Traduttore automatico - Read this site in another language

giovedì 14 febbraio 2019

ENISA : analysis of Research and Development priorities of the Cyber sector


The European Union Agency for Network and Information Security (ENISA) is the European cyber defense center. With its head office in Athens and its branch office in Heraklion in Crete.
ENISA’s tasks are the following:
  • Providing recommendations;
  • Activities aimed at the creation of policies and their execution.
  • Training for the population, societies and Country Members.
  • Other activities.
On their site I found information about European studies, the CERT/ CSIRT and various ongoing researches.
Among the available documents regarding this last category I had the chance to read "Analysis of the European R&D priorities in cyber security" with the subtitle “Strategic priorities in cyber security for a safer Europe" published in December 2018.
I will try to give you a general idea of the topics discussed, their importance and my personal considerations.
First of all, this is a strategic analysis document. The purpose of the document is to identify the cyber-risks that will threaten European society and to identify the studies required in order to contain or eliminate the problems.
The goal is ultimately to “play in advance”.
In order to do so, the author started by interviewing the experts of the cyber sector, proceeded to analyze the obtained data with the help of the ENISA experts and tried to picture the social, technologic and business aspects of the European society of 2025.
Let’s start by analyzing the picture “Europe 2025”.
Europe 2025 foresees that the devices connected to the net will be standard; every field of the society will be fully connected.
The service providers (energy, transport, banks, digital infrastructures and hospitals) and the entirety of the public administration and industry will provide internet services.
In the world there will be around 80 billion connected devices (in the face of a population of 8 billion people).
IoT (Internet of Thing) will evolve into IoE (Internet of Everything) and will influence society.
It will be common to use wearable devices connected and controllable with our voice. The 5G technology will improve the quality of those services. Education and training will be more efficient with the use of new technologies as the augmented reality and “gamification” techniques.
The society’s cautiousness towards the cyber-threats will increase. There will be many initiatives to promote the concretization of systems and services according to the idea of “security by design”.
Unfortunately there will be social tension between a “cyber aware elite” and a “less aware” segment of society.
The governments will expect the citizens to use the online services of every administrative service, which will imply using a digital identity.
High computational and cloud memorization capacities will be available. The Artificial Intelligence (AI) will be used to perform behavioral analysis of the stored data to create services and products better suited to our needs, unfortunately the criminal organizations will start to use the same methods. There are still no explicit regulations concerning the use of the AI.
The internet “giants” will become even bigger and powerful and they will not just analyze and fulfill the needs of their clients but also modify and decide their needs.
The quantum technology will start developing…
I will stop describing the Europe 2025 picture now. If you would like to read more about it you can find the entire article on the ENISA website.
The ENISA document continues by analyzing the scenario I just described and identifies a series of recommendations to reduce the risks we talked about. These recommendationsfocus on few aspects of the cyber-dimension, in particular:
  • Promoting the awareness towards the use of technologies, the limitations and the risks. The development of systems designed to guarantee the security of data and privacy. It is also suggested to encourage the innovations that will help to spread knowledge about the cyber-risks;
  • Spreading the knowledge about security among the experts and the wider academic world; facilitate the teaching of security principles in the computer science schools;
  • Promote an understandable and reliable artificial intelligence;
  • Facilitate the research on the quantum cryptography and quantum distribution of the encryption keys for high security level communications;
  • About the complexity of the risks; it is needed to promote the development of new approaches concerning the risk analysis and impact on complex and interdependent systems. It is also suggested to define new interfaces and interoperability among critical infrastructures, designed to prevent the “domino effect”. About the cybercrime domain its suggested to facilitate the researches in the field of prioritization of security and the development of innovative instruments of situational awareness;
  • At last, about the privacy risks, it is suggested to promote and spread the development and use of technologies that guarantee high privacy standards and the development of special assessment tools.
The document is way more inclusive than what I have written and it analyzes in detail other fields of interest., It is certainly interesting and instructive reading.
I want to spend a moment on some aspects concerning this scenario. When it comes to scenario creation, there is the risk of not considering some aspects that should be studied and this could lead to a partially incorrrect risk analysis.
In our case there are a few different topics that have not been considered in the scenario that require some attention, in particular;
  • The use of crypto currency. Nowadays there are signs that crypto currencies will be used even more, even in the government and banking/insurance sector;
  • The blockchain technology will keep developing and it will take place of other technologies even in the digital identity sector;
  • The techniques of data coding in the DNA are being currently experimented and have achieved good results (link to the article). It’s reasonable to think that those technologies will be developed to allow the coding, the storage and the data transmission, especially in the field of trade and military secret;
  • The development of space activities will reach an advancedlevel in the industrial world and will allow the development of new communication systems. This should also promote the development of new types of weaponry;
  • The development of more complex cyber weapons and their use by countries will lead to an increased use of deterrents. More states will declare to use their military offensive cyber capacities to answer cyber attacks or to defend their national interests. This should lead to “non proliferation treaties”, similarly to what happened in the field of mass destruction weapons.
I just want to make clear that what I wrote here is my personal view of what is missing in the scenario “Europe 2025”.
Now, the establishment of these new factors in the scenario Europe 2025, if considered valid, leads to the logical consequence of reviewing the risk assessments and finding more suited arrangements for prevention or mitigation, but this is beyond the scope of this article.


Alessandro RUGOLO

(English translation by Francesco Rugolo)
To deepen the topic:
- https://www.enisa.europa.eu;

Nessun commento:

Posta un commento