Proposal to Italian Ministry of Defense for a 19M€ TRUSTLESS dual-use R&D proposal to ECSEL 2016

Today, October 22nd 2015, we presented this offer to the Italian MoD:

To Secretariat General of Italian Ministry of Defense,

General Carlo Magrassi,

(in CC: the Exec. Dir. of ECSEL-JU, Andreas Wild; the Head of 5th Dept – Technological Innovation, Dr./Ms. Luisa Riccardi; the Head of 2°Office 5th Dept., C.V. Cappelletti; the Head of 6th Dept. Stato Maggiore della Difesa, Adm. Di Biase; EDA Head of Micro-electronics, Dr. Scheidler; EDA Head of Information Superiority, Dr. Sieber)

We propose to the Italian Ministry of Defense to explore the possibility to participate as co-funding entity to the ECSEL 2016 EU R&D program, with a focus on highest-assurance end-2-end IT lifecycle and fabrication, to help catalyse public/private funding of a 14-19M€ TRUSTLESS Extended & Dual-use R&D proposal (PDF of 23-pager draft proposal), and/or other projects with similar aims.

Support from the Italian MoD is essential because MIUR, the “ECSEL-participating Ministry for Italy”, has  in the past experienced great delays in releasing its funds and has allocated minimum funds. We also invite the Italian MoD to explore participation as end-user or tech partner in our planned R&D proposal to the just published new H2020 Work Programme 2016-2017 (our roadmap).

WHAT: As a non-profit R&D non-profit association based in Rome, Italy, we have been leading TRUSTLESS  a global public/private initiative for the creation of a dual-use EU trustworthy computing base – standards, certifications processes, and ecosystem – that can enable and sustain unprecedented levels of trustworthiness for IT end-2-end services. Initially aimed for the most critical strategic civilian and military communications; in its second Phase it’ll be extended to targeted IP lawful access systems, military command&control systems, and wide-market civilian consumer adoption.

AIMS/AMBITIONS: These joint initiatives aim to sustainably enable the provisioning of end-2-end IT services – and related life-cycle and supply-chain – that are capable of resisting persistent investments of tens of millions of euros, by largely-unaccountable state and non-state actors, aimed to acquire access to critical remote vulnerabilities in the life-cycle and supply-chain, through discovery or active subversion of all kinds.  It’s aim is to create a open-licensed patent-unencumbered publicly-verifiable set of core critical technologies, and an highly resilient ecosystem, from standard setting body to fabrication oversight.  It will provide a full and world-leading implementation of the requirements set forth at Art. 8.1 of Piano Nazionale per la Protezione Cibernetica e la Sicurezza Informatica.

MITIGATION OF MALEVOLENT USE: Notwithstanding the unprecedented levels of assurance sought, and the public verifiability of the digital designs of all critical hardware and software components, we believe to have nearly eliminated the potential for malevolent use. We have devised highly innovative mitigation measures at the fabrication and service levels, that radically reduce the risks of hampering legitimate cyber-investigation, while providing unprecedented safeguards against end-user rights abuse. (p.15-16)

HOW: Such ambitious goal is pursued through two synergic initiatives (1) A global event series aimed at new international certifications and certification bodies for dual-use highest-assurance IT – named Free and Safe in Cyberspace and related TRUSTLESS Computing Certification Initiative; and (2) A set of R&D proposals, ranging from 4 to 19M€ based on the TRUSTLESS project, together with Italian and global partners with globally-unique dual-use high-assurance IT expertises, spanning the entire life-cycle, and leading advisors.

PUBLIC INSTITUTIONS’ INTEREST TO DATE: Fondazione Ugo Bordoni and Lfoundry are our long time partners since. Extensive interest and meetings have been held with ISTICOM. Very extensive interest in the project, its underlying paradigms, and its results has been shown to date by extensive meetings with the highest relevant officials of Italian Ministry of Defense, Italian DIS, AGID, European Defense Agency, DG Connect Trust & Security, European Data Protection Supervisor (see below).  The Exec. Dir of ECSEL, Dr. Wild, joined as a speaker at our recent event Free and Safe in Cyberspace, which was primarily sponsored by ECSEL. We also met him in Rome for 3 hours in 2014.

We have received this week written confirmation of a meeting with the personal direct staff of the Head fo EDA and EEAS, Ms. Mogherini.

  1. On Oct 1st, we’ve met for 4 hours the head of the 2° Office of the Technological Innovation Department of the Secretariat General of the Italian MoD  C.V. Cappelletti, and 2 of his team (C.V. Galasso and Ten.Col. Roggi), which handles R&D projects from TRL2-6, including EDA.

  2. On Sept 30th, we have submitted a UVST-based 4M€ R&D proposal to H2020 FET-Open RIA with our core technical partners.

  3. On Sept 24-25th in Brussels, we’ve held the first event of the global event series Free and Safe in Cyberspace,  with world-class speakers including the most senior executives of EDPS, ECSEL, DG Connect Trust and Security Unit, EIT Digital Privacy Security and Trust Action Line, and the most recognised US and EU IT security experts, including Richard Stallman and Bruce Schneier; as well as EDA Head of Information Superiority, Michael Sieber. A Free and Safe in Cyberspace – LatAm Edition, was held next Oct 16th 2015 in Iguazu, Brazil, with participation of top civilian and military cybersecurity officials. A North American version is planned in 8 months.

  4. On Sept 16th, we’ve had a 3 hours meeting with Capo Reparto (Head) of VI Reparto Sistemi C4I e Trasformazione of the Italian MoD Adm. Di Biase, and 12 senior officers team, which manages the entire IT procurement and short-term R&D (TRL7-9) of the Italian MoD.

  5. On July 3rd, we’ve meet extensively with Italian DIS (Dipartimento Informazioni per la Sicurezza) Deputy Director Ciocca to discuss the public safety implication of our project and our planned mitigation against malevolent use (Art 1.7.3 of the draft proposal).

  6. On June 3rd, EDA Head of Microelectronics, Scheidler has invited us to present the UVST project in a one hour keynote to 22 MoDs at last Spring annual EDA CapTech meeting, as a new project proposal similar in scope to EDA SoC.

  7. Over the last 12 months, we’ve had several meetings with AGID (Giustozzi, Terranova, Bani, Quintarelli), as well as ISTICOM (Forsi, Cocco). Giustozzi was on our Advisory board before assuming AGID top security consulting post.

  8. Over the last week, we have sent a similar proposal to Dr. Firpo and Dr. Incardona of MISE, which are already in contacts with ECSEL and MIUR, to discuss a participation of MISE as co-funding entity ECSEL 2016.

ECSEL AND EDA SCENARIOS

The Exec. Dir of ECSEL, Dr. Wild,  joined as a speaker at our recent event Free and Safe in Cyberspace, which was also sponsored by ECSEL. Also, we met him once in Rome for 3 hours in 2014.

In addition to what we have detailed in the “funding” section (p.3-4) of our proposal, he has confirmed orally that decision by the Italian MoD to co-fund the ECSEL program could wait until April 2016, although they should receive a letter of interest by early January.

We considered that it may be more convenient to utilise EDA interest in our project only as external support, endorsement and networking, without embarking in a lengthy EDA Cat-B proposal, which would take many months and would have much risks, and not bring funds from EDA.

We also agreed that our TRUSTLESS Extended & Dual-use proposal to ECSEL, with additional funds from Ministry of Defense and/or MISE, would make sense only if it aimed at higher TRLs than 6 and more domains of application. For projects up to 5M€ there are plenty of great H2020 opportunities, that are much much simpler bureaucratically.

So therefore, we’ve reviewed a dedicated a draft 23-pager TRUSTLESS Extended & Dual-use (gdoc) to define a project that is 14-19M€ at least, by extending substantially it’s target assurance level, usability, affordability at scale, and domains of application in both civilian and military scenarios, including lawful access systems. (p.2-3)

A PROPOSED LETTER OF INTEREST BY ITALIAN MoD

We propose to the Italian MoD to approve a non-binding letter of interest (details below) in regards to the TRUSTLESS project. (Allegata alla presente versione in Italiano in formato .doc).

  1. ITALIAN MoD declares to:

    1. Share the general aims of the TRUSTLESS project

  2. ITALIAN MoD declares its non-binding interest to:

    1. explore the possibility to participate as co-funding entity to the ECSEL 2016 program, with on the need for end-2-end high-assurance IT lifecycle and supply chain, to help catalyse public/private funding of a 14-19M€ TRUSTLESS Extended & Dual-use R&D proposal, and/or other projects with similar aims.

    2. deploy for use internally (such as through ISTICOM), and possibly for other public agencies, a properly tested versions of the results of the R&D project; and explore possibile pre-procurement opportunities in due time. And therefore contribute to the definition of requirements

    3. explore the possibility to join as a participant in TRUSTLESS-based R&D proposals for EU co-funding listed in the OMC roadmap.

    4. participate and co-promote international events for the promotion of international highest-assurance standards for IT, that can reconcile meaningful user privacy with effective public security and cyber-investigation, such as sought by the Trustless Computing Certification Initiative and the related Free and Safe in Cyberspace global event series.

Regards,
Rufo Guerreschi
———————–
Dr. Rufo Guerreschi,
Exec. Director, Open Media Cluster Association
omc.trustlesscomputing.org
Via F. Vettori 39, 00164, Rome, Italy
mobile +39.335.7545620 — fax +39.06.60513100

Rufo Guerreschi