COcyber General Assembly in Brussels: Two Days of Collaboration and Alignment
The COcyber consortium met in Brussels on 28–29 January 2026 at EIT House for two days dedicated to reviewing ongoing work and coordinating upcoming tasks across platform development, policy preparation, stakeholder engagement, synergies and sustainability planning. The first day focused on project-internal updates, including work on stakeholder groups, survey adjustments, platform features, policy timelines, communication activities and exploitation follow-up.
Day 1 – Project Coordination, Platform Development and Strategic Planning
Day 1 focused on reviewing the operational status of the project and aligning expectations for the months ahead. The consortium began with an overview of progress to date, followed by a session on coordination between civilian and defence cybersecurity spheres. This included discussion of audience categorisation, KPI interpretation and refinement of the platform survey.
The agenda then moved to the COcyber Platform roadmap. Partners examined the set of features planned for delivery by M24, including policy-support functionalities, funding sources, partner research, collateral project listings, the repository of practices and the Data Room. This helped refine responsibilities and tasks for upcoming development work.
Before lunch, the consortium turned to the methodology guiding the policy recommendations, reviewing the structure, literature review timeline and validation steps. The afternoon covered coordination, management and communication updates, synergies with existing initiatives, sustainability directions and exploitation planning. The day concluded with an exploitation workshop centred on translating the discussions into actionable next steps for long-term use of COcyber’s results.
Synergies in Cybersecurity: Exploring Rosetta Stone and Cyber Fundamentals
The second day of the meeting highlighted external perspectives on how cybersecurity skills, roles and assessment models can be made more coherent across sectors.
The session opened with a contribution from Carl Vastman (Belgian Defence), who addressed the persistent issue of inconsistent terminology across cybersecurity roles and skills. He outlined how differing interpretations undermine capability assessment, gap identification and workforce planning. Vastman presented the idea of a “Rosetta Stone” approach for translating between frameworks and introduced both the ENISA Cyber Skills Framework and the U.S. NIST workforce models (NCWF and DCWF). He explained how the U.S. civilian and military frameworks were designed to operate together, creating a shared structure for hiring, training and evaluation.
This was followed by a contribution from Dirk De Paepe (Centre for Cybersecurity Belgium) on Cyber Fundamentals (CyFun 2025). De Paepe emphasised that CyFun 2025 is intended as a practical, operational tool rather than a theoretical framework. Its assessment model is risk-based, maturity-driven and evidence-oriented, supporting organisations in real implementation contexts and highlighting the importance of a consistent cybersecurity baseline across civilian and defence environments.
The session closed with a central question that framed both contributions: If civil and defence actors increasingly depend on the same suppliers and infrastructures, can they afford not to share at least one common cybersecurity baseline?
