European Union Agency for Network and Information Security

Machine Learning (ML) represents a pivotal technology for current and future information systems, and many domains already leverage the capabilities of ML. However, deployment of ML in cybersecurity is still at an early stage, revealing a significant discrepancy between research and practice. Such a discrepancy has its root cause in the current state of the art, which does not allow us to identify the role of ML in cybersecurity. The full potential of ML will never be unleashed unless its pros and cons are understood by a broad audience. This article is the first attempt to provide a holistic understanding of the role of ML in the entire cybersecurity domain—to any potential reader with an interest in this topic. We highlight the advantages of ML with respect to human-driven detection methods, as well as the additional tasks that can be addressed by ML in cybersecurity. Moreover, we elucidate various intrinsic problems affecting real ML deployments in cybersecurity. Finally, we present how various stakeholders can contribute to future developments of ML in cybersecurity, which is essential for further progress in this field. Our contributions are complemented with two real case studies describing industrial applications of ML as defense against cyber-threats.

Privacy and data protection constitute core values of individuals and of democratic societies. There have been decades of debate on how those values -and legal obligations- can be embedded into systems, preferably from the very beginning of the design process. One important element in this endeavour are technical mechanisms, known as privacy-enhancing technologies (PETs). Their effectiveness has been demonstrated by researchers and in pilot implementations. However, apart from a few exceptions, e.g., encryption became widely used, PETs have not become a standard and widely used component in system design. Furthermore, for unfolding their full benefit for privacy and data protection, PETs need to be rooted in a data governance strategy to be applied in practice. This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.

Following the introduction of ICAO-compliant electronic passports, electronic national identity cards are now being planned and deployed on a large scale in Europe as well as worldwide. Whereas electronic passports contain a contactless chip in the booklet, electronic ID cards are usually plastic cards the size of a regular ATM card, using a chip with a contactless and/or contact interface. Like the data page of a passport, an ID card is personalised with at least a serial number, a photo and the owner's name and date of birth. Some EU countries, including Austria, Belgium, Estonia, Finland, Italy, the Netherlands, Spain, and Sweden have already started issuing electronic ID cards. Others, for example, Germany, France, and the UK, are currently drafting technical specifications for their future ID card schemes. Besides national ID cards, there are many other government and commercial eID card schemes, such as electronic health cards or chip and signature cards.

Lack of trust is one of the main reasons for the limited cooperation between different organizations. The privacy of users is of paramount importance to administrators and organizations, which are reluctant to cooperate between each other and exchange network traffic traces. The main reasons behind reluctance to exchange monitored data are the protection of the users' privacy and the fear of information leakage about the internal infrastructure. Anonymization is the technique to overcome this reluctance and enhance the cooperation between different organizations with the smooth exchange of monitored data. Today, several organizations provide network traffic traces that are anonymized by software utilities or ad-hoc solutions that offer limited flexibility. The result of this approach is the creation of unrealistic traces, inappropriate for use in evaluation experiments. Furthermore, the need for fast on-line anonymization has recently emerged as cooperative defense mechanisms have to share network traffic. Our effort focuses on the design and implementation of a generic and flexible anonymization framework that provides extended functionality, covering multiple aspects of anonymization needs and allowing fine-tuning of privacy protection level. The proposed framework is composed by an anonymization application programming interface (AAPI). The performance results show that AAPI outperforms existing tools, while offering significantly more anonymization primitives.

Information and communication technologies (ICT), in general, and the Internet, in particular, have to a digitalization information and to "always-on" remotely accessible services. To ensure that these services are accessed with appropriate levels of security and privacy, the need for the identification and authentication (I&A) of individuals has increased. For most applications, the I&A process is the first line of defense, which aims to prevent unauthorized access to computer systems. Identification is the means by which a user provides a claimed identity to the system, while authentication relates to the verification of that person's identity, i.e., it ensures that a person is who he/she claims to be.

Résumé L’étude des comportements de consommation d’alcool et de leur perception par la société est une approche intéressante de la notion de genre, en particulier en France où cette consommation est fortement intégrée aux relations sociales (repas de famille ou entre amis, célébrations en tout genre, etc.) et donc a priori moins stigmatisée que dans certains autres pays. En nous appuyant sur les travaux de Sidsel Eriksen (1999) qui définit l’alcool comme un « symbole » du genre et une exploitation statistique de nombreuses sources récentes (Baromètre santé 2000, Eropp2002), nous montrons que la dichotomieentre genre et perception par la société de la consommation d’alcool qui s’affirme au xix e siècle se prolonge aujourd’hui. En particulier, bien que la consommation d’alcool reste faible chez les femmes et très inférieure à celle des hommes, le spectre de l’explosion de cette consommation est régulièrement agité comme une réelle menace pour la société.

Privacy and data protection constitute core values of individuals and of democratic societies. There have been decades of debate on how those values -and legal obligations- can be embedded into systems, preferably from the very beginning of the design process. One important element in this endeavour are technical mechanisms, known as privacy-enhancing technologies (PETs). Their effectiveness has been demonstrated by researchers and in pilot implementations. However, apart from a few exceptions, e.g., encryption became widely used, PETs have not become a standard and widely used component in system design. Furthermore, for unfolding their full benefit for privacy and data protection, PETs need to be rooted in a data governance strategy to be applied in practice. This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.

Network monitoring and measurement is commonly regarded as an essential function for understanding, managing and improving the performance and security of network infrastructures. Traditional passive network monitoring approaches are not adequate for fine-grained performance measurements nor for security applications. In addition, many applications would benefit from monitoring data gathered at multiple vantage points within a network infrastructure. This paper presents the design and implementation of DiMAPI, an application programming interface for distributed passive network monitoring. DiMAPI extends the notion of the network flow with the scope attribute, which enables flow creation and manipulation over a set of local and remote monitoring sensors. Experiments with a number of applications on top of DiMAPI show that it has reasonable performance, while the response latency is very close to the actual round trip time between the monitoring application and the monitoring sensors. A broad range of monitoring applications can benefit from DiMAPI to efficiently perform advanced monitoring tasks over a potentially large number of passive monitoring sensors

BACKGROUND: Informal caregivers of people with amyotrophic lateral sclerosis (ALS) experience a range of needs across the course of the disease. For the provision of adequate support, an examination of the empirical evidence is necessary. AIM: The purpose of the systematic review was to synthesize evidence of needs of informal caregivers of people with ALS at different stages of caregiving. METHOD: Systematic review of empirical research on needs of ALS informal caregivers in both English and German, from January 2000 to August 2018. We searched the databases EMBASE, MEDLINE (PubMed), PsycINFO, and CINAHL. Study selection, quality assessment, and data extraction was performed independently. Both quantitative and qualitative studies were included. Of the included studies, we additionally screened citing literature in Google Scholar (citation tracking). We linked the narrative synthesis to four stages of caregiving described by Williams and colleagues and used descriptive inductive thematic analysis to structure data within the stages. RESULTS: From 3275 abstracts screened, 48 manuscripts met our inclusion criteria. Our data analysis shows that needs differ across the four caregiving stages. While the stage of bereavement (stage 4) includes too little data for separate themes, themes for needs after diagnosis (stage 1), and terminal stage (stage 3) could be specified. As the maintenance (stage 2) stage comprised of themes relevant across the caregiving course, it became an overall stage. DISCUSSION: Healthcare professionals need to pay attention to current caregiving stages to provide support for informal caregivers. Further research is needed to tease out support needs for the bereavement phase.

Abstract The escalating complexity and impact of cyber threats require organisations to rehearse responses to cyber-attacks by routinely conducting cyber security exercises. However, the effectiveness of these exercises is limited by the exercise planners’ ability to replicate real-world scenarios in a timely manner that is, most importantly, tailored to the training audience and sector impacted. To address this issue, we propose the integration of AI-driven sectorial threat intelligence and forecasting to identify emerging and relevant threats and anticipate their impact in different industries. By incorporating such automated analysis and forecasting into the design of cyber security exercises, organisations can simulate real-world scenarios more accurately and assess their ability to respond to emerging threats. Fundamentally, our approach enhances the effectiveness of cyber security exercises by tailoring the scenarios to reflect the threats that are more relevant and imminent to the sector of the targeted organisation, thereby enhancing its preparedness for cyber attacks. To assess the efficacy of our forecasting methodology, we conducted a survey with domain experts and report their feedback and evaluation of the proposed methodology.

Abstract Content generation that is both relevant and up to date with the current threats of the target audience is a critical element in the success of any cyber security exercise (CSE). Through this work, we explore the results of applying machine learning techniques to unstructured information sources to generate structured CSE content. The corpus of our work is a large dataset of publicly available cyber security articles that have been used to predict future threats and to form the skeleton for new exercise scenarios. Machine learning techniques, like named entity recognition and topic extraction, have been utilised to structure the information based on a novel ontology we developed, named Cyber Exercise Scenario Ontology (CESO). Moreover, we used clustering with outliers to classify the generated extracted data into objects of our ontology. Graph comparison methodologies were used to match generated scenario fragments to known threat actors’ tactics and help enrich the proposed scenario accordingly with the help of synthetic text generators. CESO has also been chosen as the prominent way to express both fragments and the final proposed scenario content by our AI-assisted Cyber Exercise Framework. Our methodology was assessed by providing a set of generated scenarios for evaluation to a group of experts to be used as part of a real-world awareness tabletop exercise.

Recent years have seen a veritable boom in the creation of policy labs. These institution-based innvation laboratories aim to open up the processes of public policy design to the social stakeholders involved. In 2016, the European Union Policy Lab commissioned a report that identified 64 such laboratories in Europe. In the present study, we use network analysis to reveal the structure of the relationships between the 42 of these labs that have a presence on Twitter. We then conduct a content analysis of their tweets to identify the topics of interest. Our results describe a fragmented, country-based network and the principal concepts and key issues addressed by these institutions.

Wireless Broadband offers incredibly fast, “always on” Internet similar to ADSL and sets the user free from the fixed access areas. In order to achieve these features standardisation was achieved for Wireless LAN (WLANs) and Wireless Metropolitan Area Networks (WMANs) with the advent of IEEE802.11 and IEEE802.16 family of standards, respectively. One serious concern in the rapidly developing wireless networking market has been the security of the deployments since the information is delivered freely in the air and therefore privacy and integrity of the transmitted information, along with the user-authentication procedures, become a very important issue. In this article, we present the security characteristics for the WiFi and the WiMAX networks. We thoroughly present the security mechanisms along with a threat analysis for both IEEE 802.11 and the 802.16 as well as their amendments. We summarise in a comparative manner the security characteristics and the possible residual threats for both standards. Finally focus on the necessary actions and configurations that are needed in order to deploy WiFi and WiMAX with increased levels of security and privacy.

As e-government applications are coming of age, security has been gradually becoming more demanding a requirement for users, administrators, and service providers. The increasingly widespread use of Web services facilitates the exchange of data among various e-government applications, and paves the way for enhanced service delivery.\nSecure E-Government Web Services addresses various aspects of building secure e-government architectures and services, and presents the views of experts from academia, policy, and the industry to conclude that secure e-government Web services can be deployed in an application-centric and interoperable way. Secure E-Government Web Services presents the promising area of Web services, shedding new light onto this innovative area of applications, and responding to the current and upcoming challenges of e-government security.

Considéré comme le fleuron des politiques européennes en matière d’éducation, le programme Erasmus fête ses trente ans en 2017. Si son bilan est présenté comme largement positif pour avoir augmenté les possibilités d’une mobilité estudiantine dans l’Union européenne, la finalité du programme suscite toujours des questions. Dans une « Europe de la connaissance » que l’Union appelle de ses vœux, cette mobilité d’étude n’est pas sans lien avec les marchés du travail et la mobilité professionnelle. Contrairement à l’image d’un étudiant bohème à la recherche de son « identité », les recherches sur la question montrent que l’étudiant Erasmus est souvent davantage un stratège.

Abstract Information security has emerged as a necessity for organisations in order to ensure the integrity, confidentiality and availability of information. Information security, however, has shifted to the foreground of regulation in the European Union (EU) to address potential risks associated with the widespread use of information technology. Information security can be used to safeguard against risks or additionally facilitate users in meeting specific requirements with regard to pertinent legislation. The set up of a dedicated European Agency on information security (ENISA) also highlights the political significance of information security and the need to strive for greater cooperation across EU Member States as well as internationally. While the EU legal framework on information security is by no means complete, the efforts that have been made to tackle pertaining issues are likely to make a significant impact in the EU and beyond.

We present in this paper experimental and simulation results on the propagation of IEMI disturbances along a commercial power network mockup. Two different numerical tools were used in this study: CST Cable Studio and the CRIPTE code. The presented results show that an accurate modeling of the propagation along real cabling scenarios requires a very high degree of knowledge of the simulated topology. Furthermore, it is shown that uncertainties in the input geometrical and electrical parameters may significantly impact the accuracy of simulated results.

In this article, we study the vulnerability management dimension in smart city initiatives. As many cities across the globe invest a considerable amount of effort, resources and budget to modernise their infrastructure by deploying a series of technologies such as 5G, Software Defined Networks, and IoT, we conduct an empirical analysis of their current exposure to existing vulnerabilities. We use an updated vulnerability dataset that is further enriched by quantitative research data from independent studies evaluating the maturity and accomplishments of cities in their journey to become smart. We particularly focus on cities that aspire to implement a (data-driven) Circular Economy agenda that we consider to potentially yield the highest risk from a vulnerabilities exposure perspective. Findings show that although a smarter city is attributed with a higher vulnerability exposure, investments on technology and human capital moderate this exposure in a way that it can be reduced.

The traveling salesman problem (TSP) is a fundamental combinatorial optimization problem with applications in resource management, logistics, and communications. In order to address TSP and its differences, this paper discusses developments in Ant Colony Optimization (ACO), a biologically inspired algorithm. Inspired by the foraging activity of ants, ACO's decentralized and recursive methodology has proven successful in solving difficult routing problems. ACO's scalability, convergence speed, and solution quality have been greatly enhanced over time through innovations including hybridization with algorithms such as Firefly, genetic algorithms, parallel computing frameworks, and adaptation mechanisms. These developments have given the ACO the flexibility and efficiency to handle dynamic situations, such as real-time vehicle guidance and underwater navigation. Despite its progress, issues remain such as scalability in resource-limited contexts, processing overhead, and reliance on parameter modification. This work summarizes current developments in ACO, noting how revolutionary the TSP solution is, pointing out its drawbacks, and suggesting areas for further study. Leveraging emerging technologies like machine learning and quantum computing, ACO has huge potential to progressively address challenging real-world problems. This review provides a comprehensive framework for developing uses of ACOs and reaffirms their status as a key component of improvement research.

Air gaps are generally considered to be a very efficient information security protection. However, this technique also showed limitations, involving finding covert channels for bridging the air gap. Interestingly, recent publications have pointed out that a smart use of the intentional electromagnetic interferences introduced new threats for information security. In this paper, an innovative way for remotely communicating with a malware already installed on a computer by involving the induced perturbations is discussed leading to the design of a new air gap bridging covert channel.