Use Cases

Use case 1

ANTONOV

In UC1 we are focusing on the  cargo monitoring  system designed by Antonov Company. The main purpose of this system is tracking and registering certain set of parameters in order to improve flight safety, and operational communication between the aircraft crew and ground personnel to increase the efficiency and profitability of commercial transportation of Antonov Airlines.

Obtaining data on cargo parameters can occur both after the aircraft lands at the destination airport by reading them from the SD card or laptop, and in real time using several approaches discussed in the next section. 

The cargo monitoring system consists of the following main software and hardware elements as illustrated also in figure below :​

  • two digital pressure, humidity and temperature sensors,​
  • a computer with a recording device and a parameter indicator,​
  • a special program for monitoring parameters, ​installed on a laptop ​
Figure 1: Overview of threats in the aviation use case.

Flight cargo monitoring is a tool for effective management and analysis of processed flight information registered by the onboard flight data recorder, both during normal operation of the fleet and during investigations of flight accidents and incidents.

Providing secure and efficient access to information resources is an important component of the aircraft production process and its subsequent operation. Testing and optimization of access control systems to information resources will make the work of an airline company more efficient. 

TELEMETRY will provide threat analysis and use anomaly and misuse detection, in components and systems to recognize hazardous conditions at component and system level. Also, TELEMETRY will identify vulnerabilities in access control to system components and will monitor the creation of temporary or permanent users with different access levels and sets of rights. TELEMETRY will also control typical or atypical behaviour, provide testing of response to incidents at the HW and SW level.

TELEMETRY tools can help improve the security of an air cargo monitoring system based on on-board indicators, information traffic analysis tools and anomaly detection. 

From the perspective of possible scenario related to the IoT security of cargo aircraft. Two storylines are selected. The first scenario involves a rogue device and an unknown actor who interferes with the system and introduces a rogue sensor. The second scenario involves data being modified during transmission, which is consistent with the current practice of exporting CSV files. By using TELEMETRY tools, the aircraft’s information security system will be significantly improved by protecting the integrity of the data or risk reporting.

Currently, the TELEMETRY tools are being configured in terms of model training, issues of their interoperability and data exchange are being resolved, the sequence of operation of all tools is being determined, and scenarios are being refined. A clear architecture of TELEMETRY tools and information flows is at the testing and approval stage.

The first simulation results obtained with real flight data show the high quality of generalization of the developed machine learning models and high accuracy.

Figure 2: Computer IP-5 (Data acquisition, conversion, recording file on the SD card in *.txt format and transfer data via ethernet to the laptop.
Figure 3: Combined sensors N1 and N2 (temperature, pressure, humidity) .
Figure 4: Laptop for visualization and data monitoring.

Use case 2

NOKIA

Smart factories are a heterogeneous entity consisting of many different individual components. Examples of these components are production machines and network components such as routers, IoT devices, and user devices such as laptops and computers that host software for controlling and operating the factory. As most of these components are “smart” and “online”, they are at risk of being attacked or becoming attackers themselves. 

Examples of attacks on components are as follows: 

  • IoT devices whose outdated firmware enables an attacker to take over the device, or the manipulation of control data from production machines with the aim of damaging them or influencing product quality. 
  • Production machines that collect and send confidential operating parameters can themselves become an attacker. This can be initiated by an untrustworthy manufacturer, or by a legitimate firmware update that has already been compromised by an attacker at the manufacturer (“supply chain attack”). 
  • Devices that are introduced into the network without authorization (e.g., by a disgruntled employee) and launch cyber-attacks from within the network are another potential source of danger to the integrity and security of a smart factory. 
Figure 5: Use Case 2 Architecture Diagram

Dangers and attacks as described above can already be countered today: Firewalls, rule-based traffic scanners or network segmentation are some of the most common measures with which network administrators try to contain risks of this kind, but these methods are mostly static and only defend against known or anticipated attack vectors. In addition, they must be manually maintained and expanded to be effective in the long term. To address this, TELEMETRY will investigate how to extend this approach with methods that attempt to recognize yet unknown variants of cyber-attacks through machine learning techniques. Specific examples of the approaches to be evaluated in this storyline are as follows: 

  • Attacks on the production process are detected by analysing the operating parameters of a robot in real-time using a machine learning-based model and detecting anomalies in its operating behaviour. 
  • To detect covertly operating devices in the network, or to detect suspicious communication behaviour of known elements in the network, TELEMETRY will also use machine learning methods to detect anomalies in network traffic in real-time. 
  • A Software Bill Of Material (SBOM) of the network elements is regularly compared with the Common Vulnerabilities and Exposures (CVE) database to automatically provide the administrator with information on exploits. 
  • The central evaluation of the detected attacks and threats is carried out by a central risk assessment system, which collects the findings of the elements described and creates a final risk analysis for the smart factory. 
  • The result of this analysis, together with information on countermeasures, is then displayed to the administrator on the dashboard. 
Picture 2
Picture 3

Use Case 3

TIM

Telecom Italia (TIM) is the incumbent telecommunications operator in Italy, providing both fixed and mobile data services to millions of subscribers. To ensure the cybersecurity of its devices before deployment in production environments, TIM needs to verify their robustness and reliability, with a specific focus on cybersecurity. In the context of the TELEMETRY project, TIM has developed a use case that replicates its real-world testing process. This testing environment accurately simulates a typical household or small enterprise network, including standard traffic patterns and volumes, though it does not involve actual users or home/business devices (Figure 8).

Figure 8: Inside TIM’s Testing Environment.
Figure 9: Residential Gateways and IoT Devices Under Test. 

The primary focus of this use case is on domestic and small enterprise networks protected by Residential Gateway (RGW) devices (Figure 9). In this context, RGWs act as the interface between the telecom network and customer devices, such as PCs, servers, printers, smartphones, media systems, cameras, digital assistants, home automation platforms, and various types of sensors. Due to their strategic position at the boundary of these networks, RGWs are increasingly becoming targets for cyberattacks aimed at compromising the user’s domain or the telecom infrastructures.

As critical components, RGWs are vital to the telecom industry due to the large number of users they serve, the volume of data they handle, and the essential services they provide. However, IoT devices, including RGWs, pose significant challenges related to data governance, particularly in terms of privacy and security. If these challenges are not adequately addressed, they could introduce significant risks, compromising not only customer data but also the integrity and availability of the telecom provider’s critical infrastructure. Unchecked vulnerabilities may allow cybercriminals to exploit billions of IoT devices for malicious purposes, including Distributed Denial of Service (DDoS) attacks, phishing, data exfiltration, and privacy violations. Furthermore, these security weaknesses could expose the telecom networks to cyberattacks, disrupt essential services, and undermine customer trust, ultimately damaging the telecom provider’s reputation and business continuity.

Even worse, consumer- or small-business-grade devices, often designed with cost minimization in mind, are frequently deprioritized for ongoing maintenance and security updates. The drive to keep production costs low can limit the extent of security verification processes. To mitigate these risks, TIM has established a robust internal process to test RGWs for both known and unknown vulnerabilities, as well as misconfigurations, before deploying them to final customers. As part of this process, the TELEMETRY tools and framework will be integrated into TIM’s defined internal security testing procedures, with their performance and effectiveness being compared to existing commercial and open-source tools already in use.

European Cyber Security Community Initiative (ECSCI)

The European Cyber Security Community Initiative (ECSCI) brings together EU-funded cybersecurity research and innovation projects to foster cross-sector collaboration and knowledge exchange. Its aim is to align technical and policy efforts across key areas such as AI, IoT, 5G, and cloud security. ECSCI organizes joint dissemination activities, public workshops, and strategic dialogue to amplify the impact of individual projects and build a more integrated European cybersecurity landscape.

Supported by the European Commission, ECSCI contributes to shaping a shared vision for cybersecurity in Europe by reinforcing connections between research, industry, and public stakeholders.

Visit the website

European Cluster for Cybersecurity Certification

The European Cluster for Cybersecurity Certification is a collaborative initiative aimed at supporting the development and adoption of a unified cybersecurity certification framework across the European Union. Bringing together key stakeholders from industry, research, and national authorities, the cluster facilitates coordination, knowledge exchange, and alignment with the EU Cybersecurity Act.

Its mission is to contribute to a harmonized approach to certification that fosters trust, transparency, and cross-border acceptance of cybersecurity solutions. The cluster also works to build a strong stakeholder community that can inform and support the work of the European Union Agency for Cybersecurity (ENISA) and the future European cybersecurity certification schemes.

Visit the website

CertifAI

CertifAI is an EU-funded project aimed at enabling organizations to achieve and maintain compliance with key cybersecurity standards and regulations, such as IEC 62443 and the EU Cyber Resilience Act (CRA), across the entire product development lifecycle. Rather than treating compliance as a one-time activity or post-development task, CertifAI integrates compliance checks and evidence collection as continuous, embedded practices within daily development and operational workflows.

The CertifAI framework provides structured, practical guidance for planning, executing, and monitoring compliance assessments. It supports organizations in conducting gap analyses, building compliance roadmaps, collecting evidence, and preparing for formal certification. The methodology leverages best practices from established cybersecurity frameworks and aligns with Agile and DevSecOps principles, enabling continuous and iterative compliance checks as products evolve.

A central feature of CertifAI is the use of automation and AI-driven tools—such as Retrieval-Augmented Generation (RAG) systems and Explainable AI—to support the interpretation of complex requirements, detect non-conformities, and generate Security Assurance Cases (SAC) with traceable evidence. The approach is organized into five main phases: preparation and planning, evidence collection and mapping, assessment execution, reporting, and ongoing compliance monitoring.

CertifAI’s methodology is designed to be rigorous yet adaptable, offering organizations a repeatable process to proactively identify, address, and document compliance gaps. This supports organizations not only in meeting certification requirements, but also in embedding a culture of security and compliance into daily practice.

Ultimately, CertifAI’s goal is to make compliance and security assurance continuous, transparent, and integrated, helping organizations efficiently prepare for certification while strengthening their overall cybersecurity posture.

Visit the website

DOSS

The Horizon Europe DOSS – Design and Operation of Secure Supply Chain – project aims to improve the security and reliability of IoT operations by introducing an integrated monitoring and validation framework to IoT Supply Chains.

DOSS elaborates a “Supply Trust Chain” by integrating key stages of the IoT supply chain into a digital communication loop to facilitate security-related information exchange. The technology includes security verification of all hardware and software components of the modelled architecture. A new “Device Security Passport” contains security-relevant information for hardware devices and their components. 3rd party software, open-source applications, as well as in-house developments are tested and assessed. The centrepiece of the proposed solution is a flexibly configurable Digital Cybersecurity Twin, able to simulate diverse IoT architectures. It employs AI for modelling complex attack scenarios, discovering attack surfaces, and elaborating the necessary protective measures. The digital twin provides input for a configurable, automated Architecture Security Validator module which assesses and provides pre-certification for the modelled IoT architecture with respect of relevant, selectable security standards and KPIs. To also ensure adequate coverage for the back end of the supply chain the operation of the architecture is also be protected by secure device onboarding, diverse security and monitoring technologies and a feedback loop to the digital twin and actors of the supply chain, sharing security-relevant information.

The procedures and technology will be validated in three IoT domains: automotive, energy and smart home.

The 12-member strong DOSS consortium comprises all stakeholders of the IoT ecosystem: service operators, OEMs, technology providers, developers, security experts, as well as research and academic partners.

Visit the website

EMERALD: Evidence Management for Continuous Compliance as a Service in the Cloud

The EMERALD project aims to revolutionize the certification of cloud-based services in Europe by addressing key challenges such as market fragmentation, lack of cloud-specific certifications, and the increasing complexity introduced by AI technologies. At the heart of EMERALD lies the concept of Compliance-as-a-Service (CaaS) — an agile and scalable approach aimed at enabling continuous certification processes in alignment with harmonized European cybersecurity schemes, such as the EU Cybersecurity Certification Scheme for Cloud Services (EUCS).

By focusing on evidence management and leveraging results from the H2020 MEDINA project, EMERALD will build on existing technological readiness (starting at TRL 5) and push forward to TRL 7. The project’s core innovation is the development of tools that enable lean re-certification, helping service providers, customers, and auditors to maintain compliance across dynamic and heterogeneous environments —including Cloud, Edge, and IoT infrastructures.

EMERALD directly addresses the critical gap in achieving the ‘high’ assurance level of EUCS by offering a technical pathway based on automation, traceability, and interoperability. This is especially relevant in light of the emerging need for continuous and AI-integrated certification processes, as AI becomes increasingly embedded in cloud services.

The project also fosters strategic alignment with European initiatives on digital sovereignty, supporting transparency and trust in digital services. By doing so, EMERALD promotes the adoption of secure cloud services across both large enterprises and SMEs, ensuring that security certification becomes a practical enabler rather than a barrier.

Ultimately, EMERALD’s vision is to provide a robust, flexible, and forward-looking certification ecosystem, paving the way for more resilient, trustworthy, and user-centric digital infrastructures in Europe.

Visit the website

SEC4AI4SEC

Sec4AI4Sec is a project funded by the European Union’s Horizon Europe research and innovation programme under grant agreement No 101120393.

This project aims to create a range of cutting-edge technologies, open-source tools, and new methodologies for designing and certifying secure AI-enhanced systems and AI-enhanced systems for security. Additionally, it will provide reference benchmarks that can be utilized to standardize the evaluation of research outcomes within the secure software research community.

The project is divided into two main phases, each with its own name.

·       AI4Sec – stands for using artificial intelligence in security. Democratize security expertise with an AI-enhanced system that reduces development costs and improves software quality. This part of the project improves via AIs the secure coding and testing.

·       Sec4AI –  involves AI-enhanced systems. These systems also have risks that make them vulnerable to new security threats unique to AI-based software, especially when fairness and explainability are essential.

The project considers the economic and technological impacts of combining AI and security.

The economic phase of the project focuses on leveraging AI to drive growth, productivity, and competitiveness across industries. It includes developing new business models, identifying new market opportunities, and driving innovation across various sectors. 

Visit the website