The panel discussion revolved around the already defined project WGs:

• Smart environments
• Critical systems
• Malware & fraud

The discussion started with a talk on smart systems, which mainly focused on the threats introduced by the advent of smart devices. Smart-phones and other such mobile smart-devices are slowly replacing the older mobile phones greatly increasing the offered functionality. A smart-phone can be used for accessing email, online banking, e-commerce, etc same as with a PC. Furthermore, new location based services (via GPS) are offered, and plans are made to turn these devices to e-wallets. Also, since a phone is considered highly personal, users tend to store personal items such as photos, PIN and credit card numbers. All the above turn these devices to very attractive targets for attackers, while at the same time users are not even aware of the existence of threats against their new device. Applying already developed security solutions to mobile devices is not always possible, because of their inherent limitations such as limited battery life, and hardware resources. As such additional research is needed to address security in such devices.

Critical systems were discussed second in the panel. Such systems include telecommunications infrastructure, transportation, energy production and distribution, etc. These systems have been using computers for a long time, but in the future there are many plans to allow their management over the Internet. Extending their connectivity can leave them open to a multitude of attacks, if security is not considered early in the design and implementation. Unfortunately, in this case as well, people involved with critical systems are not always aware of the new threats and challenges they will be facing.

A very interesting example from the car industry was brought up. Cars today already include 40-50 computers connected via LAN. Security has not been an issue till today, but with plans to interconnect cars with each other,  or even with the Internet it is made obvious that security will be a prime concern. Failure to introduce security mechanisms could prove catastrophic, not in this example alone but on all critical systems.

The final subject of the panel was malware and fraud. The discussion centred on the new incentives and modus operandi of malware writers today. Malware is no longer written “for fun”, but for profit. One can easily be made aware of this by considering the very successful worms of the past such as CodeRed, Blaster, and Sasser. Even though millions of systems were infected, the damages inflicted were relatively small. Today on the other hand, malware writers are driven by profit, and form groups that resemble traditional crime organisations. Botnets such as the renowned Storm botnet are used to circulate spam e-mail, which is either directly providing income to the botnet “owners”, or is used to perform fraud. Botnets have even been observed being rented out in the cyber underground through IRC channels and web pages. To better understand this new generation of criminals, traditional investigation is needed to provide warning of new attacks and frauds, while at the same time more research is needed on disrupting malware operation and propagation.

The conclusions extracted from the panel discussion can be summarised into that: a) additional security research is needed to address future threats on new technologies, and b) well established industries need to be made aware of the new threats they will be exposed to, because of the interconnection of previously unconnected components.

In 1995, the EU decided to negotiate a “Framework Agreement on Trade and Cooperation“, in recognition of South Korea’s increasing role in the Asian and global economy, and of its success in consolidating democracy. This Agreement entered into force in April 2001 and is implemented through an annual meeting of a Joint Committee.

The EU – South Korea dialogue has broadened these last years, namely through “EU-Korea Summits” and regular ministerial meetings. Both parties cooperate closely in a number of multilateral fora, and have close relationship within the Asian Europe meeting (ASEM).

The 2nd EU-Korea Cooperation Forum on ICT Research was held in Brussels between the 1st and 2nd of December. This second Cooperation Forum is a follow-up event to the one successfully held in Seoul, South Korea in June 2008, and is organised under the aegis of the European Commission (Directorate General Information Society and Media), and of the Ministry of Knowledge Economy (MKE), Korea.

Engin Kirda from Institute Eurecom held a talk on the FORWARD and the WOMBAT EU projects and discussed possible collaboration opportunities with Korean partners. The slides from the talk are available from the publications section of the FORWARD website.

They keynote speech of the first day was given by Pradeep Khosla from CyLab, Carnegie-Mellon University and was titled “Cybersecurity: Opportunities and changes”. Apart from the keynote speech, nine other presentations were given as part of the core workshop agenda. The presentations were around threats on the Internet and particularly  emerging threats to the internet infrastructure, malicious hardware, the business of cyber-crime, security of control and supervision systems and privacy control. After the presentations, five working groups were formed: large-scale software systems, network and monitoring, critical infrastructure protection, malware and finally fraud. Each working group discussed future and emerging threats concerning the group’s topic as well as possible collaborations among attendees. The day closed with a presentation from Thomas Skordas about the ICT Security Work Programme.

The second day began with presentations on various topics such as trends on e-crime, the future of malware, scalable development of secure software and security and dependability perspectives in air traffic. On behalf of FORTH’s DCS laboratory, Dr. Evangelos Markatos gave a talk titled “The future of Malware: From fun and profit to Physical Harm”, addressing the evolution of malware and how it can affect the physical health of internet users. The discussions of first day’s working groups continued after the end of presentations. They keynote speech of the second day was titled “21st Century Cyber Security Challenges – A Perspective from  Large-Scale Global Enterprise” by Ming-Yuh Huang from Boeing.

Overall, the 1st FORWARD workshop was a successful event with lots of interesting presentations and constructive discussions. Future and emerging threats is a challenging aspect of internet security domain and through the FORWARD workshop we had the chance to take a glimpse at the future of e-crime.

The workshop was scheduled for the 17th and 18th of April at Gothenburg, Sweden. The consortium will be inviting leaders in the field of security, from ongoing European projects, as well as experts from the industry and project managers from the Commission to participate in the workshop.

The consortium also highlighted topics of interest to each partner. The list includes: Distributed Defense, Critical Infrastructure Protection, Fraud and Economics, Harassment and Misinformation, Smart Devices, Network Infrastructure, and Metrics. These topics will be included for discussion during the first FORWARD workshop. However we expect other topics to also come out of the discussion. These topics will form the basis of the consortium working groups (and also the focus of more blogs that will appear on this site!).

The FORWARD blogs site is only part of the online collaboration platform of the project. The exact synthesis of the platform was discussed during the project kickoff meeting. FORTH presented the web pages created for the project as well as the proposed collaboration tools. The tools included a wiki, online forums, an online file repository and this blog. All these will enable close collaboration between the partners as well as a basis for distribution of the work performed in the FORWARD project.