2012_NWO-CyberAgenda.pdf

(421 KB) Pobierz
National Cyber Security Research Agenda
— Trust and Security for our Digital Life —
Version 1.2
Editors:
dr.ir. Herbert Bos
(Vrije Universiteit Amsterdam)
prof.dr. Sandro Etalle (Technische Universiteit Eindhoven)
dr.ir. Erik Poll
(Radboud Universiteit Nijmegen)
Contents
1 A National Research Agenda for Cyber Security
2 Focus and objectives
3 The many aspects of cyber security
4 Setting the research agenda
4.1 Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2 Research Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix A. The cyber security research community in the Netherlands
Appendix B. Ongoing ICT security research initiatives
Appendix C. The Sentinels research program
2
3
4
6
6
10
16
22
23
About this document
This document is the result of a series of discussions about the best shape, form and content of a
national research agenda in line with the National Cyber Security Strategy (NCSS). It formulates,
in concrete terms, common thoughts and promising directions for a research agenda in cyber
security. While all contributors rmly believe that a realisation of the agenda requires ambitious
funding, as well as solid governance and embedding, this document addresses only the research
directions.
Acknowledgments
This document has been edited under the coordination of the
ICT Inno-
vatie Platform Veilig Verbonden,
with a broad involvement of researchers from various disciplines
(computer science, law, public administration, cyber crime sciences and police studies) and from
several universities and research centres (RU Nijmegen, VU Amsterdam, TU Eindhoven, Univer-
sity of Twente, TU Delft, Tilburg University, TNO, Novay). Discussions have extensively involved
experts from the industry as well as from (semi-)government organizations.
1
1
A National Research Agenda for Cyber Security
As our reliance on the ICT infrastructure increases, so do concerns about its security. The growing
complexity of ICT systems means that bugs and vulnerabilities are harder to avoid, creating new
opportunities for increasingly sophisticated attackers.
The recent attack on a uranium enrichment
facility in Iran by the Stuxnet worm shows that
strategic interests can attract cyber-attackers
1
.
Unfortunately, the Netherlands is an impor-
tant player in the world of cyber crime. As
the country with the highest broadband pene-
tration and the best quality broadband in the
world, the Netherlands is a prime target for
botnets. As we cannot aord to let cyber crim-
inals erode the trust we and others have – and
need to have – in the ICT infrastructure, or at
least in the services provided through this in-
frastructure, research is needed.
Trust
is a
con-
ditio sine qua non
for normal economic trans-
actions and inter-human communication. It is Figure 1:
President Ahmadinejad of Iran visits the
at the core of social order and economic pros-
uranium enrichment facility in Natanz. The plant
perity, and in an increasingly ICT-dependent
was targeted by the Stuxnet worm (see page 14)
world, the security of ICT plays an ever more
important role here.
There are several reasons to set up a National Research Agenda for Cyber Security:
Security in our ICT-dependent world is crucial, both to protect Dutch society from cyber-
attacks, and to provide the condence and trust in ICT that is necessary for its use.
Investing in security expertise provides strategically essential knowledge for decision makers
to act wisely in complex cases such as electronic passports and online IDs, e-health, cyber-
crime, cyber warfare, smart electricity grids, public transport, smart cars and roads, critical
infrastructure, etc.
Services and products that provide improved ICT security open concrete economic oppor-
tunities that can be reaped by stimulating security research (Ernst&Young, 2011).
This document proposes an ambitious National Cyber Security Research Agenda (NCSR) to
boost ICT security expertise in the Netherlands through research at universities and knowledge
centers, government agencies and companies active in ICT security, and to foster partnerships
between these domains. The
NCSR
Agenda positions itself alongside the NCSS and complementary
activities focused on more short-term and operational goals, such as the establishment of legal and
law-enforcement frameworks to deal with cyber crime, response teams to handle cyber security
incidents, threat analyses and protection of existing ICT infrastructure, awareness campaigns, etc.
1
See
the Stuxnet sidebar in Section 4.2.
2
2
Focus and objectives
The
NCSR
Agenda concentrates on two areas:
Security and Trust of Citizens
This includes privacy protection, security of mobile services,
data and policy management, and accountability.
Security and Trustworthiness of Infrastructure
This includes malware detection and re-
moval, intrusion detection and prevention, trustworthiness of networks and hardware, soft-
ware security, security of SCADA/industrial control systems(ICS), and secure operating
systems.
This ts well with the National Cyber Security Strategy (NCSS), and also with the recent ’Digitale
Agenda.nl’ Ministerie EL&I (2011), that has ‘Digital security and trust’ as one of its action
lines. Moreover, it is in line with the recommendations of the EU advisory board on Research
& Innovation on Security, Privacy, and Trustworthiness in the Information Society (RISEPTIS,
2008).
The
objectives
of the
NCSR
Agenda are to
Improve the security and trustworthiness of the ICT infrastructure.
Prepare the Netherlands for the security challenges of the next 6-12 years.
Stimulate the Dutch security economy.
Strengthen and broaden Dutch security research by fostering cooperation.
There is a potential for tremendous benets by bringing together the dierent sectors and stake-
holders: government, industry, knowledge centers, interest groups and universities. Stimulating
research will also have a big impact on higher education and help in training the next generations
of security experts, incl. PhD students trained as part of research projects, and many more Bache-
lor and Master students that come into contact with the eld. More fundamentally, highly visible
research projects and groups help to attract students to the area.
A useful role model for the
NCSR
Agenda
is the Sentinels research program, that was
launched in 2004 and is now in its nal stages.
Sentinels has proven to be an important cata-
lyst in creating a vigorous ICT security com-
munity in the Netherlands. This community
spans the private and public sectors and links
researchers at universities, knowledge centres,
companies and government agencies. Through
the academic partners involved it has also
provided a boost in education in ICT secu-
rity. (More information about Sentinels in Ap-
pendix C) . Where Sentinels was largely tech- Figure 2:
Wikileaks routinely demonstrates the con-
nical in focus, for the
NCSR
Agenda to be a
sequences of information leakage.
success it will also include the wider commu-
nity of alpha and gamma researchers needed to address the challenges of cyber security, as discussed
below.
3
"We have an information leak.
What happened?"
"Can we apply IPR protection law
to close down USENET groups that
host copyrighted material?"
"Assess resilience of electricity
grid against cyber threats"
"How can access control for
SCADA systems be improved?"
"Develop technology to
detect information leakage
automatically"
"Develop new legislation
to handle security incidents in
Cloud computing"
"Develop new analysis
techniques for software"
Design a next−generation
citizen e−ID card"
"Develop new forms
of cryptography"
"Is the new public transport
card secure?"
consultancy
shorter term
applied
e.g. NAVI subarena
longer term
applied
scope of an NCSR Program?
fundamental
research
ad−hoc
Benefits:
− citizens
− small/medium sized companies
− government − large corporations
etc.
Figure 3: The spectrum of ICT security research problems – with examples
Take home message:
The
NCSR
Agenda sets the strategic research agenda for cyber security
research and education in the Netherlands, involving stakeholders from
several elds and several organisations. The
NCSR
Agenda endeavours to
improve cyber security through research, leading to the creation of new,
high-quality jobs.
The
NCSR
Agenda
focuses
on the following research topics:
1.
2.
3.
4.
identity, privacy and trust
malware
forensics
data & policy management
5. cybercrime/underground economy
6. risk managing, economics, legislation
7. secure design & engineering
3
The many aspects of cyber security
Cyber security issues are no longer limited to traditional computer systems, such as PCs and
laptops. Rather, they surface everywhere, from electricity and water supply systems to the health
service, from public transport to smart cars, from implants to supply chains, and from banking
and logistics to the emergency services.
Addressing cyber security involves many domains of expertise, or
disciplines.
We do not just
need technical expertise to detect and stop attacks – or better still, prevent them. We also
need laws and regulations that better t computer crime, and we need to better understand the
forms and causes of cyber crime, the eectiveness of measures, including law enforcement, the
underground economy, and see where economic drivers for implementing security measures are
lacking and regulation may be needed.
In the disciplines involved in cyber security, we can make a rough distinction between:
4
technical aspects: the
β
disciplines of computer science and engineering, and neighbouring
areas of mathematics (notably cryptology) and electrical engineering.
human (or non-technical) aspects: the
α
and
γ
disciplines of law, criminology, (business)
economics, (information) management, applied ethics, psychology and sociology.
These disciplines involve very dierent communities, with radically dierent backgrounds and
traditions. The
NCSR
Agenda will stimulate collaboration between them: combining insights
from dierent elds will be crucial for addressing some of the challenges in cyber security. For
example, law enforcement will require a combination of technological, criminological, and legal
aspects, while some technical security measures, e.g. Deep Packet Inspection, raise important
ethical and legal questions. The
NCSR
Agenda provides a real opportunity where the Netherlands
can show the way forward by establishing serious collaboration between these communities.
The dimensions of the
NCSR
Agenda
The
NCSR
Agenda covers the central research challenges in cyber security across
its many dimensions:
the dierent
disciplines:
the
β
disciplines of computer science and en-
gineering, and neighbouring areas such as cryptology, and the
α
and
γ
disciplines such as law, criminology, (business) economics and (informa-
tion) management.
the dierent
application domains,
such as critical infrastructures, in-
ternet and telecom, nance, e-government.
the dierent
stages:
prevention, detection, analysis, response+recovery,
governance.
the dierent
layers:
the basic infrastructure of networks, hardware, and
software (e.g. for internet, cloud computing, or pervasive systems); the ap-
plications, services, and service providers; the content, content providers,
and users.
The research will involve and benet the entire eld: industry, knowledge centers, and the
various levels of government. Similarly, research will comprise both visionary, long-term aspects
of cyber security (how do we prepare for the security issues in 2020 and beyond?), and more
immediate goals (how do we deal with a future Stuxnet-like attack on a power plant in the
Netherlands, and guarantee sucient resilience?).
Short vs long term research
Cyber security research spans a broad range from short-term to long-term, applied to fundamen-
tal, and focused to broad, as illustrated in Fig 3. At one end of the spectrum are short-term
consultancy-type projects, e.g., to evaluate security concerns or proposed solutions. Because of
their urgent and ad-hoc nature, these do not easily lend themselves to synchronisation in a broader
research program. At the other end of the spectrum is fundamental scientic research, carried out
at universities. Longer term research, both applied and fundamental, often involves training of
PhD students.
Intermediate forms are carried out internally inside many companies and organisations, but
also occur as separate projects across organisations, for example projects funded for the NAVI
Sub-arena, which focuses on vital ICT infrastructure, and the EZ/STW/NWO/ICTRegie ‘Sen-
tinels’ program, which has a broader scope of pre-competitive security research in public-private
partnership between industry and knowledge centres.
Although dierent types of organisations may typically be involved in more short-term or long-
term research, these do not form separate and isolated communities. This is important for sharing
5

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin