CORDIS Archive
This page has been archived. It will no longer be updated.
Action on Dependability of Information Infrastructures and the Co-ordination of computer emergency response teams1
The Information Society is increasingly dependent on information infrastructures2 for life-critical and business-critical functions. New and more sophisticated instances of attacks (e.g. by virus, denial of service attacks) in the information infrastructure are continuously emerging. One of the specific targets in the eEurope 2002 Action Plan is to improve co-operation amongst national computer emergency response teams, also called computer security incident response teams (CSIRTs). Workshops were held in February and in October 2001, on the situation of CSIRTs, with a view to defining a plan and a roadmap to achieve a better co-ordination in the EU.
A support measure, DDSI (launched as a result of the fourth Call, under CPA4), has improved the understanding of the technical and policy issues related to this area, needed to facilitate and support the public/private dialogue on dependability of information infrastructures.
A European Warning and Information System (EWIS) initiative was launched at a workshop in October 2001 and the EWIS Forum was also established with the operational support of the Joint Research Centre (JRC) of the European Commission.
On Dependability, a new initiative was launched to stimulate the public/private dialogue on key dependability concerns related to developing, managing and operating the whole life-cycle of technical and business components, systems, networks and infrastructures. In 2001, the DEPPY Forum was set up, with the support of the JRC, to facilitate the exchange of information and to support the constituency building process. Activities include:
A number of projects launched as a result of the IST Cross Programme Action on dependability address aspects of dependability of the information infrastructure and related interdependencies. Among these projects, two are managed in Directory C. DDSI aims to support the development of dependability policies across Europe and across sectoral boundaries. It intends to establish networks of interest, to provide baseline data and to develop policy roadmaps. DDSI therefore directly contributes to the European Community policy initiative eEurope. EXaMINE will develop information technology to improve the security of the European Power System (EPS), so as to establish the basis for a real time control strategy to be adopted European wide. The final objective is to maintain current security standards of national electric systems (related to continuity and quality of power supply) in the future scenario of a fully interconnected European electric grid with heavily loaded transmission lines.
Other related projects are: DepAuDE, which will develop an architecture and methodology to ensure dependability for non-safety critical, distributed, embedded automation systems; CORAS, whose aim is to develop a framework for precise, unambiguous, and efficient risk analysis of security critical systems; CAUTION, which is concerned with dependability aspects related to the capacity management in present and future generation cellular networks; and DBENCH, which is defining and validating procedures to benchmark dependability within large-scale computer systems.
On network security, we have been actively involved in launching international collaboration in the fields of combating cybercrime and preventing attacks on critical information infrastructure. Directorate C has chaired and acted as rapporteur for the Joint Government/Industry working parties on threat assessment, prevention of attacks on internet functions as well as on the protection of e-Commerce and user authentication. It has contributed to all recent communications of the Commission on cybercrime and network security, and will continue to contribute to the work undertaken following the Council resolution on network security, the Vitoria informal Council resolution and the Barcelona summit conclusions. This will notably concern the fields of identification, authentication and biometrics.
A Best Practice action in network and information security was launched within IST Key Action II in 2002 (in Call 7 and Call 8) to foster awareness and promote best practice, in particular for SMEs, on security issues via hands-on experimental deployment of technologies to improve security practices, ensure privacy, prevent, and protect from, attacks. The following are the main projects funded as a result of this action
The main objective of the ESSIP project is to set-up a European framework aimed at providing European SMEs with the necessary IT Security services in order to give them the necessary trust in e-commerce, which is important in developing their businesses. ECSIRT.NET focuses on the deployment of new techniques and practices that will satisfy the basic, nay existential, need of incident response teams (CSIRTs) to co-operate and exchange incident related data much more efficiently, and to collect shared data for statistical and knowledge base purposes. s-Travel aims to promote the early adoption of biometrics, smart cards and PKI certificates as part of a global system to streamline the Frequent Travellers process within airports until the ultimate boarding phase and contribute to the provision of a biometrics ID standard in the Air transport Community. WG-ALPINE project focuses on the creation, operation and consolidation of an Active Loss Prevention Working Group to address the common ICT Security problems faced by users, achieve consensus on their solutions across multiple disciplines, and produce a favourable impact in the overall eBusiness market.
1 Computer Emergency Response Team is commonly indicated by CERTTM. The wording CSIRT (Computer Security Incident Response Team) is nowadays more often used to avoid the trademark issue associated to use of CERTTM.
2 The "information infrastructure" is the ensemble of media, network, and communication infrastructures up to the application level
3 Information on the Working Group including the reports of the meetings are available on the DEPPY Forum
4 Download the conference proceedings. (Acrobat document)
5 The workshop report and proceedings are available on the DEPPY Forum - DEPPY Forum