by Peter Kieseberg, Olga E. Segou and Fabio Roli
The CyberROAD project – a collaboration between several major European research institutions, companies and stakeholders - develops a European research roadmap for researching and fighting cybercrime and cyberterrorism.
Cybercrime and cyberterrorism represent a fundamental challenge for future societies, especially given the increasing pervasiveness of interconnected devices, such as home automation systems, connection of industrial systems to the Internet, the Internet of Things and simple commodity items in the area of wearable computing and the storage of private data in the cloud (see Figure 1). Public awareness of cybercrime has increased of late, owing to more frequent reports of online criminal and terrorist activity, as well as the increasing level of damage that can result from successful attacks. The damage caused by such activities in recent years is estimated to be large , although the actual figures are a subject of debate - which often becomes political. Current R&D activities in information and communication security do not address the problem at a global level, either in terms of the geographical coverage, or in terms of the involvement of all relevant stakeholders. CyberROAD bridges this gap by drawing together a wide network of expertise and experience, to address cybercrime and cyberterrorism from a broad perspective.
Figure 1: The integration of ICT into everyday life (by courtesy of Enrico Frumento, CEFRIEL • ICT Institute Politecnico di Milano).
CyberROAD aims to identify the research gaps needed to enhance the security of individuals and society as a whole against forms of crime and terrorism conducted via and within cyberspace. This research addresses current technologies to some extent, but its main challenge is to anticipate tomorrow’s world of interconnected living, in particular the dangers and challenges arising from the further incorporation of the digital world into our offline life, building atop initiatives such as .
We focus on the following fundamental questions:
- When does crime become cybercrime? When does terrorism become cyberterrorism? This separation is critical in order to identify the research questions that are specific to the cyber-environment, as opposed to the questions still unsolved in common (offline) crime and terrorism.
- How can we subdivide cybercrime and cyberterrorism into meaningful categories? This helps identify subclasses based on common attributes in order to rank the identified research gaps.
- What are the real economic and societal costs of cybercrime and cyberterrorism? As indicated in , the costs are often dramatically increased in political discussions. Objective and accurate figures are needed in order to accurately assess the importance of the identified research gaps.
- What are the major research gaps and what are the challenges that must be addressed?
- Once key research gaps have been identified, how do we pinpoint appropriate questions that need to be tackled by research projects? Appropriate approaches to research must be clearly defined.
- How can we test and evaluate security solutions, and to what extent can we test real solutions? Testing is critical in this area, but many challenges exist, especially when it comes to developing test beds for criminal environments and case studies in real life (criminal and terrorist) ecosystems.
- What economic, social, political and technological factors will foster cybercrime and cyber-terrorism? This question focusses largely on the influences of society and the availability of technologies on cyberspace, but also on the influence of cybercrime and cyberterrorism on the development, and especially suppression, of new technologies, which in turn lead to changes in society (see Figure 2) [3, pp. 15].
Figure 2: Technology, Society and Cybercrime/Cyberterrorism
The main outcome of CyberROAD will be a research roadmap regarding the analysis and mitigation of cybercrime and cyberterrorism. This roadmap will be developed based on a gap analysis regarding future scenarios extrapolated from the current state of technology and society, compared to the means of defence (legally) available to system owners and society as a whole. This includes conducting risk assessments for future and emerging technologies with respect to their impact in order to rank the importance of the identified research roadmap topics. While the main driver for the roadmap is the continuing penetration of society by new technology, the topics of ethics, privacy, law, society and fundamental rights are inextricably linked to this area and, as such, research questions relating to these issues are tightly incorporated into the project.
The identified roadmap items will serve as starting points for the development and setup of new projects, largely on a European level. CyberROAD will also serve as an incubator for enhancing the state of research regarding cybercrime, cyberterrorism and the underlying technological and societal variables.
The CyberROAD project has been running since June 2014 and is funded by the European Commission through the seventh framework programme. The project is led by the University of Cagliari and carried out by a team of 20 partners across Europe, ranging from (governmental) stakeholders to universities and private industrial partners.
 R. Anderson, et al.: “Measuring the cost of cybercrime”, The economics of information security and privacy”pp. 265-300, Springer, 2013.
 C. Wilson: “Botnets, cybercrime, and cyberterrorism: Vulnerabilities and policy issues for congress”, Library of Congress Washington DC congressional Research Service, 2008.
 J. Larosa, et. al. (2014). ERCIM White paper on Cyber-security and privacy research, http://www.ercim.eu/images/ stories/pub/white-paper-STM.pdf
 M. Yar, “Cybercrime and society”, Sage, 2013.
Peter Kieseberg, SBA Research, Austria