Main Research Gaps in Cyber Security

Comprehensive  Approach  to  cyber  roadMap  

coordINa5on  and  develOpment  

Main Research Gaps in Cyber

Security  

María  Pilar  Torres  Bruna  

Index  

• 

_{CAMINO  WP2:  Iden8fica8on  and  Analysis  of}  

Main  Research  Gaps  and  Challenges  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

•  WP2  Objec5ve:  Iden8fica8on  of  main  cybersecurity  GAPS  to  reduce  in  the  

next  years  throughout  the  European  Union.     •  How?  

–  Thought  the  study  of  exis8ng  roadmaps  and  guidelines.     –  Iden8fying  promising  solu8ons  of  current  research.  

–  Taking  into  account  the  results  of  a  risk  and  market  analysis.    

–  Though  end  user  perspec8ve,  though  interviews  and  ques8onnaires.     –  With  a  final  THOR  analysis.    

•  Main  INPUT  for  the  final  roadmap  defini5on

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

WP2  tasks:

1.  Analysis  of  exis8ng  cyber  security-­‐related  guidelines,  roadmaps  and   strategies.  

2.  Cyber  security  domain:  market  and  risks  analysis.  

3.  Inventory  of  current  technologies  and  technology  challenges.   4.  Cyber  security  experts  interviews.  

5.  Iden8fica8on  of  current  cyber  crime  and  cyber  terrorism  research  

gaps  and  challenges.  

More  detail  about  ac5ons  defined  and  launched  for  each  of  the  

phases.    

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  1:  Analysis  of  current  cyber  crime  and  cyber  terrorism  

documents.

–  Documents  from  different  sectors  requiring  cyber  security  

capabili8es.  

–  Reports.  

–  Roadmaps.  

–  Na8onal  strategies.  

–  Best  prac8ces  and  strategies  to  counter  cyber  crime  and  cyber  

terrorism.  

–  Relevant  projects  to  cope  with  cyber  crime  and  cyber  terrorism.  

• 

Result:  D1.1  à  State-­‐of-­‐the-­‐art  vision  rela5ng  to  cyber  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  1:  Analysis  of  current  cyber  crime  and  cyber  terrorism  

documents.  

• 

Methodology:  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  1:  summary  of  results  

ADDRESSED  ASPECTS   GENERAL_ROADMAPS  CYBER  SECURITY     SECTORAL_ROADMAPS  CYBER  SECURITY     R&D  PROJECTS   _NINTERNATIONAL  AND   ATIONAL  STRATEGIES   EVALUATION  AND  ASSESSMENT  OF  

SYSTEMS  SECURITY   þ   þ          

IDENTITY  MANAGEMENT   þ       þ      

CYBER  THREATS  AND  VULNERABILITIES   þ       þ      

ANALYTICAL  TOOLS   þ   þ   þ      

PRIVACY  ISSUES   þ       þ   þ  

SITUATIONAL  AWARENESS,  

INFORMATION/KNOWLEDGE  SHARING   þ   þ   þ   þ  

MODELLING  AND  SIMULATION       þ          

SURVIVABILITY  OF  SYSTEMS       þ          

CRITICAL  INFRASTRUCTURE  

PROTECTION       þ   þ   þ  

STANDARDISATION       þ       þ  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  2:  Cyber  security  domain  –  market  and  risks  analysis

–  Iden8fica8on  of  main  european  assets  to  protect.  

–  Assets’  vulnerabili8es.  

–  Main  threats  and  possible  a`acks.  

–  Threat  agents  and  mo8va8ons  for  launching  a  cyber  a`ack.  

–  Risk.  

–  Future  trends  regarding  threats.  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  2:  Cyber  security  domain  –  market  and  risks  analysis

• 

Methodology:    

First,  the  asset  must  be  analyzed  by  indica8ng  how  important  is  this  asset  according   to  its  availability,  integrity  and  confiden8ality  is.  To  this  end,  a  scale  of  0  to  9  will  be   used,  where  0  is  the  least  important  and  9  the  most  relevant  issue.  The  values  are   assigned   to   each   category   on   the   basis   of   the   document   authors   experience   and   opinion.  

Security  Dimensions   Score  (0-­‐9)  

Availability   N  

Integrity   N  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  2:  Cyber  security  domain  –  market  and  risks  analysis

• 

Methodology:  

Threat   Name  of  the  threat  

Security  Dimensions   Availability,  Integrity  and/or  Confidentiality   Description   Description  of  the  threat  

Frequency  (0-­‐1)   Frequency  with  which  the  _{threat  can  affect  asset.}   Description    

Availability  degradation  (0-­‐100)  

Percentage  of   degradation  that  can   occur  if  the  asset  would   be  affected  by  a  threat  to   the  availability.  

Description    

Integrity  degradation  (0-­‐100)  

Percentage  of   degradation  that  can   occur  if  the  asset  would   be  affected  by  a  threat  to   the  integrity.  

Description    

Confidentiality  degradation  (0-­‐100)  

Percentage  of   degradation  that  can   occur  if  the  asset  would   be  affected  by  a  threat  to   the  confidentiality.  

Description    

Availability  impact  (0-­‐10)   [Security  Dimensions  score]*  [availability   degradation]/100=Result  

Integrity  impact  (0-­‐10)   [Security  Dimensions  score]*  [integrity  degradation]/100=Result   Confidentiality  impact  (0-­‐10)   [Security  Dimensions  score]*  [confidentiality  

degradation]/100=Result    

Threat   R&D  Data  Theft  

Security  Dimensions   Confidentiality  

Description  

Theft  of  research  data  can  be  highly  damaging,  particularly  in  the   last  phases  of  a  R&D  project.  The  exclusiveness  on  the  research’s   results,  which  should  be  normally  protected  by  IP  rights  in  order   to  ensure  the  monetization  of  the  final  creation,  is  compromised.   Worst,   stolen   research   may   be   concluded   and   formally   registered,  for  instance  by  unfair  competitors;  when  registration   is  done  in  a  third  country,  the  lawful  holder  of  IP  may  be  unable   to   effectively   prove   the   illegitimate   origin   of   the   registered   creation.  

Frequency  (0-­‐1)   0,2   Description   Even  if  far  from  beinga  common  offense,   R&D   data   theft   affects   RTO’s  on  a  frequent  basis.   Availability  degradation  (0-­‐100)   0   Description   Unaffected  

Integrity  degradation  (0-­‐100)   0   Description   Unaffected  

Confidentiality  degradation  (0-­‐100)   90  

Description   Research   results   are   critical,   “black-­‐list”  data.  R&D  data  theft   may  be  critically  disruptive  to  an   RTO   (for   instance,   theft   of   research   data   from   a   Nobel-­‐ prize   University   research   lab,   a   kind   of   research   critical   to   the   reputation  of  the  institution  and   which  can  mobilize  a  substantial   part  of  the  University’s  budget)  

Availability  impact  (0-­‐10)   3*0/100=0  

Integrity  impact  (0-­‐10)   5*0/100=0  

Confidentiality  impact  (0-­‐10)   9*90/100=8,1  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  2:  Cyber  security  domain  –  market  and  risks  analysis

• 

Methodology:  

Threat   Description  of  the  threat  

Availability  risk  (0-­‐100)   Availability  impact  x  Frequency  x  10  =  Risk   Integrity  risk  (0-­‐100)   Integrity  impact  x  Frequency  x  10  =  Risk   Confidentiality  risk  (0-­‐100)   Confidentiality  impact  x  Frequency  x  10  =  Risk  

  Security  Dimensions   Risk  (0-­‐100)  

Availability   (Risk1+Risk2+…+RiskN)/N  =  Average  Availability  Risk   Integrity   (Risk1+Risk2+…+RiskN)/N  =  Average  Integrity  Risk   Confidentiality   (Risk1+Risk2+…+RiskN)/N  =  Average  Confidentiality  _Risk    

Risk  (0-­‐100)  

(Average  Availability  Risk  +  Average  Integrity  Risk  +  Average  Confidentiality  Risk)  /  3  =  Final  Risk  

 Threat   R&D  Data  Theft  

Availability  risk  (0-­‐100)   0,2*0*10=0   Integrity  risk  (0-­‐100)   0,2*0*10=0   Confidentiality  risk  (0-­‐100)   0,2*8,1*10=16,2  

  _{Security  Dimensions   Risk  (0-­‐100)}  

Availability   (0+1,8+0+2,4)/4=1,05   Integrity   (0+3+0+7)/4=  2,5   Confidentiality   (16,2+21,6+43,2+9)/4=22,5     Risk  (0-­‐100)   (1,05+2,5+22,5)/3=8,68    

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  2:  Cyber  security  domain  –  market  and  risks  analysis

• 

Methodology:  

Asset Asset  average  risk

Payment  systems 19,15

Embedded  systems 14,32

Banking  and  financial  services 10,09

Personal  Data 8,86

Intellectual  Property  Rights 8,68

Cloud  infrastructures 8,85

On-­‐line  services  /  web  applications 7,45

Critical  information 7,14

Mobile  devices  (tablets,  smartphones) 6,62

Critical  infrastructures 6,146

Communications  with  satellites,  weather  stations,  

aircrafts 5,78

Workstations  (users'  equipment:  desktops) 4,58

People  (citizens  and  employees) 3,4

Transport  assets  (airplanes,  railways,  etc) 2,05

Unmanned  systems 1,6

• 

Task  3:  Inventory  of  current  technologies  and  technology  

challenges

–  Current  cybersecurity  technologies  iden8fica8on.  

–  Enabling  and  disrup8ve  technologies  iden8fica8on.  

–  Technology  evalua8on  defining  its  current  TRL  (Technology  Readiness  

Levels).  

–  Maturity  assessment  from  the  market  adop8on  perspec8ve,  Gartner  

Hype  Cycle.  

–  SME  Relevance  and  Phase  of  Protec8on.  

–  Technologies’s  trends  and  challenges.

•  Result:  D2.3  à  Cyber  security  Technology  state  of  the  art  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  3:  Inventory  of  current  technologies  and  technology  

challenges

• 

Methodology:  

R&D   TRL  (L,M,H)   M  

SME  Relevance  (1-­‐3)   3  

Market  Adoption   Gartner  Hype  Cycle  (1-­‐5)   5  

SME  Relevance  (1-­‐3)   3  

Phase  of  Protection   Pro-­‐active   Y  

Real-­‐time   Y   Re-­‐active   Y    

• 

Task  4:  Cyber  security  experts  ques5onnaire  and  interview:    

–  Ques5onnaire  with  topics  including:    

•  Assets,  threats  and  vulnerabili8es.  

•  Technologies.  

•  Cyber  a`acks  agents  and  main  illegal  ac8vi8es  in  cyber  space.  

•  Human   issues   related   with   cyber   security   and   ethical   issues  

rela8ng  to  responding  to  cybercrime/cyber  terrorism  ac8ons.  

•  Future  trends.  

–  Face   to   face   interviews   to   acquire   knowledge   from   the   selected  

experts  complemen8ng  the  findings  from  the  ques8onnaire.  

• 

Result:     D2.4   à   Cyber   security   experts   visionà   GAPS  

confirma8on  and  iden8fica8on  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Research  Gaps  and  Challenges  

• 

Task  4:  Cyber  security  experts  ques5onnaire  and  interview    

• 

Methodology:    

–  Ques8onnaire  of  13  ques8ons  developed  and  

agreed  by  the  consor8um.  Distributed  to  cyber   security  providers  and  consumers  to  know  end   user  perspec8ve.  

–  Interviews  developed  to  go  in  the  detail  of  

ques8onnaire  results.    

• 

Task  5:  Iden5fica5on  of  current  cyber  crime  and  cyber  

terrorism  gaps  and  challenges:

–  Collec8ng  the  findings  from  the  previous  ac8ons.  

–  Partners  knowledge  in  the  fields  addressed.  

–  Current  cyber  security  related  requirements,  challenges  and  gaps  are  

iden8fied.    

–  Comprehensive  mul8-­‐dimensional  analysis,  (THOR),  is  reported.  

–  Baseline  material  for  workshops,  guidelines  and  roadmap  

development.  

• 

Result:  D2.5  à  Current  cyber  crime  and  cyber  terrorism  gaps  

and  challenges  

CAMINO  WP2:  Iden8fica8on  and  Analysis  of  Main  

Required  capabili5es  and  GAPS  iden5fied  

• 

Technical  and  Tes5ng  Capabili5es:  

– 

Fight  against  growing  and  evolving  malware  and  botnets  

•  Decryp'on  of  the  BOTNETs  command  and  control  channel  

– 

Denial  of  Service  (DoS)/Distributed  Denial  of  Service  (DDoS)  

Protec8on  

•  Automa'c  and  self-­‐learning  applica'ons  for  mi'ga'ng  DDoS  acts  

– 

Intrusion  Detec8on  Systems  

•  Research  related  to  proac've  real-­‐'me  solu'ons  

– 

Big  data  for  cyber  security  analy8cs  

•  Reduce  the  Big  Data  for  cyber  security  analysis  infrastructure  requirements  

Required  capabili5es  and  GAPS  iden5fied  

• 

Technical  and  Tes5ng  Capabili5es:  

– 

Cloud  security  and  cloud  forensics  

•  Protec'on  mechanisms  for  Virtual  Machines  

– 

Internet  of  Things    

•  Data  privacy:  criptography  

– 

New  methods  for  Authen8ca8on  and  Authorisa8on    

•  Biometrics  Mul'mode  system  op'miza'on  

– 

Informa8on  sharing  plagorms  or  mechanisms  and  

Dynamic  Risks  Assessments  

•  Development  of  secure  informa'on  exchange  protocols    

Required  capabili5es  and  GAPS  iden5fied  

• 

Technical  and  Tes5ng  Capabili5es:  

– 

Mobile  devices  protec8on    

•  Avoid  the  cryptography  problem  associated  with  encryp'ng  and  

decryp'ng  large  amounts  of  data  and  fast  data  transmission  efficiently,   (Lightweight  cryptography).  

– 

APTs  protec8on  

•  Focus  IPS  methods  on  unusual  behavior  of  users  equipment.  Improved   methods  to  detect  unusual  behaviour.    

– 

Insider  threats  Detec8on  and  Protec8on  

•  Mul'-­‐disciplinarity  security  controls,  involving  policies,  procedures  and   technologies  covering  technical,  behavioural  and  organisa'onal  issues.  

•  Staff  stress  detec'on.      

Required  capabili5es  and  GAPS  iden5fied  

• 

Human  and  ethical  aspects:  

– 

Training,  awareness,  and  management/monitoring/

mi8ga8on  

•  Greater  awareness  of  the  fundamental  differences  between  the  online  and   offline  worlds  as  an  educa'onal  goal.  

– 

Individual  rights  vs  societal  rights  

•  Research  on  criteria  to  decide:  Impact?    

– 

Privacy  

•  Quality  stamps  

•  Criptography  

Required  capabili5es  and  GAPS  iden5fied  

• 

Organiza5onal:  

– 

The  Challenge  of  the  Global  Nature  of  the  Internet  

•  Global  secure  protocols

– 

Challenges  due  to  the  nature  of  Cyber-­‐Crime  

•  Geographical  dispersion  of  aWacker  –  vic'm  

•  Different  organiza'onal  procedures  in  different  countries  

– 

Challenges  and  Obstacles  at  the  Enterprise/Firm  Level    

•  Promote  the  implanta'on  of  a  cybersecurity  structure  among     SMEs  

Required  capabili5es  and  GAPS  iden5fied  

• 

Regulatory:  

– 

Common  regula8ons  and  differences  in  legal  systems  

•  Accelerate  the  process  of  harmoniza'on  of  laws  between  member   countries  in  the  fight  against  cyber  crime.

– 

Technical  language  and  cyber  defini8ons  in  law  

•  To  find  common  defini'ons  not  only  usable  in  juridical  texts,  but  also   adequate  to  be  used  in  juridical  texts  wriWen  in  the  technical  juridical   languages  of  all  of  the  European  countries.  

– 

Slow  evolu8on  of  law  

•   An'cipate  new  relevant  trends  and  to  adapt  regulatory  response  to   them.

Further  details  

Contact:  

camino@ii.com.pl

Visit  CAMINO  web  page:    

 h`p://www.fp7-­‐camino.eu  

THANKS!