ICT Systems Contributing to European Secure-by-Design Critical Infrastructures

Abstract

Over the last two decades, the world’s landscape changed considerably, relying increasingly on the availability and exchange of information in all sectors to fuel economic growth and improved competitiveness. ICT systems, whether we speak of applications, telecommunications or integrated system solutions, are key components of many Critical Infrastructures, and, as such, their disruption, malfunction or compromise can seriously impact our societal and individual well being.

The objective of this paper is to understand what is the situation in terms of how these ICT systems can contribute to the security and resilience of the Critical Infrastructures both from the operators and ICT solution suppliers’ points of view. It then provides an analysis of the gaps to be covered through a comprehensive approach including operational, regulatory and technical stand points detailing what should be the objectives of an approach aiming at building and maintaining Secure-by-Design systems. Indeed, an important element is to understand that security is not just a technological issue but is a complete mindset involving all organisations and individuals. Therefore, the Secure-by-Design approach advocated in this paper represents a process oriented strategy defining clearly identi-fied roles within organisations and specific tools to support these roles. While we specialise it to ICT systems, its driving principles can be adopted for applied to all systems.

This paper concludes on possible actions to be undertaken at European level to improve the situation and therefore contribute to overall Critical Infrastructure protection.

This paper is presented by Fabien Cavenne from THALES Information Systems Security as a member of the European Organisation for Security (EOS). The European Organisation for Security – EOS – was created in July 2007 by European private sector suppliers and users from all domains of security solutions and services. Today, EOS has 34 members, representing 12 European Countries, and 30% of the 30 Billion Euro worldwide security market. EOS focuses on the market side, and seeks to develop a close relationship with the main public and private actors.

The main objective of EOS is the development of a consistent European Security Market, while sustaining the interests of its members and satisfying political, social and economic needs through the efficient use of budgets, and the implementation of available solutions in priority areas, in particular through the creation of a coherent EU Security strategy.