Dirk van Rooy, Ph.D.

1
Perspectives for Trust and Security in the future
Digital Society Scope for actions eGov
Workshop Brussels Public Finances ICT
Solutions using SOA Web Services 19 February
2009 - Brussels

• Dirk van Rooy, Ph.D.
• DG Information Society and MediaEuropean
  Commission

The views expressed in this presentation are
purely those of the speaker and may not in any
circumstances be regarded as stating an official
position of the European Commission.
2
CONTENT

• Context
• Policy basis
• Ongoing Research
• Opportunities
• ICT Programme
• ICT Policy Support Programme

3
Information Society
Agricultural Revolution
Industrial Revolution
Information Revolution
21st
19th
15th
3000 B.C.
Writing
Printing Press
Photography
Internet
4
Digital Wave
5
The Cloud
6
The Knowledge Society
Ubiquitous
Knowledge
Networked
TRUSTTechnical framework for Identity,
Transparency and Accountability in the age of
ambient intelligence ?
Information
Local
Data
PETs Privacy Enhancing Technologies
First generation data protection and legislation
7
The Five Freedoms

• Free movement of
• 1. Goods
• 2. Persons
• 3. Services
• 4. Capital1
• 5. Knowledge2
• 1986 - Single European Act
• 2007 - Green Paper COM(2007) 161
  http//ec.europa.eu/research/era/pdf/era_gp_final_
  en.pdf

8
Future Internet Complexity!
Trillions of components and transactions and
zetta bytes of data

• Scalability
• Dependability
• Resilience

Collaborative Security! End-to-End security and
trust in highly complex networks and
services! Non-functional requirements
(trustworthiness) part of the design and
construction
9
Security, Privacy, Trustin the Information
Society?
Security
Privacy
Trust
10
Democratic Societal Values Endangered Species in
the Digital Age ?
Possible erosion of democratic values. It took
generations to build our democratic values
Europe must foster them and carry them into the
digital age.
11
Service oriented architectureService oriented
infrastructure

• Complex collaborations
• Users systems services
• Heterogeneous access control, dynamic,
  dispersed, dependencies, security policies
• Security is paramount Identity management,
  confidentiality, data protection, privacy, QoS,
  traceability, integrity, policy enforcement

12
The Crisis Data collection and usein the
interest of the citizen
for business, to provide personalized innovative
applications and services for citizens, to
better communicate and interact, improve the
quality of their life (Web 2.0)
for governments to service citizens and business
(e-government, e-education or e-health)
for governments again, to provide public security
(protection against crime or terrorism,
border-control, protection of critical
infrastructures, etc.)
trust, user-control, privacy, security proportiona
lity of data storage/use ??
13
Trust, privacy and security in digital society
role of technology

• The Commission in its First Report on the
  implementation of the Data Protection Directive
• "the use of appropriate technological measures
  is an essential complement to legal means and
  should be an integral part in any efforts to
  achieve a sufficient level of privacy
  protection".

14
7th EU Research Framework Programme(FP7
2007-2013)
Total 50,521 M
Strengthening Competitiveness through Co-operation
15
ICT FP7 - Security Trust in perspective
End-to-end systems for Socio-economic goals
Digital libraries Content
Sustainable personalised healthcare
ICT for Mobility, Environment,
Energy
ICT for Independent Living and Inclusion


Pervasive Trusted Network service
infrastructures
ICT for Cooperative Systems
Virtual Physiological Human
ICT Ageing
Cognitive systems, Interaction, Robotics

Future and Emerging Technologies
Components, Systems, Engineering

Embedded Systems Design Computing
Systems Networked Embedded Control Systems
16
Trustworthy ICTFuture RTD and policy areas

• Trusted Global Identity Framework providing
  global interoperability and enabling informed
  trust decisions on organisations, people, and
  digital entities in the Future Internet. Enabling
  privacy protection in accordance to EU culture
• Transparency and Accountability of data use in
  processes, services and policies in ICT systems
• Sound risk management for enterprises and
  consumers (there is no 100 security)
• Governance based on these principles for law
  enforcement and citizen/infrastructure security

17
ICT Work Programme 2007-0833 new FP7 projects in
Security Trust
110 M
Coordination Actions Research roadmaps, metrics
and benchmarks, international cooperation,
coordination activities
18
Security in service infrastructures 4 projects,
18 m EC funding

• Main RD project priorities
• Assuring the security level and regulatory
  compliance of SOAs handling business processes
  (IP MASTER)
• Platform for formal specification and automated
  validation of trust and security of SOAs
  (AVANTSSAR)
• Data-centric information protection framework
  based on data-sharing agreements (Consequence)
• Crypto techniques in the computing of optimised
  multi-party supply chains without revealing
  individual confidential private data to the other
  parties (SECURE-SCM)

19
User-centric Privacy and ID-Management 6
projects, 35.7 m EC funding

• Main RD project priorities
• Sustainable Privacy and Identity Management in
  Networks and Services Privacy-enhancing identity
  management for life (PRIMELIFE, PICOS, SWIFT)
• Revocable, user-controlled, fingerprint-based
  biometric identities (TURBINE)
• Trusted dynamic and secure services managing and
  processing personal information based on
  user-centric data management policies (IP-TAS3)
• Privacy-preserving network monitoring system with
  data protection (PRISM)

20
The FP7 ICT work programme for 2009-10 Objective
ICT-2009.1.4 Trustworthy ICT ICT Call 5 31 July
2009 3 November 2009
21
Priority areas for Trustworthy ICT in WP09-10
90 M Call 5 (OCT 09)
IPs, STREPs 80 m min 50 to IPs
NoEs, CAs10m
22
Trustworthy Network Infrastructures

• Building and managing the Future Internet
• Monitoring and managing threats
• Trustworthy communication, computing and storage
  (real-time management, virtualisation)
• Experiments and demonstration
• Attention to usability, social acceptance,
  economic and legal viability

23
Trustworthy Service Infrastructures

• Privacy protecting interoperable services on the
  FI
• User-centric, privacy respecting ID for persons,
  things and virtual entities
• Adaptive frameworks for managing trust throughout
  life-cycle
• Experiments and demonstration
• Attention to usability, social acceptance, human
  self-determination and privacy, economic and
  legal viability

24
Technology and Tools for Trustworthy ICT

• Focused technology development
• in the network (control, things, malware)
• for services (ID and privacy mgt tools, risk mgt,
  verification, certification)
• for data management (assurance, integrity,
  availability, risks, long term storage)
• Software assurance, secure software
• enabling technologies (biometrics, crypto,
  trustworthy communication, virtualisation,
  metrics, certification)

25
Networking, Coordination and Support

• Threats and vulnerabilities
• Security and resilience in software and services
• Economics of security
• Interoperable standards, certification
• Legal and societal aspects of technology
• International cooperation

26
ICT Policy Support Programme WP2009 -
Objective 7.1 A European infrastructure for
secure information management

• Focus and outcomes
• Integration of available technologies for secure
  information management systems
• Piloting deployment in public administrations and
  private organisations
• Rationale
• Many technologies for data privacy protection
  exist
• Insufficient deployment, leading to data leakage,
  loss theft
• International standards exist
• Main expected outcomes
• functional pilot, possibly with applications in
  different areas
• under typical real-life conditions transferable
  deployment principles best practices
• contributing to convergence across European
  organisations

27
ICT PSP WP2009 - Objective 7.1 A European
infrastructure for secure information management

• Conditions and characteristics
• Integration of available security technologies,
  techniques, tools, policies and procedures into a
  functional pilot
• Technologies such as encryption, single sign-on,
  strong authentication, role definition,
  distributed data storage
• Combine best available technologies and
  practices, European convergence
• Economic viability for real-life deployment
• Public-private partnerships, solution and service
  providers in ICT security, public admin, private
  data controllers

28
ICT PSP WP2009 - Objective 7.1 A European
infrastructure for secure information management

• Expected impact
• Towards operational and comprehensive secure
  information management in daily work environments
• Limit information loss limit unintended use of
  information promote accountability
• Increase trust in eServices
• Instrument funding
• One pilot project, type B, up to 3 M funding
• minimum 4 eligible legal entities (Member States
  or associated)
• typical duration 24-36 months, with 12 months
  pilot operating service
• Open 29 Jan. 2009 close 2 June 2009
• http//ec.europa.eu/information_society/activities
  /ict_psp/index_en.htm