Comprehensive Approach to Increase Cyber Security and Resilience

CAMINO Roadmap and Research Agenda

Micha� Chora�12

1 ITTI Sp. z o.o., Pozna�, Poland mchoras@itti.com.pl

2 University of Science and Technology in Bydgoszcz chorasm@utp.edu.pl

Rafa� Kozik12

1 ITTI Sp. z o.o., Pozna�, Poland rkozik@itti.com.pl

2 University of Science and Technology in Bydgoszcz rkozik@utp.edu.pl

María Pilar Torres Bruna Everis Aeroespacial y Defensa sl,

Madrid, Spain maria.pilar.torres.bruna@everis.com

Artsiom Yautsiukhin Consiglio Nazionale delle Ricerche

Pisa, Italy artsiom.yautsiukhin@iit.cnr.it

Andrew Churchill CBRNE Ltd

London, United Kingdom andrew.churchill@cbrneltd.com

Iwona Maciejewska DFRC AG

Bern, Switzerland iwona@dfrc.ch

Irene Eguinoa S21sec

Pamplona, Spain ieguinoa@s21sec.com

Adel Jomni Université de Montpellier

Montpellier, France adel.jomni@gmail.com

Abstract— In this paper the initial results of the European project CAMINO in terms of the realistic roadmap to counter cyber crime and cyber terrorism are presented. The roadmap is built in accordance to so called CAMINO THOR approach, where cyber security is perceived comprehensively in 4 dimensions: Technical, Human, Organisational, and Regulatory.

Keywords— cyber security, cyber crime, cyber terrorism, roadmap, project CAMINO

I. INTRODUCTION The major goal of the CAMINO project is to provide a

realistic roadmap for improving resilience against cybercrime and cyber terrorism. In other words the project should answer the question where should taxpayer money be invested for research purposes. We indicate what research directions could tackle the problems and mitigate the gaps in countering cyber crime and cyber terrorism in a timescale up to 2025.

The consortium uses a holistic approach, analysing functions and capabilities addressing technical and human issues which are inter-related with legal and ethical aspects. We follow so called CAMINO THOR approach where cyber security is perceived comprehensively in 4 dimensions: Technical, Human, Organisational, and

Regulatory. In each of the dimensions some items are proposed for the roadmap.

The project consortium has a very practical approach, with most partners being SMEs with a good understanding of what is realistic and practical and with an interest in finding a constructive roadmap that will complement LEA and research organisations - without creating a bottleneck of problems and obstructions. More information about the project can be found at: www.fp7-camino.eu/.

In this paper the initial roadmap from March 2015 is presented. The final roadmap will be delivered in March 2016, after year-long consultations in order to reach wide consensus.

This paper is structured as follows: in Section 2 CAMINO THOR approach is overviewed. In Section 3 the results of our analysis of the current situation with regards to cyber crime and cyber terrorism (technologies, challenges, needs) are described. In Section 4 CAMINO roadmap (initial version) items are presented. Each dimension item is shortly described and also the figures showing actions and their timeline are presented. Conclusions are given thereafter.

2015 10th International Conference on Availability, Reliability and Security

978-1-4673-6590-1/15 $31.00 © 2015 IEEE

DOI 10.1109/ARES.2015.30

686

II. CAMINO APPROACH

Our approach for the CAMINO roadis based on the THOR concept. THOR dfoundation of the CAMINO roadmap sco

THOR dimensions address the follow

• (T)echnical – related to techtechnological approaches and solused to fight against cyber terrorism,

• (H)uman – related to human faaspects, privacy issues, as well asand knowledge of society with crime and terrorism threats,

• (O)rganisational – related to procand policies within organisaticooperation (public-private, publiorganisations,

• (R)egulatory – related to lstandardisation and forensics.

Visualisation of the THOR approachproject is presented in Figure 1.

Figure 1. THOR approach for the CAM

III. ANALYSIS RESULTS

Current roadmapping initiatives withmain research gaps and challenges weanalyses performed in the initial stage project. This section is focused on the prconclusions formulated in the CAMINOto summarise key areas, technologimpacting cyber crime and cyber terroris

Firstly, we analysed a number oroadmaps (also sector-specific ones), cucompleted R&D projects and internatio[11]. The common aspects that are ddocuments and analysed in various proje

• Evaluation of system security,

• Identity management,

H dmap development dimensions are the ope and structure.

wing aspects:

hnology, concrete lutions that can be crime and cyber

factors, behavioral s raising awareness

regards to cyber

cesses, procedures ions, as well as ic-public) between

aw provisioning,

h in the CAMINO

MINO project

S h identification of ere the subject of

of the CAMINO resentation of main O WP2 documents gies and threats m nowadays.

of cyber security urrent and already onal strategies [1]-discussed in these cts are:

• Improvements of anamonitoring,

• Security-related informa

• Increasing of the securit

• Standardisation in the fi

• Application of principles,

• Critical Infrastructure Pr

These topics were our starti

CAMINO roadmap scope.

In the early phase of the prorelated to the various classediagnosed that payment systedomain), embedded systems, and systems processing persvulnerable to the cyber crime aTherefore, protection of thesparticular parts (topics and obAlso, means to reduce risks coreflected by the milestones research agenda timeline.

The study about the cyber sthe art allowed us to identify stheir emerging status and mparticularly addressed by the ro

• Cyber fraud prevention

• Denial of Service (DoService (DDoS) Protecti

• Internet of Things (IoT)

• Intrusion Detection Syst

• Advanced Persistent Thr

• Cloud Forensics,

• Cryptography,

• Technical Security Stand

• Big Data Security Analy

• Cloud Security.

Finally, in WP2 (and throperformed a number of surveyswith experts from different security and the fight againsterrorism.

IV. CAMINO RIn this section we present t

into four THOR dimensions. Inproposed in the roadmap ardimensions and for different 2017), medium- (until 2020) 2025).

alytical tools for security

ation sharing mechanisms,

ty awareness,

eld of cyber security,

Security/Privacy-by-design

rotection.

ing point while defining the

oject we analysed also risks s of assets. In result, we

ems (financial and banking cloud computing services

sonal data are particularly and cyber terrorism threats. se assets is addressed by bjectives) of this roadmap. onnected to these assets are

defined in the proposed

ecurity technologies state of everal key areas that due to maturity level should be

oadmap. Those are:

technologies,

S) / Distributed Denial of ion,

Security,

tems,

reat (APT) Detection,

dards,

ytics,

ough WP3 workshops) we s and face-to-face interviews sectors related with cyber st cyber crime and cyber

ROADMAP the Roadmap topics divided n Figures 2 - 5 the activities re presented for each of

time spans: short- (until and long-perspective (until

687

A. Roadmap Topics – Technical Dimens1) Strengthening/Adapting emerging

analysis and cloud security/forensics Cyber attacks may not be visible in

to their nature or intensity (e.g., amouintroduce). Therefore, recently techniqutools have been adapted. The recent rethe deep analysis of large volumes of dadifferent segments of IT networks) has aof revealing interesting patterns. This cadapted to many cyber security areadetection, botnets detection, malwares aninfection, network intrusion detection sys

2) Security assurance - imauthentication and authorisation, trust information sharing

The IT world becomes more dynamheterogeneous. This evolution impliechallenges, especially for security assurafor authentication, authorisation and thave to deal with lack of pre-defined trusbe ready to establish new relations on testablishing such relations requires reabout previously unknown parties. This oapplied to security, in order to ensuroutsourced business will not be compromis under control of partners. In orderinformation about occurred incidents sThe shared information can be usedassessment of security of an organinsurance policy and strengthen the secuas a whole.

F

sion g tools - Big Data

a small scale, due unt of traffic they ues using big data esearch shows that ata (received from a unique capability concept is recently as, namely: spam nalysis, web-based stems.

mprovements in management and

mic, distributed and es novel security ance. New methods trust management st assignments and the fly. Moreover, eliable knowledge observation is also

re the clients that mised even when it r to achieve this, should be shared. d to get correct

nisation, issue an urity of the Internet

3) Improving preparednesstesting capabilities

One of the most importanevery product, system or eveguaranteeing fundamental charaor availability in any system, one, is an essential part of revconfidence in their system, prfocused on maintaining and needed, and the most effectsimulation processes. Conceptscyber exercises between compawareness of not only cyber sbut also of the rest of the stapromote and encourage thenecessary actions, proper regulbe made and discussed, and thprepared environment to benefi

4) Countering cyber crimPersistent Threats and cyberdevices and social networks

Nowadays, one of the mcountering cyber crime is largeof malware samples. Evolutmalwares and botnets (e.g. architectures) are also factors tthe research communities to mcyber crime. This is particularlylimitations of existing signmalware detectors. On the othealso mobile devices, and in tmicro devices (now not often that will be exposed to cyber growing popularity of IoT (Inte

Figure 2. Roadmap activities – Technical Dimension

s - security engineering and

nt and demanded aspects in en organisations is quality; acteristics such as reliability moreover if it is a security vealing the developer team roduct. Therefore, activities improving this quality are tive ones are testing and s such as automated tools or panies will help to raise the security responsible people, ff. And finally, in order to realisation of all these lations and standards should hus achieve a desirable and it all these good practices.

me - botnets, Advanced r crimes affecting mobile

main challenges affecting e and still increasing amount tion and changeability of new, fast-evolving botnet

that should be addressed by more effectively fight against

y important in the context of nature-based scanners and er hand, cyber crime affects the near future will affect connected to the Internet), attacks in conjunction with

ernet of Things) concept.

688

B. Human activities overview 1) Development of Training and AwaOne of the most fundamental aspe

society’s defences against cybercrime, against any other new and evolving threathe users and subjects of it are properly knature of the threat itself and the underthe defensive steps being taken to mitigat

Whilst almost all new legislatiaccompanied by training and awarenesstheir lifecycle, few technological chaincorporate this vital feature into their owis true both of the new possibilities opgreater online access to data, but also rolled out to support the intended security

2) Utilising Privacy Enhancing TechWith surveillance powers and techniq

topic, both from the perceived excessquarters and the inadequate interpretaevidence in others, the roadmap towarimplementation of Privacy Enhancinginexorably entwined with the developmelegislation, and the regulatory interpretat

In particular DPR, eIDAS, and PDirective 2’s early adoption througintroduce requirements for the adoptionEnhancing Technologies), albeit througundetermined techniques or technologiesof their formal ratification into EU legislation. These advance regulatory roainteresting, and often unexpected, set othe organisations handling sensitive perso

3) Appropriate use and re-use of DaUnder a range of current regulati

standards, across a wide and varied ranguse of data is frequently, but not univerthe use originally intended when data waalso face a range of opt-ins or opt-ousubsequent re-use, of this data. The advemade the search for new uses of data

Figure 3. Roadmap activities – Human Dimension

areness tools ects of improving as with protecting at, is to ensure that kept abreast of the rlying rationale of te it.

ive changes are strands as part of anges sufficiently wn roadmaps. This pened up through to the tools being y behind them.

hnologies ques a very current sive use in some ation of available rds more effective g Technologies is ent of forthcoming ion of these.

Payment Services gh SecuRe Pay,

n of PETs (Privacy gh the adoption of s, even in advance or Member State admaps provide an of requirements to onal data.

ata ions and industry e of industries, the rsally, restricted to as collected. Users uts to the use, or ent of big data has a held on existing

systems a growth industry (sebut there are strong Human athrough this re-use. The applicsets for LEA purposes has cauRoadmap will provide pointersbe addressed and to what timesc

C. Organisational activities ov1) Adapting organisations

of the Internet and Cybercrime/Nowadays, the competitiv

company may receive an attaplanet. Now, not only the combe interested in the intellectinformation. Therefore, modifferences between countries consequence organisations shouprotect their assets and intellectTherefore, organisations neeregarding cybercrime and protglobally and cooperate to worldwide.

2) Introducing Cyber secuneed

The use of new technologoffice and at home, at professitime, for children and adults,public sector, with banks, supeMoreover, these different scopsuch as BYOD (Bring Your Omore popular every year,professional area. Therefore, cyin terms of securing all aspectmust be introduced as a new cu

ee under Technical, above), and Ethical concerns raised cation of these existing data used some debate, and our

s to those issues that need to cale.

verview to the cross-border nature

e/Terrorism veness is global, so any ack from anywhere of the

mpanies that are closely may tual property or company

ost important Regulation should be known, and in

uld be aware of this fact and tual taking this into account. ed to think cross-border tect their networks thinking improve the IT security

urity as a society culture

gies is now present in the ional level but also for free , and also to interact with ermarkets and online stores. pes overlap, and initiatives Own Device) are becoming mixing personal with yber security is now crucial ts in the day-to-day, and it

ulture need.

689

3) Promoting EU Institutional support to Generic Challenges and Obstacles at the Enterprise / Company / SME Level

A common / unified institutional support is needed to promote changes at the Enterprise / company and SME level. The creation of an experts committee at the request of the main involved countries would contribute to overcome these obstacles and challenges at a European level. In addition, an information sharing platform would help the approach and collaboration of every interested party, making quick and efficient ideas/problems sharing possible. This support will assure the minimum protection needed in these organisms.

D. Regulatory activities overview 1) Investigatory Powers in intra-jurisdictional &

trans-border cases Steps must be taken to adequate investigatory powers,

as well as their use by LEA (Law Enforcement Agencies) members, to cyber-enquiries: the pace of regulatory reforms, the balance between abstraction and concretion of the investigatory powers and the need for a training policy are to be taken into consideration. Effectiveness of international cooperation in trans-border cases, paramount to successfully prosecute cybercrime, may be augmented in the years to come if the EU takes advantage of the shift in the views on reciprocity issues by key players such as China. Then again, improved data exchange between EU and National LEA’s comes not without a risk for Fundamental Rights, one of the keystones of European culture: efforts must be made in order to find a regulatory and technical framework allowing to juggle augmented data exchange capabilities and respect of Fundamental Rights.

2) Interoperability of Common and Roman Law Having noted the transnational and intra-jurisdictional

nature of cyber crime, one of the key factors to determine in gaining a better understanding of where such crimes might best be prosecuted. Over and above the differences in the definitions of offences, or admissibility of evidence, consideration also needs to be given as to whether there are any noticeable advantages or disadvantages associated with the underpinning legal framework. Our regulatory roadmap will seek to identify such differentials taking account of potentially speedier developments in some international fora, such as Interpol.

3) Civil and Criminal Courts forensics/admissability/evidential standards At present, there exists a wide variety of standards and best practices for information security and digital evidence gathering. This variety hinders the adoption of common standards and procedures which lay strong foundations for a cooperative and effective fight against cyber crime and cyber terrorism at pan-European level. This type of crime is particularly decentralised and not restricted to any frontier, and the admissibility of digital evidences in Courts is still sometimes dependent on case-by-case analysis by experts who lack a common reference framework. Thus, the challenge is to achieve common understanding and adapt accordingly the current Member States criminal procedures. The achievement of a European Forensic Science Area has become a priority for the European Union. Last but not least, the respect for fundamental rights and freedoms of citizens must always be kept as a basic and key principle.

4) Identity/Authentication Standards for Data Protection across borders

A majority of classes and applications of Cyber Crime and Terrorism contain a misrepresentation of identity or attempt to authenticate for access to goods or services that the attacker has no legitimate use to. There currently exist a plethora of standards to identify and authenticate a genuine user is who he or she claims to be, and their access rights in the given circumstances. At present there is no interoperability of these, and poor controls over the degree to what constitutes ‘strong authentication’ sufficient for each application. Within the European Union, however, the eIDentity, Authentication & Signatures Regulation, launched in October 2014 seeks to address this. Our Roadmap will take account of the timetable for its implementation, and the necessary external steps necessary to ensure best effect can be taken from it internationally. Equally, with the payments industry now being required to look at early adoption of the Second Payment Services Directive (PSD2), the Identity/Authentication roadmap has moved forward dramatically for one of the key cybercrime asset classes, and one of the most likely candidates for higher level eIDAS requirements. The European Central Bank and European Banking Association’s announcement on 19th December 2014 that Secure Retail Payment (SecuRe Pay) Strong Authentication requirements would be put in place from 1st August 2015, several years in advance of PSD2’s expected ratification, let alone mandated implementation, goes to show how quickly cybercrime and the standards to address it move.

690

Fig

F

V. CONCLUSIONS In this paper we presented the cyber

agenda (the CAMINO roadmap) suggestions related to the future efforts cyber crime and cyber terrorism. The roon four key pillars of cyber security rethe main objectives, problems, challengstakeholders from each dimension: TOrganisational and Regulatory. These constitute the CAMINO THOR approacthis roadmap, as well as for other rperformed during the whole project.

gure 4. Roadmap activities – Organisational Dimension

Figure 5. Roadmap activities – Regulatory Dimension

r security research specifying our

in fighting against oadmap is focused esearch, presenting ges and associated

Technical, Human, four dimensions

ch that is basis for research activities

Each of four THOR dimenthe roadmaps following the sampriority areas (topics) in THOdefined. In general, there aCAMINO roadmap. Topics focused on big data and forensauthentication/authorisation engineering and testing capabileffective fight against malw(Advanced Persistent Threemphasises need for mechanismof personal data and for traininawareness. Topics from Orroadmap are focused on sociecyber security, on adaptation

nsions has been described in me structure. Firstly, the top OR dimensions have been

are 14 key topics in the from Technical part are

sic aspects, improvement of mechanisms, security

ities, as well as on means to ware, botnets and APTs eats). Human dimension ms regulating use and reuse

ng and raising cyber security rganisational part of the etal and cultural aspects of of the organisations in the

691

light of international nature of cyber terrorism, as well as on cooperation betw(e.g. SMEs) and supporting EU insRegulatory dimension are composed topics: investigatory powers aspects, iCommon and Roman code law, forensstandards, as well as standards for databorders.

For each topic, the roadmap speciobjectives with assigned milestones and those milestones.

Totally, we have almost 60 objectivmilestones that are considered as mresearch agenda, leading to more effeccyber crime and cyber terrorism until 20roadmap structure is presented in the Fiare additions planned for the second yeaduration).

Figure 6. Structure of the CAMINO r

Our idea is to assure wide consensus the CAMINO roadmap suggestions withand stakeholders groups.

Therefore, the initial roadmap will validated with the experts. In particular be presented in the following events:

• CAMINO session at MWC in Bar

• Cyber attacks 2015 conference in

crime and cyber ween organisations stitutions. Finally, of the following

interoperability of sics and evidential a protection across

ifies a number of actions to achieve

ves and about 300 micro-steps in our

ctive fight against 25. The CAMINO gure 6 (red blocks

ar of the CAMINO

roadmap.

and agreement on hin relevant experts

be discussed and it has been or will

rcelona (March),

n Torun (March),

• Closed meeting of CA(April),

• CAMINO-COURAGE (April),

• CAMINO workshop in L

• ICT crime conference in

During the second year duration we plan to specify exiagenda and to add new oneroadmap more complete. In pacross-domain topics, namely: fight cyber crime and cyber cyber security awareness.

ACKNOWLED

This work is partly fuCommission under grant numbThe support is gratefully acknow

REFEREN

[1] U.S. Department of HomelanCybersecurity Research”, Novem

[2] Evangelos Markatos, Davide Roadmap for Systems SecurityProject), August 2013.

[3] NIST (National Institute of StaRoadmap for Improving CriticFebruary 2014.

[4] Perry Pederson, Tim Roxey, JeffCybersecurity of Control SystemSystems Joint Working Group), S

[5] Katie Jereza et al., ”Roadmap to Cybersecurity”, ESCSWG (EnWorking Group), September 201

[6] U.S. Department of Homeland SeSecure Control Systems”, 2010.

[7] Jeffrey Berenson, et al. ”The Roin the Transportation Sector”, TSystems in the Transportation 2012.

[8] Jack Eisenhauer, Paget Donnell“Roadmap to Secure Control SyDepartment of Energy, U.S. DeJanuary 2006.

[9] Seth Johnson, Bruce Larson, “Roadmap to Secure Control SysSector Coordinating Council C(WSCCCWG), March 2008.

[10] ENISA website, National Cyber Available at: http://www.enisa.euCIIP/national-cyber-security-strasecurity-strategies-in-the-world

[11] EU NIS Platform Working GLandscape Deliverable, Jhttps://resilience.enisa.europa.eu/documents/wg3-documents/state-landscape/at_download/file

AMINO with COURAGE

workshop in Montpellier

London (June),

n Szczytno (June).

of the CAMINO project isting points in the research es to make the CAMINO articular we plan to add new

Comprehensive system to terrorism, and raising the

DGEMENT funded by the European ber FP7-607406-CAMINO. wledged.

NCES nd Security, “A Roadmap for

mber 2009. Balzarotti, ”The Red Book: A y Research”, SysSec (FP7 NoE

andards and Technology), ”NIST cal Infrastructure Cybersecurity”,

f Gray, ”Cross-sector Roadmap for ms”, ICSJWG (Industrial Control September 2011. Achieve Energy Delivery Systems nergy Sector Control Systems 1. ecurity, ”Dams Sector Roadmap to

oadmap to Secure Control System The Roadmap to Secure Control Sector Working Group, August

ly, Mark Ellis, Michael O’Brien, ystems in the Energy Sector”, U.S. epartment of Homeland Security,

Dave Edwards, Kevin Morley, stems in the Water Sector”, Water Cyber Security Working Group

r Security Strategies in the World, uropa.eu/activities/Resilience-and-

ategies-ncsss/national-cyber-

Group 3, Secure ICT Research uly 2014, Available at: /nis-platform/shared--of-the-art-of-the-secure-ict-

692