Sentinels is a fundamental investment

25 August 2012 

Security makes the news somewhere each day. The security of personal details in biometric passports, attacks on bank servers that temporarily bring Internet banking to a halt, privacy issues in relation to the electronic patient file … ‘The initiators of Sentinel had the correct intuition and vision when it came to the importance of building up knowledge in this area,’ says the chair of the programme committee professor Willem Jonker. ‘ICT is increasingly becoming an integral part of society. And this means that questions about who should be able to gain access to information when and in what manner are highly relevant.’

‘The initiative for the Sentinels programme was taken in about 2003 by Bart Jacobs of the Radboud University Nijmegen, Pieter Hartel of the University of Twente and Rik Janssen of Technology Foundation STW. They wanted to give a boost to security research in the Netherlands. With hindsight you can say that they recognised the current challenges and importance of this field at a very early stage.’

Prof. Willem Jonker, CEO of EIT ICT Labs, part-time professor at the University of Twente, and chair of Sentinels  

Security is now a very extensive field. Companies and academia are tackling questions such as: How do you protect the privacy of people? How do you prevent spying in company networks? And how can you ensure that people (continue to) have confidence in online environments? In the recently started research programme Cyber Security such questions are being studied from a long-term perspective.

Jonker sees a clear relationship between Sentinels and this new programme: ‘Thanks in part to Sentinels we now have the network and highly educated people needed to be able to define and staff new initiatives such as the Cyber Security programme.’ Jonker states it quite categorically: the most important outcome of Sentinels is the researchers who gained their PhD within the programme. ‘One of our objectives was to provide well-trained security people. And these are now in high demand. You can see that ICT is increasingly penetrating all aspects of society. In a period of about 40 years we have progressed from a centralised mainframe, via a pc in the living room, to computers in our pockets. And the most recent smartphones are now just as powerful as the cooled monsters of yesteryear.’

Growing demand for experts

This development means there is a growing demand for security experts, he says. ‘Computer power is everywhere, even in the smallest things such as RFID tags. Networks are also increasing in power and are spreading. When you travel you have access to Wifi almost everywhere, and with a data subscription you are connected to the Internet any time and anywhere. In such an environment there is an almost unlimited circulation of information and countless possibilities to monitor and analyse people's behaviour. This demands experts who think about and work on solutions for ways to carefully handle this enormous quantity of information.’
This means thinking about a very wide range of aspects. ‘We have to deal with trust, privacy and monitoring. What is allowed and what not? Who determines which persons have access to which information? And how do you verify that these agreements have also been complied with?’ That is the driving principle of the security field, emphasises Jonker. ‘Yep, and then you also have the exciting stuff from boy’s books, `the red-eared’ area: the light-fingered brigade. Within security, however, that is definitely not the most important area even though the media often devote the most attention to this.’

Jonker nevertheless sees considerable possibilities for improvement in this area in the future. ‘There can be a shocking lack of knowledge within organisations. Within ICT people sometimes leave the doors completely wide open. If you were to do that in the physical world, then everybody knows that is not a clever move. But in the electronic world an awful lot of people fail to notice such dangers. A lot could be gained by teaching people how to deal with such issues. But first we need experts who can show you how to close the door properly.’ Jonker gives a simple example. ‘People are often far too careless with passwords. An organisation might protect everything properly with passwords but then keep these passwords unencrypted in a document on the server. You need to be smarter than that!’

Industry and academia

A second aim of Sentinels was to encourage cooperation between industry and universities in the area of security. To what extent has that been achieved? ‘ At the start that was difficult, but in the second phase of the programme we made important steps to increase the involvement of industry. Smaller companies, in particular, were found to be in less of a position to participate. It costs them too much time and money and they gain relatively little for their investment.’

To solve that problem, the programme committee decided to make a modest contribution to the financial commitment of participating companies. ‘We throw a sprat to catch a herring. For companies, programmes such as these are mostly tied in with their long term strategy. A good connection with the research field is vital for their core business in the long term, but the projects concerned are never exactly what these companies would investigate today. Companies mostly have to reach deep into their pocket with little certainty about the outcomes of the projects concerned. Giving these companies a limited compensation for their investment makes it easier to get them on board.’ Looking back Jonker is very pleased with this model. ‘It was very successful and led to a strong increase in participation by industry. And in the end you can see that this investment has more than repaid itself.’

When asked to summarise what the most results of Sentinels were the front man does not have to think for long: ‘We have delivered highly qualified people, generated knowledge and contributed to building up the present strong security community in the Netherlands. That has recently led, for example, to the National Cyber Security Research Agenda and the current Cyber Security research programme.’

‘But,’ he says, ‘success has many fathers. The currently strong security community and the acquisition of knowledge in the Netherlands is also largely due to the ICT Innovation Platform Safely Connected, one the most successful IIPs of ICTRegie. Via the IIP Safely Connected, ICTRegie made financial contributions to the third phase of Sentinels, for example.’

‘Sentinels was mainly a fundamental investment in the knowledge economy in this area. If you want to achieve major successes then you need to ensure a broad basis.’ Jonker is worried about that basis, however. ‘The ecosystem which has now been built cannot simply take care of itself. It must be continually fed, also by the government. In the Netherlands we can still learn a lot from the countries around us where there are more stable and consistent public-private R&D investments, certainly in the field of ICT. It is vitally important for our long-term competitive position that we continue to invest in R&D in areas such as security and ICT. These disciplines have a strong focus on the future, are developing rapidly and are very important for society.’

Photo: Sjoerd van der Hucht Fotografie
Text: Sonja Knols, IngenieuSe
Translation: NST