In the future, personal area networks and embedded computer chips will be everywhere in our cars, our homes and even in our clothes. Security in such massively inter-connected environments will require solutions very different to those of today, and its social acceptance will require totally novel approaches to identity and privacy management through user-friendly and trustworthy interfaces, taking into account the privacy needs and data protection regulations in place. Underlying the service and user interface level we must give attention to the information and network security infrastructure. Modern service organisations, such as banking and finance, healthcare, energy, transport and others, rely on ICT for data exchange and control, creating strong mutual dependencies. These critical information infrastructures must be dependable and resilient, protecting against malicious attacks, ensuring tolerance towards and recovery from attacks, and adaptable to the changing security requirements.
The Present: Trust and Security in the 6th Framework Programme
The above describes the focus of the research in ICT for Trust and Security of the Information Society Technologies Priority in the 6th Framework Programme for Community Research (FP6). In this domain we also give particular attention to the promotion of integration of European research and its relation to global activities, given the nature of the challenge which becomes more and more global. In the first part of FP6, we have launched 17 projects (six Integrated Projects, three Networks of Excellence, six Targeted Research Projects and two Coordination Actions) with a total Community funding of about 75 million Euro. These activities cover advanced and sophisticated research. There are strong interconnections with policy developments in trust and security, ie in multimodal and secure biometrics; identity and privacy management; electronic authentication; secure digital assets management; virtualisation of security resources for advanced and seamless security. It gives also strong attention to the support of standardisation and interoperability. More recently, as a result of the IST Call 4, we have retained and started negotiation of 19 new projects for an expected funding of about 70 million Euro. This set of new projects would strongly extend the technical coverage in this domain. It includes activities on the development of knowledge and technologies to manage and control complex and interdependent networks and systems, so as to enhance security and resilience in the information society infrastructure; provision of interoperable and open trusted computing platforms; advanced mechanisms and models for security, privacy and trust in mobile environments; and sophisticated technologies to fight malware on Internet.
The Future: Security and Dependability - Trust and Confidence the 6th Framework Programme
Whereas the key role of security, dependability and trust in building the Information Society is unquestioned, the move towards FP7 imposes the need to rethink how to make the EU intervention on and funding to research more effective and better tailored to the evolving needs and opportunities with which Europe is confronted. This need, which takes into account also the technological and market trends, brought the European Commission services to identify for FP7, which is planned to start in 2007, new avenues and synergies to renew and strengthen research impetus and momentum in this area. The nature of security and trust relates the subject to many IST domains, infrastructural, as well as application oriented. In order to be effective, dependability and security must be part of the system design, starting at the lowest level. But it should also ensure trust in the applications for the end-user, for example in e-Government, e-Health and consumer services. This rationale is the basis for the proposed structure for research on security, dependability and trust in the FP7 Information and Communication Technologies (ICT) Theme.
The overall structure and research priorities of FP7 were proposed in the Communication of April 2005 'concerning the seventh framework programme of the European Community for research, technological development and demonstration activities'. One of the 'Technology Pillars' (TP) proposed under the ICT theme of the Specific Programme 'Collaboration' covers the research activities on 'Software, Grids, Security and Dependability: dynamic, adaptive, dependable and trusted software and services, and new processing architectures, including their provision as a utility'. In addition, one of the domains of 'Applications Research' (AR) is defined to be 'ICT for trust and confidence: identity management; authentication and authorization; privacy enhancing technologies; rights and asset management; protection against cyber threats'. Although TPs and AR are both part of the Specific Programme 'Collaboration' in the theme ICT, they represent different approaches to the research in Trust and Security in ICT.
The TP on 'Software, Grids, Security and Dependability' deals with the key technological challenges and components that underpin the provision of both 'assured service and information handling' and 'dependable ICT systems'. It addresses the constitutive fabric of Information Society systems and services. The TP supports and enables applications research (eg e-government, e-business, e-health) where the application drive is the engine for future technological progress. The requirements on trust and confidence in these application areas are however often of a generic nature, exploiting 'security and privacy' technologies all across the different application domains. For this reason the choice has been made to include AR on 'ICT for Trust and Confidence', which would build upon the TP described above, but work in close cooperation with the other AR areas to ensure optimal synergy. Figure 1 shows how 'Trust and Security' is covered in the ICT Theme of FP7.
It depicts the two important technology levels: network and services, as well as the crucial role of security and trust in the development of software and services and its infrastructures (ie, GRIDs). This technology development forms the fundament for the application in various domains through the domain 'ICT for Trust and Confidence'. Of course, such visualisation is limited. It may however help us in stimulating and managing the discussion with the European stakeholders such as researchers, industries, users, etc. in order to develop a strategic agenda for security and trust in FP7.
We intend to organise in the next few months specific consultation events that would be instrumental, together with the other institutional consultation processes, in the further development of the FP7 workprogramme. We trust that the above proposal can form a sound basis for a fruitful discussion with European researchers, leading to an IST workprogramme that will effectively cover the urgent research to be done for building a secure, dependable and trusted Information Society.
The content of this paper is the sole responsibility of the author and in no way represents the view of the European Commission or its services.
Specific information about events will be made available at the unit D4 web site: http://www.cordis.lu/ist/trust-security/index.html
'ICT for Trust and Security' web site: http://www.cordis.lu/ist/trust-security/index.html
The list of on-going projects: http://www.cordis.lu/ist/trust-security/projects.htm
Jacques Bus, Head of Unit, European Commission, DG Information Society and Media "ICT for Trust and Security"