Jacques Bus, Head of Unit - PowerPoint PPT Presentation

About This Presentation
Title:

Jacques Bus, Head of Unit

Description:

Enhance the level of Critical Information Infrastructure Protection (CIIP) ... and management of interconnected and interdependent Critical Infrastructures ... – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 32
Provided by: benoi225
Learn more at: https://cs.gmu.edu
Category:
Tags: bus | critical | head | jacques | unit

less

Transcript and Presenter's Notes

Title: Jacques Bus, Head of Unit


1
Security and Resilience of ICT Infrastructures
and NetworksAn EU Perspective 14 Mar, 2008
GMU Arlington
  • Jacques Bus, Head of Unit
  • DG Information Society and Media

2
Content
  • Policy activities
  • RD activities
  • Future challenges
  • International cooperation

3
Network and information securityThe European
Policy Context
  • Strategy for a Secure Information Society
    COM(2006)251
  • Policy initiatives on
  • fighting against spam, spyware and malware
    COM(2006)688
  • promoting data protection by PET COM(2007)228
  • fighting against cyber crime COM(2007)267
  • Proposed package to reform the Regulatory
    Framework for e-communications COM(2007)697,
    COM(2007)698, COM(2007) 699
  • European Network and Information Security Agency,
    (ENISA) established in 2004
  • A policy initiative on CIIP is announced for 2008
    COM(2007) 640

4
Towards a secure Information Society
5
Empowermentinvitation to private sector to
  • Develop definition of responsibilities for
    software producers and Internet service providers
    for the provision of adequate and auditable
    levels of security. Need support for standardised
    processes meeting commonly agreed security
    standards and best practice rules.
  • Promote diversity, openness, interoperability,
    usability and competition as key drivers for
    security stimulate deployment of
    security-enhancing products, processes and
    services to prevent and fight ID theft and other
    privacy-intrusive attacks.
  • Disseminate good security practices for network
    operators, service providers and SMEs as baseline
    levels for security and business continuity.

6
Empowermentinvitation to private sector to
  • Promote training programmes in business, i. p.
    for SMEs, to provide employees with the knowledge
    and skills for effective implementation of
    security practices.
  • Affordable security certification schemes for
    products, processes and services that will
    address EU-specific needs (in particular with
    respect to privacy).
  • Involve insurance sector in developing
    appropriate risk management tools and methods to
    tackle ICT-related risks and foster a culture of
    risk management in organisations and business (in
    particular in SMEs).

7
EMPOWERMENT NIS in the new EC Telecom package
  • Security and integrity
  • Current framework (Art 23 Univ. Service
    Directive)
  • telephone network / fixed location
  • New proposal (Art 13 Framework Directive)
  • level of security appropriate to risks
  • prevent or minimise impact of security incidents
    on users and interconnected networks
  • focus on continuity of supply of services
  • Responsibilities of operators
  • stronger obligations to ensure security and
    integrity (Art 13 Framework Directive)
  • Mandatory breach notification
  • to NRA (art 13 FWD) significant impact on
    operation
  • to consumers and NRA (art 4 e-privacy D)
    personal data compromised

8
Dialogue PartnershipEC 2008 Policy initiative
on CIIP
  • Objectives
  • Enhance the level of Critical Information
    Infrastructure Protection (CIIP) preparedness and
    response across the EU
  • Ensure that adequate and consistent levels of
    preventive, detection, emergency and recovery
    measures are put in operation
  • Approach
  • Build on national and private sector initiatives
  • Engage relevant public and private stakeholders
  • Adopt All-hazards
  • Strengthen the synergies between 1st and 3rd
    pillar measures

9
Dialogue Partnership Challenges for CIIP
  • Organisational build trusted relationships and
    engage the stakeholders at the EU level
  • Policy orientations achieve a better
    understanding and clarity on the guiding policy
    principles
  • Issues
  • National vs. European information Infrastructures
    (criteria)
  • long-term Internet stability resilience
  • preventive, detection/early warning responsive
    measures
  • recovery and continuity strategies
  • sharing knowledge and good practices
  • cross-sectors proactive information assurance
    methods
  • risk management culture and tools
  • inter-dependencies, in particular across
    heterogeneous infrastructures etc.

10
European Programme forCritical Infrastructure
Protection (EPCIP)
EPCIP Policy 2004 EU program on CIP (EPCIP)
and CI Warning Info Network (CIWIN) 2006
Communication and Directive on EPCIP sectoral
approach 2007 Communication on Protecting
Europe's Critical Energy and Transport
Infrastructure 2007 INFSO consultation process
for policy initiative in ICT CIIP sector ARECI
study on Electronic Infrastructures
CIP Research FP7 ICT-SEC (Nov 2007) ICT-Security
Research Joint Call on Critical Infrastructure
Protection
11
Content
  • Policy activities
  • RD activities
  • Future challenges
  • International cooperation

12
Research Activities in NIS 2003-2008
  • ICT Programme Trust and Security
  • FP6 2002-2006
  • FP7 2007-2013
  • European Security
  • Preparatory Action for Security Research
    (2004-2006)
  • FP7 2007-2013

13
FP6 Towards a global dependability security
Framework (2003-2006)
  • Research Focus
  • security and dependability challenges arising
    from complexity, ubiquity and autonomy
  • resilience, self-healing, mobility, dynamic
    content and volatile environments
  • Multi-modal and secure application of Biometrics
  • Identification, authentication, privacy, Trusted
    Computing, digital asset management
  • Trust in the net malware, viruses, cyber crime

Budget 145 M
14
FP6 Secure and resilient ICT infrastructures
SEINIT, DESEREC, SERENITY, IRRIIS, RESIST,
UBISECSENSE, HIDENETS, CRUTIAL, MEDSI,
SECURIST, CI2RCO, GRID
45M EU funding (FP6)
  • Research priorities
  • secure and resilient network architectures and
    technologies
  • secure transmission of data and services across
    heterogeneous infrastructures
  • secure resilient and always available Critical
    Information infrastructures
  • risk assessment and management of interconnected
    and interdependent Critical Infrastructures

15
FP6 - Building Trust in the Internet
andProtection against Emerging Threats
BIOMETRICS 3DFACE, BIOSEC, BIOSECURE MTIT,
Humabio, Digital Passport, SecurePhone eJustice
TRUST ANTIPHISH, FASTMATCH, MDS, PEPERS, S3MS,
ESFORS
10M EU funding
25M EU funding
  • Research priorities
  • Security and trust in dynamic and reconfigurable
    service architectures with managed operation
    across several administrative or business
    domains
  • real time detection and recovery capabilities
    against intrusions, malfunctions and failures
  • Biometric identification for lifelong secure
    access to data and services without compromising
    trust and privacy

16
7th EU Framework Programme for RTD 2007-2013
Total 50,521 M
Strengthening Competitiveness through Co-operation
17
Security and Trust in FP7 - ICT WP 2007-08
110 M
18
Security in network infrastructures 4 projects,
11 m EC funding
  • Main RD project priorities
  • An integrated security framework and tools for
    the security and resilience of heterogeneous
    networks (INTERSECTION)
  • A networking protocol stack for security and
    resilience across ad-hoc PANs WSNs (Awissenet)
  • A message-oriented MW platform for increasing
    resilience of information systems (GEMOM)
  • Data gathering and analysis for understanding and
    preventing cyber threats (WOMBAT)

19
Security in service infrastructures 4 projects,
18 m EC funding
  • Main RD project priorities
  • Assuring the security level and regulatory
    compliance of SOAs handling business processes
    (IP MASTER)
  • Platform for formal specification and automated
    validation of trust and security of SOAs
    (AVANTSSAR)
  • Data-centric information protection framework
    based on data-sharing agreements (Consequence)
  • Crypto techniques in the computing of optimised
    multi-party supply chains without revealing
    individual confidential private data to the other
    parties (SECURE-SCM)

20
Security enabling Technologies6 projects, 22 m
EC funding
  • Main RD project priorities
  • Trusted Computing ? IP TECOM
  • ? trusted embedded systems HW platforms with
    integrated trust components
  • Cryptography ? NoE eCrypt II
  • Multi-modal Biometrics
  • ? multi-biometric authentication (based on face
    and voice) for mobile devices (MOBIO)
  • ? activity related and soft biometrics
    technologies for supporting continuous
    authentication and monitoring of users in ambient
    environments (ACTIBIO)
  • Secure SW implementation
  • ? providing SW developers with the means to
    prevent occurrences of known vulnerabilities when
    building software (SHIELDS)
  • ? A toolbox for cryptographic software
    engineering (CACE)

21
European security research Programme
22
PASR Preparatory Action for Security Research
2004 - 2006
  • Outside FP6
  • An overall budget of 45M
  • 3 calls 15 M budget each and 15x
    over-subscribed
  • Participants from EU25 EEA (2005 2006)

Results (funded) 2004 2005 2006
Projects 123 (7) 120 (8) 121(8)
Supporting activities 50 (5) 36 (5) 44 (7)
Total 173 (12) 156 (13) 165 (15)
23
Security Research themes in FP7 2007 2013
  • 4 Security missions / activities
  • Security of citizens
  • Security of infrastructure and utilities
  • Intelligent surveillance and border security
  • Restoring security and safety in case of crisis
  • 3 Cross cutting activities
  • Security systems integration, interconnectivity
    and interoperability
  • Security and Society
  • Security Research coordination and structuring

24
Content
  • Policy activities
  • RD activities
  • Future challenges
  • International cooperation

25
Challenges for RTD for a Trustworthy
Information Society
  • Technology
  • Cyber-threats, cyber-crime
  • The future of the Internet
  • Critical (Information) Infrastructures
  • Complex ICT Systems and Services
  • Users
  • Trust
  • Empowerment
  • Privacy and Human Values

26
Complexity and interdependencies
The future Internet as a large collection of
heterogeneous networks Internet of things The
Internet is broken Critical infrastructures
being interdependent and controlled through
vulnerable networks Service architectures and
infra- structures need security and trust
designed-in
27
Data Collection and its dangers
for business, to provide personalized innovative
applications and services for citizens, to
better communicate and interact, improve the
quality of their life
for governments to service citizens and business
(e-government, e-education or e-health)
for governments again, to provide public security
(protection against crime or terrorism,
border-control, protection of critical
infrastructures, etc.)
What about security, proportionality,
user-centricity
28
Content
  • Policy activities
  • RD activities
  • Future challenges
  • International cooperation

29
International CooperationOngoing activities
  • ST Agreement between NSF and EU FP-RTD, within
    this framework we organised jointly
  • Seminar Dublin (Nov 2006)
  • Seminar Illinois (Apr 2007)
  • Coordination Action INCO-Trust
  • Ongoing discussions with US-DHS and EU Security
    and ICT programmes
  • Cooperation between EU initiative on Future
    Internet and GENI/FIND (US), AKARE (JP)
  • Trans-Atlantic Business Dialogue exist, as well
    as EU-US dialogue on Security and on the
    Information Society, as frameworks for decisions
    on joint actions.

30
International CooperationWhy , What
  • WHY
  • Activities intrinsically cross border
  • Attackers leverage power of laundering traffic
    internationally
  • Internet facilitates international underground
    economy
  • Nation-state cyberwarfare ?
  • WHAT
  • International coordination
  • Sharing information via distributed sensors
  • Cooperation in research for common goal

31
International CooperationMutual Interest
Proposal
  • US side
  • NSTAC international RD exchange
  • Fed Interagency Committee Cyber RD Plan
  • GMU International Cyber Centre
  • EU side
  • EU policy actions Secure Information Society,
    EPCIP (see above)
  • EU research programmes (see above)
  • ENISA, and new Telecom package proposal
  • An International Forum on Network and
    Information Security where policy
    makers from US and EU administrations would
    yearly meet high level research managers to
    discuss issues of common interest ??
  • Within the international context (OECD, ITU,
    WSIS, ...)
  • With a first meeting in Dec 2008 in the EU ?
Write a Comment
User Comments (0)
About PowerShow.com