Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Slides:

Advertisements

Similar presentations

Session 3: Safer Services in a Digital Society Security with RFID Gérald Santucci European Commission Head of Unit DG INFSO/D4.

Advertisements

Strengthening innovation in chemical clusters

A strategy for a Secure Information Society –

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.

High-Performance Computing

Enav.it Session 3 Steps towards the SESAR deployment and the ATM system modernisation.

Insert title/footer text here World Class Commissioning Sarah Crawley CEO ISE.

 DB&A, Knowledge Management Within and Across Projects June 15, 2012 INNOVATION for a better world.

SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security.

6th MSDI Working Group Meeting

1 Telstra in Confidence Managing Security for our Mobile Technology.

HOW INNOVATIVE IS YOUR ORGANISATION? Dr. Sandra M. Dingli The Edward de Bono Institute UNIVERSITY OF MALTA.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

(Geneva, Switzerland, September 2014)

CHAPTER 9 DEVELOPING BUSINESS/IT STRATEGIES. IT Planning Planning an information system doesn’t start with bits, and bytes, or a Web site. It starts with.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

Overview on partnering opportunities for SMME’s from a large firm’s viewpoint CESA Conference 11 November /11/08.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

1 Table of Content 1.Business Diagnostic - Establishing a case for change –Changes in demand –New opportunities –Emerging threats 2.Vision Creation - Defining.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

2-Oct-15 1 Introduction to Software Engineering Softwares Importance of SWE Basic SWE Concepts ICS Software Engineering.

2-Oct-15 Introduction to SWE1 Introduction to Software Engineering Softwares Importance of SWE Basic SWE Concepts.

Quality Management.  Quality management is becoming increasingly important to the leadership and management of all organisations. I  t is necessary.

EISAS Pilot Collaborative Awareness Information Dissemination to EU Citizens & SMEs 1.

Policy options and recommendations José Palacín Chief, Innovative Policies Development UNECE Minsk, 19 June 2014.

| The Planning and roll-out of accessible and human-centred public transport services in Europe The cities’ perspective Karen Vancluysen, Polis.

EIT ICT Labs ICT Innovation & Education & Business Our mission is to foster innovative technology and entrepreneurial talent for economic growth and quality.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

A new start for the Lisbon Strategy Knowledge and innovation for growth.

Key Barriers for the ICT Research Sector in Serbia, and Recommendations for Future EU- Serbia Collaboration Miodrag Ivkovic, ISS Milorad Bjeletic, BOS.

Social and Professional Issues in IT Roshan Chitrakar.

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

1 Software Engineering Ian Sommerville th edition Instructor: Mrs. Eman ElAjrami University Of Palestine.

Agency for International Science and Technology Development Programmes in Lithuania IST IN FP6: COVERAGE AND MAIN TARGETS Dr. Rimantas Skirmantas International.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

Collaboration in eRegion- ICT for Growth and Empowerment Bror Salmelin Head of Unit, New working environments European Commission, DG Information Society.

1 EUROPEAN INNOVATION POLICY: Innovation policy: updating the Union’s approach in the context of the Lisbon strategy Thursday, 9 October 2003 Sofia, Bulgaria.

Kathy Corbiere Service Delivery and Performance Commission

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

Slide 1 Eurostat Unit B3 – Statistical Information Technology ITDG on October 2004 IDAbc Eurostat’s proposal for a statistical project in the European.

LSEC H2020-DS - & CIP Ulrich Seldeslachts, Brussels, January 27th, 2016.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Date: in 12 pts Digital Entrepreneurship The EU vision, strategy and actions First meeting of the Member States Board on Digital Entrepreneurship Brussels,

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.

OPEN SCIENCE AND RESEARCH LEADS TO SURPRISING DISCOVERIES AND CREATIVE INSIGHTS Welcome from Ministry of Education and Culture The NeIC 2015 Conference,

NETWORKS OF EXCELLENCE KEY ISSUES David Fuegi

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Basic Principles of Good Management

Chapter 1- Introduction

Dallas Integrated Higher Education Network

Securing Information Systems

8 Building Blocks of National Cyber Strategies

Opening Remarks European Commission CEOS 2018 Chair

COLLABORATIVE SECURITY An approach to tackling Internet

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

WIS Strategy – WIS 2.0 Submitted by: Matteo Dell’Acqua(CBS) (Doc 5b)

SwafS Ethics and Research Integrity

SwafS Ethics and Research Integrity

Assessing organised crime: threat, anticipation and future

CEng progression through the IOM3

Presentation transcript:

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security Agency SRC’10 Research, Development & Innovation For a More Secure Europe. Oostende /6/20101

Who are we? The European Network & Information Security Agency (ENISA) was formed in The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security. We facilitate the exchange of information between EU institutions, the public sector and the private sector.

The Big Picture Secure ICT systems are essential for economic and societal development Complexity of global networks is increasing, as is the number of people having access to these networks. The number of security breaches is growing. Such breaches can have a major effect on people’s lives – think of the impact of privacy issues. They often lead to financial damage. As a result, they undermine user confidence. The economy of Europe is at stake if we do not manage security properly

Attack Trends (I) The CERT published an overview of attack trends in 2002 (!). The key points were as follows: Automation; speed of attack tools. Increasing sophistication of attack tools. Faster discovery of vulnerabilities. Increasing permeability of Firewalls. Increasing asymmetric threat. Increasing threat from infrastructure attacks. These trends remain valid to this day.

Attack Trends (II) But there are some new trends….. Some attacks are changing: Malicious code as a way of supporting botnets. The evolution of botnets as a commercial tool. Threats of denial of service against targeted web sites in order to extort payment. Others are becoming more important: Phishing & Identity theft. Data theft and data leakage.

The Real Issue Attackers have learnt how to exploit the weaknesses created by the new business model and are themselves becoming more efficient. The window between the publication of a vulnerability and the appearance of exploit code is continually decreasing. The real issue - As businesses strive for greater speed and efficiency, it becomes more difficult to maintain an effective system of internal controls. The solution to this problem lies in how people react, not technology.

Priorities Priorities for addressing the challenges to NIS at the EU level are: The creation of a knowledgeable and proactive NIS community throughout Europe The development of secure infrastructure and services The establishment of a framework for managing identity, accountability and trust This is based on the following considerations: Technology will only achieve its goal if it is used willingly and appropriately Electronic services must be secured in a coherent manner, where architectural components reinforce each other.

Effectiveness & Efficiency Effectiveness is doing the right thing. Efficiency is doing the thing right. Where security is concerned, effectiveness is much more important than efficiency. The major tool used to decrease OPEX costs is to increase efficiency.... We need to concentrate more on effectiveness. This is where innovation and research can help.

The Role of Innovation It is not uncommon to see engineers discussing solutions before the problem has been completely understood. As a result, many of today’s security solutions are based on old ideas. The concepts upon which these solutions are based cannot offer the level of scalability and flexibility that is required to secure modern business environments. Sometimes, we are not really solving the problem at all.... Innovative ideas are required to develop approaches that solve the right problems and take account of the right constraints.

The Role of Research More research is needed in a number of areas.... Economics: What are the barriers to uptake of new security solutions? How well is the supply of security solutions mapped to the demand? Societal Issues: Why are existing tools not being used in an optimal fashion? How do we encourage citizens to adopt simple risk management techniques in the electronic world? Technical Issues: Which security models are most appropriate for tomorrow’s electronic services? How do we build scalability and flexibility into security solutions?

Some Final Thoughts.... Real security is not algorithmic – it is based on a thorough understanding of the problem and constraints. Security engineers tend to be extremely good at spotting logical errors but are poor at challenging assumptions. Security solutions that look good at face value can fail miserably when analysed at a more fundamental level.... These problems can be attributed to the way in which we think about security – there is a clear need to challenge existing beliefs at a very fundamental level. This is a task for the R&D community.