by Fabio Martinelli (IIT-CNR) and Edgar Weippl (SBA Research)
Public interest in cybersecurity is on the rise, owing largely to the increasingly pervasive nature of cyber technologies and their ability to enhance our quality of life, affecting most of our activities (either visibly or in an invisibly). In the past, our interactions with PCs were limited to particular working activities. Now, even during our daily commutes, in our cars we are surrounded by hundreds of electronic control units (ECU), our mobile phones are next to us, and our smart watches observe and record every breath.
Indeed, the digital revolution spreads information and communication technologies anywhere, anytime. More application fields open up more opportunities for attack, and the motivations and the possible scale of attacks change, no longer being restricted to economically motivated attacks, but also to cyber terrorism (cyber crime is also mentioned in the Keynote in this special issue). As technologies evolve, the security situation thus becomes far more complex, necessitating new enhanced cybersecurity methods and approaches.
There is the need for increased effort, covering the new fields, and addressing the new data economy that new technology such as the Internet of Things (IoT) is creating. Unprecedented amounts of data are being collected by devices, cameras, sensors, and ICT services and can be used to analyse, predict, inform and influence digital and even physical and social behaviour (just consider the increasing relevance of social networks). The protection of data is thus a paramount objective from both technical and social perspectives. We need to empower users to define how data are collected, analysed, transferred, and aggregated and ultimately used. Privacy concerns are increasingly relevant and the relationships between surveillance and privacy should be carefully considered.
The increased networking capabilities allow the creation of systems of systems and cyber-physical systems where the digital and physical worlds meet; thus merging safety issues with security issues. Consequently, it is vital that we develop ways of addressing both safety and security in complementary ways when analysing, designing and engineering systems. While achieving zero vulnerabilities is a holy grail in our community, their reduction should be a constant aim, which is reflected in the articles featured in this issue.
In our highly interconnected world, we require new methods and approaches to risk assessment, that can exploit data in a cooperative manner, ideally whilst preserving the privacy of prosumers (producers and consumers). Collectively sharing information and benefiting from it is an increasing trend that should be fostered by means of technical and policy means (e.g., the NIS directive).
From a technical perspective, European researchers have significant expertise in cryptography that lies at the core of many security technologies, and several articles featured in this special issue cover areas ranging from cryptography implementation to crypto techniques for data control.
Cyber crime is undoubtedly a recurrent major concern in our interconnected world, and efforts to prevent cyber crime need to be ongoing. Cyber protection is one of the mechanisms – along with the creation of frameworks that facilitate forensic activities that can involve all relevant stakeholders. The new revolution of e-currencies with their technologies as block chain will create new issues as well as new opportunities for the growth of the digital civilisation we are experiencing.
Thus, not surprisingly, this ERCIM News special issue on cybersecurity has attracted a significant number of contributions grouped within the following areas:
- Cyber-physical systems
- Cyber crime.
Overall these articles present a variety of research results that show the richness and range of cybersecurity issues and their application domains. The ERCIM community and European stakeholders, including industry, are currently merging their efforts to successfully address the challenges of cybersecurity.
Fabio Martinelli, IIT CNR, Italy
Edgar Weippl, SBA Research, Austria