Towards a European Cloud Computing Strategy Jorge Gasós European Commission Information Society and Media Directorate General Trust and Security Unit
Security, privacy, and trust in the information society Complexity, ease of use Society-protecting business models Role of end-users Technology & innovation End-users & the society Global ICT - national frontiers Economics of security Policies for privacy-respecting T&I? Trustworthy information society? Security Protection of human values Transparency, accountability Auditing and law enforcement Policy & regulation
Critical Information Infrastructure Protection Action Plan (2009) Establishment of National / Governmental CERTs and reinforced cooperation among them Early warning systems against cyber-attacks and disruptions Close collaboration with ENISA Need to coordinate the different European Commission cyber-security related activities
CIP-ICT Call 6: 5.1 Cybersecurity 9 m 01/02/2012 15/05/2012 Botnet: a network of infected computers controlled as a group without the owner s knowledge. Main instrument for cybercrime Pilot: European-wide platform for detecting, analysing, mitigating and eliminating botnets. 8 M Thematic Network to identify common requirements, processes, methods to address cyber threats. 1 M Draws on EU and MS initiatives: ENISA, EFMS, EP3R, CERTs, in collaboration with industry and academia
7th EU Research Framework Programme (2007-2013) Total 50,521 M FP7 Cooperation Programme: 32,413 M The 10 Themes Socio-economics; 623; 2% Space; 1430; 4% Security; 1400; 4% Health; 6100; 19% Transport; 4160; 13% Environment; 1890; 6% Energy; 2350; 7% NMT; 3475; 11% ICT; 9050; 28% Food, ; 1935; 6% ICT Security & Trust
Trust and security: 58 projects of FP7 call 1 and call 5 200 m Network infrastructures Identity management, privacy, trust Services infrastructures 4 projects 7 projects 8 projects 4 projects 40M 5 projects 60M 7 projects 48M Critical infrastructure protection 9 projects 20M Enabling technologies Biometrics, trusted computing, cryptography, secure SW 4 projects 4 projects 27M Networking, coordination and support Research roadmaps, metrics and benchmarks, international cooperation, coordination activities 4 projects 2 projects 5M
European Cloud Strategy January 2011 Vice President Neelie Kroes announced in Davos three axes for action: Legal Framework Data protection, privacy laws, user s rights Technical & Commercial Research & standardisation Market Member states engagement, pilots, public procurement
Cloud Computing Strategy in preparation Industry Recommendations Public Consultation analysis Cloud computing expert group EU Policy framework and many other inputs
Pillar 1: A Coherent and Integrated Approach Legal Framework Single Market Top issues to address arising from the public consultation: Data protection and security Digital content in the cloud Restricted liability for infrastructure and service providers Fair contract terms and conditions Portability and interoperability
Pillar 2: The European Cloud Partnership Public Sector Lead Market Purpose to solve problems caused by fragmentation of markets and legislation in Europe for Cloud Computing. to publish public sector requirements for clouds across Member States, regions or application areas (such as ehealth, taxation, social benefit payments) Benefits better quality of demand and supply, more competition and better interoperability market with harmonised requirements can be addressed by active cloud providers with an assured user community.
Preparing joint PCP ONE joint PCP tender Intermediate Evaluation Selection Intermediate Evaluation Selectiona Lessons learnt Dissemination Commercial Tendering Pre-Commercial Procurement Preparation phase before launching PCP Pre-commercial Procurement Management/Coordination joint PCP Large scale public procurement of end- solutions P5 P1 Formation of joint procurement constellation P2 R&D work P4 P3 Consortia of public bodies e.g. P1->P5 Supplier A Supplier B Supplier C Supplier D Supplier E Phase 1 Solution Exploration Supplier C Supplier D Supplier E Phase 2 Prototyping Supplier C Supplier E Phase 3 Original development of a limited volume of first products/services in the form of a test series Supplier A,B,C,D,E or X Phase 4 Commercialisation of products/services (commercial development) Typical Product Innovation Product Life Cycle Idea Product Solution Solution Idea Design Design Prototype First Test- Products Commercial End-Products VC & other financers Input to standardisation & regulation
Objectives of the European Cloud Partnership Phase 1 Publication of requirements through agreeing common public sector cloud requirements Develop specifications for use in procurement during phase 2 Phase 2 Procure proof-of-concept solutions on phase 1 specifications. Develop specifications for use in procurement during phase 3 Phase 3 Procure reference implementations to demonstrate conformance and performance
European Cloud Partnership Phase 1 Under a separate Grant agreement (FP7 WP13: Obj1.2 2.5M euros for CSAs) Governance (ECP Supervisor) Implementation (ECP Executive) Consortia (industry, academics, others) R&D Specifications consultations EU/Member State Implementations Through Pre-commercial procurement (FP7 WP13, 10Meuro) Tender Specifications
Pillar 3: International Cloud Computing Policy Principles for data flow, security, certification, standards Global solutions Cloud computing, being intrinsically global, calls for global solutions. This includes policy issues like data protection, interoperability, security, etc. The Commission is planning to have an active presence in the global discussions and enhanced collaboration with Member States and International stakeholders. On the International front: EU-US Hearings of experts 1 July 2011 Japan-EU Hearing of experts 19 April 2012 Research issues are discussed through bilateral arrangements in view of future joint calls for research proposals on Cloud Computing. A joint call for proposals is foreseen with Japan
Trust and security: 58 projects of FP7 call 1 and call 5 200 m Network infrastructures Identity management, privacy, trust Services infrastructures 4 projects 7 projects 8 projects 4 projects 40M 5 projects 60M 7 projects 48M Critical infrastructure protection 9 projects 20M Enabling technologies Biometrics, trusted computing, cryptography, secure SW 4 projects 4 projects 27M Networking, coordination and support Research roadmaps, metrics and benchmarks, international cooperation, coordination activities 4 projects 2 projects 5M
Future Research Security and privacy in Cloud Computing Software, services and cloud computing Pre-Commercial Procurement for the European Cloud Partnership Horizon 2020
For more information FP7 http://cordis.europa.eu/fp7/ http://cordis.europa.eu/fp7/ict/ Trust & Security http://cordis.europa.eu/fp7/ict/security/ Cloud Computing http://ec.europa.eu/information_society/activities /cloudcomputing/library/index_en.htm E-mail INFSO-TRUST-SECURITY@ec.europa.eu 17