ENISA: analysis of the research and development priorities of the Cyber ​​sector

(To Alessandro Rugolo)
01/02/19

The European Union Agency for Network and Information Security (ENISA) is the European center of cyber experts. The head office is in Greece, in Athens, while a branch is located in Crete, in Eraclion.
The task of the European Agency is to:
- provide recommendations;
- activities supporting the production of sector policies and their implementation;
- training for citizens, companies and Member States;
- various activities.
On the site it is possible to find information on European studies but also on existing CERTs / CSIRTs or on ongoing research and development studies. Among the documents in this last category made available on the site I had the opportunity to read the "Analysis of the European R&D priorities in cybersecurity", subtitled "Strategic priorities in cybersecurity for a safer Europe" issued last December 2018. I will try in a few lines to give you an idea of ​​what it is and what its importance is and I will make some general considerations about it.

I begin by saying that it is a strategic analysis document. The aim of the document is to identify the cyber risks to which the European company will be subjected and to identify the research priorities that will help to reduce or eliminate them. The aim is therefore to "play in advance".
To do this, the author proceeded to carry out a series of interviews with experts in the field, analyze the data collected together with the experts of ENISA and try to imagine the European society of 2025 from a social, technological and business point of view.
Let's start with the analysis of the "Europa 2025" scenario.

Europe 2025 foresees that the devices connected to the internet are by now the norm, every sector of the society is therefore highly connected. Operators in the sector (energy, transport, banks, digital infrastructures, hospitals) as well as all public administrations and industry provide online services.

In the world there could be about 80 billion connected devices (compared to a population of about 8 billion people). IoT (Internet of Thing) is turning into IoE (Internet of Everything) which in turn influences society. It has become common practice to use wearable devices connected and controllable with the use of the voice. 5G technology enables connection service improvements. Education and training are more effective thanks to the use of new technologies such as augmented reality and techniques gamification.

The company's attention to cyber issues has increased. Many initiatives have been launched that promote the creation of systems and services according to the concept of "security by design".
Unfortunately, social tensions exist between a "cyber aware elite" and a sub-culture of "less aware" workers.

Governments ask citizens to use online services for all administrative services, which implies the use of a digital identity. Very high computational and cloud storage capabilities are now available. Artificial Intelligence (AI) is used for the behavioral analysis of the collected data and to develop services and products more adapted to the needs, unfortunately even the criminal organizations are starting to use them. There is still no clear regulation on the use of AI.
Internet giants have become even bigger and more powerful, and they not only analyze and answer customer questions but guide their choices and desires.
Quantum technology starts to develop ...
I stop here in the description of the scenario, who wants to can find it in full on the site of ENISA.

The ENISA document continues by analyzing the scenario described and then identifying a series of recommendations aimed at reducing the identified risks. The recommendations focus on some aspects of the cyber dimension, in particular:
- promoting awareness of the use of technologies, limitations and risks. The development of systems designed to guarantee data security and privacy. It is also suggested to encourage innovations in the dissemination of knowledge relating to the risks associated with the cyber world;
- encourage knowledge transfer between security experts and the wider academic world; facilitate the teaching of safety principles in computer science faculties; 
- to promote artificial intelligence that is understandable to man and which guarantees its reliability;
- facilitate research on quantum cryptography technologies and quantum distribution of encryption keys for high security communications;
- with regard to the complexity of risk, the development of new risk and impact analysis approaches for complex and interdependent systems should be promoted. Furthermore, it is suggested to define interoperability interfaces between critical infrastructures that are designed to prevent cascade effects.
- In the cybercrime sector it is suggested to facilitate research in the field of safety prioritization and in the development of innovative situational awareness tools;
- finally, in the field of privacy risks, it is suggested to promote and spread the development and use of technologies that guarantee high standards of privacy and the development of special assessment tools.

Naturally the document is much more complete than I have written and analyzes in detail some areas of interest for which it is certainly an interesting and instructive reading.
But I want to dwell on some aspects related to the scenario. When constructing scenarios, the risk is to leave out some areas that should be considered and this could make the risk analysis that is carried out partially incorrect.
In our case there are in fact several areas in my opinion not considered and that would require some attention, in particular:
- the use of cryptocurrencies. There are signs today that cryptocurrencies should be increasingly used, including in the government and banking / insurance sectors;
- blockchain technology will continue to develop and replace some technologies also in the digital identity sector;
- DNA data coding techniques are already tested today and have achieved good results (see article). It is reasonable to think that they will be developed to allow the coding, storage and transmission of data over time and space, especially in the field of industrial and military secrecy;
- the development of space activities will have reached a good level in the industrial world and will have led to the development of new communication systems. This should also give impetus to the development of new types of armaments;
- the development of increasingly complex cyber weapons and their use by states should lead to an increase in the use of the deterrent weapon, i.e. more and more states will declare to use their offensive cyber military capabilities in response to attacks or to safeguard national interests. This should lead to the stipulation of "non-proliferation treaties", similar to what happened in the field of weapons of mass destruction.

Let me be clear that the above is my vision of what is missing in the "Europa 2025" scenario. 
Now, the introduction of these new factors in the scenario Europe 2025, when considered valid, it leads as a logical consequence to the need to review the risk analysis and find the most suitable prevention or mitigation methods, but beyond the scope of this article.

To learn more:
https://www.enisa.europa.eu/;
https://www.enisa.europa.eu/publications/analysis-of-the-european-r-d-pr...

Events

Click on the days highlighted in red and find out what's in evidence.
Tales of military life
Send us your story
Tribute (due) to the 80th "Roma" infantry who takes leave with honor

Well, yes, we are now used to witnessing the closure of the barracks and perhaps even a little to burying the long history of the departments, a phenomenon which however does not erase the memories. It also touched...

Read the story
"Il Signor Parolini" (ninth part)

The baked chicken, as expected, had lived up to its reputation, consolidating, where needed, the undisputed culinary mastery of Gastone, chief ...

Read the story