Comprehensive Approach to cyber roadmap coordina5on and development Main Research Gaps in Cyber Security María Pilar Torres Bruna everis Aerospace and Defence
Index CAMINO WP2: Iden8fica8on and Analysis of Main Required capabili5es and GAPS iden5fied
WP2 Objec5ve: Iden8fica8on of main cybersecurity GAPS to reduce in the next years throughout the European Union. How? Thought the study of exis8ng roadmaps and guidelines. Iden8fying promising solu8ons of current research. Taking into account the results of a risk and market analysis. Though end user perspec8ve, though interviews and ques8onnaires. With a final THOR analysis. Main INPUT for the final roadmap defini5on
WP2 tasks: 1. Analysis of exis8ng cyber security- related guidelines, roadmaps and strategies. 2. Cyber security domain: market and risks analysis. 3. Inventory of current technologies and technology challenges. 4. Cyber security experts interviews. 5. Iden8fica8on of current cyber crime and cyber terrorism research gaps and challenges. More detail about ac5ons defined and launched for each of the phases.
Task 1: Analysis of current cyber crime and cyber terrorism documents. Documents from different sectors requiring cyber security capabili8es. Reports. Roadmaps. Na8onal strategies. Best prac8ces and strategies to counter cyber crime and cyber terrorism. Relevant projects to cope with cyber crime and cyber terrorism. Result: D1.1 à State- of- the- art vision rela5ng to cyber security domain à GAPS iden8fica8on
Task 1: Analysis of current cyber crime and cyber terrorism documents. Methodology:
Task 1: summary of results ADDRESSED ASPECTS GENERAL CYBER SECURITY ROADMAPS SECTORAL CYBER SECURITY ROADMAPS EVALUATION AND ASSESSMENT OF SYSTEMS SECURITY þ þ R&D PROJECTS IDENTITY MANAGEMENT þ þ CYBER THREATS AND VULNERABILITIES þ þ ANALYTICAL TOOLS þ þ þ INTERNATIONAL AND NATIONAL STRATEGIES PRIVACY ISSUES þ þ þ SITUATIONAL AWARENESS, INFORMATION/KNOWLEDGE SHARING þ þ þ þ MODELLING AND SIMULATION SURVIVABILITY OF SYSTEMS CRITICAL INFRASTRUCTURE PROTECTION þ þ þ STANDARDISATION þ þ þ þ LAW ENFORCEMENT ASPECTS þ
Task 2: Cyber security domain market and risks analysis Iden8fica8on of main european assets to protect. Assets vulnerabili8es. Main threats and possible a`acks. Threat agents and mo8va8ons for launching a cyber a`ack. Risk. Future trends regarding threats. Result: D2.2 à Market and Risks analysis result
Task 2: Cyber security domain market and risks analysis Methodology: First, the asset must be analyzed by indica8ng how important is this asset according to its availability, integrity and confiden8ality is. To this end, a scale of 0 to 9 will be used, where 0 is the least important and 9 the most relevant issue. The values are assigned to each category on the basis of the document authors experience and opinion. Security Dimensions Availability Integrity Confiden5ality Score (0-9) N N N
Task 2: Cyber security domain market and risks analysis Methodology: Threat Name of the threat Security Dimensions Availability, Integrity and/or Confidentiality Description Description of the threat Frequency with which the Description Frequency (0-1) threat can affect asset. Percentage of Description degradation that can Availability degradation (0-100) occur if the asset would be affected by a threat to the availability. Percentage of Description degradation that can Integrity degradation (0-100) occur if the asset would be affected by a threat to the integrity. Percentage of Description degradation that can Confidentiality degradation (0-100) occur if the asset would be affected by a threat to the confidentiality. Availability impact (0-10) [Security Dimensions score]* [availability degradation]/100=result Integrity impact (0-10) [Security Dimensions score]* [integrity degradation]/100=result Confidentiality impact (0-10) [Security Dimensions score]* [confidentiality degradation]/100=result Threat Security Dimensions Description Frequency (0-1) R&D Data Theft Confidentiality Theft of research data can be highly damaging, particularly in the last phases of a R&D project. The exclusiveness on the research s results, which should be normally protected by IP rights in order to ensure the monetization of the final creation, is compromised. Worst, stolen research may be concluded and formally registered, for instance by unfair competitors; when registration is done in a third country, the lawful holder of IP may be unable to effectively prove the illegitimate origin of the registered creation. 0,2 Description Availability degradation (0-100) 0 Description Unaffected Integrity degradation (0-100) 0 Description Unaffected Confidentiality degradation (0-100) Availability impact (0-10) Integrity impact (0-10) Confidentiality impact (0-10) 90 Description Even if far from beinga common offense, R&D data theft affects RTO s on a frequent basis. Research results are critical, black- list data. R&D data theft may be critically disruptive to an RTO (for instance, theft of research data from a Nobel- prize University research lab, a kind of research critical to the reputation of the institution and which can mobilize a substantial part of the University s budget) 3*0/100=0 5*0/100=0 9*90/100=8,1
Task 2: Cyber security domain market and risks analysis Methodology: Threat Availability risk (0-100) Integrity risk (0-100) Confidentiality risk (0-100) Description of the threat Availability impact x Frequency x 10 = Risk Integrity impact x Frequency x 10 = Risk Confidentiality impact x Frequency x 10 = Risk Security Dimensions Availability Integrity Confidentiality Risk (0-100) (Average Availability Risk + Average Integrity Risk + Average Confidentiality Risk) / 3 = Final Risk Threat Availability risk (0-100) Integrity risk (0-100) Confidentiality risk (0-100) Risk (0-100) (1,05+2,5+22,5)/3=8,68 R&D Data Theft 0,2*0*10=0 0,2*0*10=0 0,2*8,1*10=16,2 Security Dimensions Availability Integrity Confidentiality Risk (0-100) (Risk1+Risk2+ +RiskN)/N = Average Availability Risk (Risk1+Risk2+ +RiskN)/N = Average Integrity Risk (Risk1+Risk2+ +RiskN)/N = Average Confidentiality Risk Risk (0-100) (0+1,8+0+2,4)/4=1,05 (0+3+0+7)/4= 2,5 (16,2+21,6+43,2+9)/4=22,5
Task 2: Cyber security domain market and risks analysis Methodology: Asset Asset average risk Payment systems 19,15 Embedded systems 14,32 Banking and financial services 10,09 Personal Data 8,86 Intellectual Property Rights 8,68 Cloud infrastructures 8,85 On- line services / web applications 7,45 Critical information 7,14 Mobile devices (tablets, smartphones) 6,62 Critical infrastructures 6,146 Communications with satellites, weather stations, aircrafts 5,78 Workstations (users' equipment: desktops) 4,58 People (citizens and employees) 3,4 Transport assets (airplanes, railways, etc) 2,05 Unmanned systems 1,6 Logistic and supply chain 0,55
Task 3: Inventory of current technologies and technology challenges Current cybersecurity technologies iden8fica8on. Enabling and disrup8ve technologies iden8fica8on. Technology evalua8on defining its current TRL (Technology Readiness Levels). Maturity assessment from the market adop8on perspec8ve, Gartner Hype Cycle. SME Relevance and Phase of Protec8on. Technologies s trends and challenges. Result: D2.3 à Cyber security Technology state of the art
Task 3: Inventory of current technologies and technology challenges Methodology: R&D TRL (L,M,H) M SME Relevance (1-3) 3 Market Adoption Gartner Hype Cycle (1-5) 5 SME Relevance (1-3) 3 Phase of Protection Pro- active Y Real- time Y Re- active Y
Task 4: Cyber security experts ques5onnaire and interview: Ques5onnaire with topics including: Assets, threats and vulnerabili8es. Technologies. Cyber a`acks agents and main illegal ac8vi8es in cyber space. Human issues related with cyber security and ethical issues rela8ng to responding to cybercrime/cyber terrorism ac8ons. Future trends. Face to face interviews to acquire knowledge from the selected experts complemen8ng the findings from the ques8onnaire. Result: D2.4 à Cyber security experts visionà GAPS confirma8on and iden8fica8on
Task 4: Cyber security experts ques5onnaire and interview Methodology: Ques8onnaire of 13 ques8ons developed and agreed by the consor8um. Distributed to cyber security providers and consumers to know end user perspec8ve. Interviews developed to go in the detail of ques8onnaire results. Study of the results.
Task 5: Iden5fica5on of current cyber crime and cyber terrorism gaps and challenges: Collec8ng the findings from the previous ac8ons. Partners knowledge in the fields addressed. Current cyber security related requirements, challenges and gaps are iden8fied. Comprehensive mul8- dimensional analysis, (THOR), is reported. Baseline material for workshops, guidelines and roadmap development. Result: D2.5 à Current cyber crime and cyber terrorism gaps and challenges
Required capabili5es and GAPS iden5fied Technical and Tes5ng Capabili5es: Fight against growing and evolving malware and botnets Decryp'on of the BOTNETs command and control channel Denial of Service (DoS)/Distributed Denial of Service (DDoS) Protec8on Automa'c and self- learning applica'ons for mi'ga'ng DDoS acts Intrusion Detec8on Systems Research related to proac've real- 'me solu'ons Big data for cyber security analy8cs Reduce the Big Data for cyber security analysis infrastructure requirements Design procedures to use Big Data for security purposes
Required capabili5es and GAPS iden5fied Technical and Tes5ng Capabili5es: Cloud security and cloud forensics Protec'on mechanisms for Virtual Machines Internet of Things Data privacy: criptography New methods for Authen8ca8on and Authorisa8on Biometrics Mul'mode system op'miza'on Informa8on sharing plagorms or mechanisms and Dynamic Risks Assessments Development of secure informa'on exchange protocols
Required capabili5es and GAPS iden5fied Technical and Tes5ng Capabili5es: Mobile devices protec8on Avoid the cryptography problem associated with encryp'ng and decryp'ng large amounts of data and fast data transmission efficiently, (Lightweight cryptography). APTs protec8on Focus IPS methods on unusual behavior of users equipment. Improved methods to detect unusual behaviour. Insider threats Detec8on and Protec8on Mul'- disciplinarity security controls, involving policies, procedures and technologies covering technical, behavioural and organisa'onal issues. Staff stress detec'on.
Required capabili5es and GAPS iden5fied Human and ethical aspects: Training, awareness, and management/monitoring/ mi8ga8on Greater awareness of the fundamental differences between the online and offline worlds as an educa'onal goal. Individual rights vs societal rights Research on criteria to decide: Impact? Privacy Quality stamps Criptography
Required capabili5es and GAPS iden5fied Organiza5onal: The Challenge of the Global Nature of the Internet Global secure protocols Challenges due to the nature of Cyber- Crime Geographical dispersion of awacker vic'm Different organiza'onal procedures in different countries Challenges and Obstacles at the Enterprise/Firm Level Promote the implanta'on of a cybersecurity structure among SMEs
Required capabili5es and GAPS iden5fied Regulatory: Common regula8ons and differences in legal systems Accelerate the process of harmoniza'on of laws between member countries in the fight against cyber crime. Technical language and cyber defini8ons in law To find common defini'ons not only usable in juridical texts, but also adequate to be used in juridical texts wriwen in the technical juridical languages of all of the European countries. Slow evolu8on of law An'cipate new relevant trends and to adapt regulatory response to them.
Further details Contact: camino@ii.com.pl Visit CAMINO web page: h`p://www.fp7- camino.eu THANKS!