SMAU - Convegno “ICT Security: panorama internazionale”

Milano, 28 Ottobre 2002

Costruire una Società della Informazione sicura: la prospettiva

Europea

Andrea Servida, Head of SectorDG Information Society - C4

European Commission, Brussels

Lisbon Strategy

“EU: Largestknowledge-basedeconomy by 2010”

The policy context

EnlargementEnlargement

The then candidate

countries are full partners in FP5.

ERA: EuropeanResearch Area

ERA: EuropeanResearch Area

FP6, Eureka, COST, National RTD Programmes… towards a

Single Market for Research

Broadband access, e-business, e-government,

security, skills, e-health, ...

Other policiesOther policies

Single Market, Single Currency, Security of

Europeans, Sustainable Development, ...

Overview of EU Activitiesin Information Security

Regulatory Framework

Regulatory Framework

PolicyPolicy

• eEurope 2005•Cybersecurity Task Force•‘Culture of security’

• JAI initiative on secure VISA•use of biometrics•smart travel documents

• International Fora•OECD•GBDe,•CoE, •G8•...

R&DActivities

R&DActivities

• Trust & Security:75 R&D projects(~80 M€)

• Dependability:•16 R&D projects(~28 M€)•Joint EU-US task force onR&D for CIP

• R&D in information security key in FP6

• Electronic Signature Directive

• Data protection in electronic communications

• Council Resolution on Information & network security

• coordination CERTs• CSTF• Int. Co-operation on

dependency on electronic networks

• Framework Decision on attacks against information systems

• Framework Decision on combating terrorism

NETWORK &INFO SECURITY

CYBERCRIME &TERRORISM

PRIVACY ANDDATA PROTECTION

Intrusion Data retention

Hacking

ID theft

Three angles for actions on security Policy

NETWORK &INFO SECURITY

PREVENT PROSECUTE

PROTECT

eEurope 2005

• Policy initiative for Information Society for All

• Builds on the progress made in eEurope 2002• Internet penetration in houses doubled; legal framework for

eCommerce; Telecom framework in place; fastest research backbone network; etc.

• Sets ambitious targets• modern online public services (eGovernment, eHealth, eLearning

• a dynamic business environment

enabled by

• widespread availability of broadband at competitive prices

• a secure information infrastructure

eEurope 2005: Secure Information Infrastructure

Proposed Actions

• Establish a Cyber Security Task Force (CSTF) - by mid 2003 • supported by Member States and Industry

• centre of competence on security issues

• Develop a ‘culture of security’ - end of 2005• develop best practice and standards

• report on progress issued end 2003

• Secure communication between public servers

the “INDIVIDUAL”

the “Communities” (B2E, B2B, B2C) but also agents, devices, etc.

the “Critical

Infrastructures”

privacy

Identity mangtConfidentialityIPR

Dependabilityinterdependencies

IST Research on Trust & Security

The European Commission’s R&D Programme IST

• 75 projects on Information Security (funding: ~80 M€)

• biometrics, advanced cryptographic primitives, protocols, privacy enhancing technologies, tamper proof devices, authentication technologies, access control, smart cards, etc.

• 16 projects on Dependability (funding: 28.4 M€)• attack tolerance for largely distributed systems• interdependencies between electric and telecom grids• stability of cellular networks• intelligent agents to enhance survivability of large critical

infrastructures

• EU-USA Joint Task Force on R&D for CIP (since 1998)

• a number of workshops involving OSTP, DARPA, NSF, DoE, DoC etc.

Transport

Industry

TelecommunicationsMilitary

C4IPower grid

Civil Defense

FinanceInformation

Infrastructures

Vital humanservices

HackersCyber terrorists Foreign IW agents

Mass Media

Water pumps& sewage

This is a global economic and societal challenge

Critical infrastructure dependability -What’s at stake

The way forward: moving towards FP6

• Security policy interests should not put at risk personal and social rights to privacy, intimacy and confidentiality

• In absence of geographic and jurisdictional boundaries over the network, securing ourselves would mean securing our Economy and Society

• In a global and seamless world, a balanced regulatory approach should be developed leveraging co-operation and social and economic responsibility

• More knowledge and technical capability should be gained on systemic issues pertaining dependability of critical infrastructures …

more research is needed ---> FP6

Road mapping on security and dependability

DDSI

AMSD : Overall Dependabilitye-business

embedded

CIP privacy

PAMPAS

mobile privacy & security

AMSDdependa

ble embedd

ed systems

ACIPcritical

infrastruct.

protection

RAPID

Privacy /

Identity

Mgmt

BVNBiometr

ics

RESET

Smart Cards

STORKCrypto

Dependability policy support

Building

Constituency

Derive

Research

Roadmaps

1 Jan. 2003

Identify stakeholders & derive Research Roadmap

OPEN discussion

1 June 2002

Dissemination

April 2002Closure

Call 1-FP6

WG-ALPINEActive LossPrevention

• IST PROGRAMME• http://www.cordis.lu/ist/

• DEPPY Forum• http://deppy.jrc.it

• EWIS Forum• http://ewis.jrc.it

• eEUROPE• http://europa.eu.int/comm/information_society/

eeurope/news/index_en.htm

• IST PROGRAMME• http://www.cordis.lu/ist/

• DEPPY Forum• http://deppy.jrc.it

• EWIS Forum• http://ewis.jrc.it

• eEUROPE• http://europa.eu.int/comm/information_society/

eeurope/news/index_en.htm

For More Information

andrea.servida@cec.eu.int