Security and Dependability – Strategic Research Agenda for Europe
The Internet and other digital networks have now become an integral part of both our economy and society. But as we are rapidly introducing more information and communication technologies (ICT) to enable services and commerce, private information is at increasing risk, and security and reliability problems have become prevalent. Indeed, today people are becoming more and more concerned about the increasing complexity of information and communication systems and the proliferation of privacy-invasive information gathering sources and techniques. In their online daily interactions, they often find themselves faced with high-profile losses of their personal information and with viruses, spam, phishing and other crimes of growing severity and sophistication. As a result, they find themselves in the undesirable position where they must put ever more trust in something which they have little or no way of properly understanding or assessing. To build an information society that will deliver growth and prosperity, we need to tailor ICT to business and social needs, and to ensure that they become useful tools for economic and social innovation. The starting point for making ICT useful is to foster trust and to safeguard security in a networked world. In this respect, Europe’s research framework programmes are committed to the establishment of an infrastructure of solid security and dependability. The Information Society Technologies (IST) SecurIST project is a Co-ordination Action that has been charged with the preparation of a European strategic research agenda in the field of ICT for Security and Dependability, for the upcoming 7th Research Framework Programme (FP7, 2007–2013). In order to achieve this objective, the SecurIST project has established two fundamental bodies: the European Security and Dependability Task Force (STF) and the SecurIST Advisory Board. The STF currently comprises 180 members spread across thirteen fundamental thematic areas (initiatives) of research. It provides a forum for consolidation and consensus building. The thematic initiatives are shown in the diagram below, which provides a visual interpretation of how these initiatives are integrated and work together. The SecurIST Advisory Board is composed of European experts in information security and dependability. The charter of the board is to oversee, review, enhance and promote results from the STF (see www.securitytaskforce.eu). In June 2006, based on inputs from the STF, the SecurIST Advisory Board has issued a document presenting its recommendations for a future security and dependability research framework in Europe, for the period 2007-2013. Under the title `From “Security and Dependability by Central Command and Control” to “Security and Dependability by Empowerment”’, the Advisory Board is recommending the following nine key research areas: Empowerment of the Stakeholders: Stakeholders of the information society include individual citizens, industry and academia, non-governmental organisations and governments. Empowerment of the stakeholder is vital as there is a clear technological trend towards decentralisation of technology, as well as of its management and control. Responsibility, authority and control have to move further towards the end user. Europe-specific Security and Dependability: Europe has a very specific heterogeneous culture, history and set of attitudes towards trust and society that requires specific research profiling. Robustness and Availability of the Infrastructure: Further research efforts are needed for the assurance of ICT network and service infrastructures, as well as the robustness and availability of critical infrastructure, such as health, energy, transport and finance. Interoperability: Research on the interoperability between security and dependability technologies and standards. Processes for Developing Secure and Dependable Systems: Research into the systematic improvement of secure and dependable system development (including hardware and software) from their design phase. Security and Dependability Preservation: In an increasingly complex world of evolving requirements, technologies and systems, the maintenance of effective system security and dependability is critical and is essential for preserving user confidence. User-centric Security and Dependability Standardisation: Strengthen the structured involvement of end users and their respective representatives into relevant standardisation activities involving security and dependability technologies. Security and Dependability of Service Oriented Architectures (SOA): The need to establish and maintain trust and to manage policy regulations and service level agreements in an SOA context, together with commensurate advances in software engineering to deliver service expectations. Technologies for Security: Underlying all of these other research areas is the need to provide higher assurance of trusted communication and handling of digital information. The two fundamental sciences and technologies highlighted are (a) cryptology and (b) trusted functionality and computing. In addition to these nine key research areas, the Advisory Board presented four future grand challenges covering a long-term (10- 20 years) vision. They illustrate potential longer-term possibilities and implications. Countering vulnerabilities and threats within digital urbanisation: This challenge addresses open problems that we will face in security and dependability from the expansion and globalisation of digital convergence by 2010-2015. Duality between digital privacy and collective security: digital dignity and sovereignty: This deals with future privacy issues of all stakeholders, whether citizens, groups, enterprises or states. It addresses the problem of how to override the `Big Brother’ syndrome and `dark security’, i.e., the future assurance of digital sovereignty and dignity for the various stakeholders. Objective and automated processes: This challenge addresses the problem of how to attain a controllable and manageable world of complex digital artefacts by 2015 and how to inject regular, quantitative techniques and engineering to make the field truly scientific. Beyond the horizon: a new convergence: This last challenge deals with the preparation of a new convergence looking to 2020 and beyond, which is the bio-nano-info-quantum `galaxy’, and the new security and dependability challenges that will emerge. During July – September 2006, there was an on-line consultation process to enable the security and dependability communities to provide feedback on the Advisory Board’s report. The Advisory Board is revising the report based on feedback from the consultation and will be issuing a new version at the end of January 2007. The new version of the report and other relevant documents will be available at: www.securitytaskforce.eu. Dr Stephan Lechner(stephan.lechner@ siemens.com) is Head of Central Security R&D at Siemens and a member of the Permanent Stakeholders Group established by ENISA. James Clarke (firstname.lastname@example.org) is a Programme Manager at the Telecommunications Software & Systems Group (TSSG) of the Waterford Institute of Technology (WIT) in Ireland, the co-ordinator of SecurIST.