• No results found

Comprehensive Approach to Increase Cyber Security and Resilience

N/A
N/A
Protected

Academic year: 2021

Share "Comprehensive Approach to Increase Cyber Security and Resilience"

Copied!
7
0
0

Loading.... (view fulltext now)

Full text

(1)

Comprehensive Approach to Increase Cyber

Security and Resilience

CAMINO Roadmap and Research Agenda

Micha Chora12

1

ITTI Sp. z o.o., Pozna, Poland [email protected] 2

University of Science and Technology in Bydgoszcz [email protected]

Rafa Kozik12

1

ITTI Sp. z o.o., Pozna, Poland [email protected] 2

University of Science and Technology in Bydgoszcz [email protected]

María Pilar Torres Bruna Everis Aeroespacial y Defensa sl,

Madrid, Spain

[email protected]

Artsiom Yautsiukhin Consiglio Nazionale delle Ricerche

Pisa, Italy

[email protected]

Andrew Churchill CBRNE Ltd London, United Kingdom [email protected] Iwona Maciejewska DFRC AG Bern, Switzerland [email protected] Irene Eguinoa S21sec Pamplona, Spain [email protected] Adel Jomni Université de Montpellier Montpellier, France [email protected]

Abstract— In this paper the initial results of the European project CAMINO in terms of the realistic roadmap to counter cyber crime and cyber terrorism are presented. The roadmap is built in accordance to so called CAMINO THOR approach, where cyber security is perceived comprehensively in 4 dimensions: Technical, Human, Organisational, and Regulatory.

Keywords— cyber security, cyber crime, cyber terrorism, roadmap, project CAMINO

I. INTRODUCTION

The major goal of the CAMINO project is to provide a realistic roadmap for improving resilience against cybercrime and cyber terrorism. In other words the project should answer the question where should taxpayer money be invested for research purposes. We indicate what research directions could tackle the problems and mitigate the gaps in countering cyber crime and cyber terrorism in a timescale up to 2025.

The consortium uses a holistic approach, analysing functions and capabilities addressing technical and human issues which are inter-related with legal and ethical

Regulatory. In each of the dimensions some items are proposed for the roadmap.

The project consortium has a very practical approach, with most partners being SMEs with a good understanding of what is realistic and practical and with an interest in finding a constructive roadmap that will complement LEA and research organisations - without creating a bottleneck of problems and obstructions. More information about the project can be found at: www.fp7-camino.eu/.

In this paper the initial roadmap from March 2015 is presented. The final roadmap will be delivered in March 2016, after year-long consultations in order to reach wide consensus.

This paper is structured as follows: in Section 2 CAMINO THOR approach is overviewed. In Section 3 the results of our analysis of the current situation with regards to cyber crime and cyber terrorism (technologies, challenges, needs) are described. In Section 4 CAMINO roadmap (initial version) items are presented. Each dimension item is shortly described and also the figures showing actions and their timeline are presented. 2015 10th International Conference on Availability, Reliability and Security

(2)

II. CAMINOAPPROACH

Our approach for the CAMINO road is based on the THOR concept. THOR d foundation of the CAMINO roadmap sco THOR dimensions address the follow • (T)echnical – related to tech technological approaches and sol used to fight against cyber terrorism,

• (H)uman – related to human fa

aspects, privacy issues, as well as

and knowledge of society with crime and terrorism threats, • (O)rganisational – related to proc

and policies within organisati cooperation (public-private, publi organisations,

• (R)egulatory – related to l standardisation and forensics. Visualisation of the THOR approach project is presented in Figure 1.

Figure 1. THOR approach for the CAM

III. ANALYSIS RESULTS

Current roadmapping initiatives with main research gaps and challenges we analyses performed in the initial stage project. This section is focused on the pr conclusions formulated in the CAMINO to summarise key areas, technolog impacting cyber crime and cyber terroris

Firstly, we analysed a number o roadmaps (also sector-specific ones), cu completed R&D projects and internatio [11]. The common aspects that are d documents and analysed in various proje

• Evaluation of system security, • Identity management,

H

dmap development dimensions are the ope and structure. wing aspects:

hnology, concrete lutions that can be

crime and cyber

factors, behavioral s raising awareness regards to cyber cesses, procedures ions, as well as ic-public) between aw provisioning, h in the CAMINO MINO project S h identification of ere the subject of of the CAMINO resentation of main O WP2 documents gies and threats

m nowadays. of cyber security urrent and already onal strategies [1]-discussed in these cts are: • Improvements of ana monitoring, • Security-related informa • Increasing of the securit • Standardisation in the fi • Application of

principles,

• Critical Infrastructure Pr These topics were our starti CAMINO roadmap scope.

In the early phase of the pro related to the various classe diagnosed that payment syste domain), embedded systems, and systems processing pers vulnerable to the cyber crime a Therefore, protection of thes particular parts (topics and ob Also, means to reduce risks co reflected by the milestones research agenda timeline.

The study about the cyber s the art allowed us to identify s their emerging status and m particularly addressed by the ro

• Cyber fraud prevention • Denial of Service (Do Service (DDoS) Protecti • Internet of Things (IoT) • Intrusion Detection Syst • Advanced Persistent Thr • Cloud Forensics, • Cryptography,

• Technical Security Stand • Big Data Security Analy • Cloud Security. Finally, in WP2 (and thro performed a number of surveys with experts from different security and the fight agains terrorism.

IV. CAMINOR In this section we present t into four THOR dimensions. In proposed in the roadmap ar dimensions and for different 2017), medium- (until 2020) 2025).

alytical tools for security

ation sharing mechanisms, ty awareness,

eld of cyber security, Security/Privacy-by-design

rotection.

ing point while defining the

oject we analysed also risks s of assets. In result, we ems (financial and banking cloud computing services sonal data are particularly and cyber terrorism threats. se assets is addressed by bjectives) of this roadmap. onnected to these assets are defined in the proposed

ecurity technologies state of everal key areas that due to maturity level should be oadmap. Those are:

technologies,

S) / Distributed Denial of ion,

Security, tems,

reat (APT) Detection,

dards, ytics,

ough WP3 workshops) we s and face-to-face interviews

sectors related with cyber st cyber crime and cyber

ROADMAP

the Roadmap topics divided n Figures 2 - 5 the activities re presented for each of

time spans: short- (until and long-perspective (until

(3)

A. Roadmap Topics – Technical Dimens 1) Strengthening/Adapting emerging analysis and cloud security/forensics

Cyber attacks may not be visible in to their nature or intensity (e.g., amou introduce). Therefore, recently techniqu tools have been adapted. The recent re the deep analysis of large volumes of da different segments of IT networks) has a of revealing interesting patterns. This c adapted to many cyber security area detection, botnets detection, malwares an infection, network intrusion detection sys

2) Security assurance - im

authentication and authorisation, trust information sharing

The IT world becomes more dynam heterogeneous. This evolution implie challenges, especially for security assura for authentication, authorisation and t have to deal with lack of pre-defined trus be ready to establish new relations on t establishing such relations requires re about previously unknown parties. This o applied to security, in order to ensur outsourced business will not be comprom is under control of partners. In order information about occurred incidents s The shared information can be used assessment of security of an organ insurance policy and strengthen the secu as a whole.

F

sion

g tools - Big Data

a small scale, due unt of traffic they ues using big data esearch shows that ata (received from a unique capability concept is recently as, namely: spam

nalysis, web-based stems.

mprovements in management and

mic, distributed and es novel security ance. New methods

trust management st assignments and the fly. Moreover, eliable knowledge

observation is also re the clients that mised even when it

r to achieve this, should be shared. d to get correct nisation, issue an urity of the Internet

3) Improving preparedness testing capabilities

One of the most importan every product, system or eve guaranteeing fundamental chara or availability in any system, one, is an essential part of rev confidence in their system, pr focused on maintaining and needed, and the most effect simulation processes. Concepts cyber exercises between comp awareness of not only cyber s but also of the rest of the sta promote and encourage the necessary actions, proper regul be made and discussed, and th prepared environment to benefi

4) Countering cyber crim Persistent Threats and cyber devices and social networks

Nowadays, one of the m countering cyber crime is large of malware samples. Evolut malwares and botnets (e.g. architectures) are also factors t the research communities to m cyber crime. This is particularly limitations of existing sign malware detectors. On the othe also mobile devices, and in t micro devices (now not often that will be exposed to cyber growing popularity of IoT (Inte

Figure 2. Roadmap activities – Technical Dimension

s - security engineering and

nt and demanded aspects in en organisations is quality; acteristics such as reliability moreover if it is a security vealing the developer team roduct. Therefore, activities improving this quality are tive ones are testing and s such as automated tools or panies will help to raise the security responsible people, ff. And finally, in order to realisation of all these lations and standards should hus achieve a desirable and it all these good practices.

me - botnets, Advanced r crimes affecting mobile

main challenges affecting e and still increasing amount

tion and changeability of new, fast-evolving botnet that should be addressed by more effectively fight against y important in the context of nature-based scanners and

er hand, cyber crime affects the near future will affect connected to the Internet), attacks in conjunction with ernet of Things) concept.

(4)

B. Human activities overview

1) Development of Training and Awa

One of the most fundamental aspe society’s defences against cybercrime, against any other new and evolving threa the users and subjects of it are properly k nature of the threat itself and the under the defensive steps being taken to mitigat Whilst almost all new legislati accompanied by training and awareness their lifecycle, few technological cha incorporate this vital feature into their ow is true both of the new possibilities op greater online access to data, but also rolled out to support the intended security

2) Utilising Privacy Enhancing Tech

With surveillance powers and techniq topic, both from the perceived excess quarters and the inadequate interpreta evidence in others, the roadmap towar implementation of Privacy Enhancing inexorably entwined with the developme legislation, and the regulatory interpretat

In particular DPR, eIDAS, and P Directive 2’s early adoption throug introduce requirements for the adoption Enhancing Technologies), albeit throug undetermined techniques or technologies of their formal ratification into EU legislation. These advance regulatory roa interesting, and often unexpected, set o the organisations handling sensitive perso

3) Appropriate use and re-use of Da

Under a range of current regulati standards, across a wide and varied rang use of data is frequently, but not univer the use originally intended when data wa also face a range of opt-ins or opt-ou subsequent re-use, of this data. The adve made the search for new uses of data

Figure 3. Roadmap activities – Human Dimension

areness tools

ects of improving as with protecting at, is to ensure that kept abreast of the rlying rationale of te it.

ive changes are strands as part of anges sufficiently wn roadmaps. This

pened up through to the tools being y behind them.

hnologies

ques a very current sive use in some ation of available rds more effective g Technologies is ent of forthcoming ion of these. Payment Services gh SecuRe Pay, n of PETs (Privacy gh the adoption of s, even in advance or Member State admaps provide an of requirements to onal data. ata

ions and industry e of industries, the rsally, restricted to as collected. Users uts to the use, or ent of big data has a held on existing

systems a growth industry (se but there are strong Human a through this re-use. The applic sets for LEA purposes has cau Roadmap will provide pointers be addressed and to what timesc

C. Organisational activities ov 1) Adapting organisations of the Internet and Cybercrime/

Nowadays, the competitiv company may receive an atta planet. Now, not only the com be interested in the intellect information. Therefore, mo differences between countries consequence organisations shou protect their assets and intellect Therefore, organisations nee regarding cybercrime and prot globally and cooperate to worldwide.

2) Introducing Cyber secu need

The use of new technolog office and at home, at professi time, for children and adults, public sector, with banks, supe Moreover, these different scop such as BYOD (Bring Your O more popular every year, professional area. Therefore, cy in terms of securing all aspect must be introduced as a new cu

ee under Technical, above), and Ethical concerns raised cation of these existing data used some debate, and our s to those issues that need to

cale.

verview

to the cross-border nature e/Terrorism

veness is global, so any ack from anywhere of the mpanies that are closely may

tual property or company ost important Regulation

should be known, and in uld be aware of this fact and tual taking this into account. ed to think cross-border tect their networks thinking

improve the IT security

urity as a society culture

gies is now present in the ional level but also for free , and also to interact with ermarkets and online stores. pes overlap, and initiatives Own Device) are becoming mixing personal with yber security is now crucial

ts in the day-to-day, and it ulture need.

(5)

3) Promoting EU Institutional support to Generic Challenges and Obstacles at the Enterprise / Company / SME Level

A common / unified institutional support is needed to promote changes at the Enterprise / company and SME level. The creation of an experts committee at the request of the main involved countries would contribute to overcome these obstacles and challenges at a European level. In addition, an information sharing platform would help the approach and collaboration of every interested party, making quick and efficient ideas/problems sharing possible. This support will assure the minimum protection needed in these organisms.

D. Regulatory activities overview

1) Investigatory Powers in intra-jurisdictional &

trans-border cases

Steps must be taken to adequate investigatory powers, as well as their use by LEA (Law Enforcement Agencies) members, to cyber-enquiries: the pace of regulatory reforms, the balance between abstraction and concretion of the investigatory powers and the need for a training policy are to be taken into consideration. Effectiveness of international cooperation in trans-border cases, paramount to successfully prosecute cybercrime, may be augmented in the years to come if the EU takes advantage of the shift in the views on reciprocity issues by key players such as China. Then again, improved data exchange between EU and National LEA’s comes not without a risk for Fundamental Rights, one of the keystones of European culture: efforts must be made in order to find a regulatory and technical framework allowing to juggle augmented data exchange capabilities and respect of Fundamental Rights.

2) Interoperability of Common and Roman Law

Having noted the transnational and intra-jurisdictional nature of cyber crime, one of the key factors to determine in gaining a better understanding of where such crimes might best be prosecuted. Over and above the differences in the definitions of offences, or admissibility of evidence, consideration also needs to be given as to whether there are any noticeable advantages or disadvantages associated with the underpinning legal framework. Our regulatory roadmap will seek to identify such differentials taking account of potentially speedier developments in some international fora, such as Interpol.

3) Civil and Criminal Courts forensics/admissability/evidential standards

At present, there exists a wide variety of standards and best practices for information security and digital evidence gathering. This variety hinders the adoption of common standards and procedures which lay strong foundations for a cooperative and effective fight against cyber crime and cyber terrorism at pan-European level. This type of crime is particularly decentralised and not restricted to any frontier, and the admissibility of digital evidences in Courts is still sometimes dependent on case-by-case analysis by experts who lack a common reference framework. Thus, the challenge is to achieve common understanding and adapt accordingly the current Member States criminal procedures. The achievement of a European Forensic Science Area has become a priority for the European Union. Last but not least, the respect for fundamental rights and freedoms of citizens must always be kept as a basic and key principle.

4) Identity/Authentication Standards for Data

Protection across borders

A majority of classes and applications of Cyber Crime and Terrorism contain a misrepresentation of identity or attempt to authenticate for access to goods or services that the attacker has no legitimate use to. There currently exist a plethora of standards to identify and authenticate a genuine user is who he or she claims to be, and their access rights in the given circumstances. At present there is no interoperability of these, and poor controls over the degree to what constitutes ‘strong authentication’ sufficient for each application. Within the European Union, however, the eIDentity, Authentication & Signatures Regulation, launched in October 2014 seeks to address this. Our Roadmap will take account of the timetable for its implementation, and the necessary external steps necessary to ensure best effect can be taken from it internationally. Equally, with the payments industry now being required to look at early adoption of the Second Payment Services Directive (PSD2), the Identity/Authentication roadmap has moved forward dramatically for one of the key cybercrime asset classes, and one of the most likely candidates for higher level eIDAS requirements. The European Central Bank and European Banking Association’s announcement on 19th

December 2014 that Secure Retail Payment (SecuRe Pay) Strong Authentication requirements would be put in place from 1st August 2015, several years in advance of PSD2’s expected ratification, let alone mandated implementation, goes to show how quickly cybercrime and the standards to address it move.

(6)

Fig

F

V. CONCLUSIONS

In this paper we presented the cyber agenda (the CAMINO roadmap) suggestions related to the future efforts cyber crime and cyber terrorism. The ro on four key pillars of cyber security re the main objectives, problems, challeng stakeholders from each dimension: T Organisational and Regulatory. These constitute the CAMINO THOR approac this roadmap, as well as for other r performed during the whole project.

gure 4. Roadmap activities – Organisational Dimension

Figure 5. Roadmap activities – Regulatory Dimension

r security research specifying our in fighting against oadmap is focused esearch, presenting ges and associated Technical, Human,

four dimensions ch that is basis for research activities

Each of four THOR dimen the roadmaps following the sam priority areas (topics) in THO defined. In general, there a CAMINO roadmap. Topics focused on big data and forens authentication/authorisation engineering and testing capabil effective fight against malw (Advanced Persistent Thre emphasises need for mechanism of personal data and for trainin awareness. Topics from Or roadmap are focused on socie cyber security, on adaptation

nsions has been described in me structure. Firstly, the top OR dimensions have been are 14 key topics in the from Technical part are sic aspects, improvement of

mechanisms, security ities, as well as on means to ware, botnets and APTs eats). Human dimension

ms regulating use and reuse ng and raising cyber security rganisational part of the etal and cultural aspects of

(7)

light of international nature of cyber terrorism, as well as on cooperation betw (e.g. SMEs) and supporting EU ins Regulatory dimension are composed topics: investigatory powers aspects, i Common and Roman code law, forens standards, as well as standards for data borders.

For each topic, the roadmap speci objectives with assigned milestones and those milestones.

Totally, we have almost 60 objectiv milestones that are considered as m research agenda, leading to more effec cyber crime and cyber terrorism until 20 roadmap structure is presented in the Fi are additions planned for the second yea duration).

Figure 6. Structure of the CAMINO r

Our idea is to assure wide consensus the CAMINO roadmap suggestions with and stakeholders groups.

Therefore, the initial roadmap will validated with the experts. In particular be presented in the following events:

• CAMINO session at MWC in Bar • Cyber attacks 2015 conference in

crime and cyber ween organisations stitutions. Finally,

of the following interoperability of sics and evidential a protection across

ifies a number of actions to achieve

ves and about 300 micro-steps in our

ctive fight against 25. The CAMINO gure 6 (red blocks ar of the CAMINO

roadmap.

and agreement on hin relevant experts

be discussed and it has been or will

rcelona (March), n Torun (March), • Closed meeting of CA (April), • CAMINO-COURAGE (April), • CAMINO workshop in L • ICT crime conference in During the second year duration we plan to specify exi agenda and to add new one roadmap more complete. In pa cross-domain topics, namely: fight cyber crime and cyber cyber security awareness.

ACKNOWLED

This work is partly fu Commission under grant numb The support is gratefully acknow

REFEREN [1] U.S. Department of Homelan

Cybersecurity Research”, Novem [2] Evangelos Markatos, Davide Roadmap for Systems Security Project), August 2013. [3] NIST (National Institute of Sta

Roadmap for Improving Critic February 2014.

[4] Perry Pederson, Tim Roxey, Jeff Cybersecurity of Control System Systems Joint Working Group), S [5] Katie Jereza et al., ”Roadmap to Cybersecurity”, ESCSWG (En Working Group), September 201 [6] U.S. Department of Homeland Se

Secure Control Systems”, 2010. [7] Jeffrey Berenson, et al. ”The Ro

in the Transportation Sector”, T Systems in the Transportation 2012.

[8] Jack Eisenhauer, Paget Donnell “Roadmap to Secure Control Sy Department of Energy, U.S. De January 2006.

[9] Seth Johnson, Bruce Larson, “Roadmap to Secure Control Sys Sector Coordinating Council C (WSCCCWG), March 2008. [10] ENISA website, National Cyber

Available at: http://www.enisa.eu CIIP/national-cyber-security-stra security-strategies-in-the-world [11] EU NIS Platform Working G

Landscape Deliverable, J https://resilience.enisa.europa.eu/ documents/wg3-documents/state-landscape/at_download/file

AMINO with COURAGE

workshop in Montpellier

London (June), n Szczytno (June).

of the CAMINO project isting points in the research es to make the CAMINO articular we plan to add new

Comprehensive system to terrorism, and raising the

DGEMENT

funded by the European ber FP7-607406-CAMINO. wledged.

NCES

nd Security, “A Roadmap for mber 2009.

Balzarotti, ”The Red Book: A y Research”, SysSec (FP7 NoE andards and Technology), ”NIST cal Infrastructure Cybersecurity”, f Gray, ”Cross-sector Roadmap for ms”, ICSJWG (Industrial Control September 2011.

Achieve Energy Delivery Systems nergy Sector Control Systems 1.

ecurity, ”Dams Sector Roadmap to oadmap to Secure Control System The Roadmap to Secure Control Sector Working Group, August ly, Mark Ellis, Michael O’Brien, ystems in the Energy Sector”, U.S. epartment of Homeland Security, Dave Edwards, Kevin Morley, stems in the Water Sector”, Water Cyber Security Working Group r Security Strategies in the World, uropa.eu/activities/Resilience-and- ategies-ncsss/national-cyber-Group 3, Secure ICT Research

uly 2014, Available at:

References

Related documents