We recently had our final seminar of DIMECC Cyber Trust Program (http://cybertrust.fi/cyber-trust-final-result-seminar-on-26-september-in-helsinki/). The program created a foundation for Finnish research and industry to address the needs emerging in the cyber security domain. The main research objective of the program was to improve the privacy, trust and decision making in digital infrastructure by monitoring, analyzing, virtualizing, and visualizing traffic, objects and events. The program utilized the strong expertise, extensive knowledge and solid cooperation model in public-private sectors. The consortia consisted of 19 companies, and 8 research institutes and universities. (http://cybertrust.fi/)
Looking back to the setup and starting point of initiating our Cyber Trust program, it probably could not be time wisely better selected. There was an earth quake situation arisen with Snowden revealing the black truth for public awareness of our everywhere reaching networking. If we had any trust transferring business related information via public networks, it was washed away with a massive amount of documents collected by a western industrial country. This started even the bigger discussion what and who is following the network traffic and that even individual persons were not safe. Examples of high executive phones tapped came out daily. Already earlier, the bug hunting programs were turned upside down. White hat men (good and respectful researchers) could not concentrate anymore finding vulnerabilities or weaknesses from programs and systems. Opposite forces seemed to have more and more resources. Black hat men could offer a network shop to order a full blown DOS attack. A customer needs to just tick how many computers and type of an attack.
The NIS directive as well as the European cybersecurity strategies targets strongly cooperation and collaboration among relevant actors in cybersecurity. In the EU cybersecurity strategy, there is emphasis on decentralized prevention and response to cyber incidents and attacks. Coordination and information sharing are key elements of this approach, targeting a coordinated interaction between national, EU and international NIS authorities, law enforcements, defense authorities, as well as industry and academia. I think this is also one reason why Cyber Trust program has raised a lot of international interest and direct requests for collaboration. As a down side reflecting the real cyber world where we were living when the program was originally established, we were contacted for international collaboration proposals even before the program was publicly announced. So definitely there are no secrets anymore in the internet world.
In Finland, we have a health situation, given that it is natural to have real co-operation with industrial and academic partners. One of the corner stone settled already on preparation phase of the Cyber Trust program was the demand that more than one industrial partner were required for all business cased to be accepted to be part of the program. This was a challenging goal given that traditionally security, and especially cyber security, practices are handled by a company itself and not shared with others.
The Cyber Trust project was success in many ways. It pushed the state-of-the-art of cyber security on many areas; it showed that successful collaboration can be achieved even on the cyber security area with small and large enterprises together with research organizations. With the start of a new H2020 program CS-AWARE (A cybersecurity situational awareness and information sharing solution for local public administrations based on advanced big data analysis) the larger international collaboration can continue; after all, Cyber Trust and Security is a global thing. The battle will continue.
Juha Röning
Professor, Coordinator of CS-AWARE