• IPACSO
  • IPACSO

    Innovation framework for ict security
  • 1
  • 2
image

European Cyber Security & Privacy Innovation Awards 2015

European cyber security and privacy innovation awards Read More
image

Cyber Security & Privacy Innovation Bootcamps

Bootcamps for Innovators, Investors, Policy Makers. Read More
image

Award Winner CRYPHO

Winner of the EU Privacy and Cyber Security Innovator Award Read More
image

And the winners are...

Check impressions of the conference, list of finalists and winners. Read More
image

Innovation Support Services

Support Services for Innovators, Investors, Clusters & Policy Makers Read More
  • 1

PACS Cluster

A broad range of ingredients are necessary for organisations to achieve commercial excellence in any market domain, as well as to support policy makers in effectively supporting innovation. Figure 12.1 describes a pyramid view of three levels of internal and external elements that need to exist across product, innovation and wider environmental levels: 

  • Product Management Level: At the uppermost pyramid level, organisations will seek specific product (or service) opportunities, and will aim to put a product management philosophy in place within the organisation in order to nurture individual ideas correctly, establishing key success prerequisites - e.g. who is our customer? What is our market? Are we building the “right” product? And so on.
  • Innovation Management Level: in order to sustainably create ideas across an entire organisation, an appropriate innovation management philosophy needs to be created to support and orchestrate individual Product/Service development initiatives. Activities, innovation management will also ideally encompass a broader set of innovation activities, particularly more incremental projects that aim to support process improvement or better ways of working; particularly as such activities will often compete for resources that could be allocated to higher-risk new product development activities. Key elements of an innovation management structure within an organisation include establishing an innovation process, developing approaches for generating and harvesting ideas both internally and externally, incentivising employees to get involved, and ultimately developing an appropriate innovation culture. Developing appropriate oversight over an entire portfolio of ideas and innovation projects, and ensuring that projects are prioritised appropriately and correctly resourced are also important considerations at this level.
  • Environment Level: unlike the previous levels, whereby companies largely implement support for such levels within their organisation boundary, the Environment level addresses the wider external ecosystem in which the organisation is aiming to innovate. Accessing and leveraging key external ingredients should be a key objective of organisations at this level. In turn, policy makers are concerned with creating and nurturing such regional environments, and providing and enabling such supports within them.

Innovation Pyramid

While appropriate supports for the Product and Innovation levels above are necessary, the external environment in which individual organisations exist, or choose to innovate, can be a particularly crucial element in their success and ability to compete both regionally and scalably on a broader level. While this applies across technology domains among others, it is especially relevant to PACs activities, where a number of generic and domain specific ingredients can have a crucial impact on innovation outcomes for that organisation. The remainder of this section reviews definitions and examples of such innovation environments, both generally, and more specifically with regards to key PACs innovation ecosystems that presently exist.

  

What are Innovation Clusters – and how do they support innovation?

Innovation clustering initiatives are viewed as a key abstraction for creating the appropriate Environmental levels described above. Summarising, the overall Cluster definition adopted by the FIRE project consortium: 

‘regional concentrations of specialized companies and institutions connected through multiple linkages’.
The term “clusters” here refers to groups of independent companies and centres of knowledge (e.g. universities, research institutes, enterprise associations and other intermediary organisations) that are

  • Collaborating and competing
  • Geographically concentrated in one or several regions, even though the cluster may have global extensions
  • Specialized in a special field, linked by common technologies and skills
  • Of a critical mass (this refers to fact that a cluster should include actors, which together have a certain weight in their sector in order to be able to build momentum, i.e. to be able to establish self-supporting processes.)
  • Either institutionalised (having a proper cluster management) or non-institutionalised.

While clusters are usually created and thought of in terms of driving competitiveness and growth, particularly with regards to innovation, their definition may also be focussed on other primary objectives, such as providing a legal framework or similar umbrella to support funding or marketing initiatives, or in some cases to provide a supporting reference model for statistical measurement [EUC08]. The notion of clusters it is often used interchangeably with other terms such as innovation or technology “hubs”, “districts”, “milieu” etc. While some academic literature has suggested nuanced differences when comparing such terms, consensus on similarities and differences has been difficult to establish [JIA11].

 

Key Cluster Characteristics

Clusters of specific firms within a specialist industrial or technological domain are viewed as an increasingly important source of economic development across the advanced industrial economies, and a central focus of technology policy [CAS07]. By composition, there are generally accepted to be four cluster types: 

  1. Geographical cluster
  2. Sectoral clusters (businesses operating together from within the same commercial sector)
  3. Horizontal cluster (interconnections between businesses at a sharing of resources level)
  4. Vertical cluster (i.e. a supply chain cluster).

Key broad elements shaping cluster development include internal and external factors such as availability of skilled labour, presence of functioning networks and partnerships, technological changes, market competition and so on [HEF11]. Early 20th century research in clustering emphasised traditional economic benefits of clustering such as co-location, reduced transaction costs, increased specialisation, and efficient information flows, whereas in more recent times to social networking benefits of clustering are increasingly relevant [MAR20].

Researchers have also attempted to decompose the structural topology and characteristics of clusters, noting several approaches such as:

  1. “Hub and spoke” approach that is typically led by a few dominant anchor firms, usually large firms
  2. “Satellite” approaches whereby organisations co-locate branch facilities of a similar nature in near proximity to one another - R&D divisions are often clustered in such a manner in a location away from corporate headquarters to achieve such benefits for example
  3. State-centred clusters are another approach, led and dominated by the presence of one or a few large public or non-profit entities, such as universities, RTOs, or military/national security institutes (the latter particularly evident for PACs).

Real world clusters rarely feature any single kind of typology, and that nuanced characteristics will exist within specific industries; both of these points are within the most influential PACs cluster regions globally.

 

Role of Clusters in Policymaking Initiatives


Researchers and policymakers are particularly interested in how existing successful real-world clusters have evolved, what the key factors are in influencing their success, and examining how it might be possible to recreate that success within new or existing clusters elsewhere. Hence it is important to distinguish between the clusters themselves and cluster and policies and initiatives that aim the support their creation and/or further development. Clusters in themselves have often developed organically without any premeditated intervention from policy makers, and leave economic traces that can be statistically measured and captured. In contrast, cluster policy is about expressing a focussed strategy, setting political priorities and allocating funding in order to promote innovation, regional development and other policy goals. Cluster initiatives will ideally support this broader policy at the tactical level, promoting organised efforts to increase growth and competitiveness of clusters within a region, involving a breadth of stakeholders such as innovative firms, government, academia, and specialist cluster organisations that often play an important role as service providers for the support of clusters. The importance of sustained bottom-up initiatives enabled by key anchor cluster members (particularly active innovating companies) is viewed as a key element of gaining initial cluster momentum and sustainability.


Broadly, it is agreed that the initial formation of the most successful clusters has resulted from accidental or serendipitous events, and is often driven initially by key anchor individuals with a vested interest in harnessing local networks in a given area, more so than top-down policy drivers. However, it is agreed that once a cluster reaches a certain point of scale, policy intervention can achieve significant impact and is indeed necessary for the cluster to be sustainable [DTI00]. Despite this, within the PACs spectrum some key emerging ecosystem initiatives on a global level are strongly premised on a top-down policy approach – the emerging shift of PACs emphasis in Israel from Tel Aviv and Haifa towards Be’er Sheva being a strong case in point [TEC14].


Within Europe, PACs policymakers must also achieve a balancing act between supporting individual member states in achieving their own individual privacy/security requirements in a manner that protects national sovereignty rights and concerns, while still achieving greater pooled innovation synergy at a pan-EU level. How can global competitive PACs centres of excellence be achieved within the EU, ideally by raising the profile of existing cases? How is the necessary leverage and scale across individual EU member states developed to produce global-leading solutions, when we know from key PACs and ICT innovation ecosystem examples that a focussed concentration of resources increases commercial potential? Such questions demand that continued policy intervention support is necessary.

 

Overview of Key PACs Clusters in Europe


This section highlights some of the key ecosystems that are presently driving the PACs marketplace and related technology development, both globally and within Europe at present. Solutions in the PACs market are highly fragmented and diverse, particularly in the European market there are a large number of smaller but fragmented players serving needs at national level within their local markets. Several of the key PACs clusters encompassing some of these networks of players are summarised below.

  •  AEI Ciberseguridad (Spain) : www.aeiciberseguridad.es

    Cluster is based in Leon, in the NW of Spain, with a goal of creating a technological pole of high-tech competitive industries located there, and expanding to national level. Cluster currently serves around 56 members, and allows companies to benefit from public-private synergies through its relation with INTECO, focused on cybersecurity, based also in León. INTECO is a national reference centre on ICT security.

  • Bavarian IT Security Cluster (Germany) : http://bit.ly/1wuWfl0
    An affiliation of IT companies, institutes of technology, commercial end-users of PACs technology, universities of applied science, institutes of further education and law firms.
    Key aims are to initiate and promote collaboration in the region on PACs, further development of IT security research and training, disseminate information about security risks, present cluster members and their security expertise, and to launch and mentor company startups. Collaborates closely with similar cluster initiatives in Augsburg and Nuremburg on German national level.
    Cluster contains specific working groups on (1) Data Protection, (2) Cloud Security, (3) Industrial IT Security (manufacturing and control process), (4) Information Security Management, (5) Secure Smart Grids. In particular, group 4 above is responsible for creating ISIS12, a lightweight security management systems for smaller businesses, borrowing relevant aspects for that audience from IS027001 and BSI.
    Membership includes approximately 20 institutes from academia and research training backgrounds, and approx. 80 industrial partners, mainly indigenous German companies and German subsidiaries of larger global enterprises. (http://bit.ly/1wuWfl0)

  • CenSec (Denmark) : www.censec.dk
    An industrial cluster and network centre for small and medium enterprises who are, or wish to become suppliers to the defence, security or space industry. CenSec was established in 2007, based on amalgamation of two projects, Network Center for Aircraft and Defence, and Network Defence Supply.
    Currently contains approximately 80 companies, either based in Denmark or wider Scandinavian region. Mainly industrial with some academic members, with approximately 20% of these companies having a stated interest in security issues. (http://www.censec.dk/en-GB/Members.aspx)

  • Centre for Secure Information Technologies (UK – Northern Ireland) : www.csit.qub.ac.uk

    CSIT is one of seven UK Innovation and Knowledge Centres (IKCs) supported by the UK Technology Strategy Board. Affiliated to Queen’s University Belfast, CSIT forms a core support element of Northern Ireland Science Park, which houses over 100 high-tech foreign direct investment (FDI) and start-up companies employing more than 2000 people. Currently operating on a £30m funding programme over a five year period, with research staff of ~80 persons.
    Attracting new commercial partners to work with CSIT has fostered international collaboration with leading Institutes in the USA, South Korea, India and Europe. CSIT hosts the annual Global Cyber Security Summit, organised around the Centre’s key research themes of securing cloud computing, transport corridors, smart energy grids and financial markets.
    CSIT embodies research across both physical and cyber/information security streams, containing four key research clusters in (1) Data Security Systems, (2) Network Security Systems, (3) Wireless Enabled Security Systems, and (4) Intelligent Surveillance Systems.
    Industry funding comes from industry investment in research projects and CSIT’s open innovation membership model. CSIT has created an Industrial Advisory Board (IAB) involving government and industrial partners whose goal is to help to shape and direct the CSIT research agenda. Full member Companies each obtain a seat on the CSIT board and voting rights to steer and direct the research. Government stakeholders also have a seat on the board as well as funding agencies.
    Key multi-national partners affiliated to CSIT include Altera, BAE Systems, Cisco, Infosys, IBM, Intel/McAfee, Roke, Thales, with recent spinouts including Tital IC Systems and MicroSense.

  • Cybernetica (Estonia) : www.cyber.ee/en/

    Originally a state-operated R&D entity founded in 1997 that originated from the Institute of Cybernetics founded in 1960, Cybernetica was privatised in 2005 but is still heavily tied to supporting Estonian government research objectives and the wider PACS and ICT ecosystem there.
    Key recent research priorities of Cybernetica involving PACs related streams include (1) secure multiparty computation, (2) risk analysis of heterogeneous systems, (3) language-based security and (4) complexity-theoretic foundations of cryptography. Also have wider interests in radio communication and border surveillance systems, and visual light navigation and telematics among others.
    Key commercial security offerings include Sharemind, a data analysis system for securely sharing confidential information, based on its secure multiparty computation research, supporting applications such as privacy-preserving statistics, data mining, analysis of medical and financial data, and development of secure online and cloud services.

  • Digital Trust & Security Working Group, Paris (France) : www.systematic-paris-region.org/en/get-info-topics/digital-trust-and-security
    Part of the Paris Region Systems and ICT Cluster, forming one of seven thematic groups. Group presently involves 153 partners, including 81 SMEs, 49 mid or large size enterprises, and 23 research institutes and universities, with total investment of €321.8m.
    Focus on a number of key sub-areas, including (1) Critical Infrastructure Protection, (2) trusted infrastructure for smart-cities, (3) digital trust for the citizen, (4) Trust and transactional security in large systems, fraud management, (5) common technologies for multi-risk management, resilience, human and societal issues. Group has supported 73 collaborative R&D projects across members to date.

  • Finnish Information Security Cluster (Finland) : http://fisc.fi/
    Established in 2012 by major Finnish Information Security companies in order to promote their business and operations in a national and international context. Currently has 30 members, both SME-based PACs specialists and larger multinational players. (http://bit.ly/1o8lTqN), forming part of the Federation of Finnish Technology Industries. Operate closely in conjunction with Tekes, the Finnish Funding Agency for Technology and Innovation. 
    Key indigenous members include Blancco (data erasure solutions), Capricode (mobile device management), Codenomicon (secure software testing), Deltagon (e-mail communication confidentiality protection), DISE (Identity and Access Mgt), Envault (encryption), F-Secure (content cloud security services), Insta Defsec (diversified defence and security solutions), nSense (consultancy, vulnerability scanning tools),  Panorama (IAM), Propentus (IAM), Redicom (consultancy), RM5 (IAM), Santa Monica Networks (data network solutions), SSH Communications (created the SSH protocol), Stonesoft (Network Security), Trusteq (Consulting), Ubisecure (IAM), Web of Trust (website reputation ratings), XCure (consulting). 

  • Hague Security Delta (Netherlands)  : www.thehaguesecuritydelta.com 
    Officially established in July 2013, claims to be the largest security cluster in Europe, with 400 security companies realising a total turnover of €1.7bn and employing 13,400 people. (http://bit.ly/1BT8r24). Noted that approximately 70% of revenue to Dutch defence and security industry is earned through export of security knowledge - in particular to Germany, France, UK and US. 
    Key security-focussed partners in group include AGT International, Fox-IT, KPN, Siemens, Thales, Trigion, Wave Systems Corp, TNO Defense and Security, Netherlands Forensics Institute, European Network for Cyber Security, Hague Centre for Strategic Studies, Delft University, ROC Mondriaan, Leiden University, Hague University of Applied Sciences, and Cyber Security Academy.  
    More detailed documentation on cluster initiatives and strategy available at www.thehaguesecuritydelta.com/about-hsd
  • Hexatrust (France) : www.hexatrust.fr 
  • LSEC - Leaders In Security (Belgium - Europe) : www.leadersinsecurity.org 
    Active since 2002, an IT Security industry cluster focused on representing the Cyber Security Sector as a whole on a European level, representing industry experts (approximately 5.000),  end users (25.000 prosumers) and researchers/academia (more than 100 research centers in Europe). The group is a knowledge exchange platform and thrives innovation in Cyber Security with its Core Industry Members and through participation of its Enterprise and Individual Members from enterprises. Executing market research, supporting innovation development and coordinating and executing innovation development projects in Belgium, Netherlands, UK, Germany and UK. Specialized in domains such as Mobile Security, Cloud Security, IoT Security, Cyber Physical Systems, Industrie 4.0, Industrial Internet, Payment Systems, Forensics, Security Management, Cyber Security, Information Security, ...
    Members include :  Vasco Data Security, Dimension Data, Intel Security/McAfee, IBM, Symantec, Sophos, G Data, Proximus, Unomaly, Zion Security, Nviso, Toreon, and 160 more. 
  • Madrid Security Cluster: http://madridnetwork.org Forms the security arm and one of 12 cluster groups within Madrid Network that unites 580 companies and institutions across a broad range of sectors (http://www.madridnetwork.org/home.aspx). Centred in civil needs and military RTO dependencies. Contains government-based end-users (including national and regional police, Madrid Metro, Ministries of Defence and Interior), 2 universities, 8 RTOs, approximately 30 SMEs (e.g. HiIberia, SICPA, VALID) and a number of large enterprises (e.g. Indra, Amper).
  • National Technology Platform on Secure and Dependable ICT (eSec) (Spain): eSEC is the Spanish Technology Platform on Secure and Dependable ICT, aiming to increase the competitiveness of the Spanish industry in secure ICT, by launching strategic initiatives on R&D based on cooperative approaches. eSEC is a national platform managed by AMETIC, with headquarters in Madrid. It is partially funded by national government. It serves about 120 companies throughout Spain, focused on Information and Communication Technologies and contributes to building Security and Trust through two key themes - (1) NIS, Network and Information Security, and (2) ICT applied to civil security. eSEC supports key national Spanish initiatives aimed at driving R&D and security, in particular the National Plan for Research and Innovation (2013-16), and the Digital Agenda for Spain (2013-15). It also organises periodic workshops to present funding opportunities from European and National programmes.
  • NSMC - Networking & Security Monitoring Cluster (Czech Republic) : www.nsmcluster.org 

    Established in 2010 in South Moravian region with over 20 members at present, including 3 main Czech technical universities. Particular emphasis on network security within PACs, with others including IT law, protection of personal data, competitive intelligence and facility management. Cluster is a partner in the FIRE FP7 project alongside LSEC. he cluster actively participates in technical conferences, organizes information activities and provides networking for its members, and is active on the regional level (participation in developing the 2012-2014 regional innovation strategy of the South Moravian Region); it cooperates with students and young talents (offering internships and on-the-job training), informs the public about computer threats, comments on technical texts, issues popular science publications and cooperates closely with the academic sphere.

  • TeleTrust (Germany) : www.teletrust.de 

    TeleTrusT is a widespread competence network for IT security comprising members from industry, administration, research as well as national and international partner organizations with similar objectives. Headquartered in Berlin, TeleTrust has a broad range of more than 170 members and partner organizations, embodying one of the largest competence networks for IT security in Germany and Europe. Aside from its Berlin HQ TeleTrusT is also represented in eleven regional offices in Germany and one in Vienna, Austria. TTT operates multiple working groups in different areas of IT-Security - including (1) Biometrics, (2) Cloud Security, (3) Mobile Security, (4) Legal aspects (5) Smart Grids/Industrial Security, (6) SICCT (Secure Interoperable ChipCard Terminal), (7) EBCA operations (European Bridge CA), (8) Information Security Management, and (9) IT Security made in Germany.

  • UK Cyber Security Forum (UK) :http://www.ukcybersecurityforum.com/ 

    Consortium of 120 SME companies across the UK with focus on cyber security. Companies are grouped across six regional clusters, many of which are only being formed in 2014 – these are (1) Cambridge (2) London, (3) Malvern, (4) North East (5) North West, (6) South Wales. Malvern branch was the first cluster to be established (in 2011) and contains approximately 50 of these companies across a range of PACs sub-segments. Key aims are to maintain formal cluster organisations, support regular networking and knowledge sharing across members, highlight barriers to growth, promote member capabilities and act as a central contact for organisations seeking support from members. Malvern and South Wales branches received £500K in UK Technology Strategy Board Launchpad funding in 2013, stimulus package for generating new cyber technology ideas within companies in the clusters.

References

[CAS07] Casper, S. (2007). How do technology clusters emerge and become sustainable?: Social network formation and inter-firm mobility within the San Diego biotechnology cluster. Research Policy, 36(4), 438-455.

[DTI00] DTI, A practical guide to Cluster Development, England’s Regional Development Agencies, UK, 2000.

[HEF11] He, J., & Fallah, M. H. (2011). The typology of technology clusters and its evolution—Evidence from the hi-tech industries. Technological Forecasting and Social Change, 78(6), 945-952.

[JIA11] He, Jiang, and M. Hosein Fallah. "The typology of technology clusters and its evolution—Evidence from the hi-tech industries." Technological Forecasting and Social Change 78.6 (2011): 945-952.

[MAR20] A. Marshall, Principles of Economics, 8th Ed.Macmillan, London 1920.

[TEC14] How Israel is rewriting the future of cybersecurity and creating the next Silicon Valley, http://www.techrepublic.com/article/how-israel-is-rewriting-the-future-of-cybersecurity-and-creating-the-next-silicon-valley/#.

 

 

Getting Started

Which type of company are you? Choose one of the options below and get a head-start.

{module 139}

Framework Overview

Navigate through the different parts of the Framework

{module 141}

leeg