Cyber security experts and government policy makers from around the world gathered at Queen's University Belfast to develop and agree the first ever collective global technology research strategy to counter cyber terrorism.
The aims of the Summit were threefold: to garner the delegates' observations on current cyber security threats, to envision future cyber security threats and requisite mitigation techniques, and to develop a collective strategy for next generation cyber security research.
Agreed and Confirmed
During the day-long sessions and discussions, it was agreed that cyber attacks are increasingly instigated against diverse targets, such as individual users, research, government and military establishments, and national infrastructure.
A wide range of future cyber security requirements were suggested and deliberated by the delegates. The development of a set of scientific foundations for cyber security was proposed, with the intention that a better understanding of emerging security threats introduced by new technologies and new attack scenarios would be reached.
It was agreed that “adaptive cyber defence” is required in order to address the evolutionary process of cyber space and cyber threats. This will involve “enhancement of system awareness enabling early attack detection”, and “self configuration to defend against an attack and the development of self-learning cyber systems”.
Smart systems, such as smart utility grids, were identified as a field in which cyber attacks would grow and where cyber security research is critical. The mobile space was also recognised as vulnerable to cyber attacks. This, predictably, will increase in correlation with usage.
Effective defence against cyber attacks, it was agreed, must take into consideration other influences on cyber space. Examples included: the economics of cyber space; societal issues such as trust; the development of global cyber space policies and use regulations; the requirement for innovative cyber security education; and the necessity for usable cyber security with human-oriented security policies and tools.
Research Themes
The collective research strategy determined at the World Cyber Security Technology Research Summit identified four research themes critical to the ongoing creation of cyber security defences:
· Adaptive cyber security technologies: Adaptive cyber security technologies are necessary to address the 'moving target' nature of cyber threats. Such technologies need to be flexible, agile and responsive, enabling them to cope with the network bandwidth of 5-10 years time and be more successful against zero-day attacks.
o Research objectives in this area include the development of self-learning cyber security technologies; self-awareness in cyber systems; the establishment of feedback in cyber systems to learn from cyber attacks.
· Protection of smart utility grids: Smart utility grids have, for a variety of reasons such as their size and accessibility, a raised susceptibility to cyber attacks. Such attacks can destroy national critical infrastructure and the need for smart grid cyber security is therefore imperative.
o Research aims in this field comprise: smart grid requirements gathering methodology; protection technologies for smart grids components; secure technologies for smart grid communications; smart grid and home area network integration that provides for the privacy and security of collected information; development of smart grid standards.
· Security of the mobile platform and applications: In mobile technology, security is a rapidly increasing issue, due to convergence in mobile architectures, mobile phones becoming the dominant web platform and the expanding number of mobile users - 50 billion mobile devices in use by 2020.
o Research in this space should target not only malicious applications, but also mobile cyber security problems introduced by the configuration and use of mobile networks, including network availability, mobile web browsers and caller authentication.
· Multi-faceted approach to cyber security: It is realised that technology alone will not suffice in the defence against cyber attacks - other facets of the cyber security issue must be considered. Next generation cyber security research must take into account social, political, legal and economic aspects of this space. Social behavioural norms in cyber space need to be investigated, societal desires such as trust, safety, freedom and privacy must be examined, and attitudes to cyber security in source countries of cyber attacks should be studied.
o Research must take into account social behavioural norms and societal desires in cyber space, cyber space policies, the impact of cyber and other legislation and the economics of cyber space and cyber security.
Conclusions
Throughout the day, an overall theme emerged of the multi-faceted nature of cyber security and the consequent requirement for an inter-disciplinary approach. “This needs to be combined with greater awareness of cyber security threats, usable cyber security, and more innovative and effective ways of providing cyber security education”, summit organisers said.
“The ambition of the Summit is that this strategy will help to inform global cyber security research and act as a general driver for cyber security roadmap definition over the coming year”, said organisers.
Future World Cyber Security Technology Research Summits will be held on an annual basis and will be able to assess recent changes in cyber security, and put forward revisions in proposed cyber security research strategies to address these.
About CSIT
The Centre for Secure Information Technologies (CSIT) is a new innovation and knowledge centre and is based at Queen's University of Belfast's, Institute of Electronics, Communications and Information Technology (ECIT) in the Northern Ireland Science Park, Belfast. With the total funding in the region of £30M over five years. CSIT will create the security infrastructure needed to safeguard the trustworthiness of information stored electronically, both at home and in the workplace.
The Centre will bring together research specialists in complementary fields such as data encryption, network security systems, wireless enabled security systems and intelligent surveillance technology. CSIT will develop secure solutions to a number of particularly modern problems including the protection of mobile phone networks, guaranteeing privacy over unsecure networks for connected healthcare and the creation of secure "corridors" for the seamless and rapid transit of people, thus getting around the need for conventional security at airports. Researchers will also explore the development of powerful computer processors, capable of detecting and filtering viruses and worms to protect mass information databases like financial records from malicious attack and to facilitate high definition video streaming services.