The breadth of cyber security and privacy challenges within wider technology, policy, and economic perspectives is vast in scope, and has been described as extraordinary [LAN12]. In aiming to build systems with as few security flaws as possible, strong demands are placed on software architecture, software engineering, system engineering and overall computing technology generally. Security and privacy implementations are often perceived as an optional engineering cost, often unrecoverable, meaning that economic decisions have to be made around who should pay for such costs. Should governments do so via in increased defence and policing budgets, or in less direct forms such as subsidy support? Should manufacturers pay in order to build more robust software or hardware? Or should the more prominent status quo prevail, in that end-users continue to increase investment in available security risk reduction solutions while simultaneously absorbing losses to crime? Hence policy makers are interested in how best to introduce the right economic incentives that fairly balance those costs across the various actors in the security value chain. End-users are interested in achieving (and exceeding) PACs best practices relative to their target peers. Researchers are interested in achieving technological and scientific excellence, ideally translating to commercial impact. PACs solution providers need to ensure that the innovation bleeding edge is reflected in their proposed solution roadmaps, both in the short term and longer term.
Key PACs Technology Silo Areas
Such challenges influence the security and privacy research agendas identified to date across a broad range of PACs technology silos. Various technology silo categorisations exist, one example being the ITU National Cybersecurity Strategy Guide (Annex 2) Technical Solutions [ITU11], which in turn has been used to leverage various NIS WG3 research activities into existing Secure ICT state of the art [NIS14 ]. Priority technology silos identified from these analysis efforts in particular are summarised as follows and summarised below:
(CLICK THROUGH FOR MORE ON EACH AREA)
1. Audit and Monitoring
2. Authentication, Authorisation and Access Control (AAA)
4. Forensics and Incident Response
5. Privacy and Security Metrics
6. Malware and Offensive Technologies
7. Mobile Security
8. Network Security and Management
9. Security Information Sharing
10. Secure Software Development and Assurance
11. Security Management Support
[LAN12] Landwehr, C., Boneh, D., Mitchell, J. C., Bellovin, S. M., Landau, S., & Lesk, M. E. (2012). Privacy and cybersecurity: The next 100 years. Proceedings of the IEEE, 100(Special Centennial Issue), 1659-1673.
[ITU11] ITU National Cybersecurity Strategy Guide (Annex 2) Technical Solutions, published September 2011, http://www.itu.int/ITU-D/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdf
[NIS14] State of the Art of Secure ICT Landscape, NIS Platform WG3, submitted July 2014.