DELIVERABLES

deliverables

D1.1 – Cross-CI Risk Assessment and GDPR compliance

The deliverable offers an exhaustive examination of the use cases, technical prerequisites, as well as ethical, privacy, and GDPR considerations that will govern the activities of Large-Scale Pilots (LSPs) in the ATLANTIS project. Within this report, we acquaint the Critical Infrastructure (CI) operators involved in the ATLANTIS initiative, and expound upon taxonomies of threats encompassing cyber, physical, and human (CPH) risks pertinent to critical infrastructure systems. Additionally, we elucidate sample scenarios illustrating the potential impacts of CPH hazards on CI systems, delineating their conceivable ramifications.

In-depth enumerations of threats affecting the participating organizations are furnished by the experts within each entity, evaluating both the likelihood and the potential impact of each risk. A comprehensive risk assessment is presented, accompanied by a depiction of the interdependencies within each sector, predicated on the threats identified. Lastly, we offer a concise summary of the legal and ethical concerns intertwined with the project’s pursuits.

D1.2 – ATLANTIS meta-architecture & countermeasures definition

The deliverable D1.2 provides a comprehensive overview of the ATLANTIS framework architecture which aims to enable coordinated risk assessment and mitigation of cyber-physical threats across Critical Infrastructures (CIs). The architecture identifies the system-level components including devices, assets, systems, networking characteristics, 5G/satellite communications, CCI-SAAM platform, inter-Blockchain/DLT, and edge cloud offloading.

The deliverable also provides sequence diagrams describing how the software components will interact under different scenarios. Key countermeasures like earth observation, resilience, human sensing, disinformation tools, situational awareness, systemic risk analysis, risk reduction, threat intelligence, and others are explained.

The document highlights how ATLANTIS will be applied in three large-scale pilots spanning energy, transport, telecoms, health, logistics, finance, and border control sectors across many EU countries. Detailed use cases demonstrate the effectiveness of ATLANTIS in ensuring CI resilience.

Overall, the deliverable provides a well-defined meta-architecture that enables the structured development of an integrated framework to assess and mitigate systemic risks across interconnected European CIs. The architectural specification serves as a foundation for implementing coordinated security capabilities across diverse CI domains.

D2.1 – Cyber Preventive measures

The scope of this document is to provide a comprehensive overview and framework for the implementation of a geospatial monitoring system for critical infrastructure mapping and monitoring in the context of supporting a risk management decision support system for large scale systemic risks – as covered by the ATLANTIS project. The report presents an integrated modular methodological framework that integrates remote sensing technologies – considering a set of diverse technologies, including satellites, drones, and aircraft imagery.

The document reviews current literature to identify best practice and innovative approaches that may be leveraged in the project. It then presents the methodological framework to be deployed in the next phase of the work and highlights some case studies that provide proof-of-concept of the advancements that the proposed remote sensing techniques may offer in pre-crisis, near real-time and post-crisis situations. It also addresses challenges related to data availability, temporal resolution, and integration of remote sensing platforms, providing valuable insights for stakeholders involved in critical infrastructure monitoring and management. By applying the technology to case studies across Europe, including in Slovenia, which was hit by disastrous floods in the months following the publication of this deliverable; the report clearly demonstrates the value that the utilisation of earth observation imagery can have in improving situational awareness and disaster risk management decision support systems for critical infrastructure.

The findings presented in the report provide the foundations for the integration of remote sensing technological capabilities in the decision support system tool being developed within ATLANTIS.

D2.3 – Cyber Preventive measures

The ATLANTIS project aims at enhancing resilience and Cyber-Physical-Human (CPH) security of the key European Critical Infrastructures (CIs), going beyond the scope of distinct assets, systems, and single CI. This goal will be achieved by addressing resilience at the systemic level against major natural hazards and complex attacks that could potentially disrupt vital functions of the society.

In this frame, the purpose of the Work Package 2 is to study, test and set in place preventive technologies to reduce systemic risk by design. In the cyber-security domain, we have identified three different sets of technologies that would help ensure the continuity of services. The purpose of the first one is ensuring the resiliency and the self-healing of CI and inter-CI IT systems. They are based on micro-services and orchestrators to avoid single points of failure and to be able to ensure the continuity of services. The second set of technologies aims at backing up Position, Navigation and Time (PNT) services that are widely used in CIs and for which a breakdown could seriously put at risk their operations. And finally, the third one is about the traceability of information considering we must ensure that any information transferred between CIs is fully trustable to allow the best management of any incoming problematic situation.

Thus, this document covers the three different sets of technologies with a specific focus on the information traceability ones and a state of the art on the resiliency by design and on the resilient PNT. First, it gives an overview of previous EU projects that have already studied and set in place such kind of technologies. Then it indicates how we are going to extend their outcomes and what will be the traceability mechanisms that will be used in the framework of the ATLANTIS project.

D3.1 – Systemic Risks and Incidents Awareness

The purpose of the deliverable is to provide a detailed description of the designed solution for the detection and analysis of systemic risks, cyber-physical threats, or hazards within the ATLANTIS Security Framework in order to build comprehensive situational awareness. Situational awareness aims to support decision-making and risk mitigation to minimize the impact of risks and cascading effects within the targeted infrastructure or other connected infrastructures.

The deliverable examines various phases of the risk management process involving Protective Technologies to reduce systemic risks by innovation. The process begins with the information gathering layer, capable of interfacing uniformly with physical, cyber, cyber-physical, and human sensors without capturing sensitive information from sources through the adoption of appropriate Machine Learning (ML) models. At the same level as the detection layer, we find Human-in-Vicinity (HiVIC) solutions that involve people in the vicinity of the incident for gathering additional information to complement the situational picture.

These pieces of information are then analysed and processed by the core of the system, which deals with building situational awareness and employs the Digital Twin technological approach. The hybrid digital twin incorporates cyber, physical, and cyber-physical models of critical infrastructure elements involved in managing critical events or threats, as well as ML models constructed from historical data obtained from detection components. The digital twin is used to digitally map the properties and state of critical infrastructures, enabling monitoring, analysis, and simulation of the system’s behaviour in the real world.

The deliverable also describes the process leading to the identification and application of machine learning models to predict potential systemic risks or identify imminent risks that need to be managed, involving the implementation of real-world mitigation strategies. The solution also includes a disinformation-fighting layer that provides strategies and solutions for managing content verification on social media or the web in general, content contextualization, and provenance management. Information derived from disinformation- fighting tools can also be used to enhance situational awareness.

D5.1 – LSP set-up and Data Management Plan (DMP)

The ATLANTIS project aims at enhancing resilience and Cyber-Physical-Human (CPH) security of the key EU Critical Infrastructures (CIs), going beyond the scope of distinct assets, systems, and single CI, by addressing resilience at the systemic level against major natural hazards and complex attacks that could potentially disrupt vital functions of the society.

The deliverable provides the initial Data Management Plan (DMP) for the ATLANTIS project. The DMP is part of Work Package 5 – “Cross-CI Large Scale Pilots validation and penetration testing” and it is a living and changing document in which information will be made available on a finer level of granularity through updates as the implementation of the project progresses and when significant changes occur. DMP gives an overview of the ATLANTIS Data Management life cycle for data to be gathered, processed, and/or generated as part of making its research data findable, accessible, interoperable, and re-usable (FAIR), in accordance with the FAIR Data Management guidelines. FAIR data management ensures that the improvements and results generated based on these data can be duplicated and used by future EU-funded initiatives and the community at large.

The deliverable also includes foundations for the 3 Large Scale Pilots (LSPs) involving different parts of Europe’s Critical Infrastructure. Within each Pilot, different scenarios involving project partners are reported in which different types of cyber, physical and/or hybrid attacks are simulated. The purpose of these pilots is to test the resilience of European Critical Infrastructures and test part of the technologies developed within the project. The DMP will serve as a guide during the course of the project by providing guidance for the collection and management of sensitive and non-sensitive data, clarifying those in the public domain from those requiring special management procedures in accordance with current national and international standards.

D6.1 – Project Web site & Social Channels

This is the report of the delivered website and social media channel for the ATLANTIS project. The project website, www.atlantis-horizon.eu, is a key instrument for promoting ATLANTIS and disseminating important project information. The website gives a general summary of the project’s background, idea, objectives, and organizational scheme. It also emphasizes the roles and areas of expertise played by each consortium partner. Additionally, it will offer deliverables to the public. The content of the website is expanded over time with different kinds of materials for dissemination.

Social media platforms are the second important tool for promoting ATLANTIS and for building a strong network of academics, professionals, and other stakeholders. The ATLANTIS LinkedIn account https://www.linkedin.com/company/atlantis-horizon-europe-project was set up as a first step to establish contact with the key players in the field. Additionally, to enhance our digital presence and engagement, we have launched an ATLANTIS YouTube channel (https://www.youtube.com/@Atlantis-eu), dedicated to sharing our video content.

D6.2 – Market study and exploitation plans

D6.2 – Market study and exploitation plans (initial version) represents the first version of the “Market study and exploitation plans” which is the result of the work conducted under Task 6.3 – Exploitation strategy and Sustainability plans. It represents a key result of WP6 – Impact Creation and Outreach for assuring the future exploitation of the main reached results in the project. The focus of this deliverable is: a) to provide an overview of the current status of the market where the potential project outcomes could be launched; b) to understand also what the market already provide in order to satisfy the market needs that ATLANTIS project aims to cover; c) to introduce the potential customers; d) to provide an overview of the project results; e) to identify the potential value proposition and the ATLANTIS Business Model Canvas.

In addition, as part of these activities, the individual exploitation plans of each have been collected and analysed in order to understand how to exploit the project results both individually and in collaboration with other partners. Moreover, this deliverable collects a market study analysis concerning the main ATLANTIS markets along with the current solutions offered in the market, main ATLANTIS outcomes and proposed solutions along with the ATLANTIS Business Model Canvas, potential ATLANTIS target customers.

In this context, the partners have identified and described their Key Exploitable Results (KERs) underlining the main features and the value of each result in order to take into account the options that they consider valid and feasible for the future commercial exploitation.

Finally, the ATLANTIS exploitation strategy has been detailed. It aims at enabling an active use of the exploitable results created by the project to generate positive impacts. More specifically, in this deliverable, a structured and in-depth analysis of the exploitable results has been presented in order to structure exploitation planning and ensure a sustainable exploitation. To strengthen the exploitation potential, ATLANTIS expects the development of joint exploitation strategies by groups of partners that can mutually benefit from a cooperative scheme.

In conclusion, the IPR theme has been also analysed in the deliverable. The IPR Management focuses on the careful handling of IPR issues in the ATLANTIS project, that are of strategic importance in order to facilitate the exploitation of its solutions. Furthermore, early individual exploitation plans of all the partners involved.

D6.5 – Dissemination & Standardisation & Communities Liaison

In recent years, the European Union has been faced with numerous crises, ranging from pandemic to escalating conflicts and the growing threat of climate change. These crises have highlighted the paramount importance of resilient Critical Infrastructures (CIs) that can withstand complex, large-scale, transnational, cross-domain, systemic risks, and are thereby able to ensure stability, security, and prosperity in the region.

The mission of ATLANTIS is to improve resilience of the interconnected European CIs exposed to evolving systemic risks due to existing and emerging large-scale, combined, cyber-physical-human threats, and thereby guarantee continuity of vital operations, while minimizing cascading effects in the infrastructure itself, the environment, other CIs, and the involved population. To this end, ATLANTIS has defined concrete and ambitious strategic goals that include generating new knowledge, developing and deploying sustainable organisational measures and technological solutions, and enhancing collaboration among various CI stakeholders across Europe.

To ensure that the obtained insights, know-how, and innovations generate direct, tangible, and long-lasting impacts, the project defines several complementary activities including collaboration, communication, dissemination, training, standardisation, and policy making.

These activities have different goals and target audiences, use different tools and channels, and comprise different actions based on the different phases of the project and maturity of project results.

In the AWARENESS phase (October 2022 – March 2024), ATLANTIS focuses on creating awareness about its mission and goals. Key activities include establishing the ATLANTIS brand, collaborating with relevant networks, employing communication and dissemination channels, and planning knowledge transfer. These efforts aim to engage researchers, software developers, CI operators, standardization bodies, and policymakers.

In the ENGAGEMENT phase (April 2024 – March 2025), the project, ATLANTIS shifts its focus to result-oriented engagement activities. The efforts are put into actively disseminating knowledge, promoting project results, and creating opportunities for exploitation. Training new experts and influencing emerging standards and policies are also goals for this phase.

The SUSTAINABILITY phase (M31 – M36, April 2025 – September 2025) concentrates on maintaining project outcomes and impacts beyond completion. ATLANTIS works on disseminating results, promoting their adoption and replication, and advocating for changes in standards, policies, and practices.

The first ATLANTIS report on impact generation activities provides a deeper insight into the refined strategy for promoting project activities and results, transferring newly generated knowledge, and shaping the future standards and policies at local and European level. With a focus on increasing awareness, engagement, and sustainability, ATLANTIS strives to leave a lasting impact on the CI landscape, while adhering to open science practices.

D7.1 – Project Handbook

D7.1 – Project Handbook outlines the internal procedures of the ATLANTIS project in terms of project execution, administrative management, management structures, communication and collaboration. It contains all the guidelines, processes, procedures, tools to be adopted by all partners to refer during the lifetime of the project. In addition, it describes the risk management processes and internal Quality Assurance (QA) procedures to be applied within the ATLANTIS project. Along with the QA procedures, an initial list of quality management assignments to the partners regarding the quality control of ATLANTIS deliverables is also presented. Likewise, as part of the risk management methodology, the document presents the risk registry of the project. The latter will be periodically updated and reviewed by the coordinating team and the work package leaders.

D8.1 – POPD – Requirement No.1

This deliverable fulfils one of the ethics requirements (No.1) laid out by the European Commission within WP8 of ATLANTIS:

Clarification how all of the personal data that will be processed are relevant and limited to the purposes of the research project (in accordance with the ‘data minimization‘ principle) must be submitted as a deliverable before the start of the relevant activities
Description of the anonymization/pseudonymization techniques that will be implemented must be submitted as a deliverable before the start of the relevant activities.
For personal data that are transferred from a non-EU country to the EU (or another third state), justification that such transfers comply with the laws of the country in which the data was collected must be submitted as a deliverable before the start of the relevant activities.
An explicit confirmation that the data used in the project is publicly available and can be freely used for the purposes of the project must be submitted as a deliverable before the start of the relevant activities.
For the further processing of previously collected personal data, an explicit confirmation that the beneficiary has lawful basis for the data processing and that the appropriate technical and organizational measures are in place to safeguard the rights of the data subjects must be submitted as a deliverable before the start of the relevant activities.

Also, in the Ethics Summary Report two considerations were made, regarding the processing of personal data in ATLANTIS:

The project will collect, manage and generate diverse types of data (personal, sensitive and secondary data), both from project activities and from the three pilots.
The project involves processing or collection of sensitive personal data such as health data and possibly the utilization of electronic health records of hospitals. One of these hospitals is located in Albania.

Based on the above, the document provides, firstly, the methodology used for the preparation of this deliverable and for collecting the requested information. Also, the applicable legal framework is being detailed and the main concepts are being explained, to facilitate the reading and understanding of the subsequent sections.

Furthermore, the Consortium explains, applying ‘data minimization principle’, how personal data processed are relevant and limited to the purposes of the research, the anonymization/pseudonymization techniques that will be implemented, the transfer of personal data within ATLANTIS project and the re-use of personal data by the ATLANTIS project.

D8.2 – AI – Requirement No.2

This deliverable fulfils the second and last of the ethics requirements (No.2) laid out by the European Commission within WP8 of ATLANTIS:

A detailed explanation on the measures taken to prevent, avoid and mitigate potential bias, discrimination and stigmatisation in input data and algorithm design and outcomes, covering the development, deployment and post-deployment phases, must be submitted as a deliverable before the start of the relevant activities.
A detailed explanation on how humans will maintain meaningful control over the most important aspects of decision-making process (related to thread detection and prevention to critical infrastructures) must be submitted as a deliverable before the start of the relevant activities.

Also, in the Ethics Summary Report two considerations were made, regarding the involvement of AI-based system/techniques in ATLANTIS:

AI-based multimodal analytics will be used. Other AI will be developed to help human-AI interactions and AI explainability tools.
The measures taken to prevent, avoid and mitigate potential bias, discrimination and stigmatisation in input data and algorithms design and outcomes, covering the development, deployment and post-deployment phases, are not sufficiently addressed.

Based on the above, the report provides, firstly, the methodology used for the preparation of this deliverable and for collecting the requested information. Also, the main outcomes from Task 1.3 – Ethical, Data Confidentiality & GDPR compliance requirements, relevant for development, deployment and/or use of artificial intelligence (AI)-based systems or techniques in ATLANTIS project are being presented. The deliverable also defines specific requirements which needs to be assessed and adopted by the Consortium in order to comply with the above-mentioned Ethics Requirement.

Furthermore, a checklist is being proposed to the technical partners involved in T1.4, T3.1, T3.2, T3.3, T3.4, T3.5, T4.1 and T4.2, based on the requirements and ethical principles described in “Ethics By Design and Ethics of Use Approaches for Artificial Intelligence” Guidelines released by the EC.