280 likes | 577 Vues
Perspectives for Trust and Security in the future Digital Society Scope for actions eGov Workshop Brussels – Public Finances: ICT Solutions using SOA & Web Services 19 February 2009 - Brussels. Dirk van Rooy, Ph.D. DG Information Society and Media European Commission.
E N D
Perspectives for Trust and Security in the future Digital Society Scope for actions eGov Workshop Brussels – Public Finances: ICT Solutions using SOA & Web Services 19 February 2009 - Brussels Dirk van Rooy, Ph.D. DG Information Society and MediaEuropean Commission The views expressed in this presentation are purely those of the speaker and may not in any circumstances be regarded as stating an official position of the European Commission.
CONTENT • Context • Policy basis • Ongoing Research • Opportunities: • ICT Programme • ICT Policy Support Programme
Information Society Agricultural Revolution Industrial Revolution Information Revolution 21st 19th 3000 B.C. 15th Writing Printing Press Photography Internet
The Knowledge Society Ubiquitous Knowledge Networked TRUSTTechnical framework for Identity, Transparency and Accountability in the age of ambient intelligence ? Information Local Data PETs Privacy Enhancing Technologies First generation data protection and legislation
The Five Freedoms Free movement of 1. Goods 2. Persons 3. Services 4. Capital1 5. Knowledge2 • 1986 - Single European Act • 2007 - Green Paper COM(2007) 161 http://ec.europa.eu/research/era/pdf/era_gp_final_en.pdf
Future Internet: Complexity! Trillions of components and transactions and zetta bytes of data • Scalability • Dependability • Resilience Collaborative Security! End-to-End security and trust in highly complex networks and services! Non-functional requirements (trustworthiness) part of the design and construction
Phishing attacks soar in the UK Internet security Code red Cyberwar and real war collide in Georgia Grosse faille du web, et solution en chemin Revealed: 8 million victims in the world's biggest cyber heist The Evolution of Cyber Espionage Web giants spark privacy concerns YouTube case opens can of worms on online privacy La colère associative monte contre Edvige, le fichier policier de données personnelles Cloud computing lets Feds read your email Phorm to use BT customers to test precision advertising system on net UK's Revenue and Customs loses 25 million customer records Big Brother Spying on Americans' Internet Data? Defenseless on the Net Big Brother tightens his grip on the web Six more data discs'are missing' Lessons from SocGen: Internal Threats need to become a security priority Identity theft, pornography, corporate blackmail in the web's underworld, business is booming Internet wiretapping Bugging the cloud Security, Privacy, Trustin the Information Society? Security Privacy Trust
Democratic Societal Values Endangered Species in the Digital Age ? Possible erosion of democratic values. It took generations to build our democratic values – Europe must foster them and carry them into the digital age.
Service oriented architectureService oriented infrastructure • Complex collaborations • Users – systems – services • Heterogeneous: access control, dynamic, dispersed, dependencies, security policies… • Security is paramount – Identity management, confidentiality, data protection, privacy, QoS, traceability, integrity, policy enforcement…
The Crisis: Data collection and usein the interest of the citizen for business, to provide personalized innovative applications and services for citizens, to better communicate and interact, improve the quality of their life (Web 2.0) for governments to service citizens and business (e-government, e-education or e-health) for governments again, to provide public security (protection against crime or terrorism, border-control, protection of critical infrastructures, etc.) trust, user-control, privacy, security proportionality of data storage/use ??
Trust, privacy and security in digital society role of technology The Commission in its First Report on the implementation of the Data Protection Directive: "…the use of appropriate technological measures is an essential complement to legal means and should be an integral part in any efforts to achieve a sufficient level of privacy protection…".
ICT Security & Trust 7th EU Research Framework Programme(FP7: 2007-2013) Total 50,521 M€ StrengtheningCompetitivenessthrough Co-operation
Technology roadblocks Research inSecurity & Trust ICT FP7 - Security & Trust in perspective End-to-end systems for Socio-economic goals Digital libraries & Content Sustainable & personalised healthcare ICT for Mobility, Environment, Energy ICT for Independent Living and Inclusion Pervasive & Trusted Network & service infrastructures ICT for Cooperative Systems Virtual Physiological Human ICT & Ageing Cognitive systems, Interaction, Robotics Future and Emerging Technologies Components, Systems, Engineering Embedded Systems Design Computing Systems Networked Embedded & Control Systems
Trustworthy ICTFuture RTD and policy areas • Trusted Global IdentityFramework: providing global interoperability and enabling informed trust decisions on organisations, people, and digital entities in the Future Internet. Enabling privacy protection in accordance to EU culture • Transparency and Accountabilityof data use in processes, services and policies in ICT systems • Sound risk management for enterprises and consumers (there is no 100% security) • Governancebased on these principlesfor law enforcement and citizen/infrastructure security
Networkinfrastructures Identity management,privacy, trust policies Dynamic, reconfigurableservice architectures 1 Project 9.4 m€ 4 Projects 18 m€ 4 Projects 11 m€ Critical Infrastructure Protection Enabling technologies for trustworthy infrastructures Biometrics, trusted computing, cryptography, secure SW 4 Projects: 3.3 m€ 4 Projects 22.5 m€ 3 Projects 9.8 m€ 4 Projects: 16 m€ 9 Projects: 20 m€ ICT Work Programme 2007-0833 new FP7 projects in Security & Trust 110 M€ Coordination Actions Research roadmaps, metrics and benchmarks, international cooperation, coordination activities
Personalised Services Security in service infrastructures: 4 projects, 18 m€ EC funding Main R&D project priorities • Assuring the security level and regulatory compliance of SOAs handling business processes (IPMASTER) • Platform for formal specification and automated validation of trust and security of SOAs (AVANTSSAR) • Data-centric information protection framework based on data-sharing agreements (Consequence) • Crypto techniques in the computing of optimised multi-party supply chains without revealing individual confidential private data to the other parties (SECURE-SCM)
User-centric Privacy and ID-Management 6 projects, 35.7 m€ EC funding Main R&D project priorities • Sustainable Privacy and Identity Management in Networks and Services; Privacy-enhancing identity management ‘for life’ (PRIMELIFE, PICOS, SWIFT) • Revocable, user-controlled, fingerprint-based biometric identities (TURBINE) • Trusted dynamic and secure services managing and processing personal information based on user-centric data management policies (IP-TAS3) • Privacy-preserving network monitoring system with data protection (PRISM)
The FP7 ICT work programme for 2009-10 Objective ICT-2009.1.4: Trustworthy ICT ICT Call 5: 31 July 2009 – 3 November 2009
Trustworthy Service Infrastructures Trustworthy NetworkInfrastructures Technology and Tools for Trustworthy ICT Networking, Coordination and Support Priority areas for Trustworthy ICT in WP09-10 90 M€ Call 5 (OCT ’09) IPs, STREPs: 80 m€ min 50% to IPs NoEs, CAs10m€
Trustworthy Network Infrastructures • Building and managing the Future Internet • Monitoring and managing threats • Trustworthy communication, computing and storage (real-time management, virtualisation) • Experiments and demonstration • Attention to usability, social acceptance, economic and legal viability
Trustworthy Service Infrastructures • Privacy protecting interoperable services on the FI • User-centric, privacy respecting ID for persons, things and virtual entities • Adaptive frameworks for managing trust throughout life-cycle • Experiments and demonstration • Attention to usability, social acceptance, human self-determination and privacy, economic and legal viability
Technology and Tools for Trustworthy ICT • Focused technology development • in the network (control, things, malware) • for services (ID and privacy mgt tools, risk mgt, verification, certification) • for data management (assurance, integrity, availability, risks, long term storage) • Software assurance, secure software • enabling technologies (biometrics, crypto, trustworthy communication, virtualisation, metrics, certification)
Networking, Coordination and Support • Threats and vulnerabilities • Security and resilience in software and services • Economics of security • Interoperable standards, certification • Legal and societal aspects of technology • International cooperation
ICT Policy Support Programme – WP2009 - Objective 7.1A European infrastructure for secure information management Focus and outcomes • Integration of available technologies for secure information management systems • Piloting deployment in public administrations and private organisations Rationale • Many technologies for data & privacy protection exist • Insufficient deployment, leading to data leakage, loss & theft • International standards exist Main expected outcomes • functional pilot, possibly with applications in different areas • under typical real-life conditions; transferable deployment principles; best practices • contributing to convergence across European organisations
ICT PSP – WP2009 - Objective 7.1A European infrastructure for secure information management Conditions and characteristics • Integration of available security technologies, techniques, tools, policies and procedures into a functional pilot • Technologies such as encryption, single sign-on, strong authentication, role definition, distributed data storage • Combine best available technologies and practices, European convergence • Economic viability for real-life deployment • Public-private partnerships, solution and service providers in ICT security, public admin, private data controllers
ICT PSP – WP2009 - Objective 7.1A European infrastructure for secure information management Expected impact • Towards operational and comprehensive secure information management in daily work environments • Limit information loss; limit unintended use of information; promote accountability • Increase trust in eServices Instrument & funding: • One pilot project, type B, up to 3 M€ funding • minimum 4 eligible legal entities (Member States or associated) • typical duration 24-36 months, with 12 months pilot operating service • Open: 29 Jan. 2009 – close 2 June 2009 • http://ec.europa.eu/information_society/activities/ict_psp/index_en.htm