Comprehensive Approach to Increase Cyber
Security and Resilience
CAMINO Roadmap and Research Agenda
Micha Chora12
1
ITTI Sp. z o.o., Pozna, Poland [email protected] 2
University of Science and Technology in Bydgoszcz [email protected]
Rafa Kozik12
1
ITTI Sp. z o.o., Pozna, Poland [email protected] 2
University of Science and Technology in Bydgoszcz [email protected]
María Pilar Torres Bruna Everis Aeroespacial y Defensa sl,
Madrid, Spain
Artsiom Yautsiukhin Consiglio Nazionale delle Ricerche
Pisa, Italy
Andrew Churchill CBRNE Ltd London, United Kingdom [email protected] Iwona Maciejewska DFRC AG Bern, Switzerland [email protected] Irene Eguinoa S21sec Pamplona, Spain [email protected] Adel Jomni Université de Montpellier Montpellier, France [email protected]
Abstract— In this paper the initial results of the European project CAMINO in terms of the realistic roadmap to counter cyber crime and cyber terrorism are presented. The roadmap is built in accordance to so called CAMINO THOR approach, where cyber security is perceived comprehensively in 4 dimensions: Technical, Human, Organisational, and Regulatory.
Keywords— cyber security, cyber crime, cyber terrorism, roadmap, project CAMINO
I. INTRODUCTION
The major goal of the CAMINO project is to provide a realistic roadmap for improving resilience against cybercrime and cyber terrorism. In other words the project should answer the question where should taxpayer money be invested for research purposes. We indicate what research directions could tackle the problems and mitigate the gaps in countering cyber crime and cyber terrorism in a timescale up to 2025.
The consortium uses a holistic approach, analysing functions and capabilities addressing technical and human issues which are inter-related with legal and ethical
Regulatory. In each of the dimensions some items are proposed for the roadmap.
The project consortium has a very practical approach, with most partners being SMEs with a good understanding of what is realistic and practical and with an interest in finding a constructive roadmap that will complement LEA and research organisations - without creating a bottleneck of problems and obstructions. More information about the project can be found at: www.fp7-camino.eu/.
In this paper the initial roadmap from March 2015 is presented. The final roadmap will be delivered in March 2016, after year-long consultations in order to reach wide consensus.
This paper is structured as follows: in Section 2 CAMINO THOR approach is overviewed. In Section 3 the results of our analysis of the current situation with regards to cyber crime and cyber terrorism (technologies, challenges, needs) are described. In Section 4 CAMINO roadmap (initial version) items are presented. Each dimension item is shortly described and also the figures showing actions and their timeline are presented. 2015 10th International Conference on Availability, Reliability and Security
II. CAMINOAPPROACH
Our approach for the CAMINO road is based on the THOR concept. THOR d foundation of the CAMINO roadmap sco THOR dimensions address the follow • (T)echnical – related to tech technological approaches and sol used to fight against cyber terrorism,
• (H)uman – related to human fa
aspects, privacy issues, as well as
and knowledge of society with crime and terrorism threats, • (O)rganisational – related to proc
and policies within organisati cooperation (public-private, publi organisations,
• (R)egulatory – related to l standardisation and forensics. Visualisation of the THOR approach project is presented in Figure 1.
Figure 1. THOR approach for the CAM
III. ANALYSIS RESULTS
Current roadmapping initiatives with main research gaps and challenges we analyses performed in the initial stage project. This section is focused on the pr conclusions formulated in the CAMINO to summarise key areas, technolog impacting cyber crime and cyber terroris
Firstly, we analysed a number o roadmaps (also sector-specific ones), cu completed R&D projects and internatio [11]. The common aspects that are d documents and analysed in various proje
• Evaluation of system security, • Identity management,
H
dmap development dimensions are the ope and structure. wing aspects:
hnology, concrete lutions that can be
crime and cyber
factors, behavioral s raising awareness regards to cyber cesses, procedures ions, as well as ic-public) between aw provisioning, h in the CAMINO MINO project S h identification of ere the subject of of the CAMINO resentation of main O WP2 documents gies and threats
m nowadays. of cyber security urrent and already onal strategies [1]-discussed in these cts are: • Improvements of ana monitoring, • Security-related informa • Increasing of the securit • Standardisation in the fi • Application of
principles,
• Critical Infrastructure Pr These topics were our starti CAMINO roadmap scope.
In the early phase of the pro related to the various classe diagnosed that payment syste domain), embedded systems, and systems processing pers vulnerable to the cyber crime a Therefore, protection of thes particular parts (topics and ob Also, means to reduce risks co reflected by the milestones research agenda timeline.
The study about the cyber s the art allowed us to identify s their emerging status and m particularly addressed by the ro
• Cyber fraud prevention • Denial of Service (Do Service (DDoS) Protecti • Internet of Things (IoT) • Intrusion Detection Syst • Advanced Persistent Thr • Cloud Forensics, • Cryptography,
• Technical Security Stand • Big Data Security Analy • Cloud Security. Finally, in WP2 (and thro performed a number of surveys with experts from different security and the fight agains terrorism.
IV. CAMINOR In this section we present t into four THOR dimensions. In proposed in the roadmap ar dimensions and for different 2017), medium- (until 2020) 2025).
alytical tools for security
ation sharing mechanisms, ty awareness,
eld of cyber security, Security/Privacy-by-design
rotection.
ing point while defining the
oject we analysed also risks s of assets. In result, we ems (financial and banking cloud computing services sonal data are particularly and cyber terrorism threats. se assets is addressed by bjectives) of this roadmap. onnected to these assets are defined in the proposed
ecurity technologies state of everal key areas that due to maturity level should be oadmap. Those are:
technologies,
S) / Distributed Denial of ion,
Security, tems,
reat (APT) Detection,
dards, ytics,
ough WP3 workshops) we s and face-to-face interviews
sectors related with cyber st cyber crime and cyber
ROADMAP
the Roadmap topics divided n Figures 2 - 5 the activities re presented for each of
time spans: short- (until and long-perspective (until
A. Roadmap Topics – Technical Dimens 1) Strengthening/Adapting emerging analysis and cloud security/forensics
Cyber attacks may not be visible in to their nature or intensity (e.g., amou introduce). Therefore, recently techniqu tools have been adapted. The recent re the deep analysis of large volumes of da different segments of IT networks) has a of revealing interesting patterns. This c adapted to many cyber security area detection, botnets detection, malwares an infection, network intrusion detection sys
2) Security assurance - im
authentication and authorisation, trust information sharing
The IT world becomes more dynam heterogeneous. This evolution implie challenges, especially for security assura for authentication, authorisation and t have to deal with lack of pre-defined trus be ready to establish new relations on t establishing such relations requires re about previously unknown parties. This o applied to security, in order to ensur outsourced business will not be comprom is under control of partners. In order information about occurred incidents s The shared information can be used assessment of security of an organ insurance policy and strengthen the secu as a whole.
F
sion
g tools - Big Data
a small scale, due unt of traffic they ues using big data esearch shows that ata (received from a unique capability concept is recently as, namely: spam
nalysis, web-based stems.
mprovements in management and
mic, distributed and es novel security ance. New methods
trust management st assignments and the fly. Moreover, eliable knowledge
observation is also re the clients that mised even when it
r to achieve this, should be shared. d to get correct nisation, issue an urity of the Internet
3) Improving preparedness testing capabilities
One of the most importan every product, system or eve guaranteeing fundamental chara or availability in any system, one, is an essential part of rev confidence in their system, pr focused on maintaining and needed, and the most effect simulation processes. Concepts cyber exercises between comp awareness of not only cyber s but also of the rest of the sta promote and encourage the necessary actions, proper regul be made and discussed, and th prepared environment to benefi
4) Countering cyber crim Persistent Threats and cyber devices and social networks
Nowadays, one of the m countering cyber crime is large of malware samples. Evolut malwares and botnets (e.g. architectures) are also factors t the research communities to m cyber crime. This is particularly limitations of existing sign malware detectors. On the othe also mobile devices, and in t micro devices (now not often that will be exposed to cyber growing popularity of IoT (Inte
Figure 2. Roadmap activities – Technical Dimension
s - security engineering and
nt and demanded aspects in en organisations is quality; acteristics such as reliability moreover if it is a security vealing the developer team roduct. Therefore, activities improving this quality are tive ones are testing and s such as automated tools or panies will help to raise the security responsible people, ff. And finally, in order to realisation of all these lations and standards should hus achieve a desirable and it all these good practices.
me - botnets, Advanced r crimes affecting mobile
main challenges affecting e and still increasing amount
tion and changeability of new, fast-evolving botnet that should be addressed by more effectively fight against y important in the context of nature-based scanners and
er hand, cyber crime affects the near future will affect connected to the Internet), attacks in conjunction with ernet of Things) concept.
B. Human activities overview
1) Development of Training and Awa
One of the most fundamental aspe society’s defences against cybercrime, against any other new and evolving threa the users and subjects of it are properly k nature of the threat itself and the under the defensive steps being taken to mitigat Whilst almost all new legislati accompanied by training and awareness their lifecycle, few technological cha incorporate this vital feature into their ow is true both of the new possibilities op greater online access to data, but also rolled out to support the intended security
2) Utilising Privacy Enhancing Tech
With surveillance powers and techniq topic, both from the perceived excess quarters and the inadequate interpreta evidence in others, the roadmap towar implementation of Privacy Enhancing inexorably entwined with the developme legislation, and the regulatory interpretat
In particular DPR, eIDAS, and P Directive 2’s early adoption throug introduce requirements for the adoption Enhancing Technologies), albeit throug undetermined techniques or technologies of their formal ratification into EU legislation. These advance regulatory roa interesting, and often unexpected, set o the organisations handling sensitive perso
3) Appropriate use and re-use of Da
Under a range of current regulati standards, across a wide and varied rang use of data is frequently, but not univer the use originally intended when data wa also face a range of opt-ins or opt-ou subsequent re-use, of this data. The adve made the search for new uses of data
Figure 3. Roadmap activities – Human Dimension
areness tools
ects of improving as with protecting at, is to ensure that kept abreast of the rlying rationale of te it.
ive changes are strands as part of anges sufficiently wn roadmaps. This
pened up through to the tools being y behind them.
hnologies
ques a very current sive use in some ation of available rds more effective g Technologies is ent of forthcoming ion of these. Payment Services gh SecuRe Pay, n of PETs (Privacy gh the adoption of s, even in advance or Member State admaps provide an of requirements to onal data. ata
ions and industry e of industries, the rsally, restricted to as collected. Users uts to the use, or ent of big data has a held on existing
systems a growth industry (se but there are strong Human a through this re-use. The applic sets for LEA purposes has cau Roadmap will provide pointers be addressed and to what timesc
C. Organisational activities ov 1) Adapting organisations of the Internet and Cybercrime/
Nowadays, the competitiv company may receive an atta planet. Now, not only the com be interested in the intellect information. Therefore, mo differences between countries consequence organisations shou protect their assets and intellect Therefore, organisations nee regarding cybercrime and prot globally and cooperate to worldwide.
2) Introducing Cyber secu need
The use of new technolog office and at home, at professi time, for children and adults, public sector, with banks, supe Moreover, these different scop such as BYOD (Bring Your O more popular every year, professional area. Therefore, cy in terms of securing all aspect must be introduced as a new cu
ee under Technical, above), and Ethical concerns raised cation of these existing data used some debate, and our s to those issues that need to
cale.
verview
to the cross-border nature e/Terrorism
veness is global, so any ack from anywhere of the mpanies that are closely may
tual property or company ost important Regulation
should be known, and in uld be aware of this fact and tual taking this into account. ed to think cross-border tect their networks thinking
improve the IT security
urity as a society culture
gies is now present in the ional level but also for free , and also to interact with ermarkets and online stores. pes overlap, and initiatives Own Device) are becoming mixing personal with yber security is now crucial
ts in the day-to-day, and it ulture need.
3) Promoting EU Institutional support to Generic Challenges and Obstacles at the Enterprise / Company / SME Level
A common / unified institutional support is needed to promote changes at the Enterprise / company and SME level. The creation of an experts committee at the request of the main involved countries would contribute to overcome these obstacles and challenges at a European level. In addition, an information sharing platform would help the approach and collaboration of every interested party, making quick and efficient ideas/problems sharing possible. This support will assure the minimum protection needed in these organisms.
D. Regulatory activities overview
1) Investigatory Powers in intra-jurisdictional &
trans-border cases
Steps must be taken to adequate investigatory powers, as well as their use by LEA (Law Enforcement Agencies) members, to cyber-enquiries: the pace of regulatory reforms, the balance between abstraction and concretion of the investigatory powers and the need for a training policy are to be taken into consideration. Effectiveness of international cooperation in trans-border cases, paramount to successfully prosecute cybercrime, may be augmented in the years to come if the EU takes advantage of the shift in the views on reciprocity issues by key players such as China. Then again, improved data exchange between EU and National LEA’s comes not without a risk for Fundamental Rights, one of the keystones of European culture: efforts must be made in order to find a regulatory and technical framework allowing to juggle augmented data exchange capabilities and respect of Fundamental Rights.
2) Interoperability of Common and Roman Law
Having noted the transnational and intra-jurisdictional nature of cyber crime, one of the key factors to determine in gaining a better understanding of where such crimes might best be prosecuted. Over and above the differences in the definitions of offences, or admissibility of evidence, consideration also needs to be given as to whether there are any noticeable advantages or disadvantages associated with the underpinning legal framework. Our regulatory roadmap will seek to identify such differentials taking account of potentially speedier developments in some international fora, such as Interpol.
3) Civil and Criminal Courts forensics/admissability/evidential standards
At present, there exists a wide variety of standards and best practices for information security and digital evidence gathering. This variety hinders the adoption of common standards and procedures which lay strong foundations for a cooperative and effective fight against cyber crime and cyber terrorism at pan-European level. This type of crime is particularly decentralised and not restricted to any frontier, and the admissibility of digital evidences in Courts is still sometimes dependent on case-by-case analysis by experts who lack a common reference framework. Thus, the challenge is to achieve common understanding and adapt accordingly the current Member States criminal procedures. The achievement of a European Forensic Science Area has become a priority for the European Union. Last but not least, the respect for fundamental rights and freedoms of citizens must always be kept as a basic and key principle.
4) Identity/Authentication Standards for Data
Protection across borders
A majority of classes and applications of Cyber Crime and Terrorism contain a misrepresentation of identity or attempt to authenticate for access to goods or services that the attacker has no legitimate use to. There currently exist a plethora of standards to identify and authenticate a genuine user is who he or she claims to be, and their access rights in the given circumstances. At present there is no interoperability of these, and poor controls over the degree to what constitutes ‘strong authentication’ sufficient for each application. Within the European Union, however, the eIDentity, Authentication & Signatures Regulation, launched in October 2014 seeks to address this. Our Roadmap will take account of the timetable for its implementation, and the necessary external steps necessary to ensure best effect can be taken from it internationally. Equally, with the payments industry now being required to look at early adoption of the Second Payment Services Directive (PSD2), the Identity/Authentication roadmap has moved forward dramatically for one of the key cybercrime asset classes, and one of the most likely candidates for higher level eIDAS requirements. The European Central Bank and European Banking Association’s announcement on 19th
December 2014 that Secure Retail Payment (SecuRe Pay) Strong Authentication requirements would be put in place from 1st August 2015, several years in advance of PSD2’s expected ratification, let alone mandated implementation, goes to show how quickly cybercrime and the standards to address it move.
Fig
F
V. CONCLUSIONS
In this paper we presented the cyber agenda (the CAMINO roadmap) suggestions related to the future efforts cyber crime and cyber terrorism. The ro on four key pillars of cyber security re the main objectives, problems, challeng stakeholders from each dimension: T Organisational and Regulatory. These constitute the CAMINO THOR approac this roadmap, as well as for other r performed during the whole project.
gure 4. Roadmap activities – Organisational Dimension
Figure 5. Roadmap activities – Regulatory Dimension
r security research specifying our in fighting against oadmap is focused esearch, presenting ges and associated Technical, Human,
four dimensions ch that is basis for research activities
Each of four THOR dimen the roadmaps following the sam priority areas (topics) in THO defined. In general, there a CAMINO roadmap. Topics focused on big data and forens authentication/authorisation engineering and testing capabil effective fight against malw (Advanced Persistent Thre emphasises need for mechanism of personal data and for trainin awareness. Topics from Or roadmap are focused on socie cyber security, on adaptation
nsions has been described in me structure. Firstly, the top OR dimensions have been are 14 key topics in the from Technical part are sic aspects, improvement of
mechanisms, security ities, as well as on means to ware, botnets and APTs eats). Human dimension
ms regulating use and reuse ng and raising cyber security rganisational part of the etal and cultural aspects of
light of international nature of cyber terrorism, as well as on cooperation betw (e.g. SMEs) and supporting EU ins Regulatory dimension are composed topics: investigatory powers aspects, i Common and Roman code law, forens standards, as well as standards for data borders.
For each topic, the roadmap speci objectives with assigned milestones and those milestones.
Totally, we have almost 60 objectiv milestones that are considered as m research agenda, leading to more effec cyber crime and cyber terrorism until 20 roadmap structure is presented in the Fi are additions planned for the second yea duration).
Figure 6. Structure of the CAMINO r
Our idea is to assure wide consensus the CAMINO roadmap suggestions with and stakeholders groups.
Therefore, the initial roadmap will validated with the experts. In particular be presented in the following events:
• CAMINO session at MWC in Bar • Cyber attacks 2015 conference in
crime and cyber ween organisations stitutions. Finally,
of the following interoperability of sics and evidential a protection across
ifies a number of actions to achieve
ves and about 300 micro-steps in our
ctive fight against 25. The CAMINO gure 6 (red blocks ar of the CAMINO
roadmap.
and agreement on hin relevant experts
be discussed and it has been or will
rcelona (March), n Torun (March), • Closed meeting of CA (April), • CAMINO-COURAGE (April), • CAMINO workshop in L • ICT crime conference in During the second year duration we plan to specify exi agenda and to add new one roadmap more complete. In pa cross-domain topics, namely: fight cyber crime and cyber cyber security awareness.
ACKNOWLED
This work is partly fu Commission under grant numb The support is gratefully acknow
REFEREN [1] U.S. Department of Homelan
Cybersecurity Research”, Novem [2] Evangelos Markatos, Davide Roadmap for Systems Security Project), August 2013. [3] NIST (National Institute of Sta
Roadmap for Improving Critic February 2014.
[4] Perry Pederson, Tim Roxey, Jeff Cybersecurity of Control System Systems Joint Working Group), S [5] Katie Jereza et al., ”Roadmap to Cybersecurity”, ESCSWG (En Working Group), September 201 [6] U.S. Department of Homeland Se
Secure Control Systems”, 2010. [7] Jeffrey Berenson, et al. ”The Ro
in the Transportation Sector”, T Systems in the Transportation 2012.
[8] Jack Eisenhauer, Paget Donnell “Roadmap to Secure Control Sy Department of Energy, U.S. De January 2006.
[9] Seth Johnson, Bruce Larson, “Roadmap to Secure Control Sys Sector Coordinating Council C (WSCCCWG), March 2008. [10] ENISA website, National Cyber
Available at: http://www.enisa.eu CIIP/national-cyber-security-stra security-strategies-in-the-world [11] EU NIS Platform Working G
Landscape Deliverable, J https://resilience.enisa.europa.eu/ documents/wg3-documents/state-landscape/at_download/file
AMINO with COURAGE
workshop in Montpellier
London (June), n Szczytno (June).
of the CAMINO project isting points in the research es to make the CAMINO articular we plan to add new
Comprehensive system to terrorism, and raising the
DGEMENT
funded by the European ber FP7-607406-CAMINO. wledged.
NCES
nd Security, “A Roadmap for mber 2009.
Balzarotti, ”The Red Book: A y Research”, SysSec (FP7 NoE andards and Technology), ”NIST cal Infrastructure Cybersecurity”, f Gray, ”Cross-sector Roadmap for ms”, ICSJWG (Industrial Control September 2011.
Achieve Energy Delivery Systems nergy Sector Control Systems 1.
ecurity, ”Dams Sector Roadmap to oadmap to Secure Control System The Roadmap to Secure Control Sector Working Group, August ly, Mark Ellis, Michael O’Brien, ystems in the Energy Sector”, U.S. epartment of Homeland Security, Dave Edwards, Kevin Morley, stems in the Water Sector”, Water Cyber Security Working Group r Security Strategies in the World, uropa.eu/activities/Resilience-and- ategies-ncsss/national-cyber-Group 3, Secure ICT Research
uly 2014, Available at: