Reference Systems for Cybersecurity

Objetivo

Specific Objectives:
The overall objective of this action is to establish a European scientific and technical reference system to support European Union policy in the field of cybersecurity. This will be based around the European Network for Scientific and Technical Support for Cybersecurity Policy (CLUES). This reference system will address the following sub-objectives:
1. Online privacy protection:
1.1 To develop reference implementations for compliance testing, demonstration and risk assessment of new privacy and identity management technologies and of standards. This will be performed in collaboration with: CEN, World Wide Web Consortium, IST R&D projects via DG Infso, the EU working party of data protection supervisory authorities co-ordinated by DG Market;
1.2 To complete the JRC reference implementation of P3P (Platform for Privacy Preferences);
1.3 To support the establishment of a EU R&D constituency and a knowledge base for addressing the emerging privacy and identity management challenges;
2. Consumer protection in e-commerce;
2.1 To develop technical reference implementations for trusted consumer information and consumer protection systems in cross-border e-commerce. This includes the reference implementations of a standard electronic complaint form (based on existing odrXML prototype), of the European Extra Judicial Network (EEJ-Net) for cross-border dispute resolution and the extension of the eLEX portal to cover EU laws on consumer protection. This will be carried out in collaboration with CEN/eTrust, OASIS open standards consortium and with consumer protection bodies in the EU member states under the co-ordination of DG Sanco;
3. Vulnerabilities and interdependencies of Information Infrastructures;
3.1 To further develop the network vulnerabilities test bed of the JRC aimed at:
a)Harmonising risk concepts applied to information infrastructures and the Internet to support the implementation of EU policy initiatives and standards;
b)Establishing, in the frame of ERA and enlargement, a training facility for raising awareness on vulnerabilities, threats and best practice in network protection;
3.2 Develop assessment principles of ambient intelligence security and contribute to the IPTS study on 'Security and Privacy for the Citizen in the Post-September 11 Digital Age' for the LIBE Committee of the European Parliament;
3.3 To support, in the frame of ERA, the establishment of a EU R&D constituency and knowledge base for addressing in FP6 challenges in information infrastructure dependability and security;
4. Combating Cybercrime:
4.1 To develop reference systems in collaboration with Europol and other law enforcement bodies (under the co-ordination of DG Infso and DG Jai), industrial labs (forensic tools) and academic labs for:
a) Computer forensics in networked environments, carrying forward work from the CTOSE SCA project;
b) Training sessions on computer forensics in the frame of ERA and enlargement; c) S&T support to the EU Cybercrime Forum (DG Jai/Infso);
5. Ambient Security Technologies: potential and pitfalls 5.1 Develop a technology roadmap on the needs, opportunities and privacy risks of ambient security technologies applied to protection of Citizens and critical infrastructures. Anticipated milestones and schedule Final conference of the AMSD technology roadmap project in March 2003 W3C conference on the future of the P3P standard in May 2003 First operational meeting of the Cybersecurity S&T support network in September 2003 Cybersecurity laboratory, including equipment and appropriate staffing, ready for training events: October 2003
Planned Deliverables Software reference implementation of the P3P (Platform for Privacy Preferences) standard, version 2. Compliance evaluation of P3P with the EU data protection directive and recommendation to the World Wide Web Consortium (W3C). Roadmap for Advanced research in Privacy and Identity management in the frame of the RAPID project.

Privacy Ontology draft concept (report + tool). Report of the European Parliament study on privacy and security conducted in collaboration with IPTS. Pilot software reference implementation of the EEJ-Net cross-border consumer dispute resolution network. Draft international standard for a consumer electronic complaint form and prototype software-based consumer negotiation system.

Roadmap for research in IT dependability and security in the frame of AMSD project. Cybersecurity laboratory architecture and network vulnerabilities laboratory configuration. Concept definition for testing privacy and security of pervasive wireless local infrastructures + training session Risk assessment guidelines for critical information infrastructures. Technology roadmap for ambient security technologies applied to citizen and infrastructure protection, based on the Loccatec project results. Online knowledge base of cybersecurity technology roadmaps as a service to the Commission policies and the R&D community. Computer forensics and electronic evidence platform setup based on CTOSE project results.

Training session on network and computer forensics with accession countries. Exploratory study report on identity theft: scenarios, categorization, options for protection. First draft of feasibility study on verifiable information on cybercrime incidence, including preparing a draft notification mechanism of incidents. Contribution to IP's and NoE's proposals in the area of cybersecurity. Explore, in collaboration with DG Infso, additional EU policy customers (e.g DG Tren, DG Relex).
Summary of the Action:
Cybersecurity is the term used to describe the technical and regulatory means that ensure the security of citizens and society in electronic communications, transactions, and interactions. Various EU institutions are now intervening to establish EU policies in the cybersecurity domain. This action plans to develop an integrated set of R&D activities in support to these policies in partnership with European research organisations and EU and member states institutions. To accomplish this the action focuses on the development of a scientific and technical reference system for cybersecurity to serve EU policy and action in the area. This entails the provision of technology reference implementations that impact EU policies in the areas of privacy protection, consumer protection in e- commerce, information infrastructure and data sharing security, combating cybercrime. These implementations will be used to carry out compliance evaluation of cybersecurity technologies and standards within EU regulatory frameworks and to assess security risks of information systems and networks. Based on this work facilities will be provided for knowledge sharing and training, including candidate countries, concerning cybersecurity best practice technologies, methods and concepts, as well as network vulnerabilities and computer forensics.

Rationale: There is increased public concern over security of our information systems with the rise of cybercrime, virus attacks, online fraud and privacy abuse, and over appropriate consumer protection measures in cross-border transactions. The terrorist attacks of September 11th, 2001 have focused attention on the vulnerabilities of critical infrastructures, much of which is dependant on computer-based systems and networks. The European Commission and the Member State have demanded unbiased and reliable support for the definition and implementation of emerging EU Cyber security policies such as eEurope 2005, the Resolution on Network and Information Security, the Directives on Privacy protection, the Cybercrime Communication & Convention, and the eConfidence and consumer protection initiatives (e.g. EEJ- Net). This requires impartial consideration of key issues such as threat incidence, technology test reports, and risk assessments methods by reconciling different national, regional, public and private interests. There are fundamental values in western Societies (e.g. privacy) in which the public concerns prevail over industry drivers. To achieve this requires the integration of multi-disciplinary R&D groups in the EU to address these complex cybersecurity problems. The JRC will put its multi-disciplinary skills at the service of the community by acting as an enable and facilitator for these groups, and by providing facilities for reference implementations, compliance evaluation, knowledge sharing and training.

Ámbito científico

• natural sciencescomputer and information sciencescomputer securitydata protection
• social sciencespolitical sciencespolitical transitionsterrorism
• social scienceslawlaw enforcement
• social scienceseconomics and businessbusiness and managementcommercee-commerce
• natural sciencescomputer and information sciencesinternetworld wide web

Programa(s)

• FP6-JRC - Specific programme 2002-2006 for research, technological development and demonstration to be carried out by means of direct actions by the Joint Research Centre (JRC).

Tema(s)

• 4.3.2 - Support to cybersecurity

Convocatoria de propuestas

Régimen de financiación

Coordinador