— Trust and Security for our Digital Life —
Editors: dr.ir. Herbert Bos (Vrije Universiteit Amsterdam) prof.dr. Sandro Etalle (Technische Universiteit Eindhoven) dr.ir. Erik Poll (Radboud Universiteit Nijmegen)
1 A National Research Agenda for Cyber Security 2 Focus and objectives 3 The many aspects of cyber security 4 Setting the research agenda 4.1 Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 Research Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appendix A. The cyber security research community in the Netherlands Appendix B. Ongoing ICT security research initiatives Appendix C. The Sentinels research program 2 3 4 6 6 10 16 22 23
About this document
This document is the result of a series of discussions about the best shape, form and content of a national research agenda in line with the National Cyber Security Strategy (NCSS). It formulates, in concrete terms, common thoughts and promising directions for a research agenda in cyber security. While all contributors ﬁrmly believe that a realisation of the agenda requires ambitious funding, as well as solid governance and embedding, this document addresses only the research directions. Acknowledgments This document has been edited under the coordination of the ICT Innovatie Platform Veilig Verbonden, with a broad involvement of researchers from various disciplines (computer science, law, public administration, cyber crime sciences and police studies) and from several universities and research centres (RU Nijmegen, VU Amsterdam, TU Eindhoven, University of Twente, TU Delft, Tilburg University, TNO, Novay). Discussions have extensively involved experts from the industry as well as from (semi-)government organizations.
A National Research Agenda for Cyber Security
As our reliance on the ICT infrastructure increases, so do concerns about its security. The growing complexity of ICT systems means that bugs and vulnerabilities are harder to avoid, creating new opportunities for increasingly sophisticated attackers. The recent attack on a uranium enrichment facility in Iran by the Stuxnet worm shows that strategic interests can attract cyber-attackers1 . Unfortunately, the Netherlands is an important player in the world of cyber crime. As the country with the highest broadband penetration and the best quality broadband in the world, the Netherlands is a prime target for botnets. As we cannot aﬀord to let cyber criminals erode the trust we and others have – and need to have – in the ICT infrastructure, or at least in the services provided through this infrastructure, research is needed. Trust is a conditio sine qua non for normal economic transactions and inter-human communication. It is Figure 1: President Ahmadinejad of Iran visits the at the core of social order and economic pros- uranium enrichment facility in Natanz. The plant perity, and in an increasingly ICT-dependent was targeted by the Stuxnet worm (see page 14) world, the security of ICT plays an ever more important role here. There are several reasons to set up a National Research Agenda for Cyber Security: Security in our ICT-dependent world is crucial, both to protect Dutch society from cyberattacks, and to provide the conﬁdence and trust in ICT that is necessary for its use. Investing in security expertise provides strategically essential knowledge for decision makers to act wisely in complex cases such as electronic passports and online IDs, e-health, cybercrime, cyber warfare, smart electricity grids, public transport, smart cars and roads, critical infrastructure, etc. Services and products that provide improved ICT security open concrete economic opportunities that can be reaped by stimulating security research (Ernst&Young, 2011).
This document proposes an ambitious National Cyber Security Research Agenda (NCSR) to boost ICT security...