I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Research Needs: Information and Communication Technology, including Financial Systems<br />
RESEARCH NEEDS<br />
"HARD" ICT SECURITY Aff ordable hardening and immunisation of civilian critical cores/nodes and system elements<br />
against various kinds of interferences (i.e. mechanical tampering, EMP/HPM eff ects etc.<br />
CYBERSPACE<br />
SITUATIONAL<br />
AWARENESS,<br />
PREVENTION AND<br />
PROTECTION<br />
Development of methods and procedures to detect suspicious web sites<br />
Continued development of anti-virus programmes extended with online<br />
investigation modules for identification of and attribution to senders of messages<br />
Development of international applicable unique interfaces, protocols, connectors<br />
etc. for trusted exchange of sensitive information<br />
Parameterisation methodologies for detection of suspicious cyberspace behaviour<br />
SECURE IDENTITIES Continuing improvement of publicly available encryption/authentication methods<br />
Development of secure protocols and architectures that verify e-identity/-ies<br />
CYBERSPACE FORENSICS Development of capabilities to trace illegal activity in cyberspace back to its origin. In<br />
addition, enhanced detection methodologies and blocking/fi ltering technologies<br />
Enhanced identifi cation processes and investigative tools<br />
EDUCATION AND<br />
TRAINING<br />
Methods for increasing user awareness on the potential risks of ICT-behaviour<br />
2.3.7 Security of Sites (nuclear, chemical, biological, fi nancial, research)<br />
Securing sites linked to critical infrastructures will still represent points of emphasis due to the nexus character of these sites:<br />
They usually off er privileged access to a system, dispersal potential and maybe even varying control functions. The crucial issue<br />
therefore will continue to be limiting access to site and critical infrastructure functions and mitigating disturbance eff ects. Site<br />
security thus will need advanced protective materials (i.e. «smart» materials), real-time sensor data on people on-site, correlation<br />
with zone access rights, behavioural pattern analysis capabilities, tiered data access and control rights, etc. – in short, tight<br />
monitoring of who is on a site and what he/she is allowed to do, and correlating this to actual sensor feeds. Particular sites, like<br />
radiological or bio-labs, will continue to need state-of-the-art containment and decontamination facilities. Where possible, the<br />
area of surveillance, usually beginning at the perimeter and moving inwards, should be extended outwards to access routes.<br />
Here, behavioural pattern analysis could constitute a useful tool in providing advance warnings.<br />
The already technically possible security level is relatively high, with almost all required capabilities existing at least in theory. But the<br />
degree of implementation varies vastly: Where tight regulation is in place (e.g. nuclear or bio-lab sites), standards are generally enforced<br />
and resulting in a comparably high level of security. Gaps identifi ed are therefore in the area of security implementation, and have been<br />
identifi ed for example in the area of hazardous materials detection (CBRNE) and data fusion capabilities in large scale sites.<br />
Research Needs: Security of Sites<br />
DETECTION AND<br />
VERIFICATION OF<br />
INTRUSIONS AND<br />
INCIDENTS<br />
RESEARCH NEEDS<br />
Continuous improvement of novel indicators, moving beyond classic sensor<br />
technologies, for situational awareness and alerting<br />
Extension of surveillance to access routes (while in line with privacy and individual<br />
rights protection)<br />
Psychological research to detect and potentially trigger-reveal malicious intent (i.e. via<br />
bio-/psychosomatic reaction triggers<br />
79