Transcript slides - Events

Perspectives for Trust and Security
in the future Digital Society
Scope for actions
eGov Workshop Brussels – Public Finances:
ICT Solutions using SOA & Web Services
19 February 2009 - Brussels
Dirk van Rooy, Ph.D.
DG Information Society and Media
European Commission
The views expressed in this presentation are purely those of the speaker
and may not in any circumstances be regarded as stating an official
position of the European Commission.
CONTENT




Context
Policy basis
Ongoing Research
Opportunities:
– ICT Programme
– ICT Policy Support Programme
Information Society
Industrial Revolution
Agricultural Revolution
3000 B.C.
Writing
15th
Printing Press
19th
Photography
Information Revolution
21st
Internet
Digital Wave
The Cloud
The Knowledge Society
Ubiquitous
Networked
Information
Local
Data
PETs
First
generation
data protection
and legislation
Privacy
Enhancing
Technologies
Knowledge
TRUST
Technical framework
for Identity,
Transparency and
Accountability in the
age of ambient
intelligence ?
The Five Freedoms
Free movement of
1. Goods
2. Persons
3. Services
4. Capital1
5. Knowledge2
1.
2.
1986 - Single European Act
2007 - Green Paper COM(2007) 161 http://ec.europa.eu/research/era/pdf/era_gp_final_en.pdf
Future Internet: Complexity!
Trillions of
components and
transactions and zetta
bytes of data
• Scalability
• Dependability
• Resilience
Collaborative Security!
End-to-End security and trust
in highly complex networks and services!
Non-functional requirements (trustworthiness) part of the
design and construction
Security, Privacy, Trust
in the Information Society?
Security
Phishing attacks
Internet security soar in the UK
Cyberwar and real war
collide in Georgia
Lessons from SocGen: Internal Threats need
to become a security priority
Code red
Revealed: 8 million victims in the
world's biggest cyber heist
Grosse faille du web,
et solution en chemin
The Evolution of Cyber Espionage
Privacy
Cloud computing lets
Feds read your email
YouTube case opens can
of worms on online privacy
Phorm to use BT customers to
test precision advertising system on net
Web giants spark
privacy concerns
Big Brother tightens
his grip on the web
La colère associative monte contre Edvige,
le fichier policier de données personnelles
Trust
Defenseless on the Net
Identity theft, pornography, corporate blackmail
in the web's underworld, business is booming
Big Brother Spying on
Americans' Internet Data?
Internet wiretapping
Bugging the cloud
UK's Revenue and Customs loses
25 million customer records
Six more data discs
'are missing'
Democratic Societal Values
Endangered Species in the Digital Age ?
Possible erosion of democratic values.
It took generations to build our democratic
values – Europe must foster them and carry
them into the digital age.
Service oriented architecture
Service oriented infrastructure
 Complex collaborations
 Users – systems – services
 Heterogeneous: access control, dynamic,
dispersed, dependencies, security policies…
 Security is paramount – Identity management,
confidentiality, data protection, privacy, QoS,
traceability, integrity, policy enforcement…
The Crisis: Data collection and use
in the interest of the citizen
for business, to provide personalized
innovative applications and services
for citizens, to better communicate
and interact, improve the quality of
their life (Web 2.0)
for governments to service citizens
and business (e-government,
e-education or e-health)
for governments again, to provide public
security (protection against crime or terrorism,
border-control, protection of critical
infrastructures, etc.)
trust, user-control, privacy, security
proportionality of data storage/use ??
Trust, privacy and security in digital society
role of technology
The Commission in its First Report on the implementation of
the Data Protection Directive:
"…the use of appropriate technological measures is
an essential complement to legal means and
should be an integral part in any efforts to achieve
a sufficient level of privacy protection…".
7th EU Research Framework Programme
(FP7: 2007-2013)
Total 50,521 M€
FP7 Cooperation Programme: 32,413 M€
The 10 Themes
Space; 1430; 4%
Socio-economics; 623; 2%
Security; 1400; 4%
Health; 6100; 19%
Transport; 4160; 13%
Food, …; 1935; 6%
Environment; 1890; 6%
ICT Security & Trust
Energy; 2350; 7%
NMT; 3475; 11%
ICT; 9050; 28%
Strengthening Competitiveness through Co-operation
ICT FP7 - Security & Trust in perspective
Pervasive & Trusted
Network & service
infrastructures
Cognitive systems,
Interaction,
Robotics
Digital
Sustainable &
libraries
personalised
& Content
healthcare
ICT for
Mobility,
Environment,
Energy
ICT for
Independent
Living and
Inclusion
ICT for Cooperative Systems
Virtual Physiological Human
Research in
Security & Trust
Components,
Systems,
Engineering Embedded Systems Design
Computing Systems
Networked Embedded & Control Systems
ICT & Ageing
Future and Emerging
Technologies
Technology roadblocks
End-to-end systems for Socio-economic goals
Trustworthy ICT
Future RTD and policy areas
 Trusted Global Identity Framework: providing global
interoperability and enabling informed trust decisions
on organisations, people, and digital entities in the
Future Internet. Enabling privacy protection in
accordance to EU culture
 Transparency and Accountability of data use in
processes, services and policies in ICT systems
 Sound risk management for enterprises and
consumers (there is no 100% security)
 Governance based on these principles for law
enforcement and citizen/infrastructure security
ICT Work Programme 2007-08
33 new FP7 projects in Security & Trust
110 M€
Identity management,
privacy, trust policies
Network
Dynamic, reconfigurable
infrastructures
service architectures
3 Projects
9.8 m€
1 Project
9.4 m€
4 Projects
4 Projects
4 Projects
11 m€
22.5 m€
18 m€
Critical Infrastructure Protection
9 Projects: 20 m€
Enabling technologies
for trustworthy infrastructures
4 Projects: 16 m€
Biometrics, trusted computing, cryptography, secure SW
Coordination Actions
Research roadmaps, metrics and benchmarks,
international cooperation, coordination activities
4 Projects: 3.3 m€
Security in service infrastructures:
4 projects, 18 m€ EC funding
Personalised Services
Main R&D project priorities
 Assuring the security level and regulatory compliance of SOAs handling business
processes (IP MASTER)
 Platform for formal specification and automated validation of trust and security of SOAs
(AVANTSSAR)
 Data-centric information protection framework based on data-sharing agreements
(Consequence)
 Crypto techniques in the computing of optimised multi-party supply chains without
revealing individual confidential private data to the other parties (SECURE-SCM)
User-centric Privacy and ID-Management
6 projects, 35.7 m€ EC funding
Main R&D project priorities
 Sustainable Privacy and Identity Management in Networks and Services;
Privacy-enhancing identity management ‘for life’ (PRIMELIFE, PICOS, SWIFT)
 Revocable, user-controlled, fingerprint-based biometric identities (TURBINE)
 Trusted dynamic and secure services managing and processing personal
information based on user-centric data management policies (IP-TAS3)
 Privacy-preserving network monitoring system with data protection (PRISM)
The FP7 ICT work programme for 2009-10
Objective ICT-2009.1.4: Trustworthy ICT
ICT Call 5: 31 July 2009 – 3 November 2009
Priority areas for
Trustworthy ICT in WP09-10
90 M€
Call 5
(OCT ’09)
Trustworthy Network
Infrastructures
Trustworthy Service
Infrastructures
IPs, STREPs: 80 m€
min 50% to IPs
Technology and Tools for Trustworthy ICT
NoEs, CAs
10m€
Networking, Coordination and Support
Trustworthy Network Infrastructures
 Building and managing the Future Internet
 Monitoring and managing threats
 Trustworthy communication, computing and
storage (real-time management, virtualisation)
 Experiments and demonstration
 Attention to usability, social acceptance,
economic and legal viability
Trustworthy Service Infrastructures
 Privacy protecting interoperable services on
the FI
 User-centric, privacy respecting ID for
persons, things and virtual entities
 Adaptive frameworks for managing trust
throughout life-cycle
 Experiments and demonstration
 Attention to usability, social acceptance,
human self-determination and privacy,
economic and legal viability
Technology and Tools for Trustworthy ICT
 Focused technology development
– in the network (control, things, malware)
– for services (ID and privacy mgt tools, risk mgt,
verification, certification)
– for data management (assurance, integrity,
availability, risks, long term storage)
– Software assurance, secure software
– enabling technologies (biometrics, crypto,
trustworthy communication, virtualisation,
metrics, certification)
Networking, Coordination and Support






Threats and vulnerabilities
Security and resilience in software and services
Economics of security
Interoperable standards, certification
Legal and societal aspects of technology
International cooperation
ICT Policy Support Programme – WP2009 - Objective 7.1
A European infrastructure for secure information management
Focus and outcomes
 Integration of available technologies for
secure information management systems
 Piloting deployment in public administrations
and private organisations
Rationale



Many technologies for data & privacy protection exist
Insufficient deployment, leading to data leakage, loss & theft
International standards exist
Main expected outcomes
– functional pilot, possibly with applications in different areas
– under typical real-life conditions; transferable deployment
principles; best practices
– contributing to convergence across European organisations
ICT PSP – WP2009 - Objective 7.1
A European infrastructure for secure information management
Conditions and characteristics
 Integration of available security technologies,
techniques, tools, policies and procedures into a
functional pilot
 Technologies such as encryption, single sign-on,
strong authentication, role definition, distributed data
storage
 Combine best available technologies and practices,
European convergence
 Economic viability for real-life deployment
 Public-private partnerships, solution and service
providers in ICT security, public admin, private data
controllers
ICT PSP – WP2009 - Objective 7.1
A European infrastructure for secure information management
Expected impact
 Towards operational and comprehensive secure
information management in daily work environments
 Limit information loss; limit unintended use of
information; promote accountability
 Increase trust in eServices
Instrument & funding:
– One pilot project, type B, up to 3 M€ funding
– minimum 4 eligible legal entities (Member States or associated)
– typical duration 24-36 months, with 12 months pilot operating
service
– Open: 29 Jan. 2009 – close 2 June 2009
– http://ec.europa.eu/information_society/activities/ict_psp/index_en.htm