The work programme will focus on continuing and consolidating a number of activities that have been initiated during 2000 and 2001. Some of the work will be strengthened to take into account recent policy developments in this fast evolving area.
Moreover, in view of FWP 6 preparation, a number of networks will be established covering the cyber security area:
1. Information Infrastructure Vulnerabilities (Client: DG Infso)
As follow-on of the European Dependability Initiative and creation of the EU working group on information infrastructure vulnerabilities in 2001, lay the basis for a network of stakeholders in FWP6. Work implies:
- Support the operation of the European Working Group on Information Infrastructure Vulnerabilities, further maintain the dependability forum http://deppy.jrc.it and co-ordinate within the working group, scenario building exercises of vulnerabilities in various industrial sectors. JRC focus on Citizen impact;
- Support EU policy for improved "early warning capabilities in the EU against network security threats. Organise a EU workshop on "European Warning and Information System" and as a result draft a roadmap for EU action;
2. eConfidence/Online consumer complaint and dispute resolution systems (Client DG Markt, DG Sanco, DG Infso)
As follow-on of criteria development work for ADR and the pilot technology demonstrator based on GIST.
- Complete the FINNET prototype system for consumer complaints in financial services (DG Markt);
- Scope with DG Sanco the technical support to the EEJ-NET initiative;
- Organise a e-confidence technology workshop drawing together main EU projects in this area and lay basis for a network;
3. Online privacy protection (Client DG Infso)
As follow-on of project on Privacy Enhancing Technologies for "user empowerment", define a research programme in "privacy and identity protection" in preparation of FWP6.
- Organise a workshop together with IPTS on "Privacy and Identity in to Information Society: Emerging technological challenges" and provide the report with indication of a roadmap for R&D;
- Complete the EU demonstrator implementation of the P3P (platform for privacy preferences) standard of the W3C;
- Further develop the privacy forum (http://eprivacy.jrc.it);
- Complete the benchmark exercise for Internet content filtering tools to protect against harmful Internet content;
4. Cyber crime (Client DG Jai, DG Infso)
Scoping for JRC support to the EU action in combating cyber crime. Focus on better understanding the scope of the cyber crime problem for Citizens and consumers, technological prevention challenges (including prevention) and on harmonised indicators.
- Complete the exploratory study on "Cyber Abuse and the Role of Evidence in E-Business" conducted with a network of EU R&D organizations;
- Provide technical support to the EU Forum on Computer-related crime set up in the frame of the EU "cyber crime" communication;
- Perform feasibility study on setting up a mechanism for the sharing of information on incidents of computer-related crime;
5. Test lab capabilities (Client: all customer DG's above)
Further develop test lab capabilities for analysing vulnerabilities and privacy risks of the online Citizen.
-Operation of online Cyber crime forum after presentation of a pilot at the first plenary forum meeting held on 22 November 2001. Knowledge base populated with policy and technical data;
-Cybercrime study report validated with network of experts and published in January 2002.
-P3P (Platform for Privacy Preferences) standard: reference implementation ready for April 2002 and expert meeting held;
-Co-ordiante with national experts the definition of a roadmap for R&D in FWP6 in the area of privacy and identity protection. Mid 2002;
-Co-ordinate with national experts the definition of a concept and an implementation roadmap for a European Warning and Information System on network security threats. Mid 2002. In parallel, define with experts an R&D roadmap for FWP6 in the area of Information Infrastructure Vulner abilities;
-FINNET protoype system ready for January 2002;
-EEJNET prototype system for October 2002 to be presented at a EU Conference organised by DG Sanco with DK presidency;
-Vulnerability test laboratory further developed and tests conducted on evaluating vulnerabilities to online Citizens.
Summary of 2001 Deliverables: 31/12/2001
-Workshop "Privacy and Identity in the Information Society: Emerging technological challenges";
-Workshop and establishment of the working group on Information Infrastructure Vulnerabilities;
-Workshop on European Warning and Information System for network security threats;
-Benchmark test lab prototype for Internet filtering tools;
-Cyber crime forum prototype system;
-Prototype test lab for analysing vulnerabilities and privacy risks of the online Citizen and training session on use of tools.
Output Indicators and Impact
-EU research community, FWP 6 road mapping and networking;
-New EU policy implementation in the areas of privacy protection and fight against cyber crime;
-Implementation of specific action lines in the eEurope action plan.
Summary of the project
The JRC provides Scientific and Technical support to conception & implementation of EU policy in specific areas of cyber security that fall within the competence of the EC. Focus of the JRC work will be on the concerns of citizens and consumers in cyberspace.
JRC work areas cover Citizen's online privacy and identity protection, the prevention of cyber crime, consumer eConfidence building measures and analysing information infrastructure vulnerabilities that create risks to the Citizens
These policy issues are defined in: eEurope Action Plan, Consumer protection with in particular access to justice and fair redress on the Internet, EU data protection directive, European Commission Action Plan on promoting safer use of the Internet, EU IST programme, Cyber-crime: EC Communication, G8.
EU policy in the Information Society is increasingly based on a model that strikes a delicate balance: it stimulates economic growth and innovation but also provides safeguards for matters of public interest and citizen concern, in particular for building public confidence. The JRC is fully aware that, although responding to specific customer demands from policymaking DGs, this project only covers a small proportion of the information society challenge that is vast and populated by powerful industrial players.
However in its niche area, the JRC has a unique dimension and can provide added value in particular when combined with appropriate networking with EU organisations. Therefore, networking is a key issue that will be further developed during 2002.