Systemic Analyser in Network Threats

Similar documents
ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

EU policy on Network and Information Security & Critical Information Infrastructures Protection

WP2 Metrics of Cyber Security

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Package of initiatives on Cybersecurity

Achieving Global Cyber Security Through Collaboration

ENISA EU Threat Landscape

European Union Agency for Network and Information Security

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Cyber Security Beyond 2020

Cyber Security in Smart Commercial Buildings 2017 to 2021

Angela McKay Director, Government Security Policy and Strategy Microsoft

Global cybersecurity and international standards

UCD Centre for Cybersecurity & Cybercrime Investigation

Cybersecurity, Trade, and Economic Development

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

RESOLUTION 130 (REV. BUSAN, 2014)

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

RESOLUTION 130 (Rev. Antalya, 2006)

Strategic and operational threat analysis at Europol's EC3

Cyber Security in Europe

Cybersecurity & Digital Privacy in the Energy sector

Gujarat Forensic Sciences University

The NIS Directive and Cybersecurity in

NIS Standardisation ENISA view

Call for Interest for the INTERPOL Digital Crime Centre 2 nd round (area of advanced technology required for the Malware/BotNet analysis)

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

Commonwealth Cyber Declaration

How do you decide what s best for you?

Securing Europe's Information Society

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Cybersecurity Strategy of the Republic of Cyprus

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

National Policy and Guiding Principles

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Towards a European Cloud Computing Strategy

Discussion on MS contribution to the WP2018

Promoting Global Cybersecurity

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

MANAGING SECURITY THREATS IN THE NEW CONNECTED WORLD THROUGH FORENSIC READINESS

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Call for Expressions of Interest

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Horizon 2020 Security

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

Mozilla position paper on the legislative proposal for an EU Cybersecurity Act

Cybersecurity and Privacy Innovation Forum Brussels, 28 April Keynote address. Giovanni Buttarelli European Data Protection Supervisor

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

Cyber Security Roadmap

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Kaspersky Security. The Power to Protect Your Organization

13967/16 MK/mj 1 DG D 2B

Cyber Security Technologies

H2020 WP Cybersecurity PPP topics

INTERNATIONAL TELECOMMUNICATION UNION

Cybersecurity Auditing in an Unsecure World

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

INTERPOL For official use only. Fighting with friends

CHALLENGES GOVERNANCE INTEGRATION SECURITY

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

INTERPOL s Role and Efforts in Combating Cybercrime. Dr. Madan M. Oberoi Director Cyber Innovation and Outreach

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

THE ACCENTURE CYBER DEFENSE SOLUTION

Security Aspects of Trust Services Providers

Directive on security of network and information systems (NIS): State of Play

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015

Legal Foundation and Enforcement: Promoting Cybersecurity

Joining forces to fight botnets. Dan Tofan Head of the Technical Division CERT-RO 17/02/2014

Valérie Andrianavaly European Commission DG INFSO-A3

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Advanced IT Risk, Security management and Cybercrime Prevention

Syed Ismail Shah, PhD Chairman, PTA,

Security and resilience in Information Society: the European approach

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

OAS Cybersecurity Capacity Building Efforts

Business continuity management and cyber resiliency

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Cyber Intel within European Cybercrime Center Ops

Cybersecurity for ALL

White Paper. View cyber and mission-critical data in one dashboard

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

CCISO Blueprint v1. EC-Council

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Itu regional workshop

The Global Cybercrime Industry

Data Governance for Smart City Management

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Co-operation against cybercrime CSIRTs LE private sector

Transcription:

Systemic Analyser in Network Threats www.project-saint.eu @saintprojecteu #saintprojecteu John M.A. Bothos jbothos@iit.demokritos.gr Integrated System Laboratory Institute of Informatics & Telecommunication NCSR Demokritos This work is performed within the SAINT Project (Systemic Analyser in Network Threats), with the support of the European Commission and the Horizon 2020 Program, under Grant Agreement No 740829. SAINT Project IoT WEEK 2017 GENEVA 1

This work is performed within the SAINT Project (Systemic Analyser in Network Threats), with the support of the European Commission and the Horizon 2020 Program, under Grant Agreement No 740829 www.project-saint.eu @saintprojecteu - #saintprojecteu Budget: 1.998.700 - Contract No: 740829 Duration: 2 years (May 1, 2017 April 30, 2019) Project Coordinator: Dr. Stelios C. A. Thomopoulos scat@iit.demokritos.gr Institute Director & Director of Research Head of Integrated Systems Laboratory Institute of Informatics & Telecommunications National Center for Scientific Research DEMOKRITOS" Consortium: National Center for Scientific Research Demokritos (GR), Technology Institute & and Press "Diophantus" (GR), Center For Security Studies (GR), Universite du Luxembourg (LU), INCITES Consulting SARL (LU), Mandat International (CH), Archimede Solutions SARL (CH), Stichting CyberDefcon Netherlands Foundation (NL), Montimage EURL (FR). SAINT Project IoT WEEK 2017 GENEVA

Cybersecurity Market Potential General I&T industry related indicative data 3.6 billion Internet users worldwide in 2016 www.internetworldstats.com 7.3 billion mobile-cellular subscriptions worldwide in 2016 www.itu.int By 2025, more than 91% of people in developed countries and nearly 69% of those in emerging economies will be using the Internet, with the total number of Internet users estimated to be 4.7 billion. Microsoft, Cyberspace 2025: Today s Decisions, Tomorrow s Terrain At least 7% of URLs are malicious, 85% of the 200 billion emails processed per day are spam, 1.4 million browser agents are botnets, consisting 20% of mobile browser agents and measurable cyber-attacks rise up to 1 million plus every day Microsoft s report. Microsoft, Cyberspace 2025: Today s Decisions, Tomorrow s Terrain The annual cost to the global economy from cyber-crime is 300 billion, with the average annualized cost of data breaches only, being 7.9 million. The global cyber-crime market sizes up to 15 billion and up to 50 billion for security products and services. Microsoft, Cyberspace 2025: Today s Decisions, Tomorrow s Terrain Forecasts about expansion of cyber-crime, in the form of a project-basis where cyber-criminals lend their knowledge, experience and expertise as part of a crime-as-a-service business model. Europol, Exploring Tomorrow s Organized Crime, 2015 SAINT Project IoT WEEK 2017 GENEVA 3

Cybersecurity Market Potential General I&T industry related indicative graph percentage of enterprises having purchases via computer mediated networks 45 40 35 30 25 20 15 10 5 0 2010 2011 2012 2013 2014 2015 2016 SAINT Project IoT WEEK 2017 GENEVA 4

SAINT Objectives Systemic Analyser In Network Threats Establish a complete set of metrics for cybersecurity technical and economic analysis. Estimate and evaluate the associated benefits and costs of information sharing regarding cyberthreats and cyberattacks and define limits of the minimum needed privacy and security level of internet applications, services and technologies. Identify potential benefits and costs of investing in cybersecurity industry as a provider of cybersecurity services and products and develop cost assessment models about the cost-benefit of cybersecurity investments. Outline the basic institutional framework of the cybersecurity industry and its relevant markets in Europe. Develop an automated platform for behavioural, social and economic analysis of the cybersecurity risks and the cybercrime market. Provide a set of recommendations about the reduction of cybercrime to all relevant stakeholders including policy makers, regulators, law enforcement agencies, relevant market operators and insurance companies SAINT Project IoT WEEK 2017 GENEVA 5

Former Basis of Research Concept Stakeholders collaboration: Analyse and identify incentives to improve levels of collaboration between cooperative and regulatory approaches to information sharing in order to enhance cybersecurity Mitigate the risk and the impact from a cyberattack Provide solid economic evidence on the benefits from such improvement based on solid statistical analysis and economic models CyberROAD Project SAINT Project IoT WEEK 2017 GENEVA 6

New Advanced Research Concept Multidisciplinary Research Approach Applied metrics analysis Economic and behavioural theoretic analysis Ecosystem comparative analysis Automated data analysis SAINT Project IoT WEEK 2017 GENEVA 7

Applied CyberSecurity Metrics Analysis Methodology Development of a database of cybersecurity indicators and metrics Information sharing relevant metrics. Metrics for measuring privacy. Profitability metrics related to cybersecurity market. Cybersecurity investment efficiency metrics. Metrics enable decision-makers to take action (digital epidemiology). Metrics be definable in numbers (capable of expressing meaningful figures). Metrics be firmly founded on evidence-based practice (data to be used allowing communication with stakeholders at all levels). Metrics be repeatable (automation easy to collect, update and show trends and all these at a reasonable cost). ENISA s Top 15 Threats SAINT Project IoT WEEK 2017 GENEVA 8

Economic and Behavioural Theoretic Analysis Methodology Investigate the role of information sharing in the cybersecurity investment and assess the relationship between information sharing and the number and severity of cybersecurity incidents. Descriptive Statistics Calculation Inference Statistics Estimation Quantitative analysis relating technical and behavioural variables with network traffic flow characteristics in order to identify network conditions indicative of cyberthreats. Analysis of economic factors shaping the supply and demand conditions for competition and profitability in the cybersecurity market. Mathematical Expression and Econometric Specification of Economic Theory Data Coefficient Estimation and Hypotheses Testing Investigate the relation between vulnerabilities and cybersecurity investment. Forecasting and Policy Prediction SAINT Project IoT WEEK 2017 GENEVA 9

Ecosystem Comparative Analysis Methodology Comparative and correlation analysis on: - Cybersecurity industry regulations - Cybercrime market stakeholders - Cyberdefence solutions and products Output results: recommendations and business models to: - Address cyberthreats - Mitigate cyberattacks effects - Fight cybercrime Industry Regulations Cyberdefence Solutions and Products Market Stakeholders Defence Against Cyberthreats Mitigation of Cyberattacks s Effects Fighting of Cybercrime SAINT Project IoT WEEK 2017 GENEVA 10

Automated Data Analysis Methodology Multiple intelligent information feeds gathering and storage and multiple analysis deployment Exploitation of massive intelligent information feeds from multiple information sources. Estimation of the economic impact of criminal activities in the Deep Web. Incident reporting and alerting. Securing the supporting ICT infrastructure. Deployment of multiple techniques for big data automated analysis of network traffic, for maximising the capabilities of the platform s data analysis tool, to exploit acquired encrypted and non encrypted data. Risk and cost analysis integrated on the platform tools, for developing and providing revenue models for cybercriminals. Impact analysis of identified threats. cybersecurity/privacy discussion forums/blocks police public reports network traffic big data impact of identified threats bug bounties discussions/reward announcements cybersecurity product/service incident reporting web pages deep web encrypted and non encrypted data cost and risk of cybercriminals revenue models SAINT Project IoT WEEK 2017 GENEVA 11

SAINT s expected impact Systemic Analyser In Network Threats Improved social, institutional and economic comprehension of cybersecurity failures. Improved decision making, governance and investments by stakeholders (e.g. policy makers, regulators, law enforcement agencies, market operators and insurance companies). Provision of new models (that take into account cybersecurity economics, risks, social and market aspects) for improving institutional and private initiatives in their quest for societal resilience to cybersecurity risks. Facilitated information dissemination and sharing for the public and registered users. Provide a set of recommendations to fight cybercrime through systemic approach impacting the economic and incentive models of cybercrime. SAINT Project IoT WEEK 2017 GENEVA 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback