Skip to main content

Development of the CYBER crime and CYBER terrorism reseach ROADmap

Final Report Summary - CYBERROAD (Development of the CYBER crime and CYBER terrorism reseach ROADmap)

Executive Summary:
Cyber criminal activities are reported to be continuously growing and are negatively impacting the development of the European society and economy, and are pervasively affecting all the aspects of our daily lifes. Even though the level of awareness of cyber threats has increased, and Law Enforcement acts globally to fight against them, illegal profits have reached unsustainable figures. In addition to the economic reasons, however, cyber crime often hides other political and social motivations.

CyberROAD bridges this gap by drawing together a wide network of expertise and experience, to address cybercrime and cyberterrorism from a broad perspective. CyberROAD aimed to identify the research gaps needed to enhance the security of individuals and society as a whole against forms of crime and terrorism conducted via and within cyberspace. This research addressed current technologies to some extent, but its main challenge has been to anticipate tomorrow’s world of interconnected living, in particular the dangers and challenges arising from the further incorporation of the digital world into our offline life.

The project has been implemented by a consortium consisting of 20 international partners, involved in the fight against Cyber Crime and Cyber Terrorism. Members include representatives from Academia and Research, Industry, Government and NGOs across Europe.

In order to help coordinate the European efforts in the fight against cyber crime and cyber terrorism, the CyberROAD project has identified 19 research topics on which Europe should concentrate resources to increase its security and resilience, organizing them in strategic roadmap for Cyber Security Research.

The roadmap developed within the project encompasses all the aspects which may contribute to
reach this goal, from the development of better and more robust technologies for prevention, detection and mitigation of the attacks, to the legal and forensics aspects concerning the fight against cyber crime and cyber terrorism, up to the need of developing better methods to measure and to analyse the phenomenon and make the citizens more aware of it.
The roadmap is the final outcome of a process of information collection and analysis, during which the existing literature has been deeply analysed, public events and interviews with the relevant stakeholders have been organized in order to grasp the future challenges which our society will be called to face in the forthcoming years. A ranking methodology has been also applied to the devised research topics which allows to obtain different views of the research roadmap tailored on the needs of the different stakeholders which may be interested in the project outcomes.

Project Context and Objectives:
The main objective of the CyberROAD project has been to develop a research roadmap for cybercrime and cyber-terrorism”. This roadmap has been built through an in-depth analysis of all the technological, social, legal, ethical, political, and economic aspects on which cybercrime and cyber-terrorism are rooted.
To achieve the goal, the CyberROAD consortium had originally committed itself to:
- undertake a broad and detailed analysis of the technical aspects behind cybercrime and cyber-terrorism, covering not only the approach of technology as a flawed element exploited by the attackers to reach their objectives but also the viewpoint of technology as a fundamental enabler for cybercrime and cyber- terrorism
- to analyse the economic, social, cultural, legal, and political factors from which cybercrime and cyber-terrorism arise.
- To study Cybercrime and Cyber-terrorism in the context of the technological and social scenarios described above:
- investigating their current status and the existing best practices;
- categorizing them on the basis of the players involved, their skills and motivations;
- identifying stakeholder needs, both through the direct expertise and know-how of the CyberROAD consortium and through the means of the large network of contacts of the CyberROAD members.

The whole process has been driven by a sound scientific roadmapping methodology which the consortium has developed in the context of WP2 and reported in D2.2. The methodology built on state-of-the-art methodologies and guidelines, as well as related projects, adapting them to the specific characteristics of cyber- crime and cyberterrorism.

Project Results:
The CyberROAD project was organized along 7 different WorkPackages:
- WP1 – Project Management
- WP2 – Scientific Coordination
- WP3 – S.E.P.L. Scenario
- WP4 – Technological Scenario
- WP5 - Cybercrime
- WP6 – Cyber-terrorism
- WP7 – Dissemination

Technically, WP3 and WP4 had the purpose to provide the background on which WP5 and WP6 made the analysis of Cybercrime and Cyberterrorism. WP2 ensured the scientific coordinator and WP7 ensured the involvement of all the relevant stakeholder, both as sources of information for the development of the roadmap and as target for the dissemination of the project outcomes. WP1 ensured the administrative and financial management of the project.

More in details, the the purpose of CyberROAD’s Work Package 3 has been to map out the social, economic and legal research topics that are most salient for future cybercrime and cyber terrorism research. The key achievements of this work package are:
• The development of a social science-informed cyber crime taxonomy; and
• The identification of a number of research gaps in the cyber crime and cyber terrorism research programme.
This work package initially surveyed the state of the art in social, economic and legal research of cyber crime and cyber terrorism. It then designed a social science -informed taxonomy of cyber crime along three dimensions: socio-economic cybercrime, person-centered cybercrime and geopolitical cybercrime.
By using this taxonomy identified a number of cyber crime and cyber terrorism research questions that need to be addressed in future research programmes have been identified.
The research questions can be summarised as:
• How should cyber crime be quantified and economically evaluated?
• How can cybercrime be defined and agreed upon on an international level?
• Is trust possible in the digital age?
• How can cyber crime interventions be evaluated?
• When can communications be legally intercepted?
These research questions were synthesised needs were synthesised with the research questions to identify research gaps that needed to be addressed by future cyber crime research programmes.
The research gaps were presented in Deliverable 3.3. A summary of these gaps are as follows:
• A comparison of all available data sources on the quantification of cybercrime.
• Studies to identify the reasons for convergence and divergence in the international regulation and governance of cybercrime.
• Studies to fully establish the extent of international standards and benchmarks in cybercrime metrics.
• Studies to better understand how trust contributes to an individual’s security in the digital era.
• Studies to develop models of security based on principles of inclusion rather than exclusion. Such studies need to develop a deeper understanding of the role of public sector/private sector/government/governance in information sharing.
• Studies to evaluate the return on investment on cybercrime interventions need to be undertaken.
• Studies to determine internationally agreed principles of lawful interception.
As already mentioned, Work Package 4 provided instead a technological perspective on cybercrime and cyber-terrorism. In particular, the main objective of D4.1 has been to describe current and emerging technologies, trends, and paradigms suitable to be considered as a general scenario background, where subsequent CyberROAD’s tasks and deliverables could build upon. In fact, such trends and paradigms can be thought of as a starting point to be further enhanced to identify domain-specific scenarios and views, including those particularly focused on cybercrime and cyberterrorism. As per details outlined in the DoW, D4.1 covered trends, paradigms, and emerging technologies as well as traditional and out-dated ones: from desktop environments to the new generation of smartphone, and from management software to real-time embedded software, just to name a few. All the technologies outlined in D4.1 can be considered as potential targets towards which current or emerging offensive action can be directed. In fact, the “threat-catalogue” for CyberCrime and CyberTerrorism will build on the outcome of this deliverable. The deliverable D4.2 “Security analysis of new and emerging technologies” aimed at reviewing the risks that emerge from upcoming technologies. These technologies are either in the process of a widely adoption or they will be adapted in near future. In order to evaluate the impact on the user’s security and risks, document firstly focused on different aspect of the affected assets. Those aspects include the extent of affected entities and their type as well as their criticality, ranging from financial loss to physical harm or danger of life. From there on, deliverable devised related risks by evaluating the key assets of those technology that are particular vulnerable and hence need to be protected. Eventually it identifies potential attack scenarios including the involved type of attackers, their motivation as well as the likelihood of such an incident to give an estimate about the security risks related to the technology under review.
The deliverable D4.3 analysed the main vulnerabilities and threats in Critical Infrastructure. Each scenario in D4.3 is analyzed taking into acount the following issues:
1. Criticality of the service/infrastructure
2. Scope: local, regional, national or international.
3. Interdependencies with other CI.
4. Assets categories and Threats
5. And finally, the security challenges for each scenario.
The deliverable D4.4 was aimed at analyzing the map of offender profiles in order to relate each of them with the scenarios depicted in deliverable D4.1. That way, the picture of the technological scenario will enrich finally the viewpoint of the reader by mean of providing the offensive point of view.
WP5 (Cybercrime) comprised four main tasks containing six deliverables providing for specific individual aspects of the broad topic of cybercrime with the aim of identifying major research gaps meritorious as topics for the CyberROAD roadmap. The four tasks reviewed first the stakeholder needs (T5.1) provided a survey on current and existing best practices (T5.2) provided a taxonomy of cyber-security solutions (T5.3) and finally identified the research gaps. WP6 (Cyber-terrorism) had a specular organization, with a focus on cyber-terrorism instead of cybercrime.

A major quantitative analysis of the threats faced by stakeholders was provided via the CyberROAD Cybercrime Survey, circulated to interested stakeholders across target groups ranging from subject specialists in industry and academia, policy makers, law enforcement, hosting providers and knowledgeable IT users.
In total 2,200 English or Polish speaking stakeholders, in the EU and 20 other countries, responded to the wide-ranging, Delphi-based, survey questions.
The findings provided a snapshot of cybercrime-related, real-life experiences across a diverse landscape of technology-enabled scenarios. Areas of research, that are sometimes overlooked, were explored in this series of surveys through the actual experiences of the participants.
These contributing evidences helped to form the basis of academic papers and publications presented at the ARES Conference in 2015 ‘2020 Cybercrime Economic Costs: No Measure No Solution’ and published by IEEE and to the Springer publication ‘Combatting Cybercrime and Cyberterrorism’.
The challenges of harmonising different existing standards across diverse sectors within a large industry area was explored through an overview of the state-of-art in technical and organisation best practices (D5.3 and D6.3). Levels of collaboration in the public and private sectors, law enforcement and research groups were examined within these deliverables.
A taxonomy of cybercrime and cyber-terrorism is fundamental to understanding what are the threats, how big is the problem and what are the possible solutions. Precisely, the CyberROAD taxonomies (D5.5 and D6.5) provided a categorization of the attacks, including attackers’ goals and motivation, and of the related defense solutions. The taxonomies were not intended to go into details of the specific solutions or attacks, but is instead devised to provide a general and unified formalism which can be used to describe almost any cyber attack, either in the Cybercrime or in the Cyberterrorism field. The effort of the CyberROAD consortium with taxonomies mostly concentrated in bringing together some relevant building blocks from the literature (either scientific or not) in this field, instead of developing from scratch a brand new taxonomy.

In combination the analysis carried out in WP5 and WP6 revealed a number of prevailing research gaps. This information enabled the forecasting of near-future trends and related threats in cybercrime and made a valuable contribution to the final CyberROAD roadmap. In order to identify gaps, a comprehensive approach was adopted as part of the CyberROAD research roadmapping methodology development. 10 scenarios describing different aspects of technological, social, economic and political factors that influence cybercrime and cyber-terrorism were identified and split into more specific topics called views. Each view was then analyzed in terms of cybercrime and cyber-terrorism related threats, current defences, future threats and future defences. By comparing these, we were able to propose future cybercrime research topics to combat the gaps.
All the activities have been coordinated by WP2 which has been responsible for the Scientific Coordination all along the project.
This Work Package was structured in the following, distinct activities:
• Definition of the Guidelines for information collection and assessment.
• Investigation and selection of the most adequate roadmapping methodology to be applied for the coordination of all other work packages in the project.
• Risk assessment and related ranking methodology.
• Collection of inputs from the other work packages (WP3, WP4, WP5 and WP6), processing of this data to create the Final Roadmap that was presented to the European Commission.

The activity aiming at defining the guidelines for information collection and assessment was the first one started in the project, right after its kick-off, and produced a deliverable that represented a cornerstone all along the project, characterizing the problem space, defining the “common terms” to be used by all project partners, and last but not least setting the direction used by the other work packages on social and technical aspects as well as cyber-crime and cyber-terrorism.
Another important foreground activity in WP2 was the study and survey on available methodologies suitable to define a roadmap to conduct cyber-security research. Starting from this survey, an original roadmapping methodology fitting the needs of the CyberROAD project was developed, based on which the activities carried out during the second year of the project have been driven.

The ultimate foreground of WP2 is surely represented by the Final Roadmap, the key deliverable of the whole FP7 CyberRoad project. The creation of the Roadmap required the project partners to identify a set of Research Topics obtained from the clustering of coherent research gaps and of the associated Research Actions required to address them. The research Actions have been organized into coherent Research topics that have been ranked and prioritized. Finally, efforts have been invested into the development of a graphical, efficient user interface, which led to a web-based representation of the previously mentioned information in a use-friendly and easy to use dashboard, which can be found together with a supporting video explaining the project and its foreground activities.

A side activity, requested by the EC during the MidTerm review event in Brussels, has been the collection and harmonization of inputs from the parallel projects CAMINO and COURAGE.

Potential Impact:
CyberROAD research efforts culminated in the development of a comprehensive roadmap for cyber crime and cyber terrorism research, aiming to improve Europe’s resilience to persistent as well as novel cyber threats. The CyberROAD roadmap categorised actions leading up to 2020, in 18 ranked research topics, presented as an interactive, web-based map in order to improve navigation among topics and user engagement. The interactive version of the roadmap gained a lot of page views in the first week of being online, improving the dissemination of project results and providing a more immediate way for the general public to access research results.
The interactive web page allows users to view results per category directly, download individual documents or the entire roadmap. The topics are ranked according to urgency in mitigating the associated risks. The height of each “skyscraper” or the star rating provides an easy way to visualise the research priorities in the area of Cyber Crime and Cyber Terrorism research. A list view is also available, showing the total ranking results of all topics.
The project results were also presented in a variety of events (scientific conferences, trade shows, exhibitions, B2B events etc.) in order to maximize the diffusion of CyberROAD knowledge. Furthermore, the CyberROAD surveys allowed a variety of stakeholders to directly influence the project results, by providing a means to collect feedback as structured data, taking into account the views of academia, research, consumers, end users, law enforcement, commercial stakeholders, cyber security practitioners, policy makers and telecommunication providers. The surveys were distributed in a variety of formats: project website, a dedicated website, announcements via social media, and prompting by email to interested parties.
The surveys managed to provide an insight into the impact of cybercrime on stakeholders, achieving a major goal of the project, and serve as a primary contributor to the concluding CyberROAD roadmap, i.e. what areas of technological and social research should the EU invest in. Additional information on the survey results and the individual research topics were also disseminated throught the project website and social media accounts, making the results of this activity accessible both to the public and to the survey participants. A dedicated survey report is freely available in the CyberROAD website.
CyberROAD workshops and events were also instrumental in getting feedback on project activities and validating the project methodology. The presentation of the roadmapping methodology in diverse stakeholder groups, the general public, the scientific community, offered an opportunity to further scrutinise CyberROAD activities. The feedback gathered during events and workshops organised or attended by the consortium, was significant, although less structured compared to survey results. Figure 2 illustrates how the CyberROAD workshop plan contributed to the specific needs of the project towards the final outcome.
The first workshop revisited the roadmapping methologies that were defined by CyberROAD. Practical examples were presented and discussed. The practical exercise was considered a very positive effort and an important part of the workshop, allowing the harmonization of the project activites and allowing the external participants to fully understand and review the scope of the CyberROAD methodology Through individual reports and publications, the CyberROAD methodological approach was made freely available to the public.
During the Hellenic Forum workshop and FCCT, consortium members were able to further discuss the methodology and the project’s key results with representatives from Research/Academia, Industry, Government and SMEs. The audience provided input on what their specific needs and concerns in terms of Cyber Crime and Cyber Terrorism are, and offered examples of future scenarios to be considered. Furthermore, the CyberROAD surveys were disseminated to a larger audience, further increasing the participation and improving availability of survey data. Relevant material from the First CyberROAD workshop is included in Appendix D, as well as in the individual report.
The second CyberROAD workshop in Vienna addressed the identified need to harmonise the suggested taxonomies and show how Social, Ethical, Political, Legal analysis fits within the CyberROAD methodology in a more formalized way. Furthermore, the Vienna focused on harmonizing the methodology with CAMINO and COURAGE. The Joint Workshop in the Hague allowed all sister projects to present their joint results to a broad audience.
Finally, the CyberROAD final event presented the final roadmapping results to a larger audience. The interactive site was presented, along with the CyberROAD methodology, the survey results and examples of the gap analysis performed within the project. Joint research results were also presented during the final event and invited speakers, external to the consortium, were able to comment and participate in a round-table discussion.
Within Task 7.2 Liaison Database, CyberROAD identified a major gap in the process of stakeholder analysis. Most work on stakeholder analysis is focused on projects undertaken by single organisations or provides a more generic view on stakeholder impact. Within CyberROAD, we provided a stakeholder analysis that is tailored to the needs of a multi-entity consortium in the context of EU-funded research. Rather than using social media just as means to communicate and engage stakeholders, CyberROAD leveraged the project social media accounts in order to crowdsource data for a detailed, yet anonymised, stakeholder mapping.
Taking into account the results and the feedback gathered, we surmise that CyberROAD dissemination activities managed to accomplish the intended goals and particularly succeeded in:
• Explaining the main achievements of the project to a variety of stakeholders and the public;
• Providing an overview of the risk assessment and research topic ranking methodology with practical examples and receiving feedback on the overall methodology;
• Harmonising all CyberROAD activities with the proposed methodology and with stakeholder needs;
• Allowing participants to workshop activities to apply and exercise the methodology and provide their own examples of future scenarios;
• Presenting the methodology and putting it under the “scrutiny” of a large audience independent from the consortium.
Through the individual published reports, the scheduled and targeted dissemination activities and the participation to or organization of multiple events and workshops, CyberROAD made certain that research results would be always publically available. Dissemination material that was produced for the project, targeted scenarios that interest the general public, as expressed during CyberROAD events and through the project’s social media.

List of Websites: