view counter

Infrastructure protectionCoordinating responses to cloud, infrastructure vulnerabilities

Published 18 November 2013

Cybercrime presents a significant threat to individual privacy, commerce, and national security. In order to tackle this cross-border threat properly, agents involved in managing and monitoring cyber-risk-critical assets need to be able to cooperate and co-ordinate their prevention strategies. Platforms enabling coordinated cross-border responses already work well for handling malicious activity on the traditional Internet. The advent of cloud computing, however, has created a new set of challenges for security professionals in securing the platforms that deliver the cloud.

Cybercrime presents a significant threat to individual privacy, commerce, and national security. In order to tackle this cross-border threat properly, agents involved in managing and monitoring cyber-risk-critical assets need to be able to cooperate and co-ordinate their prevention strategies.

A CORDIS release reports that to this end, an innovative new platform for sharing cyber-security information has been developed through an EU-funded project. The results of the project, entitled CLOUDCERT, will be presented at the project’s final conference on 22 November. It is expected that the project will contribute significantly to the protection of sensitive and potentially vulnerable infrastructure, and thus improve the health, safety, and welfare of all citizens.

Platforms enabling coordinated cross-border responses already work well for handling malicious activity on the traditional Internet. The advent of cloud computing, however, has created a new set of challenges for security professionals in securing the platforms that deliver the cloud.

Cloud computing describes a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet. The phrase also more commonly refers to network-based services such as email, which appear to be provided by real server hardware, and are in fact served up by virtual hardware, simulated by software running on one or more real machines.

The CLOUDCERT project first of all set about identifying what kind of information could be exchanged and analyzed techniques for handling sensitive information and transmission. The business models of cloud computing encourage many tiers of providers and customers within a single virtual infrastructure. Coordinating appropriate and efficient incident response without impacting continuity of operations for other customers or without violating laws and contractual agreements presents a real challenge.

The team then examined existing tools for collecting information, and identified probable security risks. Security requirements for the processing, storage and transmission of information — while preserving its integrity and confidentiality — were also identified.

From this initial work, the team was able to develop and implement an online collaborative tool that could allow agents involved in fighting cybercrime to exchange information in a secure and coordinated manner.

The project consortium is made up of Spain’s National Institute for Communication Technologies (INTECO), the National Centre for Critical Infrastructure Protection (CNPIC) of the Ministry of the Interior (Spain), Indra (Spain), ZANASI and Partners (Italy), Europe for Business (United Kingdom), and the ICSA Foundation (Italy).

The release notes that the EU has supported this project through a specific program entitled Prevention, Preparedness and Consequence Management of Terrorism and Other Security-Related Risks, which falls within the Security and Safeguarding Liberties framework program.

For more information, please visit the CLOUDCERT Web page.