Contributing an integrated Research and Innovation Agenda for Cybersecurity The role and approach of the market study

Contributing an integrated Research and Innovation Agenda for Cybersecurity The role and approach of the market study Véronique Pevtschin Engineering Ingegneria Informatica S.p.A CSP Innovation Forum 2015

Project number: 611961 CAPITAL in a nutshell European Commission DG CNECT Duration: 2 years (October 2013 - October 2015) 9 Partners across Europe: European Organisation for Security, TNO, Engineering IngegneriaInformatica, Atos, Thales, Fraunhofer, Ecorys, Universita Degli Studi di Trento, Conceptivity Coordinator: European Organisation for Security

A bottom-up approach Classify technological areas according to their expected challenges and impact in cybersecurity and privacy How do application domains rely on these ICT areas for their progress

Introduced a unique CRYSTAL BALL reference model Describe relationships between entities that shape technological areas

The reference model The reference model consists of the following classes of entities, grouped in three layers: Business Practices -at the core of the model because it defines the needs and goals of products evolving from an emerging area. (Macro-) Environmental Forces -the outer ring of the crystal ball. They are an external influence for the business practices and the whole emerging area of technology. Technologies Used - the foundation of each emerging area

Prioritise the major gaps through an evolutive process

Emerging Areas of Information Technology Future Clouds Future Sec & Priv. Incident Management Cybersec & Privacy engineering Internet of things Mobile Computing Big Data Critical Industrial Systems Online Trust & Transparency for Privacy Reference Models Current and Future Cybersecurity Threats Existing Solutions Gap Analysis Promising concepts Evaluation, prioritization, selection & consultation with stakeholders Research Items Research Agenda

Emerging areas Threats and threat agents

Emerging areas Threats and threat agents Prioritise threats based on the frequency with which they were identified in the 8 emerging areas in order to assess the urgency of each of the threats

Emerging Areas of Information Technology Future Clouds Future Sec & Priv. Incident Management Cybersec & Privacy engineering Internet of things Mobile Computing Big Data Critical Industrial Systems Online Trust & Transparency for Privacy Reference Models Current and Future Cybersecurity Threats Existing Solutions Gap Analysis Promising concepts Evaluation, prioritization, selection & consultation with stakeholders Research Items Research Agenda

Solutions Categories of solutions for improved cybersecurityand privacy in each of the selected areas Used to assess the extent to which the threats are covered

Categories of solutions Select, for each emerging area, 5 to 10 categories of solutions for improved security and privacy

Categories of solutions Select, for each emerging area, 5 to 10 categories of solutions for improved security and privacy Categories cover broader, key needs for security and privacy in the emerging areas. of solutions research concepts, methodologies, processes, guidelines, software tools, techniques, commercial products, etc.

Categories of solutions Select, for each emerging area, 5 to 10 categories of solutions for improved security and privacy Select 3 categories: specially challenging, tackle new security and privacy issues and are less mature, most representative of cyber security and privacy issues in the near future Further validate through questionnaires Further refine for each category: purposes, main stakeholders, and tackled challenges / level of maturity and current limitations and vulnerabilities/ future evolution Analyse on-going work / gaps addressed by the research community

Virtualisation and middleware security Cryptographic hardware Reliable and secure communications, incident management and response, and security visualisation and reporting Software hardening and vulnerability analysis and discovery, privacy by design in software development, and measuring application security and privacy Identity and authentication, protocol and network security, and network segregation Upgrade to Internet Protocol version 6 (IPv6), testing and simulation, and monitoring and detection On-The-Fly Encryption (OTFE), process-based access control, and information assurance Mobile malware analysis, and sandboxed smartphone virtualisation Access control based on extensibleaccess Control MarkupLanguage (XACML), public key infrastructures, and browser privacy awareness tools

Emerging Areas of Information Technology Future Clouds Future Sec & Priv. Incident Management Cybersec & Privacy engineering Internet of things Mobile Computing Big Data Critical Industrial Systems Online Trust & Transparency for Privacy Reference Models Current and Future Cybersecurity Threats Existing Solutions Gap Analysis Promising concepts Evaluation, prioritization, selection & consultation with stakeholders Research Items Research Agenda

Prioritise the major gaps through an evolutive process

Emerging Areas of Information Technology Future Clouds Future Sec & Priv. Incident Management Cybersec & Privacy engineering Internet of things Mobile Computing Big Data Critical Industrial Systems Online Trust & Transparency for Privacy Reference Models Current and Future Cybersecurity Threats Existing Solutions Gap Analysis Promising concepts Evaluation, prioritization, selection & consultation with stakeholders Research Items Research Agenda

What is the role of the market study? To validate whether the identified gap between cyber threats and cyber research (challenges) is experienced by the (main market) players. To assess the market structure and dynamics features determining the innovativeness of the market support / prioritise / validate the timeline choices of cyber-security research agenda

What is the role of the market study? To validate whether the identified gap between cyber threats and cyber research (challenges) is experienced by the (main market) players. To assess the market structure and dynamics features determining the innovativenessof the market support / prioritise / validate the timeline choices of cyber-security research agenda

What is the approach? Activities: 1. Identify clusters 2. Identify main players: SMEs, MNEs, (semi-) governmental institutions, universities 3. Conduct interviews

The impact of clusters A cluster is a geographical concentration of specialised companies connected through multiple linkages. Since cyber space is a virtual one, does the distance between the entities matter? Do clusters improve the challenge of the multidisciplinary issue? Talent pool: is it enough? Education: is it enough? Value chain collaboration & cooperation Public-Private Partnerships Speed up the gaps identification / evolution?

Belgium Cyber Security Coalition LSEC SIRRIS - Cyber Security Agency being established: on the way to PPP - Awareness raising - Knowledge exchange

Finland FISC & Jyväskylä & Digile 3 different initiatives: industry, government/municipality, NGO 250 million annually: information security products and services Employees 3,000 people in information security

The Netherlands The Hague Security Delta - Official opening 2014-3,100 security companies - Public-Private Partnership - Turnover 6 billion - 1,7 billion in the Hague - Employees 60,500 people - 13,400 people in the Hague

United Kingdom ADS Group & UK Cyber Security Forum & SITC - UK is worth almost 2.8 billion in 2013 - High proportion of defence - Public-Private partnership - SMEs focus

www.capital-agenda.eu