George Michaelides: "Zero Trust Architecture is one of the biggest trends in cybersecurity today"

Zero Trust Architecture (ZTA) is one of the biggest trends in cybersecurity right now. And this, according to Commissioner of Communications George Michaelides, is because it follows the principle of "never trust, always verify", meaning no one, whether inside or outside a network, is trusted by default.

Back in December, the Digital Security Authority of Cyprus (DSA) announced its collaboration with PHOENI2X, a groundbreaking project aimed at strengthening Europe’s cybersecurity landscape by enhancing cyber situational awareness, response strategies, and resilience.

As the Commissioner explained, the DSA – established under the Network and Information Systems Directive 2 (NIS2), a stringent EU regulation that requires vital sectors to improve their cybersecurity measures, incident response plans, and reporting mechanisms – plays a key role as an end user in the healthcare use case scenario, which addresses a supply chain type of attack targeting a core provider of Essential Services in Cyprus, such as the Electricity Sector services. It also fulfils the role of Project Security Officer, coordinating efforts to implement rules for handling EU classified information

He elaborates further in the interview with CBN below.

Can you explain what the PHOENI2X project is and how Cyprus is involved?

Phoeni2x is a European project that uses AI to achieve Cyber Resilience in Critical Infrastructures. More specifically, the concept of the project is to collect the necessary data from an organisation to achieve Situational Awareness and automate the prevention, detection and response processes. The capabilities of the platform also extend to personalised cybersecurity training programs for users that is created based on their data usage. DSA plays a key role as an end user in the healthcare use case scenario, which addresses a supply chain type of attack targeting a core provider of Essential Services in Cyprus, such as the Electricity Sector services. Additionally, DSA contributes significantly to regulatory compliance with NIS2 (Network and Information Systems Directive 2), impact assessment, standardisation, and project dissemination. It also fulfills the role of Project Security Officer, coordinating efforts to implement rules for handling EU classified information.

How is it expected to improve cybersecurity in Europe?

The project aims to strengthen cybersecurity across Europe by creating a comprehensive Cyber Resilience Platform designed to meet the needs of Critical Infrastructures - such as energy, transportation, and healthcare systems - and the national authorities of EU Member States. By developing the further use of AI, the speed and efficiency of detecting and responding to cybersecurity incidents will improve, reducing response times and enhancing overall protection. Additionally, Phoeni2x facilitates the prompt sharing of vital information, such as threats, attack details, and incident reports, between critical infrastructures, national authorities, and EU entities. This streamlined communication promotes better coordination and limits the impact of an attack.

How is Cyprus expected to benefit from it?

By adopting the Phoeni2x platform, DSA can enhance the cybersecurity of Critical Infrastructure (CIs), ensuring the continuity and resilience of essential services such as energy, healthcare, and transport. DSA is responsible for protecting these infrastructures under the NIS Directive, which is an EU law designed to improve the cybersecurity of essential services across Europe. This helps reduce the risk of disruptions caused by cyberattacks, ensuring public safety and protecting the economy.

What do you think are the biggest trends in cybersecurity right now? And the biggest challenges facing the industry?

Some of the biggest trends in cybersecurity are the following:

Zero Trust Architecture (ZTA): is one of the biggest trends in cybersecurity today. It follows the principle of "never trust, always verify", meaning no one, whether inside or outside the network, is trusted by default. Every attempt to access data, networks, or applications is treated as a potential threat and is thoroughly verified.

AI and Machine Learning: These technologies are becoming key tools in cybersecurity. They help improve threat detection and response by using smart systems to analyse data and make automated decisions. AI can detect unusual activities (anomalies), predict potential cyber threats before they happen, and automate security tasks, making cybersecurity operations faster and more efficient.

Cloud Security: is a top priority as more organisations move their data and services to the cloud. Protecting information stored in different cloud systems and controlling who can access it are key concerns. This ensures that sensitive data remains secure and only authorised users can reach it.

Ransomware Defence: has become a major focus due to the increase in advanced ransomware attacks. To fight this, new methods for detecting, preventing, and responding to these attacks have been developed, such as better backup systems to protect data.

IoT and OT Security: Securing Internet of Things (IoT) and Operational Technology (OT) devices is becoming more important as devices connected to the Internet, like smart home devices, wearables, and security cameras, and systems used in industries, like equipment that controls power plants, transportation networks, and manufacturing processes, are increasingly targeted by attackers. These devices and systems are critical to everyday life and industry operations, so protecting them from cyber threats is essential to prevent major disruptions.

Compliance and Regulation: Compliance and Regulation are becoming more important with new rules like NIS2 and DORA in the EU, along with updates to global cybersecurity standards. These regulations set requirements for organisations to improve their cybersecurity practices and ensure they can respond effectively to cyber threats.