DOCSLIB.ORG

THE FOG of CYBER DEFENCE Eds

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

1 THE FOG OF CYBER DEFENCE Eds. Jari Rantapelkonen & Mirva Salminen National Defence University Department of Leadership and Military Pedagogy Publication Series 2 Article Collection n:o 10 Helsinki 2013 2 © National Defence University/Department of Leadership and Military Pedagogy ISBN 978–951–25–2430–3 ISBN 978–951–25–2431–0 (PDF) ISSN 1798–0402 Cover: Toni Tilsala/National Defence University Layout: Heidi Paananen/National Defence University Juvenes Print Oy Tampere 2013 3 CONTENTS Foreword ........................................................................................ 5 Summary ........................................................................................ 6 Jari Rantapelkonen & Mirva Salminen Introduction: Looking for an Understanding of Cyber ............. 14 Part I: Cyberspace Jari Rantapelkonen & Harry Kantola Insights into Cyberspace, Cyber Security, and Cyberwar in the Nordic Countries ...................................... 24 Topi Tuukkanen Sovereignty in the Cyber Domain ...................................... 37 Jari Rantapelkonen & Saara Jantunen Cyberspace, the Role of State, and Goal of Digital Finland .................................................................................. 46 Margarita Jaitner Exercising Power in Social Media ....................................... 57 Kari Alenius Victory in Exceptional War: The Estonian Main Narrative of the Cyber Attacks in 2007 ............................. 78 PART II: Cyber Security Anssi Kärkkäinen The Origins and the Future of Cyber Security in the Finnish Defence Forces ................................................. 91 Kristin Hemmer Mørkestøl Norwegian Cyber Security: How to Build a Resilient Cyber Society in a Small Nation ....................................... 108 Roland Heickerö Cyber Security in Sweden from the Past to the Future........................................................................... 118 4 Simo Huopio A Rugged Nation ............................................................... 126 Erka Koivunen Contaminated Rather than Classified: CIS Design Principles to Support Cyber Incident Response Collaboration ..................................................................... 136 Part III: Cyberwar Tero Palokangas Cyberwar: Another Revolution in Military Affairs? ........ 146 Sakari Ahvenainen What Can We Say About Cyberwar Based on Cybernetics? ................................................................. 154 Jan Hanska The Emperor's Digital Clothes: Cyberwar and the Application of Classical Theories of War ................... 169 Rain Ottis Theoretical Offensive Cyber Militia Models .................... 190 Jarno Limnéll Offensive Cyber Capabilities are Needed Because of Deterrence ..................................................................... 200 Jouko Vankka & Tapio Saarelainen Threats Concerning the Usability of Satellite Communications in Cyberwarfare Environment ............. 208 Timo Kiravuo & Mikko Särelä The Care and Maintenance of Cyberweapons ................ 218 Mikko Hyppönen The Exploit Marketplace ................................................... 231 5 Foreword Internet is a good example of how technology can dramatically alter our everyday lives. In the past two decades, Internet has evolved from the “playground of the geeks” to a serious tool to do business with. With a single click of a mouse, it is possible to share information with millions of people. Unfortunately, this evolution has also brought about all of the negative side effects of global communication and digital freedom. As the tip of the iceberg, Internet is full of junk mail, malware, scam, and identity thefts – just to name a few examples. Simultaneously, we – the benevolent users – are suffering more and more from attacks on the availability of services and information. Similarly like the mobile phones, Internet has become a commodity without which our modern lifestyle would not survive. Therefore, we have seen governmental level strategies to “protect our critical information infrastructures” or to “secure cyberspace”. Neither Internet, nor any other communication channel is anymore controllable by a single entity, government or corporate. On the contrary, they are networks of networks on which we have very little control on how they evolve. We are living in a world of ubiquitous computing, where various computing devices are communicating and sharing information around us, for us, and about us. Clouds of computers are formed and deformed dynamically without any need of human intervention. World Wireless Research Forum, WWRF, has predicted that there will be seven billion mobile phones in the world by the year 2017. At the same time, the number of computers will rise to seven trillion, that is, there will be roughly a thousand computing devices per person. Thus, our physical space and “cyberspace” will overlap completely. When considering cyberspace from the military perspective, we can ask whether cyber will cause an evolution or a revolution in warfighting. On the one hand, cyber enables us to “see, hear, and talk” faster and over longer distances, which enables us to perform our military objectives faster and with a greater accuracy. On the other hand, cyber is a totally different battlefield with different rules and engaged players than the conventional land, sea, air, and space. This book generates new ideas and opens new topics of discussion with regard to cyber. Even though bits usually do not kill – at least, not directly – we must consider the consequences of cyber operations also from the military perspective. Plenty of questions will rise on this research area, such as “Who are the enemies?”; “What are the rules of engagement?”; “Shall we be defensive or offensive in Cyber?”; and “How do we define ‘credible defence’ in cyber?”. Hannu H. Kari Research Director, Professor, National Defence University 6 SUMMARY The Fog of Cyber Defence is a study made primarily for the NORDEFCO (Nordic Defence Cooperation) community. Nonetheless, it can be applied to other contexts in which enhanced understanding of the challenges of cyberspace is important. The research project was originally called Cyber Defence in the Nordic Countries and Challenges of Cyber Security. For the purposes of the book and due to issues that were raised during the project, the name was changed to better describe the significance and omnipresence of cyber in information societies. However, cyber remains very much a "foggy" challenge for the Nordic countries which are considered cyber savvies. The book focuses on Nordic cooperation in the field of defence policy on a political level. It is a collection of articles that aim to answer the many questions related to cyber security and take a stand on the practical possibilities of cyber defence. The meeting of the Defence Ministers on the 12th and 13th of May 2009 was an example of political positioning with regard to cyber. All Nordic countries – Finland, Sweden, Norway, Denmark and Iceland – participated. In addition to familiar topics such as cooperation in crisis management, material cooperation and operational cooperation, the meeting also witnessed a new common will to deal with new challenges. In the same year, during the June 2009 meeting of the Ministers for Foreign Affairs in Reykjavik, the Nordic countries acknowledged the need for enhanced cooperation to respond more effectively to cyber security problems. Two years later, when the Foreign Ministers of Denmark, Finland, Iceland, Norway and Sweden met on the 5th of April 2011 in Helsinki, the ministers stated that the Nordic Declaration on Solidarity would be followed up with practical measures, such as cooperation in the field of cyber security. On the political level, there is a desire to move towards concrete and practical cyber cooperation. This study on cyber defence was assigned in the 2012 NORDEFCO MCC Action Plan, and it was Finland's turn to conduct a study of an area of interest that would be implemented within the NORDEFCO framework. It was agreed that the recently commenced study, "Cyber Defence in the Nordic Countries and Challenges of Cyber Security," would form the basis for further exploration of possibilities for Nordic cooperation in the field of cyber defence. Key Results The concepts of cyber, cyberspace, cyber security and cyberwar are multidimensional and ambiguous. The key results support the development of a common language and understanding in cyber activities among the Nordic countries, as well as the development of practical cooperation. The phenomenon is greater than what a single country can deal with alone. a) Cyberspace o The Nordic countries are the most developed countries in cyberspace. Simultaneously, they recognise the importance of and their dependence on cyberspace for managing the welfare and security of the countries and their citizens. 7 o Cyberspace is a vague domain in relation to state and defence activities. It raises many unanswered and significant philosophical, but also clearly critical national security questions about how states should relate themselves to cyberspace. o Cyberspace has different qualities and attributes than physical spaces. Cyberspace can be described as a “ubiquitous,” “networked”, and “virtual” world, and cyber activities have even been considered “anonymous.” If this is understood through power politics, bureaucracy and hierarchical leadership, new kinds of political practices can be created and cyber cooperation can be strengthened. In any case, cyberspace on its own
Recommended publications
  • A Study of Android Application Security

    A Study of Android Application Security

    A Study of Android Application Security William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri Systems and Internet Infrastructure Security Laboratory Department of Computer Science and Engineering The Pennsylvania State University enck, octeau, mcdaniel, swarat @cse.psu.edu { } Abstract ingly desire it, markets are not in a position to provide security in more than a superficial way [30]. The lack of The fluidity of application markets complicate smart- a common definition for security and the volume of ap- phone security. Although recent efforts have shed light plications ensures that some malicious, questionable, and on particular security issues, there remains little insight vulnerable applications will find their way to market. into broader security characteristics of smartphone ap- In this paper, we broadly characterize the security of plications. This paper seeks to better understand smart- applications in the Android Market. In contrast to past phone application security by studying 1,100 popular studies with narrower foci, e.g., [14, 12], we consider a free Android applications. We introduce the ded decom- breadth of concerns including both dangerous functional- piler, which recovers Android application source code ity and vulnerabilities, and apply a wide range of analysis directly from its installation image. We design and exe- techniques. In this, we make two primary contributions: cute a horizontal study of smartphone applications based on static analysis of 21 million lines of recovered code. We design and implement a Dalvik decompilier, • Our analysis uncovered pervasive use/misuse of person- ded. ded recovers an application’s Java source al/phone identifiers, and deep penetration of advertising solely from its installation image by inferring lost and analytics networks.
  • BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications

    BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications

    ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo.
  • Opentext Product Security Assurance Program

    Opentext Product Security Assurance Program

    The Information Company ™ Product Security Assurance Program Contents Objective 03 Scope 03 Sources 03 Introduction 03 Concept and design 04 Development 05 Testing and quality assurance 07 Maintain and support 09 Partnership and responsibility 10 Privavy and Security Policy 11 Product Security Assurance Program 2/11 Objective The goals of the OpenText Product Security Assurance Program (PSAP) are to help ensure that all products, solutions, and services are designed, developed, and maintained with security in mind, and to provide OpenText customers with the assurance that their important assets and information are protected at all times. This document provides a general, public overview of the key aspects and components of the PSAP program. Scope The scope of the PSAP includes all software solutions designed and developed by OpenText and its subsidiaries. All OpenText employees are responsible to uphold and participate in this program. Sources The source of this overview document is the PSAP Standard Operating Procedure (SOP). This SOP is highly confidential in nature, for internal OpenText consumption only. This overview document represents the aspects that are able to be shared with OpenText customers and partners. Introduction OpenText is committed to the confidentiality, integrity, and availability of its customer information. OpenText believes that the foundation of a highly secure system is that the security is built in to the software from the initial stages of its concept, design, development, deployment, and beyond. In this respect,
  • The OWASP Application Security Program Quick Start Guide

    The OWASP Application Security Program Quick Start Guide

    Quick Start Guide The OWASP Application Security Program Quick Start Guide Five Days to Setting Up an Application Security Program Quickstart Guide About this Guide This guide is intended to be a short, straightforward introductory guide to standing-up or improving an Application Security Program1. The intended goal of the AppSec program is to implement measures throughout the code’s life- cycle to prevent gaps in the application security policy or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application. The application security program should effectively manage the security of its application systems, protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability. A fundamental component of this improved application security management is the ability to demonstrate acceptable levels of risk based on defined KPIs, including but limited to: 1. The number of vulnerabilities present in an application 2. The time to fix vulnerabilities 3. The remediation rate of vulnerabilities 4. The time vulnerabilities remain open The application security program deliverables include a holistic view of the state of security for each application, identifying the risks associated with the application and the countermeasures implemented to mitigate those risks, explaining how security is implemented, planning for system downtimes and emergencies, and providing a formal plan to improve the security in one or more of these areas. Audience The intended audience of this document is anyone from security engineers, developers, program managers, senior managers or a senior executive. This guide should be considered the start of a comprehensive approach, it is intended to give the basic questions and answers that should be asked by those who are in charge of the application security program in your organization, this includes those responsible for managing the risk of the entire organization.
  • Kvüõa Toimetised 13/2010

    Kvüõa Toimetised 13/2010

    KVÜÕA TOIMETISED 13/2010 ■ CONTRIBUTORS 3 KAITSEVÄE ÜHENDATUD ÕPPEASUTUSED KVÜÕA TOIMETISED 13/2010 ■ Tartu 2010 TEGEVTOIMETAJA (executive editor): Andres Saumets (Estonia) TOIMETUS (editorial board): Ken Kalling (Estonia) Alar Kilp (Estonia) Peeter Kukk (Estonia) Rain Liivoja (Finland) Enno Mõts (Estonia) Erik Männik (Estonia) Andreas Pawlas (Germany) Claus Freiherr von Rosen (Germany) Volker Stümke (Germany) KEELETOIMETAJAD (language editors): Karen Kuldnokk (Estonia) Epp Leete (Estonia) Roy Lowthian (United Kingdom) Reet Hendrikson (Estonia) Kristiina Haug (Estonia) David W. E. Thomas (United Kingdom) KOLLEEGIUM (editorial council): Aarne Ermus (Estonia) Wilfried Gerhard (Germany) Rudolf Hamann (Germany) Jakob Kübarsepp (Estonia) Ants Laaneots (Estonia) Raul Mälk (Estonia) Ago Pajur (Estonia) Eric Allan Sibul (USA) Villu Tamul (Estonia) Peeter Tulviste (Estonia) Matti Turtola (Finland) ISSN 1736–0242 Autoriõigus: Kaitseväe Ühendatud Õppeasutused, 2010 Tartu Ülikooli Kirjastus www.tyk.ee SISUKORD ■ Toomas Möls Critical and Creative Thinking: Are Innovation and Initiative Welcome in the Military? ........................................................................................ 7 Jaan Murumets Võimepõhise planeerimise alused ........................................................... 18 Toomas Tõniste Taktikaliste otsustusmängude kasutamine jalaväekompanii lahingutegevuse juhtimise õpetamiseks ................................................... 34 Merle Parmak Adverse Effects of Tobacco Use in Deployed Military Units ................
  • How to Analyze the Cyber Threat from Drones

    How to Analyze the Cyber Threat from Drones

    C O R P O R A T I O N KATHARINA LEY BEST, JON SCHMID, SHANE TIERNEY, JALAL AWAN, NAHOM M. BEYENE, MAYNARD A. HOLLIDAY, RAZA KHAN, KAREN LEE How to Analyze the Cyber Threat from Drones Background, Analysis Frameworks, and Analysis Tools For more information on this publication, visit www.rand.org/t/RR2972 Library of Congress Cataloging-in-Publication Data is available for this publication. ISBN: 978-1-9774-0287-5 Published by the RAND Corporation, Santa Monica, Calif. © Copyright 2020 RAND Corporation R® is a registered trademark. Cover design by Rick Penn-Kraus Cover images: drone, Kadmy - stock.adobe.com; data, Getty Images. Limited Print and Electronic Distribution Rights This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. Support RAND Make a tax-deductible charitable contribution at www.rand.org/giving/contribute www.rand.org Preface This report explores the security implications of the rapid growth in unmanned aerial systems (UAS), focusing specifically on current and future vulnerabilities.
  • The CLASP Application Security Process

    The CLASP Application Security Process

    The CLASP Application Security Process Secure Software, Inc. Copyright (c) 2005, Secure Software, Inc. The CLASP Application Security Process The CLASP Application Security Process TABLE OF CONTENTS CHAPTER 1 Introduction 1 CLASP Status 4 An Activity-Centric Approach 4 The CLASP Implementation Guide 5 The Root-Cause Database 6 Supporting Material 7 CHAPTER 2 Implementation Guide 9 The CLASP Activities 11 Institute security awareness program 11 Monitor security metrics 12 Specify operational environment 13 Identify global security policy 14 Identify resources and trust boundaries 15 Identify user roles and resource capabilities 16 Document security-relevant requirements 17 Detail misuse cases 18 Identify attack surface 19 Apply security principles to design 20 Research and assess security posture of technology solutions 21 Annotate class designs with security properties 22 Specify database security configuration 23 Perform security analysis of system requirements and design (threat modeling) 24 Integrate security analysis into source management process 25 Implement interface contracts 26 Implement and elaborate resource policies and security technologies 27 Address reported security issues 28 Perform source-level security review 29 Identify, implement and perform security tests 30 The CLASP Application Security Process i Verify security attributes of resources 31 Perform code signing 32 Build operational security guide 33 Manage security issue disclosure process 34 Developing a Process Engineering Plan 35 Business objectives 35 Process
  • Policy Options and Regulatory Mechanisms for Managing Radicalization on the Internet

    Policy Options and Regulatory Mechanisms for Managing Radicalization on the Internet

    Policy options and regulatory mechanisms for managing radicalization on the Internet Paris, 30 September 2016 “[…] I firmly believe that in a free democratic society, freedom of speech and expression is one of the most prized freedoms which must be defended and upheld at any cost and this should be particularly so in the land of Voltaire. It is indeed unfortunate that in the world of today, when science and technology have advanced the frontiers of knowledge and mankind is beginning to realize that human happiness can be realized only through inter-dependence and cooperation, the threshold of tolerance should be going down. It is high time man should realize his spiritual dimension and replace bitterness and hatred by love and compassion, tolerance and forgiveness.” Justice Prafullachandra Bhagwati Dan Shefet (Individual Specialist) ACKNOWLEDGEMENTS The author wishes to thank the following for their support, valuable advice and input throughout the drafting of the Report: Dr. Indrajit Banerjee and his team in UNESCO’s Knowledge Societies Division The UNESCO Delegates and Ministries of Justice/Interior of countries that have participated in the Country Survey. Alexander Linden, Honorary advisor to the French Supreme Court Janice Duffy, Researcher, Australia Pavan Duggal, Supreme Court Lawyer, India Tom Høyem, Former Minister in Denmark under Poul Schlüter Francesca Musiani, Researcher at the CNRS Institute for Communication Sciences and Member of the French National Assembly’s Commission on the Law and Rights in the Digital Era Sami Mahbouli, Lawyer at The Tunisian Supreme Court and Columnist Sabine Leutheusser-Schnarrenberger, Former Minister of Justice under Angela Merkel Marc Randazza, First Amendment Attorney, United States Viswa Sadasivan, CEO of Strategic Moves (Consultancy agency in Singapore) and former member of the Singaporean Parliament Mr K.
  • Cybersecurity in a Digital Era.Pdf

    Cybersecurity in a Digital Era.Pdf

    Digital McKinsey and Global Risk Practice Cybersecurity in a Digital Era June 2020 Introduction Even before the advent of a global pandemic, executive teams faced a challenging and dynamic environ- ment as they sought to protect their institutions from cyberattack, without degrading their ability to innovate and extract value from technology investments. CISOs and their partners in business and IT functions have had to think through how to protect increasingly valuable digital assets, how to assess threats related to an increasingly fraught geopolitical environment, how to meet increasingly stringent customer and regulatory expectations and how to navigate disruptions to existing cybersecurity models as companies adopt agile development and cloud computing. We believe there are five areas for CIOs, CISOs, CROs and other business leaders to address in particular: 1. Get a strategy in place that will activate the organization. Even more than in the past cybersecurity is a business issue – and cybersecurity effectiveness means action not only from the CISO organiza- tion, but also from application development, infrastructure, product development, customer care, finance, human resources, procurement and risk. A successful cybersecurity strategy supports the business, highlights the actions required from across the enterprise – and perhaps most importantly captures the imagination of the executive in how it can manage risk and also enable business innovation. 2. Create granular, analytic risk management capabilities. There will always be more vulnerabilities to address and more protections you can consider than you will have capacity to implement. Even companies with large and increasing cybersecurity budgets face constraints in how much change the organization can absorb.
  • Sõjateadlane

    Sõjateadlane

    SÕJATEADLANE Estonian Journal of Military Studies 13 / 2019 CULTURAL, PEACE AND CONFLICT STUDIES SERIES Volume I Religion and Politics in Multicultural Europe: Perspectives and Challenges Edited by Alar Kilp and Andres Saumets Volume II Extremism Within and Around Us Edited by Alar Kilp and Andres Saumets Volume III The Law of Armed Conflict: Historical and Contemporary Perspectives Edited by Rain Liivoja and Andres Saumets Volume IV Sõna sõjast ja sõda sõnast. Tekste ja tõlgendusi War of Words, Words of War. Texts and Interpretations Edited by Andres Saumets and Vladimir Sazonov Volume V Operatsioon “Iraagi vabadus”: kümme aastat hiljem Operation “Iraqi Freedom”: Ten Years Later Edited by Andres Saumets, Holger Mölder and René Värk Volume VI The Crisis in Ukraine and Information Operations of the Russian Federation Edited by Vladimir Sazonov, Andres Saumets and Holger Mölder Volume VII Kümme aastat Vene-Georgia 2008. aasta sõjast: peegeldusi hübriidsõjast ja Venemaa poliiti- listest ambitsioonidest Ten Years after the Russo-Georgian War of 2008: Reflections on Hybrid Warfare and Russia’s Political Ambitions Edited by Karl Salum and Andres Saumets Volume VIII Zapad 2017 infosõja vaatepunktist Zapad 2017 from the Perspective of Information Warfare Edited by Andreas Ventsel, Vladimir Sazonov and Andres Saumets Volume IX Russia, Syria and the West: From the Aftermath of the Arab Spring in the Middle East to Radicalization and Immigration Issues in Europe Edited by Vladimir Sazonov, Illimar Ploom and Andres Saumets ESTONIAN MILITARY ACADEMY
  • Threats and Vulnerabilities in Federation Protocols and Products

    Threats and Vulnerabilities in Federation Protocols and Products

    Threats and Vulnerabilities in Federation Protocols and Products Teemu Kääriäinen, CSSLP / Nixu Corporation OWASP Helsinki Chapter Meeting #30 October 11, 2016 Contents • Federation Protocols: OpenID Connect and SAML 2.0 – Basic flows, comparison between the protocols • OAuth 2.0 and OpenID Connect Vulnerabilities and Best Practices – Background for OAuth 2.0 security criticism, vulnerabilities related discussion and publicly disclosed vulnerabilities, best practices, JWT, authorization bypass vulnerabilities, mobile application integration. • SAML 2.0 Vulnerabilities and Best Practices – Best practices, publicly disclosed vulnerabilities • OWASP Top Ten in Access management solutions – Focus on Java deserialization vulnerabilites in different commercial and open source access management products • Forgerock OpenAM, Gluu, CAS, PingFederate 7.3.0 Admin UI, Oracle ADF (Oracle Identity Manager) Federation Protocols: OpenID Connect and SAML 2.0 • OpenID Connect is an emerging technology built on OAuth 2.0 that enables relying parties to verify the identity of an end-user in an interoperable and REST-like manner. • OpenID Connect is not just about authentication. It is also about authorization, delegation and API access management. • Reasons for services to start using OpenID Connect: – Ease of integration. – Ability to integrate client applications running on different platforms: single-page app, web, backend, mobile, IoT. – Allowing 3rd party integrations in a secure, interoperable and scalable manner. • OpenID Connect is proven to be secure and mature technology: – Solves many of the security issues that have been an issue with OAuth 2.0. • OpenID Connect and OAuth 2.0 are used frequently in social login scenarios: – E.g. Google and Microsoft Account are OpenID Connect Identity Providers. Facebook is an OAuth 2.0 authorization server.
  • Cyber Terrorism Best Practices Analysis

    Cyber Terrorism Best Practices Analysis

    Funded by the European Commission Seventh Framework Programme CyberROAD Development of the Cybercrime and Cyber-terrorism Research Roadmap Grant Agreement N. 607642 D 6.3 – Cyber Terrorism Best Practices Analysis Date of deliverable: 30/09/2015 Actual submission date: 30/09/2015 Start date of the Project: 1st June 2014 Duration: 24 months Coordinator: UNICA – University of Cagliari, PRA Lab - Pattern Recognition and Applications Lab Version: 2.2 Project funded by the European Commission Directorate-General Home Affairs in the Prevention of and Fight against Crime Programme Restriction Level PU Public No PP Restricted to other programme participants (including the Commission services) No RE Restricted to a group specified by the consortium (including the Commission services) No CO Confidential, only for members of the consortium (including the Commission) Yes D6.2 Cyber Terrorism - Preliminary Best Practices Analysis Funded by the European Commission under the Seventh Framework Programme Page 1 of 23 Revision history Version Object Date Author(s) 0.1 Creation 05/03/2015 INOV, PJ 1.0 Revision 1 13/03/2015 INOV, PJ 1.1 Revision 2 18/03/2015 INOV, PJ, INDRA 2.0 Revision 3 17/09/2015 INOV, MELANI, FORTH, CYBERDEFCON 2.1 Revision 4 24/09/2015 INOV, HMoD 2.2 Final 30/09/2015 INOV D6.2 Cyber Terrorism - Preliminary Best Practices Analysis Funded by the European Commission under the Seventh Framework Programme Page 2 of 23 D6.3 Cyber Terrorism - Best Practices Analysis Responsible INOV Contributors PJ INDRA FORTH-ICS CYBERDEFCON HMoD MELANI Summary: Focused on cyber terrorism, this deliverable was divided into two releases: a preliminary best practices analysis (D6.2) and a final best practices analysis document (D6.3).