1. Security in the Electronic Universe Major Trends Helmut Leopold Head of Digital Safety & Security Department AIT Austrian Institute of Technology Dagstuhl, April 15-17 2015 Dagstuhl Seminar 2015 on Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations

2. Cyber Security - Overview  ICT Trends in the „after-broadband century”  The Security problem  The Shift in user behavior  The IT industry problem 2

3. The „after-broadband“ ICT Trend – M2M Communication Connected Utility  Intelligent energy production,distribution and use - renewable energy – smart grid  Ernergy management at home- smart home  New energy storage (PHEV) Connected Patients  Closed loop healthcare - Telemedicine for new widespread diseases – diabetes, cardic insufficiency, overweight  Prevention and care; Lifestyle management Industry 4.0  Sensor networks for production  Environmental sensors  Smart cameras for public security Connected Cars  60% of all innovation by electronics  Intelligent traffic-control saves more CO2 as estimated e-vehicle-fleet in 2030 Smart City  Environmental sensors  Smart cameras for public security  Citicen information systems  eGovernment

4. ICT Trends result in complexity & impact  The complexity of ICT systems is increasing  Landing on the moon with 7.500 Lines of Code  Today: F-35 fighter jet: 5,7 Mio; Boeing 787: 6,5 Mio; Mercedes S-Class: 20 Mio; Chevrolet Volt: 100 Mio.  Systems are getting more and more interconnected  M2M Communication, Internet-of-Things (IoT), Always-On  Systems of Systems  Virtual Infrastructures (Cloud)  Industry trend towards open network architectures  Open protocols (IP), industry standards  Increased number of „third parties“  The dependency on ICT systems is increasing  Smart Grid, Smart Home, Smart City, eGovernment,  eCommerce, eHealth, eMobility, …critical infrastructure 4 21.09.2015 Increased Number of Vulnerabilities Increased Number of Vulnerabilities Increased Risk Increased Risk Increased Impact Increased Impact Cascade Effects Cascade Effects

5. Emerging Communication Technology (1) Future Wireless Communication Systems 5 <2014: 2G, 3G, 4G, WLAN, …  always-on  broadband  designed for human-to-human or human-to-machine communications >2020: Ultra-reliable wireless M2M communications (5G)  monitoring and control applications  low-latency links (< 1ms)  massive number of concurrent M2M links  coordinated local and cellular com. systems  move to mm-Wave frequencies > 30 GHz  Source: G. Fettweis, S. Alamouti, “5G: Personal mobile internet beyond what cellular did to telephony,” IEEE Commun. Mag., Feb. 2014.

6. 6 Sensor Fusion Data Analysis What-If- Szenarios Forecast Decision Support System Air TrafficIndustry  Monitoring systems  Fusion of different sensor data Historical Data  Velocity: real-time data generation  Veracity: data in doubt  all sensor data have an uncertainty  how do we model/describe the behavior of people (social media)  Variety: Data sources are changing  Combination of real-time data with historical data  Modelling and Simulation Emerging Communication Technology (2) Sensor Networks - Challenges

7. 7 Source: AIT Research, “The Diverse and Exploding Digital Universe” IDC White Paper, March 2008 http://www.emc.com/collateral/analyst-reports/diverse-exploding-digital-universe.pdf 21.09.2015 World-wide we produce more data than HW-Storage space is available! Knowledge can only be stored for a limited period of time - in 5 to 7 years the majority of today‘s data will get lost.  Which functions should be implemented in future networks, in order to enable next gen content management and application support?  How do we store and retrieve the enormous amount of data ?  How to scale? How to automate? Next Gen Content Management Research at AIT BRITISH LIBRARY Source: digitalbevaring.dk Multimedia Content:  Data  Text  Audio  Images  Video Emerging Communication Technology (3) Broadband Multimedia

8. Overview  ICT Trends in the „after-broadband century”  The Security Problem  The Shift in user behavior  The IT industry problem 8

9. Cyber Security – The Problem Statement Increased complexity of attacks  APT Advanced Persistent Threats Increased system complexity  decreased system understanding 9 Increased use of ICT & networking  dependability  THE critical infrastructure CarsEnergyPatientHome Connected Environment Millennials ??? No 100% security  Cost & risk management – Organizations, Society No 100% security  Cost & risk management – Organizations, Society „Classical security protection is dead“ 06.05.2014, DiePresse.com Symantec/Norton 230.000 new virus types per day! Attacks are distributed, invisible & complex traceability 230.000 new virus types per day! Attacks are distributed, invisible & complex traceability CAIS Cyber Attack Information System Monitoring & Incident response

10.  50% of security breaches are supported by user interactions The Cyber Security Problem is … Source: Microsoft Security Intelligence Report 2011, Daten aus 1. HJ. 2011, http://www.microsoft.com/security/sir/default.aspxhttp://www.microsoft.com/security/sir/default.aspx  A young discipline

11. Overview  ICT Trends in the „after-broadband century”  The Security problem  The Shift in user behavior  The IT industry problem 11

12. The Shift in User Behavior 12 21.09.2015 interdependency TechnologySociety

13. (1) „The Generation Shift“ 13 21.09.2015  Boomers …  Technology to “re-invent his personality”  Brought technology from the office to home  X-Generation … generation in contradiction  Millennials …  PC, Internet and Mobile phones to network  bring technologies from home to work From the „Information society“ to the „networked society“. Source: Alison Cerra „The Shift Digest“, Alcatel Lucent Study, 2012, www.theshiftonline.comwww.theshiftonline.com

14. (2) „The Identity Shift“ – the 3 “Ps” 14 21.09.2015 By using new ICT technology, we change our behavior and usage patterns. Source: Wikipedia Source: Alison Cerra „The Shift Digest“, Alcatel Lucent Study, 2012, www.theshiftonline.comwww.theshiftonline.com  Presentation seekers  Protection seekers  Preference seekers Image of an individual within the society How a person sees the privacy On which information we base our decisions (to select products and friends)

15. (3) „The Content Shift“ 15 21.09.2015  Democratisation of tools and production  Easy consumption:  lower cost, Internet, Tablet PCs, smart phones  Connection of producer and customer on a flat market  Within a month there are more videos uploaded on to Youtube than from 3 US TV stations in 60 years Source: Chris Anderson, „The Long Tail“, http://www.changethis.com/10.LongTail („in Wired 2004“), AIT Research,http://www.changethis.com/10.LongTail A new ecosystem for content production and consumation – „Long Tail“ eGovernment, eHealth, eEnvironment, social media@work  Connected TV  Social TV  Mobile TV  Personal TV

16. (4) „The Cloud Shift“ 16 21.09.2015 „Our head is in the cloud“ Source: Wikipedia  Data storage and processing are becoming virtual  “bring our own device“ – “data are ubiquitous in location and time”  “Outsourcing from information change our behavior” Source: TIME Magazine, March 2012, AIT Research „Digital Dementia“

17. Overview  ICT Trends in the „after-broadband century”  The Security problem  The Shift in user behavior  The IT industry problem 17

18. Next Generation Cyber Security  CAIS Cyber Attack Information System  Recognizing the „unknown“  Information Sharing – CIIS  Mitigation actions  Encryption - unbreakable keys  Smart approaches without keys – Secret Sharing 07.02.2011 TrustSecurity 18  Governance  Assurance  Risk Management

19. Top Management Visibility & Control Start Information Security Governance Lack of visibility of security status, resources deployed, and overall performance of programs Why is information security important to our organization? Are we “secure”? Cyber Security - Top Management Challenge Loose scope definition of information security activities creating conflict between managers Information security capabilities not linked to strategic business objectives Units not properly staffed or lack of qualified/trained personnel on information security topics 19 Source: AIT research, Booz & Co Not IT cost cutting but outcome based IT business CIO roles in organization is changing CEOs try to solve the security problem with yesterday´s logic (proprietary systems) Application designers are the new system experts IT experts try to protect their system expertise

20. Cyber Security vs. increase the productivity in firms  Technology change cycles are increasing  ICT Systems complexity is increasing  Potential security problems become evident  Decreasing of IT-complexity by virtualization of ICT Services (Cloud Computing)  No harmonized governance frameworks in the different countries and markets  Globalization of ICT-Service offerings (economy of scale and scope)  Privacy  Data protection 20  Management tend to “protect” their systems  public – private cloud  no “connection” to the internet  proprietary systems  Application designers are the new system experts  Based on external IT-Services (Cloud)  Change of the CIO role in companies  Data Scientists, etc.  more systems knowledge  Decreasing IT personnel resources  Decreasing IT investments

21. Thank you for listening! Helmut Leopold Head of Digital Safety & Security Department helmut.leopold@ait.ac.at AIT Austrian Institute of Technology Digital Safety & Security Department An idea is not a single thing. The trick to having good ideas is not to sit around in glorious isolation and try to think big thoughts. The trick is to get more parts on the table, which enable us to combine and bring different parts together. A good idea is a network - it is all about bringing people and ideas together..... Steve Johnson, „Where do innovation or good ideas come from?”, 2010 21