Towards a dependable Information Infrastructure for the EU Andrea SERVIDA Head of Sector European Commission DG Information Society - Unit C/4 B-1049 BRUSSELS

2 OUTLINE The IST Programme European activities in information security FP6: The policy context FP6: The new instruments Dependability in FP6: the roadmaps

3 The IST programme Technology Technology Demonstration KA III Citizens KA I KA II KA IV Work & Business Content & Skills Essential Technologies Key Actions Future and Emerging Technologies Research Networking Cross Programme Clusters AMBIENT INTELLIGENCE IS THE VISION

4 Towards an “all inclusive knowledge society” “Ambient Intelligence” tomorrow “Our surrounding” is the interface Use all senses, intuitive Context-based knowledge handling Infinite bandwidth, convergence,.. Mobile/Wireless full multimedia Nano-scale + new materials Wide adoption (eHealth, eLearning, …) >70% of world-wide population on line IST today PC based …………………………… “Writing and reading”…………….… “Word” based information search..… Low bandwidth, separate networks…. Mobile telephony (voice)…………... Micro scale…………………………. Silicon based………………………… eServices just emerging…………..… Only 5% of global population on-line..

5 Depending on technology Future objective: Develop a “respectful”, productive, innovative and secure Information Society How to go about it Foster a global dialogue on an Information Society respecting the personal sphere, safeguarding resilience, encouraging innovation, enabling productivity Promote the understanding of Interdependencies Share vision on how to depend on technology Innovative R&D Today’s issues: pervasiveness, interdependency and intrusiveness Influencing factors No attention to compatibility between technology and human systems No thinking in terms of privacy respecting Society No coordinated effort to address dependability of information and communication infrastructures Unforeseeable R&D development

6 Critical infrastructures- What’s at Stake ? Transport Industry Telecommunications Military C4I Power grid Civil Defense Finance Information Infrastructures Vital human services Hackers Cyber terrorists Foreign IW agents Mass Media Water pumps & sewage This is a global economic and societal challenge

7 Ethics in the Information Society Future objective: privacy ethics as a key element of the e-society How to go about it Privacy as part of education, training and public debate Socioeconomic research into privacy in the e-society Privacy compatible products and systems Innovative R&D to ensure personal control of privacy Today’s issues: poor understanding and awareness of risks to privacy Influencing factors Globalization Growing connectedness Increasing educated consumer Growing business interest on knowing more about customers Increasing use of digital identities, virtual persona, etc.

8 Overview of EU Activities in Information Security Policy Framework Dependability Initiative Joint EU-US task force on R&D for CIP Dependability Development Support Initiative WG on Information Infrastructure Interdependencies & Vulnerabilities R&D Activities Trust & Security: 76 R&D projects (~80 M€) Dependability 16 R&D projects (~28 M€) R&D in information security key in FP6 Legislation on Information & network security Attacks against information systems Data protection in communications Copyright management eEurope 2005 Cybersecurity Task Force Culture of security International Fora WIPO GBDe OECD...

9 eEurope2002: action on dependability and CERTs –stocktaking on EU CERTs 4 meetings with industrial, research & public CERTs Workshop with MS and experts convened under the Swedish Presidency 2 Workshop on Early Warning & Information Systems 3 projects - EISSP, ECSIRT.NET, TRANSITS - funded from Calls 7&8 –Dependability Development Support Initiative To support the development of dependability policies across Europe and across sectoral boundaries To establish networks of interest, to provide baseline data and to develop policy roadmaps Focus is on 3 thematic areas: Public private co-operative models, early warning, R&D in information assurance –WG on Information Infrastructure Interdependencies and vulnerabilities - set up in cooperation with the JRC 2 technical workshops (2000 and 2001)

10 eEurope 2005 Policy initiative for Information Society for All Builds on the progress made in eEurope 2002 –Internet penetration in houses doubled; legal framework for eCommerce; Telecom framework in place; fastest research backbone network; etc. Sets ambitious targets –modern online public services (eGovernment, eHealth and eLearning) –a dynamic business environment enabled by –widespread availability of broadband at competitive prices –a secure information infrastructure

11 eEurope 2005: Secure Information Infrastructure: Proposed Actions Establish a Cyber Security Task Force (CSTF) - by mid 2003 –supported by Member States and Industry –centre of competence on security issues Develop a ‘culture of security’ - end of 2005 –develop best practice and standards –report on progress issued end 2003 Secure communication between public servers

12 Overview of EU Activities in Information Security Policy Framework Dependability Initiative Joint EU-US task force on R&D for CIP Dependability Development Support Initiative WG on Information Infrastructure Interdependencies & Vulnerabilities R&D Activities Trust & Security: 76 R&D projects (~80 M€) Dependability 16 R&D projects (~28 M€) R&D in information security key in FP6 Legislation on Information & network security Attacks against information systems Data protection in communications Copyright management eEurope 2005 Cybersecurity Task Force Culture of security International Fora WIPO GBDe OECD...

13 DEPPY: its numbers 4 preparatory Workshops held from 1997 to More than 50 EU org. plus some USA 15 org. were involved. 3 Action Lines in IST WP - in 1999, 2000 and 2001; 16 projects are part of DEPPY portfolio for an overall value ~54 million Euro of which 28.4 million Euro is the funding from the Commission; ~100 contractors in projects + some 40 members in 1 NoE; ~20 PO (including 6 from the JRC) have been involved in defining, building and implementing DEPPY; 1 DEPPY Project Workshop - at IC-DSN 2001 in Sweden; 1 Web site - deppy.jrc.it; 1 study on Complexity and dependability - in collaboration with Washington University; 2 Workshops on Interdependencies and vulnerabilities in Information Infrastructures - March 2001 & November 2001; 1 EU WG on Interdependencies and vulnerabilities in Information Infrastructure - since June 2001;

14 Overview of EU Activities in Information Security Policy Framework Dependability Initiative Joint EU-US task force on R&D for CIP Dependability Development Support Initiative WG on Information Infrastructure Interdependencies & Vulnerabilities R&D Activities Trust & Security: 76 R&D projects (~80 M€) Dependability 16 R&D projects (~28 M€) R&D in information security key in FP6 Legislation on Information & network security Attacks against information systems Data protection in communications Copyright management eEurope 2005 Cybersecurity Task Force Culture of security International Fora WIPO GBDe OECD...

15 The EC/USA co-operation The EC-US Science & Technology Agreement provides the framework for the co-operation EC/USA Workshop of Dependability Experts, April “Agenda for Collaboration” Joint Task Force on RTD for CIP - EC/US Joint Consultative Group of the S&T Co-operation Agreement - since 1998 Contacts established with the main funding agencies - i.e. DARPA, NSF, DoE, DoC, etc. Joint Session on CIP at the 2nd EU-US Conference, “New vistas for transatlantic S&T collaboration”, June Joint Thematic Workshops on CIP (2000) and Information Assurance & Survivability (2001) with DARPA and on Interdependencies (2002) with OSTP and NSF 4 Joint Conference Sessions at IST1999, ISW200, IC-DSN2000 and IST Working Workshops, Helsinki (1999), Düsseldorf (2001)

16 The way forward Security policy interests should not put at risk personal and social rights to privacy, intimacy and confidentiality In absence of geographic and jurisdictional boundaries over the network, securing ourselves would mean securing our Economy and Society In a global and seamless world, a balanced regulatory approach should be developed leveraging co-operation and social and economic responsibility More knowledge and technical capability should be gained on systemic issues pertaining dependability of critical systems and infrastructures... more research is needed ---> FP6

17 Lisbon Strategy “EU: Largest knowledge-based economy by 2010” FP6: The Policy Context Enlargement The then candidate countries are full partners in FP5. ERA: European Research Area FP6, Eureka, COST, National RTD Programmes … towards a Single Market for Research Broadband access, e-business, e-government, security, skills, e-health,... Other policies Single Market, Single Currency, Security of Europeans, Sustainable Development,...

18 FP6 and the European Research Area Moving to a European level Research Policy Strengthen co-operation between national and EU activities Concentrate and focus effort to add value Improve links between national and EU policies and schemes Prepare for the EU enlargement process Simplify management and implementation procedures FP6: an essential tool in support of ERA “Making a reality of the European Research Area” Commission Communication,October 2000

19 Main Areas of FP6 Budget Integrating & Strengthening ERA –Genomics 2,255 M€ –IST (100 M€ Géant/GRID)3,625 M€ –Nanotechnologies, intelligent materials, new processes 1,300 M€ –Aeronautics and space1,075 M€ –Food quality & safety 685 M€ –Sustainable development2,120 M€ –Citizens & governance225 M€ –Anticipation of S&T needs1,300 M€ –JRC non-nuclear research760 M€ Structuring ERA –Research & innovation290 M€ –Human resources1,580 M€ –Research infrastructures (200 M€ Géant/GRID)655 M€ –Science/Society80 M€ Reinforcing the ERA basis –Support to co-ordination270 M€ –Support to policy development50 M€ 13,345 2, ,270 M€

20 From “project”-thinking to “initiative”-thinking –new instruments: “Integrated Projects” & “Networks of Excellence” –more strategic thinking Develop Europe-wide approaches –Community funding to help aggregate EU, Member State & private funded efforts –not just supporting RTD … Different way of describing content and calls –a lighter workprogramme, different sequencing of calls,... FP6 is not business as usual!

21 FP6: New Instruments Integrated Projects Integrated, goal-oriented R&D: – all elements of technology chain – global resources may involve public & private funds – flexibility in achieving the goals (eg subsequent calls) Size: – Several M€ or tens of M€ – Support including R&D, training, technology transfer, dissemination, demonstration Participants: –Minimum 3 legal entities: 2 from MAS –Industry-academia collaboration including SMEs Focused R&D

22 “Monolithic” Partners known at outset Tasks identified Budget known Tasks identified Budget known Not all participants in from the beginning Objectives & R&D roadmap known Tasks to be completed Budget & participants change Integrated Projects three possible implementations “Incremental” participation “Incremental” funding

23 FP6: New Instruments Networks of Excellence “Virtual” Network of Centres of Excellence – to integrate research effort on a particular topic – defined by Joint Programme of Activities (JPA) – on established or emerging fields Size – Several M€/year – Support to JPA (up to 25%) including R&D, training, technology transfer, mobility Participants: –Minimum 3: Universities, research labs, industrial labs –Special measures for SMEs NoE 2 Research Centres

24 Integrating activities “Binding” Partner 2 Partner 4 Partner 3 Partner1 Partner 2 Partner 3 Partner 4 RTD activities in Europe before the NoE(today) Partner 1 RTD activities in Europe with the NoE (the JPA) Partner1 Partner 2 Partner 3 Partner 4 Co-ordinated The NoE field NoE - Joint Programme of Activities integrating/shaping research

25 Article 169 Support to “national” RTD programmes, jointly executed according to Art. 169 of the Amsterdam Treaty At the initiative of the Member States EC funding used to support jointly executed programmes Support to “national” RTD programmes, jointly executed according to Art. 169 of the Amsterdam Treaty At the initiative of the Member States EC funding used to support jointly executed programmes

26 Anywhere anytime natural and enjoyable access to IST services for ALL Miniaturised, low cost low power components & µsytems Natural interactions with ‘ knowledge ’ with ‘ knowledge ’ Pervasive, mobile, wireless, trustful infrastructures Communication & networking Software µ, nano & opto electronics µ and nano systemsKnowledgetechnologiesinterfaces Applied IST for major societal and economic challenges Trust & Security IST for societal challenges IST for economic challenges Demanding Demandingapplications Specific Generic integration Building blocks Security, privacy IPRs, dependabilty Smart cards,... E and m business, e and m work, learning GRIDS for science, engineering business and society Health, eInclusion, mobility, environment safety, cultural heritage Mobile: beyond 3G Fixed:All optical Integrated (IPv6) Adaptive Reliable Embedded Distributed Adaptable CMOS : the limit System-on-Chip Nano-scale New materials Multidiscplines New Sensing Networked New materials Nano-scale Context based Semantic based Agent based Scaleable All senses Multilingual Intuitive ‘Surrounding’

27 Dependability is a priority for FP6 Dependability is a key requirement for Information Society: it embraces all the usual attributes and properties of “critical systems” There is a growing policy interest on dependability of information infrastructures and related interdependencies (economic security, protection of assets and IT investments, etc.) The IST Advisory Group identified dependability as an important topic - which was reinforced after 9/11 Focussing on dependability implies stimulating an holistic reflection on our dependency on technology

28 Roadmap Projects Supporting the Transition to FP6 DDSI AMSD : Overall Dependability e-businessembeddedCIPprivacy PAMPAS mobile privacy & security AMSD dependable embedded systems ACIP critical infrastruct. protection RAPID Privacy / Identity Mgmt BVN Biometrics RESET Smart Cards STORK Crypto Dependability policy support Building Constituency Derive Research Roadmaps 1 Jan Identify stakeholders & derive Research Roadmap OPEN discussion 1 June 2002 Dissemination April 2002 Closure Call 1-FP6 WG-ALPINE Active Loss Prevention

29 Web sites IST PROGRAMME – DEPPY Forum – Dependability action in eEurope 2002 – Roadmap projects –