As our society is rapidly adopting more information and communication technologies in services and commerce, private information is at increasing risk and security and reliability problems become prevalent. The EU has launched an initiative to tackle these issues before they become a barrier to the information society.
In this context, security and dependability are absolutely vital if all stakeholders, including companies and consumers, are to adopt new technologies. To ensure continued developments in the area of information communication technologies (ICT), the European Commission has supported the SecurIST project, a European-wide taskforce charged with establishing the Strategic Research Agenda for ICT Security and Dependability research and development in Europe for 2007 – 2013.
“The project should provide Europe with a clear European level view of the strategic opportunities, strengths, weakness and threats in the area of Security and Dependability,” says Jim Clarke, co-ordinator of SecurIST and programme manager at the Waterford Institute of Technology in Ireland. “It will identify priorities for Europe and mechanisms to effectively focus efforts on those priorities, identifying instruments for delivering on those priorities and a coherent time frame for delivery.”
The project has established an EU-based security and dependability taskforce with Europe’s leading security and dependability experts. It will create a roadmap and ICT strategy to take Europe beyond 2010 and leverage the knowledge base created by past, current and future researchers and projects in the security and dependability domains.
The establishment of the taskforce was a daunting task made somewhat more manageable by splitting the work into a series of linked workgroups called Initiatives. These Initiatives look at different areas like security policy, application security, dependability and trust, identity and privacy, digital asset management and biometrics, amongst others, all linked to a broader Initiative on methods, standards and certification across all the domains.
“While many of them are quite focused, there is an overarching initiative called Security Research Initiative, which is examining the work of all the initiatives in order to ensure there are no gaps or overlaps. These working groups generate quite detailed challenges and the priorities which, from their perspective, the roadmap and the Strategic Research Agenda (SRA) should address,” says Clarke.
The 200+ researchers in the specific Initiatives of the taskforce are greatly complemented by a core Advisory Board of key EU experts in security and dependability, whose role is to oversee, advise, enhance and promote the work of the security and dependability taskforce.
Recently, based upon the earlier work of the Initiatives and a number of key workshops, the Advisory Board published its recommendations for a security and dependability research framework, a key step in the project’s work. These recommendations are challenging because they address so many stakeholders: researchers, policymakers, technology and service companies and, of course, consumers.
“Empowerment of the citizen is vital as there is a clear technological trend towards the decentralization of technology and its management and control. Current centralized control structures need to be enhanced, or perhaps even replaced, since security and risk management considerations, identity theft for example, in fact, imply that responsibility, authority and control have to move more towards the end user,” the Advisory board writes.
It’s a goal made all the more difficult given Europe’s broad cultural mix. “Europe has a very particularly, yet heterogeneous culture, history and set of attitudes to trust and society,” the board continues. “The European Information Society will have the possibility to compete successfully with information societies in other countries if, and only if, Europe-specific needs are taken into account and actively addressed by technological and socio-technical research projects in a structured manner.”
User focused and Europe-specific responses to the security and dependability challenge are just two of nine key areas in the project’s work. Others include issues like infrastructure robustness, interoperability or methods for aiding the development of more secure and dependable systems seamlessly from the very first stages of any system design.
Another key area is the security and dependability for a service-oriented architecture, a software design philosophy that focuses on small, reusable programs that can perform one function well. The particularly attractive novelty of this architecture is that these functions can be combined on the fly in real time to fulfil all sorts of useful services, without the costly development of large software programs. It will change the software development and promises to unlock prosperity from new services.
Another key issue is the development of enabling technologies for security. “Underlying all these is the need to provide higher assurance of trusted communication and handling of digital information. The two fundamental sciences and technologies are (a) cryptology and (b) trusted functionality and computing,” says Clarke. “Cryptology ensures the protection of information stored or in transit outside a trusted area. The trusted functionality creates and maintains that trusted area, and ensures that information is handled within it as intended, and that the cryptographic processes are correctly executed. Security protocols establish and maintain trusted communication between trusted areas.”
The second issue of the recommendation document of the SecurIST Advisory Board will be available from early July 2006 at www.securitytaskforce.eu as part of the consultative process and the project will work on establishing a detailed roadmap as part of a strategic research agenda, which will feed into the FP7 programme.
Source: Based on information from SecurIST. Visit http://istresults.cordis.lu for more information.