dcypher.nl

U bent hier

dcypher verenigt onderzoekers, docenten, producenten, gebruikers en beleidsmakers in Nederland om kennis en kunde over cyberveiligheid te verbeteren

Presentatie National Cyber Security Research Agenda NCSRA-III

Actueel

On Tuesday June 5, the third edition of the National Cyber Security Research Agenda (NCSRA-III) was presented in press center Nieuwspoort in The Hague. Earlier that day, Mark Bressers had already received the first copy on behalf of secretary of state Mona Keijzer from the Ministry of Economic Affairs and Climate.The NCSRA has been written as a guideline for public-private partnerships within the national research into cybersecurity. The research is divided over five pillars: design, defence, attacks, governance, and privacy. Each pillar requires contributions from computer science, technology, social sciences and the humanities. The NCSRA-III is an initiative of dcypher, the Dutch platform for higher education and research in the field of cybersecurity.While in other countries the research on digital security has been divided in separate fields with little interaction, the Netherlands has deliberately opted in the NCSRA-III to make connections between the separate disciplines of cybersecurity research, says Michel van Eeten, professor of Governance of Cyber Security, in his introduction on the new research agenda. This integration is also the big difference with the previous agenda, which appeared in 2013. Van Eeten shows in a graph how investments in cybersecurity research have declined in recent years. “We hope that this agenda contributes to reverse that trend”, he concludes.Jan Piet Barthel, director of dcypher, next handed over a copy of the agenda to Patricia Zorko, cybersecurity director at the Ministry of Justice and Security, to Stan Gielen, chairman of the NWO Executive Board and also to Henk-Jan Vink, director of TNO-ICT.“I am proud of the progress that has been made with this new research agenda,” Zorko responds. “We need this to provide the Netherlands with a solid knowledge position in cybersecurity research. We want to reverse the downward trend in research funding by taking a first step forward already in 2018. Five ministries − Defense, Economic Affairs & Climate Policy, Justice & Security, Interior & Kingdom Relations and Foreign Affairs − have already agreed to invest one and a half million euros in cybersecurity research. But we are not satisfied yet. More needs to be done.”Speaking on behalf of research funding agency NWO, Stan Gielen comments: “I am pleased that this agenda brings together various components of the cybersecurity research and also includes the behavioral component. As far as funding is concerned, I can announce a new call for cybersecurity research proposals with a total budget of five million euros, within the framework of the national Top Sector policy.”“The multidisciplinarity of this agenda really appeals to me”, continues Henk-Jan Vink of TNO. “The NCSRA is leading in what we do at TNO. It is important to us that we close the chain that leads from fundamental research to concrete applications. That is why it is good to see that NWO, TNO and the ministries have started to cooperate more closely in recent years. I also see the NCSRA not only as an opportunity for research, but also for education. Good people are scarce and it would be good to have more of them.”The launch of the new research agenda was concluded with a panel discussion involving, in addition to Patricia Zorko and Stan Gielen, D’66 member of parliament Kees Verhoeven, CEO of Riscure Marc Witteman and professor of systems security Herbert Bos.Kees Verhoeven is co-submitter of a parliamentary motion that demands a more ambitious approach to cybersecurity research. Although the motion has been adopted by the House of Representatives, no response has yet been received from the government. “If the answer takes a long time, you have usually asked a good question”, says Verhoeven. “But there must be a reaction soon, because we really have to start accelerating forward.”Marc Witteman, on behalf of the business partners, emphasizes that the task of business is not so much to put money directly into academic research, but to develop new products and services in collaboration with universities. “Moreover, companies can be an important sounding board for the universities. We have a good view of what the pressing questions are.”Professor Herbert Bos examines the number of PhD students required: “Every year about 2500 new jobs are created for cybersecurity professionals. If you assume that about one per cent of this must have been trained at the highest level, so with a PhD-degree, we would have to deliver 25 PhD students per year. But the actual numbers are that we have delivered 25 PhD students in five years, between 2013 and 2018. That is actually five times too little. However, the good thing is that the level of scientific research has increased and that we are better organized as a research community.”Stan Gielen concludes the panel discussion with the comment that the NCSRA-III will form the basis for the cybersecurity research program of the coming years. “We can go forward for another four or five years.”Special thanks to sessionchair Peter Zinn Also see:The NCSRA-IIILaunch of the new research agenda for a safer societyFinal stage of the new digital security research agenda Text: Bennie MolsPhoto's: Sjoerd van der Hucht
Cyberattacks or disruptions on the cyber domain occur regularly. Sometimes vital sectors are target, such as banking, energy or transport. The attacks can therefore have a considerable impact on society. Cybersecurity is logically part of our national security. This requires that our knowledge remains up-to-date and that we anticipate possible new developments and threats. On June 5, dcypher launched the 3rd edition of the National Cyber Security Research Agenda (NCSRA III).The NCSRA III describes cybersecurity research challenges around five pillars, which together support cybersecurity research and development in the Netherlands. These pillars are: Design, Defense, Attacks, Governance and Privacy. Previous agendas were more disciplinary in design. With the now chosen division into pillars, scientific disciplines come together. They provide direction to the research and enable interdisciplinary collaboration. For example, each pillar requires contributions from computer science, technology, social sciences and the humanities. The goal is to contribute to the cybersecurity of various top sectors and NWA routes with the implementation of a single national cybersecurity research agenda. Hence the motto of the meeting on 5 June: "launch of a new research agenda for a safer society"New broad national call cybersecurityA few hours prior to the public presentation on 5 June, the first copy of the NCSRA III was presented to Mark Bressers director ICT policy, Ministy Economic Affairs & Climate Policy by the Director of dcypher and on behalf of the editorial team. During the public presentation, the NCSRA III was received by Patricia Zorko (Ministry of Justice & Security), Stan Gielen (NWO) and Henk-Jan Vink (TNO), each interested party in the implementation of this agenda. After receiving them, they were briefly given the opportunity to respond. In his response NWO president of the Executive Board Stan Gielen indicated that the NCSRA IIIwill be the framework for cybersecurity research programming in the coming years. NWO has also committed itself to setting up a broad national cybersecurity call through the Knowledge and Innovation Contract ICT 2018 - 2019. This call is currently being developed by NWO in collaboration with dcypher, the Top Sector ICT and the Top Sector Creative Industry. With this call NWO wants to meet the need to facilitate broad (interdisciplinary) research collaboration in the field of cyber security. In addition, NWO, together with various ministries, is investigating the possibility to contribute to cybersecurity knowledge development through the NWA.Establishment NCSRA IIIThe final editing team of the NCSRA III consisted of: Herbert Bos (VU), Michel van Eeten (TUD), Sandro Etalle (TU / e), Frank Fransen (TNO), Jaap-Henk Hoepman (RUN), Erik Poll (RUN) and Jan Piet Barthel (dcypher, NWO). Many have provided text contributions and comments from various disciplines and positions in the knowledge and innovation chain. This was done during the well-attended field consultation on 12 April, and through conversations with representatives of (economic) top sectors and NWA routes for which cybersecurity (research) is relevant. On 23 April, the dcypher Advisory Council approved the text and on 31 May the Cyber Security Council endorsed the agenda.Writers NCSRA III and Mark Bressers, min EZKltr Frank Franssen, Michel van Eeten, Luca Allodi, Herbert Bos, Mark Bressers en Jan Piet Barthel Also seeThe NCSRA-IIIIpoort Reception NCSRA III (Nieuwspoort) Final stage of the new digital security research agenda
On 5 June, the third edition of the National Cyber Security Research Agenda (NCSRA-III) will be presented. On Thursday 12 April, cyber security researchers and experts from universities, government institutions and companies discussed the final refinements to this new research agenda in the area of digital security. Computer viruses, hijacked computers, hacking, DDoS attacks, phishing and digital espionage are all threats to the digital security of citizens, companies and governments, and they reach the news headlines almost every week. As we have become increasingly dependent on digital services in our everyday lives over the past two decades, we have also become more vulnerable to such attacks.Cyber security researchers are developing new security systems to protect the Dutch digital society. The National Cyber Security Research Agenda (NCSRA) is intended as a framework for public-private partnership within national research into digital security. The agenda was published for the first time in 2011 and was followed by a second edition, NCSRA-II, in 2013. Five years after the second edition, considerable effort is being put into the realisation of a third edition, NCSRA-III. On Thursday 12 April, stakeholders discussed the draft texts of the agenda that were written earlier this year. The 90 participants included many academic researchers, but also experts from industry (including Philips, KPN, NXP, Secura and Rabobank) and representatives from government ministries, TNO, the Confederation of Netherlands Industry and Employers, the Dutch police and the Dutch judiciary.The NCSRA-III is subdivided into five pillars: better design, better defense, better organisation, better understanding of attacks, and improved privacy. For each pillar, the agenda clearly states what the relationships with the other pillars are. 'The agenda that was published five years ago was more compartmentalised', says chair of the event Wim Hafkamp, chief information security officer at Rabobank (and chair of the dcypher advisory council). At the time, we had nine themes that were largely studied independently. The world has changed since, and we are trying to respond to that by clearly considering the relationships between the five pillars. One example of the difference between the new agenda and the previous edition is that we now pay more attention to the psychological aspects of cyber security, for example the change of behaviour; we no longer examine just the technical aspects.'Jaap-Henk Hoepman, principal scientist of the Privacy & Identity Lab, states two ways in which the playing field for digital security has changed over the past five years: 'First of all, our society has become far more dependent on ICT than it was five years ago.'Second, it is better if we now assume that there is no such thing as an entirely secure digital infrastructure. Instead, we should assume that systems have been attacked and that the attacker has access. If this is the case, how can we best protect ourselves?After a plenary session in which the five research pillars were each briefly introduced by a university researcher, the rest of the afternoon was used for discussions. Two successive discussion rounds were organised for each pillar, so that each participant could comment on two of the pillars. At the end of the afternoon, the discussion leaders reported on the most important comments and remarks.The Pillar "Better design" assumes the idea that many security problems can be prevented by designing systems and services where security is one of the priorities from the outset: this is called security by design. When he presented this pillar, Erik Poll from Radboud University noted that, in recent years, everybody has been talking about security by design, but that far too little has been done about it in practice. An important point that emerged from the discussion round is that the end-user, in particular, should not be forgotten. The pillar "Better defense" is about preventing and detecting attacks, but also about responding to and recovering from attacks. The main challenge here is to efficiently and effectively increase the strength of all defensive resources, says Luca Allodi from Eindhoven University of Technology. "Better governance" is the third pillar. This pillar focuses on the owners of systems and services, namely citizens, companies and government bodies. How do they deal with the available technical possibilities to improve digital security? This pillar attracted the most discussion participants by far, including participants from TNO, the Confederation of Netherlands Industry and Employers, the Dutch police and the Dutch judiciary. Several comments concerned the concept of "security". Security has a subjective component, which is not objectively measurable by definition. But in addition, relatively few hard facts and data are available about the measurable component of security.  Kees Neggers, former director of Surfnet and one of the four Dutch people who have been included in the Internet Hall of Fame, expressed his concern that the deeper underlying causes of digital threats are not sufficiently tackled. For example, the current design of the Internet contains leaks that should be sealed according to him. That is technically feasible, but the investments required are scarcely being made. Representatives from industry expressed the concern that it is particularly difficult to get SMEs involved, even though they jointly constitute 95% of Dutch industry; there is an awareness of digital security among them, but also a lack of concrete action. Finally, Theo Jochoms, adviser on science and education at the Dutch police, noted that a lot of attention is devoted to defending against cyber attacks but relatively little attention to detecting these.The fourth pillar, "Better understanding of attacks", studies vulnerabilities in designs, protocols, systems, defense measures, etc. Without an understanding of vulnerabilities, we cannot defend ourselves. The human factor will be given attention as well. Exposing the psychology of the attacker also makes it possible to improve the defense. Botnets could be knocked out before becoming active, for example. The fifth and final pillar, "Improved privacy", ties in with the fact that privacy is a fundamental right within the EU – one that is protected by law. And just like the efforts to achieve security by design, efforts should also be made to design ICT applications in which privacy is a priority from the outset: privacy by design. One of the points raised during the discussion round was that privacy is also a part of identity management: proving that somebody is who he or she claims to be. A second interesting discussion point, submitted by Professor of Cyber Security Governance at Leiden University, Bibi van den Berg, is that privacy should not only be examined in the narrow sense of the term at the level of the individual but also in the broader sense of a community or organisation. People are very keen to share certain things, whereas they do not wish to share other things at all or just with a few people. And ideas about privacy have also changed over the course of time, but this aspect has barely been studied to date.All comments and remarks made during the discussion afternoon will be carefully considered, concludes Jan Piet Barthel, director of dcypher (the Dutch Cybersecurity Platform Higher Education and Research), the organiser of the discussion afternoon. Proposals for amendments can still be submitted until 23 April. Where necessary, the draft texts of the NCSRA-III will be modified. On 5 June, the third edition of the National Cyber Security Research Agenda will be presented at press centre Nieuwspoort in The Hague.Text: Bennie Mols, sciencejournalistTranslation: NST SciencePhoto's: Thijs ter Hart

Nieuws

Taking place in the San Francisco Bay Area, California (US) and in Munich, Germany (Europe). Make your business cyber-resilient: optimise prevention and react fast!Gain the cutting-edge cybersecurity awareness necessary for your effective management decisions using the best US and European approaches shared by experts.Cyber-attacks. Potential business impact. Risk assessment. Human factors. Cybersecurity management. Privacy regulations. Cybersecurity is no longer a technology-only issue. It affects almost all functions in your organisation.Attend this program to explore the US and European tech champion approaches to evaluate and face these threats. In this programme designed for senior management, our experts will share with you industry best practices through lectures, business cases, and company visits.The US Module, delivered by UC Berkeley Executive Education focuses, on the cybersecurity for online, platform, and cloud services. Topics include:Corporate cybersecurityTopics in cybersecurity for specific technical systemsSocial engineering techniquesCybersecurity risk and liabilityData privacy and security The European Module, delivered by EIT Digital, focuses on network, manufacturing, and hardware. Topics include:Cybersecurity in Industry 4.0Network securitySecurity in IoTGDPR: Compliance, enforcement and consequencesCybersecurity governance and managementTechnological threats KEY TAKE-AWAYSLearn about different types of cyber-attacks and the risks they pose to your organizationUnderstand fundamental cybersecurity principles and their application to key technical systemsExplore topics in cybersecurity governance and management that are critical to your businessExamine how to improve cybersecurity in your organizationConsider how leading European and US tech companies prepare for and manage cybersecurity challenges and data privacyConnect with peers and experts WHO SHOULD ATTENDIf you manage teams or units involving technologies, you must be aware of what cybersecurity implies. Be it for prevention or for reaction to attacks, you need to understand what is at stake.This program is for those in top management positions, involved with Product Development, Marketing, Legal, Communication, HR or IT.Executives of companies with significant IT-related activitiesManagers responsible for cyber- resilience of products and processes (IT, R&D, Communications, Legal, etc.)Sales executives for suppliers of cybersecurity solutionsPublic officials responsible for the cybersecurity of their organisations DURATION1 WEEK: industry focus, either the US Module or the Europe Module2 WEEKS: Full cyber security 360 package (both modules)PRICESPer participant: Europe Module: 5.000 €US Module: 4.300 €Europe + US Module: 8.500 €DATES & LOCATIONreserve here:US Module: October 1-5, 2018 in Berkeley (USA)Europe Module: October 15-19, 2018 in Munich (Germany)  
Het ministerie van defensie verbiedt medewerkers om gebruik te maken van sport- en fitnessapp Polar Flow. Die app is voorlopig niet te gebruiken op diensttelefoons. Via een api van de app voor sporthorloges is geo-informatie van gebruikers te achterhalen. Ook als zij deze in de privacy-instellingen hebben afgeschermd. Door die gegevens te koppelen met openbare informatie zijn personen en looproutes op geheime plekken, zoals militaire locaties, in kaart gebracht.Dat ontdekten onderzoeksjournalisten van de Correspondent en Bellingcat na een onderzoek naar de app. Zij vonden het euvel in de app Polar Flow, waarmee sporters de route van een afgelegd parcours via hun sporthorloge kunnen vastleggen en opslaan. Polar, heeft de app tijdelijk uit de lucht gehaald en onderzoekt de zaak.De onderzoeksjournalisten ontdekten een fout in de api van de app waardoor zij informatie van gebruikers konden krijgen die hun profielen hadden afgeschermd (privé-modus). Ook was het aantal verzoeken dat programmeurs per gebruiker konden doen om routes op te vragen ongelimiteerd. Ze ontdekten dat de trainingsgeschiedenis tot en met het jaar 2014 beschikbaar was. Uit die databerg wisten ze allerlei informatie te halen.  De data is met zelfgebouwde software gekoppeld met de geo-locaties van geheime locaties, zoals militaire bases. Zo kwamen zesduizend gebruikers in beeld die de app in de buurt van vertrouwelijke locaties gebruikten. Doordat de meeste sporters daarnaast de app privé gebruiken en het vertrek- en eindpunt meestal de woonlocatie is, is te achterhalen waar deze mensen wonen.‘Locatiegegevens uitzetten’"Medewerkers wordt dringend geadviseerd om locatiegegevens op Defensietelefoons standaard uit te zetten en alleen tijdelijk aan te zetten als dat noodzakelijk is."Minister van Defensie, Ank Bijleveld  schrijft in een brief aan de Tweede Kamer. ‘Het gebruik van bepaalde sport- en fitnessapps op Defensie telefoons wordt vooralsnog onmogelijk gemaakt. Verder wordt dringend geadviseerd om locatiegegevens op telefoons van Defensie standaard uit te zetten en alleen tijdelijk aan te zetten als dit noodzakelijk is.’De minister benadrukt dat het gebruik van sociale media en slimme mobiele apparatuur wijd verspreid en diep geworteld is en het delen van informatie bij de hedendaagse maatschappij hoort, maar waarschuwt: ‘Voorkomen moet worden dat dit risico’s oplevert voor militairen, hun omgeving en lopende operaties.’ Ze noemt:  ‘bewustzijn’ en ‘collegiale controle’ van essentieel belang om er voor te zorgen dat risico’s worden beperkt. StravaEerder werden soortgelijke privacy-issues gemeld met fitnessapp Strava dat ranglijsten publiceerde van de prestaties van gebruikers. Door deze te rangschikken op locatie kon eenvoudig achterhaald worden welke gebruikers bijvoorbeeld op militaire bases in Irak en Afganistan hun rondjes liepen.   https://www.computable.nl/artikel/nieuws/internet-of-things/6402050/250449/defensie-verbiedt-fitnessapp-na-zogen-over-privacy.html
Het voorstel van de commissie Juridische Zaken van de EU om bedrijven als Facebook en YouTube auteursrechten te laten betalen voor video’s, foto’s en muziek, is door het Europees Parlement verworpen.De nieuwe Europese wet die Europa wilde installeren moest het auteursrecht de 21e eeuw inloodsen. Vooral het feit dat artiesten vaak niet betaald werden voor clipjes of muziek die via de internetplatformen gedeeld wordt, was een door in het oog. De sites zouden daarom de toestemming moeten hebben van de houders van de auteursrechten en er voor moeten betalen. Wanneer zo’n akkoord ontbrak, moesten de sites technologie installeren die er voor zorgt dat de clipjes en muziek geblokkeerd wordt.Volgens critici echter holde de wet het recht op vrije meningsuiting uit, bovendien zou de maatregel de facto op een soort verborgen linkbelasting uitkomen. Voorstanders wezen er dan weer op dat er voor gebruikers die inhoud delen voor niet-commercieel-gebruik niks zou veranderen. De tekst bevatte ook een hele reeks uitzonderingen. Bepaalde elementen van een artikel zouden zonder vergoeding kunnen worden gedeeld, er moest een systeem komen waarbij iemand gemakkelijk kan vragen een upload toch opnieuw toegankelijk te maken, als blijkt dat die onterecht is geblokkeerd. Online encyclopedieën zoals Wikipedia zouden bovendien automatisch vrijgesteld worden van de auteursrechtvergoeding, net als scholen, musea en bibliotheken.In de plenaire vergadering van het Parlement is het voorstel nu weggestemd. De onderhandelingen met de lidstaten kunnen dus nog niet beginnen en parlementsleden kunnen de tekst nog amenderen. Half september komt er een nieuwe stemming. https://www.computable.nl/artikel/nieuws/overheid/6400569/250449/europees-parlement-houdt-internetfilter-tegen.html
Call for proposals stimuleringsregeling Open en online onderwijs 2019 staat open. De stimuleringsregeling Open en online onderwijs gaat weer van start. De minister van OCW stelt hierin financiering beschikbaar aan hogeronderwijsinstellingen. De regeling staat open voor experimenten met online onderwijs en voor initiatieven om open leermateriaal in te zetten. Je kunt je projectvoorstel tot 17 december 2018 indienen.https://www.surf.nl/nieuws/2018/07/call-for-proposals-stimuleringsregeling-open-en-online-onderwijs-2019.html 
Op 26 juni organiseerde Neth-ER het evenement ‘Beyond 2020: the next generation of EU knowledge programmes’. Er was veel waardering voor de voorstellen van de Europese Commissie voor Erasmus++, Horizon Europe en de Europese structuur‑ en investeringsfondsen (ESIF). Maar er zijn ook nog veel vragen, bijvoorbeeld over de missie-georiënteerde opzet van Horizon Europe en de deelname van stakeholders aan de programma’s. Volgens een ‘editorial’ van Neth-ER zouden de plannen van de EC voor missies in Horizon Europe te rooskleurig zijn.Verslag Neth-EREditorial Neth-ER
Bekijk het volledige nieuwsoverzicht >