Security research beyond 2020

Dieses Dokument ist Teil der Anfrage „Meetings with ASD and Airbus“

        - 18/11/2020 Ref. Ares(2020)6881565        Security research beyond 2020 Industry considerations on Security research priorities beyond 2020 3 April 2019 ASD | Rue Montoyer 10 I 1000 Brussels, Belgium I T: +32 2 775 81 10 I info@asd-europe.org I www.asd-europe.org \r

Security research beyond 2020 Table of contents Executive Summary ..................................................................................................................... 3 A. Introduction ................................................................................................................................ 7 B. Key technology trends with high and direct impact on security ............................................ 10 1. Artificial Intelligence..................................................................................................... 10 Opportunities ...................................................................................................... 10 Threats ................................................................................................................ 10 Capability gaps and research needs .................................................................... 11 Strategic autonomy aspects ................................................................................ 11 2. Data Science ................................................................................................................. 12 Opportunities ...................................................................................................... 12 Threats ................................................................................................................ 12 Capability gaps and research needs .................................................................... 12 Strategic autonomy aspects ................................................................................ 13 3. Autonomous Systems ................................................................................................... 13 Opportunities ...................................................................................................... 13 Threats ................................................................................................................ 13 Capability gaps and research needs .................................................................... 14 Strategic autonomy aspects ................................................................................ 14 4. Augmented, Virtual and Mixed Reality (Immersive Systems) ...................................... 14 Opportunities ...................................................................................................... 15 Threats ................................................................................................................ 15 Capability gaps and research needs .................................................................... 15 Strategic autonomy aspects ................................................................................ 16 C. Other security-relevant technologies ...................................................................................... 16 D. Conclusions ............................................................................................................................... 17 Page | 2 \r

Security research beyond 2020 Executive Summary This paper provides industry’s recommendations for security research priorities under the Horizon Europe Framework Programme (2021-2027). To this end, it draws on the technological expertise and practical experience of ASD member companies. We argue that the future security research programme should follow a twofold approach: First, ensure continuity of funding for certain security research areas of Horizon 2020, where additional or complementary work is needed to develop relevant capabilities. We see this need in particular in the areas of Cyber Security, Urban Security and Border Security. Secondly, address new breakthrough technologies which have an important security dimension. This forms the main part of this paper. We divide these breakthrough technologies into two categories: First, technologies with potentially high and direct impact on a broad range of security areas. In this category, we include Artificial Intelligence, Data Science, Autonomous Systems and Immersive Systems. Security critical aspects of these four breakthrough technologies should be considered as a priority for the security research programme, since they can make a major contribution to the development of capabilities that are needed to fulfil the objectives of the Security Union (see table 1). The second category are breakthrough technologies which can support certain security missions or imply security risks, but in rather limited fields of application. This second category includes Blockchain, Additive Manufacturing, Quantum Computing and 6G Radio Technology. We recommend covering the security dimension of these technologies not in the security research programme, but in other parts of Horizon Europe. The four key technologies we recommend addressing in the security research programme post-2020 imply both security threats and opportunities, which we describe in the main part of the paper together with relevant capability gaps and research needs. Furthermore, we consider the security dimension of these technologies as so significant that a certain degree of non-dependence from non-European suppliers is crucial. The security research programme should therefore also aim to support Europe’s strategic autonomy at least on the most critical security aspects of these technologies (see table 2). Finally, we advocate for a close coordination between the different components of Horizon Europe in order to cover the security dimension of the identified eight breakthrough technologies. Driven by the commercial sector, the latter develop at very high speed and may well lead to currently unexpected synergies and applications. Consequently, technologies that we consider today as less relevant for security may well lead tomorrow to results that can have a high impact on security. It is therefore of utmost importance to develop across different clusters of Horizon Europe a comprehensive approach towards the security dimension of all these technologies. Page | 3 \r

Security research beyond 2020 Table 1: Schematic process to identify technologies for security needs Page | 4 \r

Security research beyond 2020 Table 2: Key technology trends and their importance for strategic autonomy Page | 5 \r

Security research beyond 2020 Page | 6 \r

Security research beyond 2020 Security research priorities beyond 2020 A. Introduction The purpose of this paper is to provide input for the strategic planning of the security research part of the next Research Framework Programme (Horizon Europe). It points out key technology trends that industry considers as crucial to fill the capability needs that derive from current security challenges and to reach the policy objectives of the Security Union. Based on our assessment, we believe that the future security research programme should follow a twofold approach: - Ensure continuity Where appropriate, Horizon Europe should continue or complement certain security research actions that have been supported under Horizon 2020. We have identified the following three priority areas where this would be particularly useful: 1) Cyber Security: Future research projects should contribute in particular to improving situational awareness and protection against attacks on the cloud environment, Internet of Things, supply chains, and against cryptojacking of financial transactions; 2) Urban Security: To help protecting densely populated urban areas and critical infrastructure against man-made and natural disasters, future research activities should focus on protective measures, increased situational awareness and decision-making during fast evolving and dynamic events; 3) Border Security: Future research efforts should concentrate on enhancing the interoperability of surveillance systems between authorities from different Member States and the smooth exchange of information, but also on the improvement of detection capabilities for specific sensor technologies. - Address relevant new technology trends Most current breakthrough technologies are related to digitalisation and driven by the 1 commercial sector. In particular large internet firms invest heavily in these technologies, which are likely to lead to profound changes in our societies and economies. Many of these technologies have also an important security dimension. In this context, we suggest distinguishing between key technology trends that can have a high and direct impact on security and other security-relevant technologies. 1 Technology Trends were drawn from a number of sources and publications including Forbes, Gartner, Interesting Engineering, Accenture, Finextra Research, Deloitte. Page | 7 \r

Security research beyond 2020 Key technology trends with high and direct impact on security Some breakthrough technologies can have a direct and strong impact on a broad range of security areas. They can be used to develop specific security solutions or may be applied directly (or in an adapted form) for security purposes. At the same time, they can (often) also be used by wrongdoers for criminal or terrorist activities. We believe that the following four technologies are key for security and should therefore be covered in the future security research programme: 1) Artificial Intelligence (AI) yields great potential to significantly enhance the effectiveness of security relevant operations through the application of, among others, smart solutions and machine learning. At the same time, the same technology can also be applied by threat actors to provide targeted and more efficient attacks, including automated operational response and adaptation in the cyber and physical domains. 2) Data Science is crucial for a broad range of new security relevant applications and can help to anticipate, prevent and mitigate threats at a new dimension. From a threat perspective, such systems need to be resilient against information attacks. Data analytics could also be used by threat actors to plan attacks. 3) Autonomous Systems can provide improved surveillance and detection of borders and critical infrastructures and support first responders in unclear and dangerous situations such as natural disasters or terror attacks. However, if used with malicious intention, autonomous systems such as drones represent a new dimension of asymmetric threats. 4) Immersive Systems such as augmented, virtual and mixed reality can improve the operational efficiency of security authorities and first responders by better preparing them for their mission, enhancing situational awareness and facilitating decision-making in action. Yet, the same accounts as well for criminal or terrorist actors in preparation or during the execution of attacks. The security dimension of these technologies is so important that strategic autonomy becomes critical and should be considered as an objective for future security research actions. The concept of strategic autonomy is admittedly as pervasive as it is vague. In technological terms, it implies a certain degree of non-dependence from non-European suppliers. In the above-mentioned key technologies, the security research programme should therefore aim at developing European sources of supply when there is a need for European end-users to: x have full control of the use of a certain technology without restrictions or constraints from third countries or third country entities, for example to integrate it into a wider system (of systems) or adapt and modernise an application; x rely on trustworthy suppliers for the protection of critical infrastructures and highly sensitive security systems, for example against hidden intrusion; x ensure that the relevant industrial and technological competences and know-how are always available to maintain, operate and update a critical system. Page | 8 \r

Security research beyond 2020 Other security-relevant technologies On top of the above-mentioned four key technologies, we have identified four other breakthrough technologies as security-relevant. These technologies have the potential to support certain security missions or can pose a threat in certain areas. At the same time, we consider them as less pertinent for the future security research programme, since we expect their field of security application to be relatively narrow: 5) Blockchain Technology can support security authorities when it comes to the storage of static information and secure exchange of information, yet wrongdoers can use the technology to secretly plan and execute attacks. 6) Additive Manufacturing (AM) enables cheaper, faster and customised production of equipment but brings along the risk of home-made weapons or explosive devices. 7) Quantum Computing has the potential to dramatically boost computing performance, enabling more secure encrypted communication and high-speed big data search. Yet, this new computing dimension also creates risks in terms of data security and hacking attacks. 8) 6G Radio Technology would allow for a new generation of mobile data communication, greatly facilitating the work of security authorities and first responders in action. However, given the vast amount of, often sensitive, data transmitted via 6G components, the imprudent choice of suppliers could create huge vulnerabilities to critical infrastructures in Europe. In spite of their security dimension, we believe that this second category of technologies should not be considered as a priority for the security research programme, but rather be supported by other parts of Horizon Europe, in particular within the cluster ‘Digital and Industry’. At the same time, all technologies are closely intertwined and interdependent. Research programmes and funds should therefore emphasise coherence and coordination across the different clusters of Horizon Europe in order to ensure a sustainable and useful outcome. In the following, we will elaborate in greater detail the security aspects of the four key technology trends that the future security research programme should directly address. We will look in particular at their: x Opportunities and threats; 2 x Capability gaps and research needs; x Strategic autonomy aspects. We will then do the same exercise in less detail also for the second category of other security-relevant technologies that should be supported through other EU funding programmes. 2 To keep this paper unclassified the threats posed have been kept at a very general level. Page | 9 \r

Security research beyond 2020 B. Key technology trends with high and direct impact on security 1. Artificial Intelligence Intelligent systems use Artificial Intelligence (AI) and machine learning to interact in a more intelligent way with people and their surroundings. These systems can operate semi- autonomously or autonomously in an unsupervised environment to complete a particular task. Increasing computing power and availability of data sets have been crucial to enable advancements in AI. Opportunities The use of intelligent surveillance systems is perfectly suited to support human operations and increase efficiency in security relevant fields. For first responder operations, for example, AI can help to establish reliable early warning systems through data collection, optimised algorithms and machine learning. This supports decision makers in taking early and appropriate action. Medical treatments during operations may also be enhanced with the use of specific AI applications. For border management, solutions such as the ‘Smart Gate’ provide reliable 24-hour surveillance, enabling law enforcement authorities to control borders more efficiently and spot security risks earlier. Similarly, AI is also an enabler for secret services or law enforcement authorities in gathering and analysing intelligence and can be used to enhance surveillance and protection of critical infrastructures. Threats The increasing dependence on intelligent and interconnected technology, as well as the proliferation of adversary tools to exploit vulnerabilities in systems and networks create new security risks and threats: x Information security attacks on intelligent systems have the potential to disable critical infrastructures or border management systems; x AI could be used to provide automated response and attack, both at the cyberwarfare level or physically through the use of weaponised drones and other platforms. Since AI can be applied with ever less components and ever smaller devices (based on chip solutions and micro-electronics), this threat scenario will become more significant in the coming years; x Privacy and data protection are at stake as a growing amount of data is collected by public authorities and private firms with the use of AI tools. Data leaks and cyberattacks can result in sensitive data falling into the hands of hostile states or organisations; x Machine made decisions based on AI technology may pose a threat if a machine takes a wrong decision resulting from erroneous information without a human being having the possibility to intervene. This could affect border and airport controls, the surveillance of mass events or provoke false alerts in critical infrastructure. To mitigate threats posed by AI, security by design is a key requirement. One example of such a pre-emptive measure is ensuring state-of-the-art (cyber) security resilience from the earliest Page | 10 \r

Zur nächsten Seite