. Aspectos relativos a la

propiedad industrial e intelectual. Gonçalves Pereira. Cuatrecasas.

Mando Conjunto de Ciberdefensa de las Fuerzas Armadas (MCCD)

(http://www.emad.mde.es/CIBERDEFENSA/).

Mapa de ruta de la Ciberseguridad Industrial en España 2013–2018. 2013. Centro de

Ciberseguridad Industrial (CCI).

http://www.eshorizonte2020.es/

https://www.ietf.org/

http://www.itsmf.es/

http://www.incibe.es/

https://www.controlsystemsroadmap.net/

http://www.interpol.int/

http://www.interpol-world.com/

http://www.emad.mde.es/CIBERDEFENSA/



Ministerio de Defensa (http://www.defensa.gob.es/).

Ministerio de Economía y Competitividad

(http://www.mineco.gob.es/portal/site/mineco/).

Ministerio de Hacienda (http://www.minhap.gob.es/es-ES/Paginas/Home.aspx).

Ministerio de Industria (http://www.minetur.gob.es/es-ES/Paginas/index.aspx).

Ministerio de Interior (http://www.interior.gob.es/).

Ministerio de Presidencia (http://www.mpr.gob.es/Paginas/index.aspx).

MSP on ICT standardization (https://ec.europa.eu/digital-agenda/en/european-multi-

stakeholder-platform-ict-standardisation).

Network and information Security Public-Private Platform

(http://www.enisa.europa.eu/).

Organización de Naciones Unidas (ONU) (http://www.un.org/es/).

Organización del Tratado del Atlántico Norte (OTAN) (http://www.nato.int/).

Organización para la Cooperación y el Desarrollo Económico (OCDE)

(http://www.oecd.org/centrodemexico/inicio/).

Organización para la Seguridad y la cooperación en Europa (OSCE)

(http://www.osce.org/).

Parlamento Europeo (http://www.europarl.es/).

Plan Andaluz de Investigación, Desarrollo e Innovación 2007-2013. Junta de Andalucía.

Plan Avanza 2 Ministerio de Industria, Turismo y Comercio; Secretaria de Estado de

Telecomunicaciones y Sociedad de la Información.

Plan de actuación 2013 del Plan Estatal de Investigación Científica, Técnica y de

Innovación. 2013–2016.

Plan de Ciencia Tecnología e Innovación 2013-2017. Septiembre de 2013. Principado

de Asturias.

Plan de Ciencia, Tecnología e Innovación 2009-2012. Illes Balears.

Plan de Ciencia, Tecnología e Innovación. 2011-2014. 2011. Región de Murcia.

http://www.defensa.gob.es/

http://www.mineco.gob.es/portal/site/mineco/

http://www.minhap.gob.es/es-ES/Paginas/Home.aspx

http://www.minetur.gob.es/es-ES/Paginas/index.aspx

http://www.interior.gob.es/

http://www.mpr.gob.es/Paginas/index.aspx

https://ec.europa.eu/digital-agenda/en/european-multi-stakeholder-platform-ict-standardisation

https://ec.europa.eu/digital-agenda/en/european-multi-stakeholder-platform-ict-standardisation

http://www.enisa.europa.eu/

http://www.un.org/es/

http://www.nato.int/

http://www.oecd.org/centrodemexico/inicio/

http://www.osce.org/

http://www.europarl.es/



Plan de Confianza en el Ámbito Digital. 2013. Ministerio de Industria, Energía y

Turismo.

Plan de Desarrollo e Innovación del Sector TIC. 2013. Ministerio de Industria, Energía y

Turismo.

Plan de Innovación de 2014 – 2016. Cantabria.

Plan de Internacionalización de Empresas Tecnológicas. Junio 2013. Ministerio de

Industria, Energía y Turismo.

Plan de Investigación e Innovación 2010-2013. Generalitat de Catalunya.

Plan Estatal de Investigación Científica, Técnica y de Innovación. 2013–2016.

Ministerio de Economía y competitividad.

Plan Galego de Investigación, Innovación e Crecemento 2011-2015. Xunta de Galicia.

Plan General Estratégico de Ciencia y Tecnología 2010-2015. Generalitat Valenciana.

Plan Regional de Investigación Científica: Desarrollo Tecnológico e Innovación 2011-

2015. Castilla - La Mancha.

Plataforma Tecnológica Española de Seguridad Industrial (http://www.pesi-

seguridadindustrial.org/).

Plataforma Tecnológica Española de Tecnologías para Seguridad y Confianza

(http://esec.imasdtic.es/).

Proyecto Fire (http://www.trustworthyictonfire.com/).

Proyecto Forward (http://www.ict-forward.eu/).

Red Temática de Criptografía y Seguridad de la Información

(http://www.criptored.upm.es/criptored.htm).

Servicio Europeo de Acción Exterior (EEAS) (http://www.eeas.europa.eu/).

Syssec Network of Excellence (www.syssec-project.eu/).

The 2013 (ISC), Global Information Security Workforce Study. Frost & Sullivan.

The National Energy Sector Cybersecurity Organization (http://www.energysec.org/).

The Networking and Information Technology Research and Development Program

(https://www.nitrd.gov/).

http://www.pesi-seguridadindustrial.org/

http://www.pesi-seguridadindustrial.org/

http://esec.imasdtic.es/

http://www.trustworthyictonfire.com/

http://www.criptored.upm.es/criptored.htm

http://www.eeas.europa.eu/

http://www.syssec-project.eu/

http://www.energysec.org/

https://www.nitrd.gov/



Trust In Digital Life (http://www.trustindigitallife.eu/).

V Plan Regional de Investigación, Desarrollo Tecnológico e Innovación 2014 – 2017.

Gobierno de Extremadura.

http://www.trustindigitallife.eu/



APPENDIX IV AGENTS OF THE CYBERSECURITY R&D+i

ECOSYSTEM IN SPAIN

This appendix displays a list of Spanish ecosystem agents identified during the course of

this study, completing the section of the document [3.1 Map of Stakeholders & Agents].

Public Administrations

Military organisations

Ministry of Defence: Armed Forces Intelligence Centre (CIFAS)

Ministry of Defence: Joint Command of Armed Forces Cyber-defence (MCCD)

Civil organisations

National Security Council: Committee Specialising in Maritime Security

National Security Council: Situation Specialist Committee

Ministry of the Economy and Competitiveness: Centre for Industrial Technological Development (CDTI)

Ministry of Finance and Public Administrations

Ministry of Industry, Energy, and Tourism: ENISA

Ministry of Industry, Energy, and Tourism: Spanish National Cybersecurity Institute (INCIBE)

Ministry of Justice: Spanish Data Protection Agency (AEPD)

Ministry for the Presidency. National Intelligence Centre (CNI): National Cryptological Centre (CCN)

Ministry of the Interior: National Centre for Critical Infrastructure Protection (CNPIC)

Ministry of the Interior: State Security Bodies and Forces

Other autonomous organisations: Autonomous Data Protection Agencies (Madrid, Catalonia and the Basque

Country)

Other autonomous organisations: Departments and Agencies competent in R&D+i

Other autonomous organisations: Autonomous Security Bodies and Forces

Academic Sector

42 universities (Universities registered by the Ministry of Education, Culture, and Sport that work in cybersecurity-

related disciplines)



Research group Organisation/Institution

Cryptography and Information Security Research Group (GiCSI) Spanish National Research

Council

Services and Networks Integration Group Polytechnic University School of

Mataró

Telematic Services Engineering Group

Group on Modern Heuristics for the Optimisation and Design of

Communications Networks

Electronic Engineering Group applied to Intelligent Spaces and Transport

Information Engineering Research Unit

University of Alcalá de Henares

Group of the Electronics and Systems Department Alfonso X El Sabio University

High Performance Computing and Networking

Digital System Lab

Autonomous University of

Madrid

Security Group of Information and Communications Technologies

SoftLab

Communications Services and Networks

Identification Technologies University Group

Carlos III University of Madrid

Analysis, Security, and Systems Group

Formal Design and Analysis of Software Systems

Complutense University of

Madrid

Cryptology and Computer Security Group

Networks and Middleware Group

Industrial IT and Computer Networks

University of Alicante

Applied IT Group University of Almería

Management IT

Mobile Communications and Network Design Laboratory University of Cantabria

Alarcos Group

Computer Networks and Architecture

Security Research and Information Systems Auditing Group

High Performance Architecture and Networks

University of Castilla la Mancha

Prinia (Automation and IT Engineering Projects) University of Córdoba

Computer architecture and logical design Group

Advanced Communications and Applied Telematics Engineering Research

Group

University of Extremadura

Telematics and Communications University of Granada

Cryptology Group University of la Laguna

Systems Engineering and Automation Group University of la Rioja

Information and communications systems University of las Palmas de Gran

Canaria

Organisation and Use of Digital Content

Supervision, control, and automation of Industrial Processes University of León



Intelligent Management Systems

Knowledge Engineering

Flexible Information Systems

Robotics

Artificial Vision and Pattern Recognition

Engineering of Manufacturing Processes

Advanced Information Systems

Software Engineering Group

Information and Communications Technologies Application Group University of Málaga

Telematics Group

Communications and Signal Theory University of Mondragón

Architecture and Parallel Computing

Intelligent Systems and Telematics

Information and Communications Systems

University of Murcia

Innovation Centre

Multimedia Distributions Systems Group

Algebra, Encrypting, and Cryptography Group

Communications and Signal Theory Group

Communications and Software Engineering Group

Web Engineering Group

Services, New Technologies, and Regional Development Group

Economic Modelling Statistical-Econometrics Techniques Group

Telecommunications Research Thematic Association

Cryptography, IT Security, and Auditing of Information Systems

University Institute of Industrial Technology of Asturias

University of Oviedo

Biomedicine, Intelligent IT Systems, and Educational Technology Group

Cryptography, Information Security, and Discrete Mathematics University of Salamanca

QUIVIR Group University of Seville

Languages, IT Systems, and Computer Assisted Learning Team University of Vigo

Communications Technology Group.

Computer and Neural Networks Vision Group

Discrete Events Systems Engineering Group

Robotics, Perception and Real Time Group

Group of Distributed Information Systems

University of Zaragoza

NQAS Group

I2T Group

Computer Networks

Research Group in Applied Electronics

University of the Basque

Country/Euskal Herriko

Unibertsitatea

DEUSTEK2

D4K - Deusto for Knowledge Deusto University

Intelligent Systems Research Group European University of Madrid



Mobile and Wireless Communications Technologies Systems Structure Miguel Hernández University of

Elche

Systems and Software Engineering National Distance Education

University

Analysis and Development of Electrical Energy Systems

Division of Systems and Electronic Engineering

Telematics Engineering

Polytechnic University of

Cartagena

Telematics Systems for the Information Society and Knowledge Group

Cryptology laboratory Group

Telecommunication and Internet Networks and Services Group

Integrated Systems laboratory Group

Information and Communications Technology Research Group

Next Generation Internet

Processes Improvement and Security

Communications and Signal Automation

Next Generation Internet

Telecommunication and Internet Networks and Services

Microwave Group

Privacy and Security in Information Systems Group


Madrid

IT Systems Comillas Pontifical University

Networks, Systems, and Telematics Services Group Public University of Navarra

Group of the Information and Communications Engineering Department Autonomous University of

Barcelona

Communications and Distributed Systems University of Girona

Telematics Engineering

Software Processes Improvement Group

Security and Electronic Commerce

University of the Balearic

Islands

Cryptography and Graphs University of Lleida

K-ryptography and Information Security for Open Networks

Privacy and IP Protection Open University of Catalonia

Network Security Group

Networks of Computers and Distributed Systems

Mathematics Applied to Cryptography

Telematics Services


Catalonia

Computer Networks Group

INGENIO


Valencia

Wireless Communications

Research Group in Telecommunications Technologies and Strategies

Networks and Communications Research Group

Pompeu Fabra University

CRISES Group Rovira i Virgili University



Research Centres

Research Centre for Technological Risk Management (CIGTR)

Vicomtech-IK4 Research Centre

Research Centre: Tecnalia

Spanish National Research Council (CSIC)

R&D+i Support Organisations

Technological Centres: Gradiant

Technological Centres: Tecnalia

Research results transference offices (OTRI). An office has been inventoried in each of the 42 universities identified

as universities related to cybersecurity. The OTRI Spanish National Research Council (CSIC) are added to the latter.

Industry

Business associations

Cybersecurity AEI

Innovative Business Groups (AEI)

Spanish Association of Defence, Aeronautical and Space Technological Companies (TEDAE)

National Association of Cybersecurity and Technological Expertise (ANCITE)

Association for the Protection of Critical Infrastructure (APIC)

Basque Information Security and Privacy Association (Pribatua)

Spanish Confederation of Information and Communications Technology and Electronics Businesses (Conectic)

No cON Name

Certifying organisations

European Committee for Electrotechnical Standarization (CENELEC)

European Committee for Standarization (CEN)

European Telecommunications Standards Institute (ETSI)



APPENDIX V COLLABORATIVE NETWORKS ANALYSED

This section provides a list of the collaborative networks analysed in this study:

National collaborative networks

o Spanish technological platform for security and trust (esec-ametic)

o Spanish Technological Platform of Industrial Security (PESI)

o Industrial Cybersecurity Centre (CCI)

o ISMS Forum Spain

o Cryptography and information security thematic network (Criptored)

o Information Technology Service Management Forum (ISMF Forum)

European collaborative networks

o SysSec Network of Excellence

o European Public Private Partnership for Resilience

o Cybercrime Centres of Excellence Network for Training Research and

Education

o Trust in Digital Life

o European Network for Cybersecurity

International collaborative networks

o The Networking and Information Technology Research and Development

Program (NITRD)

o The National Energy Sector Cybersecurity Organization (EnergySec)

o Interactivity energy Roadmap (ieRoadmap)

o The Open Web Application Security Project (OWASP)

network of excellence on cybersecurity r&d+i · scientific-technological areas in which...

Documents