210 likes | 221 Vues
This seminar explores major trends in cyber security, focusing on ICT trends in the "after-broadband century" and the challenges posed by the increasing complexity of networked systems. Topics covered include M2M communication, connected cars, smart cities, and the emerging communication technologies of the future. The seminar aims to address the cyber security problem and find solutions to ensure resilience, security, and privacy in flexible networked systems and organizations.
E N D
Dagstuhl Seminar 2015 on Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations Security in the Electronic UniverseMajor Trends Helmut Leopold Head of Digital Safety & Security Department AIT Austrian Institute of Technology Dagstuhl, April 15-17 2015
Cyber Security - Overview • ICT Trends in the „after-broadband century” • The Security problem • The Shift in user behavior • The IT industry problem
The „after-broadband“ ICT Trend – M2M Communication • 60% of all innovation by electronics • Intelligent traffic-control saves more CO2 as estimated e-vehicle-fleet in 2030 Connected Cars • Intelligent energy production,distribution and use - renewable energy – smart grid • Ernergy management at home- smart home • New energy storage (PHEV) Connected Utility • Closed loop healthcare - Telemedicine for new widespread diseases – diabetes, cardic insufficiency, overweight • Prevention and care; Lifestyle management Connected Patients • Environmental sensors • Smart camerasforpublicsecurity • Citiceninformationsystems • eGovernment • Sensor networksforproduction • Environmental sensors • Smart camerasforpublicsecurity Smart City Industry 4.0
ICT Trends result in complexity & impact • The complexity of ICT systems is increasing • Landing on the moon with 7.500 Lines of Code • Today: F-35 fighter jet: 5,7 Mio; Boeing 787: 6,5 Mio; Mercedes S-Class: 20 Mio; Chevrolet Volt: 100 Mio. • Systems are getting more and more interconnected • M2M Communication, Internet-of-Things (IoT), Always-On • Systems of Systems • Virtual Infrastructures (Cloud) • Industry trend towards open network architectures • Open protocols (IP), industry standards • Increased number of „third parties“ • The dependency on ICT systems is increasing • Smart Grid, Smart Home, Smart City, eGovernment, • eCommerce, eHealth, eMobility, …critical infrastructure Increased Numberof Vulnerabilities Cascade Effects Increased Risk Increased Impact
Emerging Communication Technology (1)Future Wireless Communication Systems <2014: 2G, 3G, 4G, WLAN, … • always-on • broadband • designed for human-to-human or human-to-machine communications >2020: Ultra-reliable wireless M2M communications (5G) • monitoring and control applications • low-latency links (< 1ms) • massive number of concurrent M2M links • coordinated local and cellular com. systems • move to mm-Wave frequencies > 30 GHz • Source: G. Fettweis, S. Alamouti, “5G: Personal mobile internet beyond what cellular did to telephony,” IEEE Commun. Mag., Feb. 2014.
Emerging Communication Technology (2)Sensor Networks - Challenges Sensor Fusion Data Analysis What-If- Szenarios Forecast Historical Data • Velocity: real-time data generation • Veracity: data in doubt • all sensor data have an uncertainty • how do we model/describe the behavior of people (social media) • Variety: Data sources are changing Forecast DecisionSupport System Traffic Industry Air 6 • Combination of real-time data with historical data • Modelling and Simulation • Monitoring systems • Fusion of different sensor data
Emerging Communication Technology (3)Broadband Multimedia • Multimedia Content: • Data • Text • Audio • Images • Video Knowledge can only be stored for a limited period of time - in 5 to 7 years the majority of today‘s data will get lost. World-wide we produce more data than HW-Storage space is available! Source: AIT Research, “The Diverse and Exploding Digital Universe” IDC White Paper, March 2008 http://www.emc.com/collateral/analyst-reports/diverse-exploding-digital-universe.pdf • Which functions should be implemented in future networks, in order to enable next gen content management and application support? • How do we store and retrieve the enormous amount of data ? • How to scale? How to automate? BRITISH LIBRARY Source: digitalbevaring.dk Next Gen Content Management Research at AIT
Overview • ICT Trends in the „after-broadband century” • The Security Problem • The Shift in user behavior • The IT industry problem
230.000 new virus types per day! Attacks are distributed, invisible & complex traceability Cyber Security – The Problem Statement Increased system complexity decreased system understanding Increased complexity of attacks APT Advanced Persistent Threats CAIS Cyber Attack Information System Monitoring & Incident response „Classical security protection is dead“ 06.05.2014, DiePresse.com Symantec/Norton ??? No 100% security Cost & risk management – Organizations, Society Increased use of ICT & networking dependability THE critical infrastructure Millennials Patient Cars Home Energy Environment 9 Connected
The Cyber Security Problem is … • A young discipline • 50% of security breaches are supported by user interactions Source: Microsoft Security Intelligence Report 2011, Daten aus 1. HJ. 2011, http://www.microsoft.com/security/sir/default.aspx
Overview • ICT Trends in the „after-broadband century” • The Security problem • The Shift in user behavior • The IT industry problem
The Shift in User Behavior Technology Society interdependency
(1) „The Generation Shift“ From the „Information society“ to the „networked society“. • Boomers … • Technology to “re-invent his personality” • Brought technology from the office to home • X-Generation … generation in contradiction • Millennials … • PC, Internet and Mobile phones to network • bring technologies from home to work Source: Alison Cerra „The Shift Digest“, Alcatel Lucent Study, 2012, www.theshiftonline.com
(2) „The Identity Shift“ – the 3 “Ps” By using new ICT technology , we change our behavior and usage patterns. Source: Wikipedia • Presentation seekers • Protection seekers • Preference seekers Image of an individual within the society How a person sees the privacy On which information we base our decisions (to select products and friends) Source: Alison Cerra „The Shift Digest“, Alcatel Lucent Study, 2012, www.theshiftonline.com
(3) „The Content Shift“ • Connected TV • Social TV • Mobile TV • Personal TV eGovernment, eHealth, eEnvironment, social media@work A newecosystemforcontentproductionandconsumation – „Long Tail“ • Democratisation of tools and production • Easy consumption: lower cost, Internet, Tablet PCs, smart phones • Connection of producer and customer on a flat market • Within a month there are more videos uploaded on to Youtube than from 3 US TV stations in 60 years Source: Chris Anderson, „The Long Tail“, http://www.changethis.com/10.LongTail („in Wired 2004“), AIT Research,
(4) „The Cloud Shift“ „Our head is in the cloud“ „Digital Dementia“ • Data storage and processing are becoming virtual • “bring our own device“ – “data are ubiquitous in location and time” • “Outsourcing from information change our behavior” Source: Wikipedia Source: TIME Magazine, March 2012, AIT Research
Overview • ICT Trends in the „after-broadband century” • The Security problem • The Shift in user behavior • The IT industry problem
Security Trust Next Generation Cyber Security • Governance • Assurance • Risk Management • CAIS Cyber Attack Information System • Recognizing the „unknown“ • Information Sharing – CIIS • Mitigation actions • Encryption - unbreakable keys • Smart approaches without keys – Secret Sharing 18
Start CEOs try to solve the security problem with yesterday´s logic (proprietary systems) Cyber Security - Top Management Challenge Information Security Governance Lack of visibility of security status, resources deployed, and overall performance of programs Information security capabilities not linked to strategic business objectives Application designers are the new system experts CIO roles in organization is changing Are we “secure”? Why is information security important to our organization? Loose scope definition of information security activities creating conflict between managers Units not properly staffed or lack of qualified/trained personnel on information security topics Top Management Visibility & Control IT experts try to protect their system expertise Not IT cost cutting but outcome based IT business Source: AIT research, Booz & Co
Cyber Security vs. increase the productivity in firms • Technology change cycles are increasing • ICT Systems complexity is increasing • Potential security problems become evident • Decreasing of IT-complexity by virtualization of ICT Services (Cloud Computing) • No harmonized governance frameworks in the different countries and markets • Globalization of ICT-Service offerings (economy of scale and scope) • Privacy • Data protection • Management tend to “protect” their systems • public – private cloud • no “connection” to the internet • proprietary systems • Application designers are the new system experts • Based on external IT-Services (Cloud) • Change of the CIO role in companies • Data Scientists, etc. • more systems knowledge • Decreasing IT personnel resources • Decreasing IT investments
Thank you for listening! An idea is not a single thing. The trick to having good ideas is not to sit around in glorious isolation and try to think big thoughts. The trick is to get more parts on the table, which enable us to combine and bring different parts together. A good idea is a network - it is all about bringing people and ideas together ..... Steve Johnson, „Where do innovation or good ideas come from?”, 2010 Helmut Leopold Head of Digital Safety & Security Department helmut.leopold@ait.ac.at AIT Austrian Institute of Technology Digital Safety & Security Department 21