This ECCC initiative aims to develop a strong and coherent community around cybersecurity, strengthening collaboration, knowledge sharing and the deployment of innovative cybersecurity solutions on a European scale.
The CIPHER² (Cybersecurity Intelligence, Protection and Holistic Enterprise Resilience) consortium will contribute to the ECCC's mission to strengthen Europe's digital resilience by providing a collaborative and standardized infrastructure to test, validate, and certify the cybersecurity posture of critical service operators. Led by Eviden, CIPHER brings together 13 partners from seven European countries—including critical infrastructure operators, research organizations, and cybersecurity-focused SMEs—ensuring a robust, multi-sectoral approach to advancing Europe's cyber resilience. Eviden's expertise in cybersecurity applied to mission-critical systems, including its specialization in radio communications, supports the ECCC's objective of strengthening the European Union's cybersecurity capabilities, particularly within the framework of the NIS2 (Network and Information Security 2) Directive.
This regulation requires critical service providers to implement comprehensive security governance and cyber risk management plans in response to the increasing frequency and sophistication of cyberattacks. Present in numerous critical systems, radio communications (Wi-Fi, 4G, 5G, etc.) have become increasingly complex to audit and monitor from a cybersecurity perspective. Customers will benefit from a comprehensive vulnerability assessment, enabling them to identify potential risks and better prepare for cyberattacks, especially those propagated via radio.
This approach helps prevent malicious acts that could compromise the operational availability of systems and the confidentiality of data. Eviden will participate in the development and integration of the CIPHER platform, which consists of two main components: An automated vulnerability assessment mechanism to continuously identify vulnerabilities in systems, applications, and components. It will be based on active and passive scans to detect known vulnerabilities, misconfigurations, and points of exposure. The assessment will be enriched with threat intelligence data and risk management tools for real-time contextualization. In the case of radio networks, the system will allow for the evaluation of the cybersecurity of wireless interfaces, complementing the analysis performed by AI agents. Vulnerabilities will be automatically classified and prioritized according to their severity, integrating into an AI-powered classification system. An automated penetration testing framework to generate continuous and scalable security tests that simulate real-world attack scenarios against critical assets. This framework will include the selection, adaptation, and orchestration of open-source and custom pentesting tools. It will also implement attack scenarios and be able to simulate different types of threats (networks, applications, radio, etc.). The test results will feed into the CIPHER platform's risk assessment engine and AI-based recommendation systems to refine risk mitigation strategies, enrich and contextualize learnings, and improve outcomes and reporting. The solution will be developed in accordance with the ethical and sustainability principles promoted by the European Union. The AI-based agents deployed on the platform will be fully aligned with the European Artificial Intelligence Regulation (AI Act) and the GDPR, ensuring transparency, accountability, and the ethical use of AI in cybersecurity operations. Furthermore, by incorporating circular economy principles and energy-efficient digital practices, CIPHER drives innovation in sustainable cybersecurity and reduces the environmental footprint of ICT operations.
Bernard Payer, Senior Vice President and Head of Mission Critical Systems at Eviden, Atos Group, stated: “We are extremely proud to be part of the ECCC’s CIPHER initiative to strengthen the cybersecurity capabilities of essential services across the spectrum, including radio equipment, against increasingly sophisticated threats targeting critical IT infrastructures. Being recognized as a key player in protecting critical European cyber assets reflects our ability to secure the digital chain of trust through a sovereign and certified offering that integrates the power of artificial intelligence.”
