ф LEONARDO Leonardo’s priorities in the cybersecurity domain Leonardo stands behind the Commission's initiatives to improve the competiveness of the Digital Single Market and to ensure cyber-protection for the European Union - the two main goals set by the Cybersecurity Act and the Cybersecurity Package of September 2017. In order for achieve those objectives and to add further consistency across three key areas essential to fulfil them - namely protection and certification of mass market products, protection against trans-boundary cyber-attacks, and industrial competitiveness for growth and digital autonomy - it is Leonardo's view that future EU initiatives should focus on: •   Coherence and continuity between research policies and deployment: while research constitutes an important factor in guaranteeing the EU’s technological edge, EU programmes under the next Multiannual Financial Framework should ensure that research activities - like the ones promoted through the new Cybersecurity Competence Centre/Network under the next EU Framework Programme (FP9) - will run parallel to the creation and financing of deployable solutions (such ąs platforms for threat intelligence and analysis, for info sharing, or cyber training) that can effectively improve EU's cyber­ protection. This will obviously require a closer and prompt alignment in policies policy, both at EU and MS level, to goals that will be jointly decided, •   Future governance frameworks for public-private cooperation: the current call for the pilot of the Cybersecurity Competence Network sets the stage for the creation of a new model for Public-Private cooperation on the topic. In this evolving context is important to understand in the shortest possible time what will be the future role of the institutional- industrial partnership currently established in the form of the contractual Public-Private Partnership (ePPP) between the EC and ECSO. Independently from its configuration, this new framework should, in order to achieve the maximum effectiveness, provide context in which a selected number of leading operators and providers can organize around a set of clearly defined priorities/missions, creating an environment where SMEs and the larger ecosystem can find its space to .contribute-onlocaLscale to the wider objectives shared at European level •   Certification and standardisation: given the wide range of applications enabled by new trends like Internet of Things, Artificial Intelligence and cloud technologies, an effective EU certification framework should be highly flexible, following a risk-based approach and taking into consideration specific sectorial requirements and the intended use of the ICT product itself. This approach is allowed, or we may consider it implicit, in the way the “Certification scheme“ is defined in the Cybersecurity Act, but it should be dearly stated. In addition, the European Union Agency for Network and Information Security (ENISA), tasked with certiflcation/standardisation under the Cybersecurity Act, should find ways to benefit from the vast expertise of the industry represented within the ENISA's Permanent Stakeholders Group iPäG) and within the ePPP·

•   EU's protection and cyber-resilience: effective protection and resilience of the EU's physical assets - such as Critical National Infrastructures, including space assets, which constitute key enablers of applications in a number of sectors (transport, communications, agriculture, maritime safety) as well as of strategic autonomy - but also more general ICT- enabled public services, against trans-boundary cyber-attacks can only be guaranteed by a dose collaboration between Institutions, Member States (Ministries of Interior, Ministries of Defence, national Computer Emergency Response Teams) and the industry - particularly service providers. This could translate into development and deployment of tools for common threat analysis, information/intelligence sharing and recnmy, which will also exploit the strengths of Artificial Intelligence and deep learning. Cyber-defence, deterrence and training solutions should also be developed within the framework of the recent EU initiatives in the defence domain (European Defence Fund, PESCO) and these developments should be aligned with initiatives carried out in the contexts mentioned above. The peculiar nature of cyberspace requires cybersecurity to be defined and developed as a continuum from the creation of public awareness up to the Defence of the Union. This requires a closer alignment of the many bodies currently involved in this theme. •  Fostering the digitalisation for industry 4.0: it is fundamental to create links between service providers and the manufacturing industry, in order to fully integrate cybersecurity into new manufacturing processes. In this respect, fostering cybersecurity education and skills will be fundamental in order to increase trust by industrial end- users and stimulate the creation of new jobs. This goal requires an alignment between the objectives and organizations arising from the new Cybersecurity Act and the network of Digital Innovation Hubs / commissions and groups working on Industry 4.0 and on evolution of EU industrial fabric. Although the Commission’s initiatives already constitute a considerable stepping stone, achieving targeted, timely and innovative steps forward in such a complex domain and across so many areas will require a higher degree of coordination, as several times hinted in the previous remarks,. This is why the setup of an ad hoc advisory group gathering a small number of institutional, public and private stakeholders, could significantly support the the Commission in defining a strategic priorities and in devising a future EU cybersecurity framework. This initiative could take the form of a Group of Personalities (GoP) - a format which has already proved successful in defining scope, governance structure and_cules for EU defence research programmes - bringing together selected top-level representatives (CEOs) from leading industries, relevant members of the European Parliament and national Parliaments, as well as research centres of excellence and think-tanks active in cybersecurity and cyber-defence.

gl Ref.Aæs(2017)5155318-23/10>2017 MEMBER (CF)- Cabinet Date            Time           Venue                          Title Vice-President Katainen 16:00-                           Meeting with Mr Alessandro 18/10/2017                      Brussels 16:45                            Profumo, CEO of Leonardo Company/Organisation name                         Leonardo Transparency register number                      02550382403-01 Topic/subject for transparency register           EU Defence and Space Strategy Meting request - registration number in Ares      Ares(2017)4276049 Participants                                       MļHBBļM|M|ļriB|flmtfPcabinet Katainen |фЦ                           Leonardo 4ļMMļM^H*^onardo Leonardo Leonardo 1________________________________________ Summary: JR and FC met Mr Profumo, CEO of Leonardo, and other representatives of the company Main points raised by Mr Profumo Leonardo welcomes the EU defence efforts. Believes a strong European leadership in Defence is needed as well as a new narrative for European defence * The future relationship with UK will be very important given the integrated nature of supply chains Leonardo has set up a consortium of companies and research institutes from 14 MS to present a proposal for the Defence Research PA, with the objective to develop additional capabilities for maritime security. Involvement of companies and countries of all dimensions is crucial for success and for securing EU added value To achieve transition from research to capabilities development, common requirements throughout Europe would be necessary, similarly to what happened in the Space sector. Progressive convergence on requirements and progressive convergence towards joint acquisitions are necessary steps. There are great savings to be achieved and Leonardo can provide data to show it