FIA Prague PreparationFIA Prague PreparationFebruary 6, 2008February 6, 2008

Scenario planning approachScenario planning approach

• We cannot predict the We cannot predict the futurefuture

• We do understand the We do understand the drivers and drivers and influencers...influencers...

• We aim to articulate the We aim to articulate the space of possibilitiesspace of possibilities

• ... to develop a strategy ... to develop a strategy that is robust to many that is robust to many possible futurespossible futures

We are here

Our approach for Trust, Our approach for Trust, Security, Privacy in FISecurity, Privacy in FI

• Identify key driversIdentify key drivers

• Describe high level scenario Describe high level scenario

• Illustrate possible outcomesIllustrate possible outcomes

• Describe TSP issues and challengesDescribe TSP issues and challenges

• Develop technical roadmapDevelop technical roadmap

Trust & security scenariosTrust & security scenarios

What if all ICT infrastructure is shared and service oriented?

What if business is dispersed to a global ecosystem of service providers deep process and information integration ?

What if the Future Internet develops into and information economy?

What if people trust devices they own and hold, not services?

What if the future internet is subject to relentless attacks from cyber criminals?

Infrastructure-centric Infrastructure-centric scenarioscenarioIT becomes a service or IT becomes a service or ‘utility’‘utility’• Cost reduction a Cost reduction a

driverdriver

• Green agendaGreen agenda

• Business model Business model issues?issues? After bankruptcies After bankruptcies

of several IT utilities, of several IT utilities, companies realise companies realise these are business-these are business-critical functionscritical functions

• DependabilityDependability

• Security of Security of provisionprovision

• Business modelBusiness model

• Trusted in service Trusted in service providerprovider

• Compartment-Compartment-alisationalisation

Service-ecosystem scenario:Service-ecosystem scenario:Business moves into the Business moves into the cloudcloud• Entire service value Entire service value

chain is delivered chain is delivered through the Internet, via through the Internet, via dynamic composition of dynamic composition of ad-hoc servicesad-hoc services

• Deep integration of Deep integration of process and dataprocess and data

• Dynamic service trading Dynamic service trading through exchangesthrough exchanges

•

• AccountabilityAccountability

• TransparencyTransparency

• Responsibility Responsibility

Where is my data?Where is my data? Who is liable? Who is liable? What is the jurisdictional What is the jurisdictional

state?state? Who controls exchanges?Who controls exchanges? Real world devices?Real world devices?

Information-centric Information-centric scenarioscenarioInformation is the foundation of Information is the foundation of servicesservices• Capture, management Capture, management

and exploitation of and exploitation of data and information is data and information is the foundation for the foundation for servicesservices Issues of privacyIssues of privacy Digital trailDigital trail User generated contentUser generated content Information sensed Information sensed

from the real worldfrom the real world

• Information Information stewardshipstewardship

• User centricityUser centricity

• RevocabilityRevocability

• ScaleScale

• Interaction with Interaction with real worldreal world

Client centric scenarioClient centric scenarioTrust the physical, mistrust the Trust the physical, mistrust the virtualvirtualPersonal information turned Personal information turned

to personal devices, acting to personal devices, acting as mediatoras mediator People trust devices not People trust devices not

servicesservices reaction to years of reaction to years of

breaches, information breaches, information misuse, …misuse, …

User centric positionUser centric position

personal devices personal devices implement separation of implement separation of concernsconcerns

data minimisation data minimisation concept (minimal concept (minimal disclosure)disclosure)

widely accepted by widely accepted by federation of services, federation of services, social networks, social networks,

Enabler of peer-peer Enabler of peer-peer interaction,interaction,

‘ ‘real world’ client real world’ client interactioninteraction

Threat-centric scenarioThreat-centric scenarioThe Future Internet is an unsafe The Future Internet is an unsafe place,.. place,.. • Dependence on ICT so Dependence on ICT so

critical (remember that critical (remember that even today hackers even today hackers keep the networks keep the networks running because it running because it benefits them more benefits them more than tearing these than tearing these down)down) Dark scenario of what Dark scenario of what

would happen if threats would happen if threats such as the Estonian such as the Estonian scenario would take placescenario would take place

• ffuture-proofinguture-proofing against against known and currently unknown known and currently unknown threats and vulnerabilities,threats and vulnerabilities,

• assessingassessing and managing risks, and managing risks, liabilitiesliabilities

• managing managing oversight and oversight and control, control, including at a state including at a state levellevel

• evolutionary and predictive evolutionary and predictive threat modelsthreat models,,

• self-organising and self-healing self-organising and self-healing security mechanismssecurity mechanisms

• ......

Trust & security scenariosTrust & security scenarios

Next stepsNext stepsIdentify Drivers

GenerateMany Scenarios

ConsolidateScenarios

Research Challenges and technologies

We

are

h

ere