Presentation is loading. Please wait.

Presentation is loading. Please wait.

Perspectives for Trust and Security in the future Digital Society

Published byἌδραστος Δαγκλής Modified over 6 years ago

Similar presentations

Presentation on theme: "Perspectives for Trust and Security in the future Digital Society"— Presentation transcript:

1 Perspectives for Trust and Security in the future Digital Society
Scope for actions eGov Workshop Brussels – Public Finances: ICT Solutions using SOA & Web Services 19 February Brussels Dirk van Rooy, Ph.D. DG Information Society and Media European Commission The views expressed in this presentation are purely those of the speaker and may not in any circumstances be regarded as stating an official position of the European Commission.

2 CONTENT Context Policy basis Ongoing Research Opportunities:
ICT Programme ICT Policy Support Programme

3 Agricultural Revolution Industrial Revolution Information Revolution
Information Society Agricultural Revolution Industrial Revolution Information Revolution 3000 B.C. 15th 19th 21st Writing Printing Press Photography Internet We are living a new Revolution era, the IT Revolution. From a historical point of view, this is the 3rd revolution in order after the Agricultural and Industrial Revolutions. Each revolution needs new skills, relegating older ones to a second plan. This has a profound impact to all our basic human activities (financial, cultural, social, professional and personal activities). Agriculture -> the farming Society and the farming worker + craftsman Industrial Revolution -> the factory worker and the Industrial Society Information Revolution -> the Knowledge worker and the Knowledge Society Inventions, Science and Technology have always played a catalytic role to the historical evolution. Their effect/impact was sometimes evolutionary, bringing gradual and “smooth” changes and sometimes revolutionary, influencing dramatically the flow of history and human society. They were both having a creative and destructive role. Examples of few inventions contributing to the empowerment of the individual: writing (reserved in the beginning only to the priests and the kings), the printing press (1450 AD) ->it set off a social revolution (still in progress) - intellectual life no longer the exclusive domain of church and court. Photography and printing media (newspapers, etc) contributed to the wider dissemination of information and knowledge. The Internet: instantaneous access to huge amounts of information and knowledge at negligible cost for anyone from anywhere. => A look to the role of technology in the Knowledge Society [NOTE about Agriculture: farming communities first emerged following the end of the most recent ice age, about 10,000 BC. Their traces can be found in widely scattered areas, from SE Asia to Mexico. By 5,000 BC, farming communities were established in areas known today as Syria, Turkey, Libanon, Israel, Jordan, Greece, etc.]

4 Digital Wave In a short time span (seen in a historical perspective, that is), a forceful digital wave has rolled over society, deeply dying its economic and social fabric. For all the benefits of this digital evolution – some might say revolution - it also carries the power of a digital tsunami that can bring damage, threat and possibly destruction. Therefore there is a need to think carefully about how we contain this force and mitigate or contain its possible negative side effects, which is the core business of the unit F5 of DG INFSO, ICT for trust and security.

5 The Cloud

6 The Knowledge Society Knowledge
Ubiquitous Knowledge Networked TRUST Technical framework for Identity, Transparency and Accountability in the age of ambient intelligence ? Information Local Data PETs Privacy Enhancing Technologies First generation data protection and legislation

7 Free movement of 1. Goods 2. Persons 3. Services 4. Capital1
The Five Freedoms Free movement of 1. Goods 2. Persons 3. Services 4. Capital1 5. Knowledge2 Single European Act Green Paper COM(2007) 161 Free movement of knowledge Trust and security, and in particular the preservation of user control over privacy, over the spread of identity data and against the risk of undesired profiling (in particular by unauthorised actors) are essential to the long-term viability of the freedom of movement of knowledge. If the user’s trust is endangered or damaged by breaches of privacy or profiling, this might have a strong detrimental effect on the willingness to further share, disseminate and contribute to building knowledge in open environments. This could result in a breakdown of free and open movement of knowledge and become a barrier to the further development of the knowledge economy. With the emergence of open networks of cyber communities (Web 2.0), sometimes highly specializeded, the preservation of user trust is increasingly recognised as being of essential importance. Last years in systems security comparable with the move from the security of citizens in the medieval castle to that in the current open metropolis. Closed-protection-defence-isolation Vs. Open-trusted-sharing-interconnected/open It leads to another approach which must be based on developing: trust technology in communication systems that are resilient (deal with errors and attack, self adaptable and healing, gracefully degradable, …) policing (monitoring and law enforcement) In the box on the economic and business challenges we have tried to show on what are the economic/societal impact and/or costs associated to most common manifestations of security problems as well as on an example of the investment needed to overcome such problems. The selected cases are also consistent with the grouping of security domains in which we have clustered (in a later slide) the proposals selected for funding.

8 Future Internet: Complexity!
Trillions of components and transactions and zetta bytes of data Scalability Dependability Resilience Internet as a complex system: 500 million users, 2.2 trillion € B2B transactions + 2 exabytes storage growth per year Collaborative Security! End-to-End security and trust in highly complex networks and services! Non-functional requirements (trustworthiness) part of the design and construction

9 Security, Privacy, Trust in the Information Society?
Grosse faille du web, et solution en chemin Revealed: 8 million victims in the world's biggest cyber heist Phishing attacks soar in the UK Cyberwar and real war collide in Georgia Internet security Code red The Evolution of Cyber Espionage Lessons from SocGen: Internal Threats need to become a security priority Cloud computing lets Feds read your Phorm to use BT customers to test precision advertising system on net La colère associative monte contre Edvige, le fichier policier de données personnelles Web giants spark privacy concerns Big Brother tightens his grip on the web YouTube case opens can of worms on online privacy Privacy Trust Six more data discs 'are missing' Big Brother Spying on Americans' Internet Data? UK's Revenue and Customs loses 25 million customer records Identity theft, pornography, corporate blackmail in the web's underworld, business is booming Defenseless on the Net Internet wiretapping Bugging the cloud

10 Democratic Societal Values Endangered Species in the Digital Age ?
Possible erosion of democratic values. It took generations to build our democratic values – Europe must foster them and carry them into the digital age.

11 Service oriented architecture Service oriented infrastructure
Complex collaborations Users – systems – services Heterogeneous: access control, dynamic, dispersed, dependencies, security policies… Security is paramount – Identity management, confidentiality, data protection, privacy, QoS, traceability, integrity, policy enforcement… The use of PETs should result in making breaches of certain data protection rules more difficult and/or helping to detect them. Whilst strictly speaking data controllers bear the legal responsibility for complying with data protection rules, others also bear some responsibility for data protection from a societal and ethical point of view. These involve those who design technical specifications and those who actually build or implement applications or operating systems. (sometimes referred to as active and passive stakeholders). In the picture just shown before - about the growing and all-inclusive information society -, everybody is or eventually will become a stakeholder. Even if those minority not actively participation will appear in ICT systems everywhere. The interest of stakeholders vary with the context. Some stakeholders are more equal than others. Sometimes distinction is made between active and passive parts. For example a supermarket will install a payment system and is the active part. A customer shops and pays and undergoes the system, and is the passive part. The system design, should take GOVERNANCE requirements from the passive part on-board.

12 The Crisis: Data collection and use in the interest of the citizen
for business, to provide personalized innovative applications and services for citizens, to better communicate and interact, improve the quality of their life (Web 2.0) for governments to service citizens and business (e-government, e-education or e-health) for governments again, to provide public security (protection against crime or terrorism, border-control, protection of critical infrastructures, etc.) trust, user-control, privacy, security proportionality of data storage/use ??

13 Trust, privacy and security in digital society role of technology
The Commission in its First Report on the implementation of the Data Protection Directive: "…the use of appropriate technological measures is an essential complement to legal means and should be an integral part in any efforts to achieve a sufficient level of privacy protection…". The use of PETs should result in making breaches of certain data protection rules more difficult and/or helping to detect them. Whilst strictly speaking data controllers bear the legal responsibility for complying with data protection rules, others also bear some responsibility for data protection from a societal and ethical point of view. These involve those who design technical specifications and those who actually build or implement applications or operating systems. (sometimes referred to as active and passive stakeholders). In the picture just shown before - about the growing and all-inclusive information society -, everybody is or eventually will become a stakeholder. Even if those minority not actively participation will appear in ICT systems everywhere. The interest of stakeholders vary with the context. Some stakeholders are more equal than others. Sometimes distinction is made between active and passive parts. For example a supermarket will install a payment system and is the active part. A customer shops and pays and undergoes the system, and is the passive part. The system design, should take GOVERNANCE requirements from the passive part on-board.

14 7th EU Research Framework Programme (FP7: 2007-2013)
Total 50,521 M€ ICT Security & Trust Strengthening Competitiveness through Co-operation

15 ICT FP7 - Security & Trust in perspective
End-to-end systems for Socio-economic goals Digital libraries & Content Sustainable & personalised healthcare Research in Security & Trust ICT for Mobility, Environment, Energy ICT for Independent Living and Inclusion Technology roadblocks Pervasive & Trusted Network & service infrastructures ICT for Cooperative Systems Virtual Physiological Human ICT & Ageing Cognitive systems, Interaction, Robotics Future and Emerging Technologies Components, Systems, Engineering Embedded Systems Design Computing Systems Networked Embedded & Control Systems

16 Trustworthy ICT Future RTD and policy areas
Trusted Global Identity Framework: providing global interoperability and enabling informed trust decisions on organisations, people, and digital entities in the Future Internet. Enabling privacy protection in accordance to EU culture Transparency and Accountability of data use in processes, services and policies in ICT systems Sound risk management for enterprises and consumers (there is no 100% security) Governance based on these principles for law enforcement and citizen/infrastructure security

17 ICT Work Programme 2007-08 33 new FP7 projects in Security & Trust
Network infrastructures 4 Projects 11 m€ Identity management, privacy, trust policies 4 Projects 22.5 m€ Dynamic, reconfigurable service architectures 4 Projects 18 m€ 3 Projects 9.8 m€ 1 Project 9.4 m€ 9 Projects: 20 m€ Critical Infrastructure Protection 4 Projects: 16 m€ Enabling technologies for trustworthy infrastructures Biometrics, trusted computing, cryptography, secure SW Coordination Actions Research roadmaps, metrics and benchmarks, international cooperation, coordination activities 4 Projects: 3.3 m€

18 Security in service infrastructures: 4 projects, 18 m€ EC funding
Personalised Services Main R&D project priorities Assuring the security level and regulatory compliance of SOAs handling business processes (IP MASTER) Platform for formal specification and automated validation of trust and security of SOAs (AVANTSSAR) Data-centric information protection framework based on data-sharing agreements (Consequence) Crypto techniques in the computing of optimised multi-party supply chains without revealing individual confidential private data to the other parties (SECURE-SCM) Security and trust in dynamic and reconfigurable service architectures supporting assured and scale-free composition of services and service coalitions with managed operation across several administrative or business domains, enabling flexible business models; MASTER focuses on compliance and measurable and observable properties of a SOA and applications built on top of it. AVANTSSAR is a platform for formal specification and automated validation of trust and security of SOAs  First formal language for specifying trust and security properties of services, their policies, and their composition into service-oriented architectures  Automated toolset supporting the above Library of validated industrially-relevant case studies Consequence focuses on the definition and implementation of an architecture within a framework to enable dynamic management policies based on agreements and context that ensure end-to-end secure protection of data-centric information. The project will evaluate the technical and business benefits of the implementation and framework via two test beds: Sensitive scientific data and Crisis management data

19 User-centric Privacy and ID-Management 6 projects, 35.7 m€ EC funding
Main R&D project priorities Sustainable Privacy and Identity Management in Networks and Services; Privacy-enhancing identity management ‘for life’ (PRIMELIFE, PICOS, SWIFT) Revocable, user-controlled, fingerprint-based biometric identities (TURBINE) Trusted dynamic and secure services managing and processing personal information based on user-centric data management policies (IP-TAS3) Privacy-preserving network monitoring system with data protection (PRISM)

20 Objective ICT-2009.1.4: Trustworthy ICT
The FP7 ICT work programme for Objective ICT : Trustworthy ICT ICT Call 5: 31 July 2009 – 3 November 2009

21 Priority areas for Trustworthy ICT in WP09-10
90 M€ Call 5 (OCT ’09) Trustworthy Network Infrastructures Trustworthy Service Infrastructures Networking, Coordination and Support Technology and Tools for Trustworthy ICT IPs, STREPs: 80 m€ min 50% to IPs NoEs, CAs 10m€

22 Trustworthy Network Infrastructures
Building and managing the Future Internet Monitoring and managing threats Trustworthy communication, computing and storage (real-time management, virtualisation) Experiments and demonstration Attention to usability, social acceptance, economic and legal viability

23 Trustworthy Service Infrastructures
Privacy protecting interoperable services on the FI User-centric, privacy respecting ID for persons, things and virtual entities Adaptive frameworks for managing trust throughout life-cycle Experiments and demonstration Attention to usability, social acceptance, human self-determination and privacy, economic and legal viability

24 Technology and Tools for Trustworthy ICT
Focused technology development in the network (control, things, malware) for services (ID and privacy mgt tools, risk mgt, verification, certification) for data management (assurance, integrity, availability, risks, long term storage) Software assurance, secure software enabling technologies (biometrics, crypto, trustworthy communication, virtualisation, metrics, certification)

25 Networking, Coordination and Support
Threats and vulnerabilities Security and resilience in software and services Economics of security Interoperable standards, certification Legal and societal aspects of technology International cooperation

26 ICT Policy Support Programme – WP2009 - Objective 7
ICT Policy Support Programme – WP Objective 7.1 A European infrastructure for secure information management Focus and outcomes Integration of available technologies for secure information management systems Piloting deployment in public administrations and private organisations Rationale Many technologies for data & privacy protection exist Insufficient deployment, leading to data leakage, loss & theft International standards exist Main expected outcomes functional pilot, possibly with applications in different areas under typical real-life conditions; transferable deployment principles; best practices contributing to convergence across European organisations

27 Conditions and characteristics
ICT PSP – WP Objective 7.1 A European infrastructure for secure information management Conditions and characteristics Integration of available security technologies, techniques, tools, policies and procedures into a functional pilot Technologies such as encryption, single sign-on, strong authentication, role definition, distributed data storage Combine best available technologies and practices, European convergence Economic viability for real-life deployment Public-private partnerships, solution and service providers in ICT security, public admin, private data controllers

28 ICT PSP – WP2009 - Objective 7.1 A European infrastructure for secure information management
Expected impact Towards operational and comprehensive secure information management in daily work environments Limit information loss; limit unintended use of information; promote accountability Increase trust in eServices Instrument & funding: One pilot project, type B, up to 3 M€ funding minimum 4 eligible legal entities (Member States or associated) typical duration months, with 12 months pilot operating service Open: 29 Jan – close 2 June 2009

Download ppt "Perspectives for Trust and Security in the future Digital Society"

Similar presentations

A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
DG INFSO- Grid Research & Infrastructures: W. Boch, M. Campolargo 1 Delivery of Industrial-strength Grid Middleware: establishing an effective European.

DG INFSO- Grid Research & Infrastructures: W. Boch, M. Campolargo 1 Delivery of Industrial-strength Grid Middleware: establishing an effective European.
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions.

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions.
Research and Innovation Research and Innovation Enabling & Industrial Technologies in Horizon 2020 Enabling & Industrial Technologies in Horizon 2020 Research.

Research and Innovation Research and Innovation Enabling & Industrial Technologies in Horizon 2020 Enabling & Industrial Technologies in Horizon 2020 Research.
ICT Work Programme 2011-12 NCP Infoday 23 June Maria Geronymaki DG INFSO.H.2 ICT for Government & Public Services Objective.

ICT Work Programme NCP Infoday 23 June Maria Geronymaki DG INFSO.H.2 ICT for Government & Public Services Objective.
Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.

Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.
Annie Lalé of SQUARIS  FP7 Themes Relevant for Safety and Security  Focus of Research Projects in Emergency and Disaster Management  ICT Themes in FP7.

Annie Lalé of SQUARIS  FP7 Themes Relevant for Safety and Security  Focus of Research Projects in Emergency and Disaster Management  ICT Themes in FP7.
Dr. Detlef Eckert DG Information Society and Media European Commission Information Security 23 September 2008 SecureComm 2008, Istanbul.

Dr. Detlef Eckert DG Information Society and Media European Commission Information Security 23 September 2008 SecureComm 2008, Istanbul.
Ageing Well in the Information Society

Ageing Well in the Information Society
Incentives of Privacy Enhancing Technologies Copenhagen, Denmark – 10 September 2010 2010 PRIVAT TEK Oluf Nielsen Scientific Officer Trust & Security Unit.

Incentives of Privacy Enhancing Technologies Copenhagen, Denmark – 10 September PRIVAT TEK Oluf Nielsen Scientific Officer Trust & Security Unit.
Towards trustworthy ICT service infrastructures Yves PAINDAVEINE Directorate General Information Society and Media Unit F5 Security European Commission.

Towards trustworthy ICT service infrastructures Yves PAINDAVEINE Directorate General Information Society and Media Unit F5 Security European Commission.
Dirk van Rooy, Ph.D. DG Information Society and Media European Commission Perspectives for Trust and Security in the future Digital Society Scope for actions.

Dirk van Rooy, Ph.D. DG Information Society and Media European Commission Perspectives for Trust and Security in the future Digital Society Scope for actions.
The Network of the Future European Research in FP7 Rainer Zimmermann Head of Unit “Future Networks” European Commission DG Information Society and Media.

The Network of the Future European Research in FP7 Rainer Zimmermann Head of Unit “Future Networks” European Commission DG Information Society and Media.
Provisional draft ICT for Independent Living and Inclusion European Commission, DG Information Society and Media E-Inclusion Unit (H3) Challenge 7.

Provisional draft ICT for Independent Living and Inclusion European Commission, DG Information Society and Media E-Inclusion Unit (H3) Challenge 7.
The implementation of the rural development policy and its impacts on innovation and modernisation of rural economy Christian Vincentini, European Commission.

The implementation of the rural development policy and its impacts on innovation and modernisation of rural economy Christian Vincentini, European Commission.
May 2005 Towards a network of digital ecosystems: which technology,which research ? Workshop: Review of the technology and research activity Context and.

May 2005 Towards a network of digital ecosystems: which technology,which research ? Workshop: Review of the technology and research activity Context and.
Horizon 2020 Secure Societies Security Research and Industry DG Enterprise and Industry 2013.

Horizon 2020 Secure Societies Security Research and Industry DG Enterprise and Industry 2013.
Strengthening the Strategic Cooperation between the EU and Western Balkan Region in the field of ICT Research Regional ICT R&D priorities, Jelena Pantelic,

Strengthening the Strategic Cooperation between the EU and Western Balkan Region in the field of ICT Research Regional ICT R&D priorities, Jelena Pantelic,
Objective 1.2 Cloud Computing, Internet of Services and Advanced Software Engineering Arian Zwegers European Commission Information Society and Media Directorate.

Objective 1.2 Cloud Computing, Internet of Services and Advanced Software Engineering Arian Zwegers European Commission Information Society and Media Directorate.
Scientific Data Infrastructure: activities in the Capacities Programme of FP7 Presentation at euroCRIS Workshop, Brussels 15 September 2009 The views.

Scientific Data Infrastructure: activities in the Capacities Programme of FP7 Presentation at euroCRIS Workshop, Brussels 15 September 2009 "The views.

Similar presentations

Ads by Google