170 likes | 268 Views
Information security and safety – trends towards 2020 Presentation of Position Paper at Infosam 2020. Torbjørn Skramstad Department of Computer and Information Science NTNU. What is dependability?. Dependability is the extent to which a system (often critical) is trusted by its users.
E N D
Information security and safety – trends towards 2020Presentation of Position Paper at Infosam 2020 Torbjørn Skramstad Department of Computer and Information Science NTNU Infosam 2020 – Information security and safety
What is dependability? • Dependability is the extent to which a system (often critical) is trusted by its users. • By a dependable system we usually mean a system that has at least some of the characteristics reliability/availability, security, safety, robustness etc. We therefore start with a short description of what we mean by these terms. Infosam 2020 – Information security and safety
Safety and security • Safety: by a safe system we mean a system that can perform its intended function without failures that might lead to dangerous or catastrophic situations. Safety is concerned with ensuring that the system cannot cause damage irrespective of whether it conforms to its specification. • By security we mean the ability of a system to protect information against unauthorised access and intentional misuse. Security includes characteristics such as authentication, authorisation, confidentiality, integrity, privacy, non-repudiation and availability. Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities. Infosam 2020 – Information security and safety
Information security – an overview (ISO17799) Infosam 2020 – Information security and safety
Expected economical, political and technological trends • economy growth will continue in the Western World throughout the period • the trend towards deregulation and privacy will continue • more spare time, more time on travel, health care etc. • increasing productivity, and shorter development times. Increased efficiency • increase in the terror threat towards computer intensive systems as these get more and more important for the modern societies. • globalisation: more and more software and hardware will be developed in low cost countries such as India and China. The same will apply to Computer Operations Centres and Research as well as many office based services Infosam 2020 – Information security and safety
Trends related to safety • ”New” industries will develop safety critical systems (automotive, medical, etc.) but they have little tradition for traditional safety thinking • Faster and cheaper development – a challenge for safety • Increased use of software (it is more flexible), but increasing complexity • Increased use of COTS (HW and SW) and reused software • Distributed systems over network connections – e.g. remote oil production • More complex systems • System components developed in low cost countries. High quality, but do they interface properly with the total system as seen from a safety perspective? Infosam 2020 – Information security and safety
Typical questions are: • How to assess safety of complex distributed systems? • Can the uncertainty related to use of COTS and software of uncertain origin in such systems be solved by redundancy and diversity? • How can we assess the diversity of COTS hardware and software? As more and more components are developed in low cost countries, how can we be sure that the integrated system is safe even if each component has high quality? • How complex systems are we able to assess for safety? • What are the impacts on human computer interfaces related to safety for such systems? • How to obtain safe communication over the Internet? Can we be sure that the response time is robust enough? Are we sure the messages will reach the receiver fast enough and with integrity? Infosam 2020 – Information security and safety
Trends related to security The Gartner Group has some interesting reflections: • There will be a worldwide broadband network based on fiber optics, communication satellites, cellular and microwave communication. Face-to-face, voice to-voice, person-to-data and data-to-data communication will be available to any place at any time from anywhere (2015) • Everywhere availability of computers will facilitate automated control and make continuous performance monitoring and evaluation of physical systems routine • Our homes will be integrated systems, smart and smarter integrated houses, and we can plug into the global communications network with increased speeds Infosam 2020 – Information security and safety
Gartner predicions for some technologies Infosam 2020 – Information security and safety
Some expected trends related to security (1) (Gartner) • Emerging core computing technologies (e.g. Quantum cryptography, nanotechnologies, hybrid inorganic/biology computing) will not disrupt general-purpose, semiconductor based computing through 2010. It is expected that the introduction of quantum cryptography will disrupt the evolution of cryptography (with probability 0.6) • At the same time as general-purpose computers in the world are interconnected via the Internet billions of miniature intelligent devices already inhabit the world, with their number increasing faster than the human population. The next ten years will bring new capabilities: a) many physical objects will be coded and therefore will become uniquely identifiable (RFID), b) intelligent devices will be embedded in many physical objects, and will be networked via the (mostly) wireless Internet. “Supranet” • In the next ten years, a single, advanced integrated IP network will be handling the majority of the world’s communications needs. This converged, broadband, intelligent network will extend well beyond voice and data, local and long distance, supporting an ever-widening array of services, and blurring distinctions among networking, computing and applications. Driven by e-business requirements and facilitated by technological advances such as e-switching and next-generation satellites, the increasing externalization of networking will give rise to an environment where applications, content and data reside in the network and are dynamically handled by network service providers in real time, without user intervention. Infosam 2020 – Information security and safety
Some expected trends related to security (2) • Content is the core of business transactions, publishing and entertainment. The diversity, volume and effect of content will grow such that during the next 10 years, we will experience unprecedented levels of interactive content, driving valuable revenue streams for publishers, corporations and media companies. Content will be accessible almost anywhere via broadband. The effects of this will stretch from the corporation into the home, as rich media content will be stored and managed in a digital asset management system. High-value content will have to be delivered securely. In the enterprise, the ongoing digitization of more and more information, including document authorization, will ease in fully digital process management for more and more business processes. • Mobility represents the next major business and technical discontinuity facing large enterprises. While the PC and Internet revolutionized communications systems, mobility will revolutionize information flow that will affect business users, customers and partners. By the year 2007 more than 60 % of the EU and US population aged 15 to 50 will carry or wear a wireless computing and communications device for at least six hours a day, by 2010 this is expected to be more than 75 %. By 2010, less than 5 percent of global wireless subscribers will be using true 4G technology, but 15 percent will be using components of a full 3G architecture based on LAN/WAN integration and IP applications. Infosam 2020 – Information security and safety
2020 scenarios • A larger amount of the world’s information assets will be digitized and accessable via the Internet. • Internet traffic will increase enormously and most human beings in the Western world will have continuous and direct access to Internet, mostly via wireless communication devices. • Criminals and terrorists will have at least the same access to Internet as most people. They will be better educated, more sly and will have the newest technology available. • Example: On a tour on a large passenger vessel in the Oslo Fjord it turned out to be possible to get control of the ships machinery from a passenger laptop with wireless communication in the vessel’s conference room. Infosam 2020 – Information security and safety
Scenarios 2020 contd. • The amount of computer crime and possibly terrorism will increase significantly. Statistics from CSI/FBI shows that incidents have nearly doubled each year in the period 1997-1999. This is expected to continue. The police need to have access to and measures to avoid and investigate crime and terrorism in the Cyberspace (cyberspace forensics). • More and more of the information stored and transported via the Internet will be of significant value to individuals, organisations and nations. Use of the Internet for communication related to safety applications will increase significantly. • More information have to be encrypted in order to protect sensitive information both while stored and while transported, but emerging computing technologies such as quantum cryptography may make contemporary encryption algorithms infeasible. • Biometric access technologies will dominate authorisation and authentication Infosam 2020 – Information security and safety
Main questions? The main questions we have to face?: • Research on better and new types of encryption technologies • Develop better risk analysis methods to better understand and manage the real risks in more complex systems • Research on more reliable software development methods • How to back-up enormous amounts of data distributed across the Cyberspace • Which impact will the introduction of RFid have? • Research on how safety critical systems should act when disconnected from partnering systems – transmission of “plan ahead safe states”. Infosam 2020 – Information security and safety
Acknowledgements • Professor Stig Frode Mjølsnes (NTNU) has been a valuable discussion partner during the production of the first draft of this paper and giving comments to the first draft • Useful comments and improvement proposals have also been supplied by the following individuals: • Professor Tor Stålhane (NTNU) • PhD student Siv Hilde Houmb (NTNU) • Senior researcher Dr.Lars Bratthall (DNV Research) • Professor Jan Hovden (NTNU) Infosam 2020 – Information security and safety