The summit comprised 80 invited security experts – from Professor Bernard Silverman, the UK’s chief scientific advisor to the Home Office to Dr Douglas Maughan from the US Department of Homeland Security; and from industry figures such as from Eugene Kaspersky, the chairman, CEO and founder of Kaspersky Labs, to Raj Samani, McAfee’s EMEA chief technology officer. The main output from this summit has now been published: four documents covering core themes that combine to provide a strategic roadmap for both tackling cybercrime and providing the basis for further research within applied research institutes.
The four themes are based around adaptive cybersecurity technologies, the protection of smart grids, the security of mobile platforms and applications, and a multi-faceted approach to cybersecurity research.
Adaptive cyber security technologies are seen as an essential way forward. “Humanity adapts and changes constantly and systems need to be able to recognise and deal with an adapting society. Adaptive techniques will produce some of the most effective methods of threat detection/prevention.” Indeed, says the roadmap, “some threats such as Insider Threat and Identity Masquerading will potentially only be caught by using adaptive techniques.”
The protection of smart utility grids is increasingly important as they become more pervasive and critical in society. “Current firewall technology generally assumes an active regime of end point updating/patching which is not necessarily the case with smart meters and smart grid components.” Three areas are highlighted for research: the smart meter as a platform (and how to protect that platform from cyber attacks); intelligent smart grid protection (which requires research into the convergence of physical and cyber threats, the enablement of rapid recovery from malicious attacks, and a different class of intrusion protection systems); and research into new threats following a move from closed to more open and connected SCADA systems.
The security of mobile platforms and applications is seen as a major consideration for further research both because of its increasing pervasiveness and the range of actors involved: consumers, businesses, manufacturers, OS suppliers, app developers and mobile operators. It was agreed that no single security provider to could cover the whole range of requirement, so a holistic approach is needed. Trust models for the mobile ecosystem need to be developed; and the dangers of cross-contamination between consumer and corporate systems needs to be researched.
Finally, a selection of ‘top opportunities in cyber security’ are highlighted in a multi-faceted approach to cyber security research. These are “things that would be good to do even if difficult,” including topics such as the ownership of and responsibility for security, identity and privacy, and the measurement of trust.
“Ultimately,” summarized professor John McCanny of CSIT, “our objective is to help make the Internet of tomorrow a safe and secure platform which is vital for global economic growth and societal development.” This roadmap provides an agreed route toward that end.