Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure in Europe


Disruptions in the operation of our countries’ critical infrastructure may result from many kinds of hazards and physical and/or cyber-attacks on installations and their interconnected systems. Recent events demonstrate the increase of combined physical and cyber-attacks due to their interdependencies. A comprehensive, yet installation-specific, approach is needed to secure existing or future, public or private, connected and interdependent installations, plants and systems. Budgetary constraints on both the public and private sectors mean that new security solutions must be more accurate, efficient and cost-effective, and possibly more automated than the ones currently available.


Proposals should cover: forecast, assessment of physical and cyber risks, prevention, detection, response, and in case of failure, mitigation of consequences (including novel installation designs), and fast recovery after incidents, over the life span of the infrastructure, with a view to achieving the security and resilience of all functions performed by the installations, and of neighbouring populations and the environment.

They should:

  • assess in detail all aspects of interdependent physical (e.g. bombing, sabotage and attacks with a variety of weapons against installations, buildings and ships; plane or drone overflights and crashes; spreading of fires, floods, landslides, disastrous consequences of global warming, seismic activity, space weather, combined threats, etc.) and cyber threats and incidents (e.g. malfunction of SCADA system, non-authorised access of server, electronic interference, distributed attacks), and the cascading risks resulting from such complex threats,
  • demonstrate the accuracy of their risk assessment approach using specific examples and scenarios of real life and by comparing the results with other risk assessment methodologies,
  • develop improved real-time, evidence-based security management of physical and cyber threats, taking account of the ageing of existing infrastructure, and
  • provide scenarios and recommendations for policy planning, engagement of the civil society, and investment measures encompassing all aspects of prevention-detection-response- mitigation

Innovative methods should be proposed for sharing information with the public in the vicinity of the installations – including through social media and with the involvement of civil society organisations -, for the protection of first responders such as rescue teams, security teams and monitoring teams, and for ensuring service continuity.

In 2018 and 2019, they should focus on any type of installation belonging to one of the following critical infrastructures: water systems, energy infrastructure (power plants and distribution, oil rigs, offshore platforms), transport infrastructure (airports, ports, railways, urban multimodal nodes), communication infrastructures and ground segments of space systems, health services, e- commerce and the postal infrastructure, sensitive industrial sites and plants, and financial services.

In 2020, while keeping the coverage of the assessment of risks, prevention, detection, response and mitigation of consequences, proposals should also address the interrelations between different types of critical infrastructure with the objective of developing tools and methods to minimise cascading effects and allow rapid recovery of service performance levels after incidents.

When selecting for funding the proposals submitted in 2018 or 2019 or 2020, the Commission will take due account of similar projects financed in the previous years since 2016, with a view to cover the largest possible spectrum of installations. Each year, a list of infrastructures


  • State-of-the-art analysis of physical/cyber detection technologies and risk scenarios, in the context of a specific critical infrastructure.
  • Analysis of both physical and cyber vulnerabilities of a specific critical infrastructure, including the combination of both real situation awareness and cyber situation awareness within the environment of the infrastructure.
  • In situ demonstrations of efficient and cost-effective solutions to the largest audience, beyond the project participants.
  • Innovative (novel or improved), integrated, and incremental solutions to prevent, detect, respond and mitigate physical and cyber threats to a specific Critical Infrastructure.
  • Innovative approaches to monitoring the environment, to protecting and communicating with the inhabitants in the vicinity of the critical infrastructure.
  • Security risk management plans integrating systemic and both physical and cyber aspects.
  • Tools, concepts, and technologies for combatting both physical and cyber threats to a specific critical infrastructure.
  • Where relevant, test beds for industrial automation and control system for critical infrastructure in Europe, to measure the performance of critical infrastructure systems, when equipped with cyber and physical security protective measures, against prevailing standards and guidelines.
  • Test results and validation of models for the protection of a specific critical infrastructure against physical and cyber threats.
  • Establishment and dissemination throughout the relevant user communities of specific models for information sharing on incidents, threats and vulnerabilities with respect to both physical and cyber threats.
  • Convergence of safety and security standards, and the pre-establishment of certification mechanisms.
  • Secure, interoperable interfaces among different critical infrastructures to prevent from cascading effects.
  • Contributions to relevant sectorial frameworks or regulatory initiatives.

Information for Applicants to SU-INFRA01-2018-2019-2020

In order to minimize overlap with already selected projects, applicants to topic SU-INFRA01-2018-2019-2020 “Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure in Europe” are invited to consult this link in order to get information on the 3 running INFRA01 projects (from the 2018 call, started in 2019), which cover the domains Transport (Air), Sensitive Industrial Sites and Energy Infrastructures (Gas Networks).

In addition, 3 proposals had been selected in the 2019 call and will start in 2020, covering the domains of Ground Segments for space communication, E-commerce and postal services and Transport (Railways). More information will be published under the same link in May.

Information on the 6 running projects from the related topic CIP-01-2016-2017, covering the Critical Infrastructures Energy, Transport (Ports), Water, Finance, Health and Communications, can be found here. infrastructures.

Applicants willing to address any of the abovementioned infrastructures under SU-INFRA01-2018-2019-2020 in 2020 shall duly justify the added value of their proposal and provide evidence of minimal overlapping with the aspects already covered by projects selected since 2016 under the topics INFRA01 and CIP-01.

Moreover, it is reminded that in 2020, while keeping the coverage of the assessment of risks, prevention, detection, response and mitigation of consequences, proposals should also address the interrelations between different types of critical infrastructure with the objective of developing tools and methods to minimise cascading effects and allow rapid recovery of service performance levels after incidents.

1. Eligible countries: described in Annex A of the Work Programme.
A number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon 2020 projects. See the information in the Online Manual.

2. Eligibility and admissibility conditions: described in Annex B and Annex C of the Work Programme.

At least 2 operators of the chosen type of critical infrastructure operating in 2 Member States or Associated Countries must be beneficiaries (possibly, but not necessarily: coordinator) of the grant agreement and should be directly involved in the carrying out of the tasks foreseen in the grant.

The participation of industry able to provide security solutions is required.

The duration of the proposed activities must not exceed 24 months.

Proposal page limits and layout: please refer to Part B of the proposal template in the submission system below.

3. Evaluation:

  • Evaluation criteria, scoring and thresholds are described in Annex H of the Work Programme.
  • Submission and evaluation processes are described in the Online Manual

4. Indicative time for evaluation and grant agreements:

Information on the outcome of evaluation (single-stage call): maximum 5 months from the deadline for submission.
Signature of grant agreements: maximum 8 months from the deadline for submission.

5. Proposal templates, evaluation forms and model grant agreements (MGA):

Innovation Action:

Specific provisions and funding rates
Standard proposal template
Standard evaluation form
General MGA – Multi-Beneficiary
Annotated Grant Agreement

6. Additional provisions:

Horizon 2020 budget flexibility
Classified information
Technology readiness levels (TRL) – where a topic description refers to TRL, these definitions apply

For grants awarded under this call for Innovation Actions, the Commission or Agency may object to a transfer of ownership or the exclusive licensing of results to a third party established in a third country not associated to Horizon 2020. The respective option of Article 30.3 of the Model Grant Agreement will be applied.

Members of consortium are required to conclude a consortium agreement, in principle prior to the signature of the grant agreement.8. Additional documents:

1. Introduction WP 2018-20
14. Secure societies – protecting freedom and security of Europe and its citizens WP 2018-20
General annexes to the Work Programme 2018-2020
Legal basis: Horizon 2020 Regulation of Establishment
Legal basis: Horizon 2020 Rules for Participation
Legal basis: Horizon 2020 Specific Programme

7. Open access must be granted to all scientific publications resulting from Horizon 2020 actions.

Where relevant, proposals should also provide information on how the participants will manage the research data generated and/or collected during the project, such as details on what types of data the project will generate, whether and how this data will be exploited or made accessible for verification and re-use, and how it will be curated and preserved.

Open access to research data
The Open Research Data Pilot has been extended to cover all Horizon 2020 topics for which the submission is opened on 26 July 2016 or later. Projects funded under this topic will therefore by default provide open access to the research data they generate, except if they decide to opt-out under the conditions described in Annex L of the Work Programme. Projects can opt-out at any stage, that is both before and after the grant signature.

Note that the evaluation phase proposals will not be evaluated more favourably because they plan to open or share their data, and will not be penalised for opting out.

Open research data sharing applies to the data needed to validate the results presented in scientific publications. Additionally, projects can choose to make other data available open access and need to describe their approach in a Data Management Plan.

Projects need to create a Data Management Plan (DMP), except if they opt-out of making their research data open access. A first version of the DMP must be provided as an early deliverable within six months of the project and should be updated during the project as appropriate. The Commission already provides guidance documents, including a template for DMPs. See the Online Manual.

Eligibility of costs: costs related to data management and data sharing are eligible for reimbursement during the project duration.

The legal requirements for projects participating in this pilot are in the article 29.3 of the Model Grant Agreement.

Additional documents

  • Flash Info evaluation results en