Pierluigi Paganini November 28, 2012

Cyber security is considered a primary target for every governments, the increase of cyber criminal activities, state-sponsored operations and the raise of hacktivism requires the use of additional resources to counteract these phenomena.

The European Commission has announced an increase to planned cyber security budget by 14% through 2020, a figure considered not sufficient by security experts to face with increasing cyber threats.

The commission has allocated €350 million for cyber security research in the period 2007-2013 and established a further investment of €50 million to finance the activities until 2020. The total amount of money allocated will be not sufficient to cover the needs in cyber security area, it must be considered also that it will be reserved to realize different ambitious and costly projects.

The Commission alerts on the products of cybercriminals activities, malware and botnets are infecting more than a million people every day, the worldwide cost of cybercrime is estimated at over €750 billion annually in wasted time, lost business opportunities and the expense of fixing problems.

The reports states:

“In addition to developing wider cybersecurity strategies for Europe, the European Commission takes concrete actions to tackle cyber security risks (see MEMO/11/842 and MEMO/10/597), and pools resources with national governments, industry, universities and NGOs, to develop innovative technologies to improve cybersecurity.”

Following a short list of the project

• The Syssecproject , a monitoring network with primary task to predictthreats and vulnerabilities. Following a list of goals for the project:
  • creating a virtual center of excellence, to consolidate the Systems Security research community in Europe
  • promoting cybersecurity education
  • engaging a think-tank in discovering the threats and vulnerabilities of the Current and Future Internet,
  • creating an active research roadmap in the area, and
  • developing a joint working plan to conduct State-of-the-Art collaborative research.
• The SecureChange project which has the primary objective is to develop techniques and tools that ensure “lifelong” compliance to evolving security, privacy and dependability requirements for a long-running evolving software system.
• The Nessos (Network of Excellence on Engineering Secure Future Internet Software Services and Systems) FP7 Project to constitute and integrate a long lasting research community on engineering secure software-based services and systems. “The research excellence of NESSoS will contribute to increase the trustworthiness of the Future Internet by improving the overall security of software services and systems. This will support European competitiveness in this vital area.”
• Tclouds project to provide a computing and network platform to enable resilient and privacy-enabled deployment of Internet-scale critical information and communication infrastructures. The aim is to provide this while addressing the challenges of cross-border privacy, end-user usability, and acceptance that are essential for wide deployment of such an infrastructure.
• Ecrypt II project to develop improved tools and more robust algorithms for digital signatures.
• The TECOM project has helped make embedded computing systems more secure, by adapting technology originally developed for PCs to run on everything from smart phones to smart electricity meters.

The director of security research and communication at TrendMicro Rik Ferguson defined “paltry” the investment, not sufficient to prevent cyber threats, the manager declared:

“the commercial security industry is already pooling resources with not-for-profit organizations, and government has made much of the risk from cybercrime. It’s time to make the commensurate investment.”

The need for cyber security can only increase in the coming years due to the intensification of cyber threats, first individual nations and after supranational entities such as the European community must necessarily allocate more resources to deal with the menaces.

Governments and private businesses are aware of risks connected to cyber attack and know the consequences of an offensive against critical infrastructures of a country but different is the perception of common people in EU that totally ignore concept such as cyber security and cyber warfare.

According Special Eurobarometer 390-CYBER SECURITY-REPORT published on July 2012 a large part of internet users across the EU isn’t confident about its ability to use the internet for things like online banking or buying things online. The report demonstrated that EU citizens have no idea of security best practices, most EU citizens say they have seen or heard something about cybercrime in the last 12 months, most commonly from television, however, the majority do not feel very or at all well informed about the risks of cybercrime.

The report also states:

“More than a third of internet users across the EU say they have received a scam email, and other types of cybercrime have been experienced by a substantial number (albeit a minority) of internet users in the EU, including online fraud and identity theft. Internet users express high levels of concern about cyber security. The majority agree that the risk of becoming a victim of cybercrime has increased in the past year; that they are concerned that their online personal information is not kept secure by websites; and that they are concerned that information is not kept secure by public authorities. In addition, around half of respondents or more say they are concerned about experiencing various types of cybercrime, with the highest levels of concern expressed over identity theft.”

The scenarios is really concerning in my opinion, the figures discussed and allocated will not be enough to cover expenses related to the development of a European Community strategy, however I find  support on research on Cyber security an extremely positive issues such as the fact that cyber security should be discussed at an international level to search for a point of agreement to ensure security of cyber space.

Pierluigi Paganini