Towards closer EU-ASEAN collaboration in cybersecurity

Transcription

1 Supporting European Union and Southeast Asia ICT strategic partnership and policy dialogue: Connecting ICT EU-SEA Research, Development and Innovation Knowledge Networks Towards closer EU-ASEAN collaboration in cybersecurity STI DAYS May 11th, 2016, Hanoi, Vietnam Aiviet Nguyen (ITI-VNU) and Sotiris Ionannidis (FORTH) This project has received funding from the European Union s Seventh Framework Programme for research, technological development and demonstration under grant agreement No

2 CONTENT 1. CYBER SECURITY 2. CYBER SECURITY IN ASEAN 3. CYBER SECURITY IN EU 4. IDENTIFY THE COOPERATION TOPIC 5. R&D AND POLICY DASHBOARDS 6. RECOMMENDATIONS 7. CONNECT2SEA S REPORT 11/05/2016 Hanoi, Vietnam

3 11/05/2016 Hanoi, Vietnam

4 CYBER SECURITY: A GLOBAL ISSUE CYBER WAR CYBER CRIME

5 OECD PRIORITIES IN THE ACTION PLANS FOR CYBER SECURITY Government security Awareness capacity, government network infrastructures and audits Protection of critical information infrastructures Fight against cyber-crime Awareness raising Measures Law enforcement capacity, legal framework improvement and international co-operation. Focus on children, SMEs and decision makers Education Stronger cyber-security workforce and skills Response Cyber-security Incident Response Teams (CSIRTs) R&D Better organisation in partnership with the private sector..

6 CYBER SECURITY AS A FOCUSED TARGET FOCUS POINT OF POLICY AND R&D ISSUES A REQUIREMENT FOR MOST R&D AND IMPLEMENTATION AREAS ATTENTION OF GOVERNMENTS, MEDIA AND SOCIETY CYBER SECURITY COOPERATION IS CRITICAL

7

8 STRENGTH AND WEAKNESS STRENGTH WEAKNESS An IT hub in central cooperative position with the US, EU, China, Japan Potentials for growth Networking activities Regional cohesiveness Experts and innovators Standardization and mutual approach Culture and language diversity and economic disparity

9 OPPORTUNITY AND CHALLENGE OPPORTUNITY CHALLENGE New interest of ASEAN (ICT Master Plan) ICT becomes a strong sector to promote connectivity Commitments of governments Digital divide Global cyber security challenges

10 ASEAN PRIORITIES IN ICT MASTER PLAN TO 2020 Cybersecurity Emergency Readiness: Cybersecurity Protection: Critical Infrastructure Protection Public Security and Safety 12/05/2016 Hanoi, Vietnam

11 ASEAN s Policy Measures toward Cyber-security Promote strategies to address threats, which are consistent with international law and its basic principles Promote dialogue on risk reduction measures, including exchange of views on the potential use of ICTs in conflict Encourage and enhance cooperation in bringing about culture of cyber-security Develop a work plan on security in the use of ICTs, focused on practical cooperation Review a possibility to elaborate common terms and definitions relevant to the sphere of the use of ICTs (code of conduct)

12

13 EU STRATEGY AND POLICY R&D Priorities in the Cyber-security Strategy o Identifying the NIS (Network and Information Security) vulnerabilities: o Promoting a single market for cyber-security products o Fostering R&D investments and innovation o Supporting the development of cryptography: o Provision of advanced solutions for end-to-end secure ICT systems: International Cooperation in the Cyber-security Strategy o Promote the international cooperation, develop industrial and technological resources to produce the ICT products: o Establish a coherent international cyberspace policy for the European Union and promote EU core values: o Promote cooperation on standardization in cyber-security, expanding usages of EU laws, norms and core values: o Mainstreaming cyberspace issues into EU external relations and Common Foreign and Security Policy:

14 ORGANIZATION OF TECHNOLOGY PLATFORMS AGAINST CYBER SECURITY ARTEMIS Industry Association ENIAC Joint Undertaking EPoSS: ETP on Smart Systems Integration ETP4HPC: ETP for High Performance Computing EU Robotics AISBL NEM: New European Media NESSI: The Networked European Software and Services Initiative Networld2020 ETP

15 HORIZONT2020 PRIORITIES R&D PRIORITIES TOWARD CYBER SECURITY: Secure societies (DSR), Digital Security (DS), Digital Security Policy NEW AREAS WHICH REQUIRE R&D IN CYBER SECURITY NEW AREAS WHICH PROVIDE NEW ENABLING TECHNOLOGIES FOR CYBER SECURITY

16

17 METHODOLOGY THE DIFFICULTY IN MATCHING ASEAN AND EU OBJECTIVES: DIFFERENT STAGE OF DEVELOPMENT. IMPLEMENTATION FOCUS VS R&D AND QUALITY FOCUS IMPLEMENTATION ACTIONS APPLICATIONS ENABLING TECHNOLOGY R&D IDENTIFY A LIST OF 144 R&D OBJECTIVES IN HORIZONT 2020, WHICH MAY HAVE RELATIONSHIP TO CYBER SECURITY USE MATRIX TO MAP THESE OBJECTIVES INTO ENABLING TECHNOLOGIES FOR THE APPLICATIONS, WHICH ARE RELEVANT IN ASEAN S PRIOTIZED ACTIONS GET THE CONSORTIUM MEMBERS, POLICY MAKERS FROM SCMIT, TELSOM, EXPERTS TO HAVE FEEDBACKS CHOOSE 28 TOP COOPERATION PRIORITIES

18 TOP 7 PRIORITIES: HORIZONTAL AND POLICY RELATED Establishing Centres of Excellence, Institutes or Organizations to gather and disseminate cyber-security resources Raising awareness and introducing new threats, vulnerabilities and risks Promoting Research and Development in Cyber-security as Joint Researches Developing Human Resources and solve training needs and skill shortage of academia and industry Formulating and improving policies and regulations on information security Protecting national critical infrastructure and network regarding cyber-security Providing assistance to ensure security for SMEs

19

20 ASEAN S R&D DASHBOARD STRUCTURE - 36 ISSUES IN 4 GROUPS OF: TRUSTWORTHY ICT, ENABLING AND DEMANDING TECHNOLOGIES, TOWARD SDN, OTHER NEW TRENDS - 6 GRADES: SUCCESS, PROGRESS, DIFFICULT, PLANNED, INTERESTED, NO INTEREST RESULTS: - WITH SCMIT MEMBERS FROM Thailand, Singapore, Indonesia, Malaysia, Laos, Myanmar and Vietnam - Overall conclusions: Most ASEAN countries are behind in R&D compared to Horizont2020 and lack advanced R&D. - List of top 12 R&D issues: Average 3.6 Most of countries are implementing and a significant number have difficulty.

21 LIST OF 12 TOP R&D ISSUES Secure Internet Use and Remote Access for Enterprise LAN and Private Cloud? 24 To identify new threats, vulnerabilities, risks and to implement the campaign to raise public awareness about cyber-security? 23 Cyber-security Architecture Framework, Standards and Guidelines for Enterprise and Government Office Cyber-security Policy 23 Disaster prevention and recovery after disaster 23 Development of new mechanisms, tools and techniques to increase trust, security and transparency of cloud infrastructures and services? 22 Provision of electronic signatures, e-seals, timestamps or certified electronic delivery in Trust eservices? 22 To find new enterprise solutions guaranteeing end-to-end security? 21 Proactive Security Systems able to counteract Denial of Service attacks in Critical Infrastructure? 21 Development of new software tools and methods for large, complex and data-intensive systems with high security? 20 Shared database of threat patterns and analytics of network logs to recognize the attack patterns 20 Cyber-security issues arisen in mobile e-government applications? The new Cyber threats in Internet of Things and Mobile devices? 20 20

22 ASEAN POLICY DASHBOARD STRUCTURE: OECD Dashboard with 25 issues RESULTS: - 8 countries: Malaysia, Thailand, Indonesia, Philippines, Cambodia, Laos, Myanmar and Vietnam - Malaysia has 23/25 the best score proving that OECD dashboard can be used for ASEAN - The results can help other countries to improve on certain points and to give an overview of cyber security policy maturity of SEAN - More details are available in the report - Used for recommendations

23

24 RECOMMENDATIONS Large visionary projects o Promote R&D on the enterprise infrastructure protection in the evolution toward SDN o EU-ASEAN Cyber Security Professional Training and Technology Transfer o ASEAN Technical support center for secure key enterprise applications and open sources Expand the Cyber-security Cooperation o Recommendations to EU and ASEAN bodies o Recommendations to ASEAN and/or EU Member states o Recommendations to the ASEAN RDI organizations Cyber-security Activities Promotion o Community of Practice o ASEAN Committee or Sub-Committee on Cyber-security o Pilot technical assistance and Cyber Security Architecture Framework

25 RECOMMENDATIONS FOR EU AND ASEAN BODIES 1. Create ASEAN Cyber Security Technical Committee, linking together legislative and policy issues in cybersecurity (TELSOM), and R&D issues (COST) Consist of academic researchers, independent professionals, vendors and policy makers in cyber security. Discuss R&D, implementation, standardization initiatives and cooperation Discuss the legal issues and give recommendations for the policy makers 2. Encourage and initiate ASEAN Joint projects on Cyber Security Standardization and Architecture Framework Cyber Security Code of Conduct Sharing the attack patterns 3. Assessment of the maturity of activities in Cyber Security in AEAN By one or more professional organizations or projects. The results are useful as a reference for achieving consensus, cooperation and project ideas. 4. Development of Human Resources and Social Awareness 5. Propose a special EU-SEA cooperation program with the focus on Cyber Security and Efficient Local Government Architecture and Reference Models.

26

27 WHO SHOULD READ POLICY MAKERS WHO WANT TO HAVE AN OVERVIEW ON CYBER SECURITY SITUATION IN ASEAN AND COOPERATION OPPORTUNITIES WITH EU. RESEARCHERS WHO ARE SEEKING FOR POSSIBLE COOPERATION TOPICS THOSE WHO WANT TO PROMOTE EU-SEA COOPERATION IN CYBER SECURITY THOSE WHO WANT TO FIND ANALYSIS RESULTS ABOUT STRENGTHS, OPPORTUNITIES OF ASEAN IN CYBER SECURITY

28 THE CURRENT STATUS Delivered as a report to EU as part of CONNECT2SEA The public version will be available by the end of May, 2016 One more chapter is going to be added with Cyber Security Blue Print (Guidelines) for developing countries with the case study of Laos.

29