Jacques Bus, Head of Unit Trust and Security DG Information Society and Media European Commission Trust & Privacy EU Research Activities Workshop Cyber Security and Global Affairs 3-5 August, 2009 – Oxford The views expressed in this presentation are those of the speaker and may not in any circumstances be regarded as stating an official position of the European Commission.

CONTENT 1.Overview of ICT Programme and existing work in Trust and Security 2.New Programme on Trustworthy ICT 3.Trustworthy Future Internet 4.International Cooperation

Strengthening Competitiveness through Co-operation Total 50,521 M€ 7th EU Research Framework Programme (FP7: ) ICT Security & Trust

Future and Emerging Technologies Digital libraries & Content Sustainable & personalised healthcare ICT for Mobility, Environment, Energy ICT for Independent Living and Inclusion End-to-end systems for Socio-economic goals Technology roadblocks Pervasive & Trusted Network & service infrastructures Cognitive systems, Interaction, Robotics Components, Systems, Engineering Research in Security & Trust Embedded Systems Design Computing Systems Networked Embedded & Control Systems ICT for Cooperative Systems Virtual Physiological HumanICT & Ageing ICT Work Programme Security & Trust in perspective

Coordination Actions Research roadmaps, metrics and benchmarks, international cooperation, coordination activities 4 Projects: 3.3 m€ Network infrastructures 4 Projects 11 m€ Dynamic, reconfigurable service architectures 4 Projects 18 m€ Identity management, privacy, trust policies 4 Projects 22.5 m€ 4 Projects: 16 m€ Enabling technologies for trustworthy infrastructures Biometrics, trusted computing, cryptography, secure SW 3 Projects 9.8 m€ 1 Project 9.4 m€ 9 Projects: 20 m€ Critical Information Infrastructure Protection 110 M€ ICT Work Programme new FP7 projects in Security & Trust

 Security in Network Infrastructures – Resilience of and across heterogeneous networks – Data gathering & analysis for preventing cyber threats  Security in service architectures – Assuring security level and regulatory compliance – Specification and validation of trust and security of SOAs  User-centric identity and privacy management – In Future Networks and Services (Future Internet) – Trusted SOA enabling user-centric data management policies – Privacy-preserving network monitoring  Critical Infrastructure protection – Interactions and complexity in ICT with other infrastructures – Secure and resilient information and process control systems  Enabling technologies – Crypto; Trusted Computing; Biometrics – Secure software and software assurance Examples of FP7 Project Research

Coordination Actions  Coordinating EU Research in emerging Cyber-threats traffic analysis, malware propagation, malware in wireless technologies, social engineering, … FORWARD  24 months, 890 K€ EC funding  International Cooperation in ICT Security & Trust USA (NSF, DHS), Japan, Australia, Canada, S. Korea INCO-TRUST  30 months, 830 K€ EC funding  Personalisation, Security, Accountability Vs Privacy & Human Values! Roadmapping Trustworthy ICT research THINK-TRUST  30 months, 580 K€ EC funding  Coordinating EU efforts measuring the resilience of computer systems and components AMBER  24 months, 1050 K€ EC funding RISEPTIS Advisory Board

CONTENT 1.Overview of ICT Programme and existing work in Trust and Security 2.New Programme on Trustworthy ICT 3.Trustworthy Future Internet 4.International Cooperation

TRUST: Key in a complex society Securitisation, Isolation, Walls, Protect all TRUST, Agreement, Communi- cation, Protect persons/goods From the ‘walled fortress’ To the ‘open metropolis’ In Internet-based world: Need for Security and Trust and Privacy ICT for a positive-sum game

Towards Trusted & Smart “ everything ” Energy Networks Game Machine Telephone PC DVD Audio TV STB DVC Digital Living S m a r t S p a c e Future Internet Transport Networks eHealth & Health networks

Digital Data Explosion governments to service citizens and business (e-ID, e-government, e-education or e-health) business, personalized applications and services. In clouds for SAAS, … citizens, to communicate and interact, improve the quality of their life (Web 2.0) Governments: provide public security (against crime or terrorism)

Priority areas for Trustworthy ICT in WP09-10 Trustworthy Network Infrastructures Trustworthy Service Infrastructures Networking, Coordination and Support Technology and Tools for Trustworthy ICT Securing the FI Monitoring and managing threats Trustworthy infrastructures & virtual entities Experimentation – Socio-economics In the network (control, things, malware) For services (ID and privacy mgt tools, risk mgt) For data management (integrity, availability, long term storage,…) Software assurance, secure software engineering Enabling technologies (biometrics, crypto, …) STREPs, min 24m€ Privacy protecting interoperable services on the FI Interoperable frameworks for identity management for persons and objects (user-centricity, privacy). Managing trustworthiness throughout life-cycle of service infrastructures Experimentation – Privacy, user- centricity and socio-economics IP, min 40m€ 90 M€ Call 5 CAs, NoEs max 10m€ Threats and vulnerabilities, Security and resilience in software and services, Economics of security, Interoperable standards, certification, Legal and societal aspects of technology, International cooperation

CONTENT 1.Overview of ICT Programme and existing work in Trust and Security 2.New Programme on Trustworthy ICT 3.Trustworthy Future Internet 4.International Cooperation

RISEPTIS Advisory Board for Research and Innovation for Security, Privacy and trustworthiness in the inforamtion Society Input to: Two sides: “User Centricity”: From Principles to Action! Policy Research Future Internet Trustworthiness Mission: develop a European vision on research and policy for trustworthiness and security in the future Information Society Report: Expected adoption 6 Oct.

Security, Privacy, Trust in the Information Society Trustworthy Information Society? End-Users & the Society Policy & Regulation Technology & Innovation Global ICT - national “frontiers” “Economics of security” “Economics of security” Policies for privacy-respecting Trust and Identity? Policies for privacy-respecting Trust and Identity? Complexity, ease of use Role of end-users Society-protecting business models Security, privacy, identity Security, privacy, identity Protection of human values Protection of human values Transparency, accountability Transparency, accountability Auditing and Law enforcement Auditing and Law enforcement

Trustworthiness Trust is a relation, not a property! ‘A trusts B to do X’ ■Trust is: –a pre-requisite for any effective human and enterprise transaction –facilitating economic activity, creativity and innovation –Time, place and context dependent ■User empowerment is crucial! Trustworthiness is: attribute of B as seen by A, dependent on context, culture, knowledge

Globalisation  Internet global, everyone in  No time and location  Little authentication; Anonymity  No mapping to state jurisdiction  State sovereignty  Law enforcement  Citizen protection  Culture and habits Local culture and jurisdiction

European Strengths  Societal values: freedom, privacy, security, social protection  Legal framework for data protection and privacy  Strong research and technology base in ICT and other disciplines  Industrial strength in mobile, services, consumer industry  A history of diplomacy, consensus building and cultural diversity

ICT Agenda  EU e-ID common framework, which also allows for global interoperability  Built-in privacy: minimal data disclosure, anonymity, use for purpose, proportionality  Identification management of digital entities  Trust architectures, models, metrics and tools to support actors in trust decisions  Accountability of data services enforced by auditing  Transparency of data use through mandatory reporting by data collectors  Technology support for law enforcement within accepted legal framework

CONTENT 1.Overview of ICT Programme and existing work in Trust and Security 2.New Programme on Trustworthy ICT 3.Trustworthy Future Internet 4.International Cooperation

Objective 9.2 “Supplements to Support International Cooperation between Ongoing Projects” Target outcome  Cooperation between ongoing FP7 ICT projects and 'partner-projects' funded in other industrialised countries that have an appropriate S&T Agreement  Partner-projects must be able to demonstrate the availability of at least a similar budget for support to the cooperation before the grant is awarded

Inco-Trust: Background  Two Workshops held Nov. ’06 and Apr ’07 –Co-organised by European Commission and National Science Foundation –Brought together researchers engaged in ICT Trust, Security and Dependability (TSD) from EU, US, Japan, Australia and Canada –identifying and scoping research areas that require and will benefit from international collaboration –Identified need for “Core steering group/catalyst”  EC funded Coordination Action INCO-TRUST (International Co-Operation in Trustworthy, Secure and Dependable ICT Infrastructures) to continue and extend including countries: US, Australia, Japan, Korea and Canada.

INCO-TRUST: objectives and progress INCO-TRUST: objectives and progress Objectives  Vision on and prioritisation of research ICT TSD  Facilitating international engagement, collaboration and networking  Exchange visions and results through workshops. Progress  Exploratory visits in Japan, Korea, Australia  First International Workshop held 31 March – 01 April 2009 with program management and researchers from countries aimed at;  Set up working groups aligned to working sessions (Dependability & Security of Future Large scale Networked Systems and Privacy and Trust in the Information Society)  Next Workshop planned Spring 2010 in the United States.

TechnologyEconomy Usage Societal factors Legislation Technology oriented  FOUNDATIONS – Key enabling technologies, new computation/ communication models, crypto models, trust architectures, …  NETWORKS/SERVICES INFRASTRUCTURE ISSUES – TSD relevant network/services issues in the Future Internet.  CONTENT – TSD challenges in data acquisition, dissemination, access and storage. © Suri/DEEDS Group WG1. Dependability and Security of Future Large Scale Networked systems WG1. Dependability and Security of Future Large Scale Networked systems

TechnologyEconomy Usage Societal factors Legislation User-Centric Trust oriented  IDENTITY PROVISION & MGMT Physical, virtual, service, session, device ID’s; ID mgmt issues: who/what/where/when/how?  INTERPLAY OF SECURITY & PRIVACY - E2E Trust-Privacy- Security Envelope, Quantification of Trust-Privacy-Security? Tradeoffs?  INFO ACCOUNTABILITY Appropriate Use, Access Control, Traceability, Governance, Liability, Compliance… Trusted HW/SW Trusted Data Trusted People Trusted Networks Trusted Policies © Suri/DEEDS Group WG2. Privacy and Trust in the Information Society WG2. Privacy and Trust in the Information Society

For further Info INCO-TRUST –Please visit –Contact directly Jim Clarke –Regarding participation to WGs, please contact Prof. Neeraj Suri –Project funded by the European Commission, Unit “Trust and Security” (F5); Duration 01 January 2008 – 31 December Coordinator Consortium