Improve applicability of security innovations with tech-transfer
The Partnership for Cyber Security Innovation has the ambition to innovate in the field of cyber security. The step to actual application of an innovation result often proves difficult. The so-called tech-transfer project is used to improve the applicability of security innovations. Here, Reinder Wolthuis, PCSI program manager, talks about the working method within the PCSI and how the tech-transfer project helps to optimise the innovation process.
What is PSCI and what does your role within PCSI look like ?
The Partnership for Cyber Security Innovation (PCSI) is a public-private partnership that plays a vital role in a secure and resilient digital society through innovation in cybersecurity. PCSI's core partners are ABN AMRO, Achmea, ASML, De Belastingdienst, ING and TNO. We have also built an ecosystem of 'liaison partners', organisations that are interested in PCSI's results and can be involved in specific projects. As PCSI partners, we join forces in developing applicable and innovative cybersecurity solutions that allow companies and organisations in Dutch society to protect themselves against tomorrow's cyber attacks.
I have been working at TNO since 2006, in total I have worked on information security and cybersecurity at different companies for almost 30 years. I have always focused mainly on innovation and I do the same within TNO, in the field of cybersecurity. My role is mainly to initiate and steer larger innovation projects, including EU-funded projects like SOCCRATES. For this, I did the 'Orchestrating Innovation' training within TNO. I was one of the instigators of the PCSI programme and its predecessor, the Shared Research Programme Cyber Security (SRP, 2014-2020). The SRP mainly had a focus on the financial factor. We launched the PCSI in 2020, in which we are more outward-looking and also engage a bit more broadly, cross-sectorally. It was recently decided to extend the PCSI programme for another three years. This decision stems from the success of recent years. We have grown over the past three years, including by joining ASML and de Belastingdienst (Tax Authority), into a true cross-sector cybersecurity innovation collaboration. Within the PCSI, I mainly have the programme management role, outside the PCSI I am also involved substantively in some smaller projects.
How does PCSI operate?
The PCSI focuses on applied innovative research, a number of long-term development projects and knowledge sharing. Actual innovation takes place in parallel projects. These projects go through a short cyclical innovation process and are staffed by experts from all PCSI partners. This PCSI innovation process consists of four four-month phases.
Using the PCSI Security Radar - which provides an overview of current trends relevant to PCSI partners - two or three topics are chosen every four months. For each topic, an ideation session (facilitated brainstorming) is organised with experts from all core partners. Groups develop innovative ideas to address the problems and/or challenges around the topic, these ideas are then pitched to a 'Dragon's Den'. Ideation, developing the pitch and pitching all happen in one day, in a physical meeting. If the Dragons find the pitch promising, a project consisting of four phases is launched: Explore, Proof of Concept, Pilot and Exploit. After each phase, a 'go/ no-go' decision takes place determining whether the plans are still feasible and valuable.
What does the tech-transfer project deliver?
Within the project, we collected information on bringing (security) innovations to the market through literature research. We combined this with interviews and workshops with relevant stakeholders. This led to a number of ideas for adapting our way of working to be better equipped to bridge the tech-transfer gap. They are too many ideas to implement all at once. We extracted four main themes that we will work on: 1) categorising projects after the Explore phase by potential and impact; 2) aligning innovation with business drivers; 3) commitment from core partners and all levels of governance within PCSI and 4) improved preparation and support for tech-transfer.
We described our findings in the 'PCSI tech-transfer' report, available here. Before the summer, we will also release a second report, translating the PCSI results into broader applications and describing what lessons we can draw from our research about the cyber security innovation climate in the Netherlands.
What are the biggest challenges and how is PCSI addressing them?
The biggest challenge is to make sure that our innovations address the questions in the field. Then it is important to gain a foothold with the end product of your innovation project. In addition, large parties do not want to have a separate tool for every problem. We are now working on smaller problems with small suppliers. So for our core partners, it would be attractive to combine the developed tools and integrate them into a large platform. We will also have to keep developing ourselves. The tech-transfer project is a great example of this, helping us improve the way we work. We are also, for example, automating the Security Radar, which we use to select topics for the cyclical innovation projects, within an innovation project so that it shows more current trends.
Examples of promising projects
Security Behaviour Coach: Security awareness is quite a challenge, initiatives to make employees more security conscious often do not work well. One project investigated the feasibility of a new security role: the Security Behaviour Coach. Someone who looks at human behaviour in business processes and how the processes can be adapted to reduce security incidents. The role was defined and tested within a pilot at a PCSI partner. Subsequently, liaison partner Security Academy developed a training course for it. An example of successful tech-transfer!
AIwareness: Targeted phishing on employees is a worrying threat. In recent years, PCSI partners have developed several machine learning technologies for detecting targeted phishing on employees. This project developed a system in which the employee, Security Operations Centre (SOC) analyst and detection capabilities all come together in a positive feedback loop. This system has been tested on 20 employees of a PCSI partner and is being further tested in a larger pilot with liaison partner HoxHunt.
Related projects
Share this page