The goal of Task 3.9 Continuous Scouting is to explore emerging technologies, new trends, and threats in the cybersecurity field. These investigations are intended both as food for thought for the use case owners in the CyberSec4Europe project and as an insight into the future for academics and technical people.
This page describes the primary areas that were investigated by this Task.
Being continuously updated and aware of new cybersecurity technologies, trends and issues is a critical aspect that both industries and academics should pay attention to. Due to the ever-changing quality of technology, it is crucial to be constantly updated against new types of threats. On this page, we report several investigations on recent trends, technologies, and attacks that we consider will significantly affect the near future.
Due to its ubiquitous nature, software dominates several aspects of our daily lives. Writing secure and resilient software has become a necessity that not all industries welcome. First, writing high-quality, secure software requires highly trained and expert developers or specialized (and costly) hardware support. Second, this process frequently needs several assessment rounds, thus significantly increasing a product's time to market. To help human beings in this process, researchers have started to investigate several automatic or semiautomatic approaches in the last few years.
- Machine-learning-based techniques can be used to automatically locate protected regions, even in stripped binaries.
- Symbolic and concolic execution techniques can help fasten the security assessment of an application but can also aid attackers in their goals of deobfuscation and protection removal.
- Model-checking techniques are powerful tools for estimating, with an arbitrary degree of accuracy, the likelihood and time window between the exploitation of software vulnerabilities.
- The TPM (Trusted Platform Module) is a promising technology, but it still needs to be improved since it has a heavy toll on the performance of a machine, and it is susceptible to many new side-channel attacks.
- TEE (Trust Execution Environment) technologies are pivotal for implementing hardware-based security in emerging execution environments (e.g., IoT, cloud, and edge computing); in this context, the Keystone framework promises a more flexible approach regarding the design and the adaptation of TEE in specific case scenarios.
We are more interconnected than ever, thanks to the revolution of cloud technologies and IoT devices that have taken place in the last few years. We use the Internet daily, and we transmit precious and sensitive data through third-party servers and devices. In this context, securely sharing this massive load of information requires protection against a variety of increasingly complex distributed attacks and to be treated in a privacy-preserving manner to avoid disclosing personal data.
- IDSes (Intrusion Detection Systems), WAFs (Web Application Firewalls), and anti-viruses will most likely benefit from using machine and deep learning approaches to accurately detect new types of complex attacks and handle more securely Internet-of-Things devices.
- Machine learning implementations will need to evolve to be better compliant with the GDPR, and several techniques are promising in this context, such as federated learning and explainable machine learning.
- Many advanced machine learning models are vulnerable to adversarial attacks, and a call for action is needed to consider the evolving nature, likelihood, criticality, and impact of such threats.
- In the future, we can expect more automated phishing and AI-supported social engineering calls since machine learning techniques only lead to an increased quality of the attacks and reduce the effort for the attacker.
- Deep learning and GANs (Generative Adversarial Networks) are powerful approaches to detect network anomalies; however, care must be taken since they may exhibit poor performances when deployed in real-world environments since the training data used in the learning phase could significantly differ from the test ones.
- Research efforts are still needed to devise privacy notices that are more intuitive to consumers so that these notices are more likely to be read and understood.
- Intelligently redistributing the filtering rules throughout a network's available firewalls can help protect the network's availability in case of surges in traffic loads.
5G is the current leading mobile technology. The potential of the 5G service, as well as the multiple applications that it can offer, are strategic enough to pose a medium-term scenario in which the European Union and member states can go from being in tow to leading the adoption of this technology, as well as the models of smart cities of the future. 6G, on the other hand, is the evolution of 5G. It is expected that 6G will radically depart from traditional wireless mobile communication, maximizing the synergy between AI and mobile networks. Furthermore, the introduction of 6G will shift to a radio-optical system taking advantage of both electronic and photonic technologies.
- There are several well-known cybersecurity certification schemes, but none explicitly considers 5G: a certification scheme that could help recognize the cybersecurity level of 5G systems is still needed.
- User authentication is still an open challenge in 5G systems for various reasons: the adoption of a unified authentication architecture will create a "world of 5G" where everything is connected safely.
- The idea of 6G as a supercomputer-like network can be realized in the next few years by coupling the extra high bandwidth of 6G communications with resource-hungry approaches such as machine learning and blockchain technologies.
- A significant effort in defining new security standards for ensuring the safety of 6G networks is still needed.
There is no doubt that the cybersecurity field is influencing our society deeper than from a mere technical perspective. Information theft, ransomware, and social engineering constantly threaten industries and our personal devices. Cybercrime has already started to invade our homes and our most private data years ago. This invasion has begun to shape how we think and can (legally) react to this new type of crime. In this regard, various countries have started to create ad-hoc laws to defend their citizens against cybercrime. Companies nowadays include security policies in their governance models and train their personnel accordingly.
- Cyberspace is not among the fields of warfare traditionally considered by international law, and there is uncertainty over the application of the principles determining the legality of conventional weapons to cyber (autonomous) weapons.
- CyberSec4Europe envisions the introduction of CHECK (Community Hubs of Expertise in Cybersecurity Knowledge), an approach for governance foundations for the European cybersecurity community, into a future form of regulation.
- Artificial intelligence and machine learning methods can be very effective means to automate various crucial activities of cybersecurity awareness training by delivering the right content to the right audience at the right time in the right way.
- There is still a strong need to improve the European cybersecurity ecosystem and its regulations, and handling stakeholders outside of the European Union still needs to be addressed.
1 - D. Canavese, “D3.10 Cybersecurity outlook 1,” CyberSec4Europe, 2020.
2 - D. Canavese, “D3.23 Cybersecurity outlook 2,” CyberSec4Europe, 2022.