Synopsis: Security:

Report EUR 26579 EN 2014 Authors: Giuditta de Prato, Daniel Nepelski Editors: Marc Bogdanowicz, Zoe Kay Mapping the European ICT Poles of Excellence:

agriculture and food security; health and consumer protection; information society and digital agenda; safety and security including nuclear;

all supported through a crosscutting and multi-disciplinary approach. LF-NA-26579-EN-N doi:

agriculture and food security; health and consumer protection; information society and digital agenda; safety and security including nuclear;

all supported through a crosscutting and multi-disciplinary approach. LF-NA-26264-EN-N doi:

which outlines strengths, weaknesses, opportunities and threats. This frustration, importantly, may be created through comparisons with others.

'such as sustainable innovation, public health and security, KETS (7) and Digital Agenda, are much more common than others (see Table 3). Thematic objectives,

and security 192 14.7%Digital Agenda 152 11.6%Cultural and creative industries 81 6. 2%Blue growth 53 4. 1%Service innovation

45 3. 4%Smart green and integrated transport systems 31 2. 4%Resource efficiency 26 2. 0%Food security and safety 25 1

and distribution Energy production and distribution 6. 2%Digital Agenda Information and communication technologies Information and communication technologies 6%Public health and security Human health 5

There is a risk that these investments stem from political priorities, rather than from a real discovery process

A potential risk of basing priority decisions mainly on future potential is that regional and national policy makers might opt for priorities that are not backed up by local capabilities.

and quarrying Extraction of crude petroleum and natural gas Mining of coal and lignite Mining of metal ores Mining support service activities Other mining and quarrying Public administration, security and defence

office support and other business support activities Rental and leasing activities Scientific research and development Security and investigation activities Services to buildings and landscape activities Travel agency, tour operator and other

Categories and sub-categories for EU priorities Aeronautics and space Aeronautics Aeronautics and environment Bio-fuels and energy efficiency Remotely piloted aircrafts Safety and security Space Transport and logistics Blue

middle mile and backhaul ICT trust, cyber security and network security Intelligent inter-modal and sustainable urban areas (e g. smart cities) New media and easier access to cultural contents

Nature and biodiversity Biodiversity Ecotourism Nature preservation Public health and security Ageing societies Food security and safety Public health and well-being Public safety and pandemics Service innovation New

and security arrangements. They are connected typically via a fibre transport ring (regional backbone. Regional headends are responsible for the conversion of television signals into HF signals (compatible with cable networks) and for the coupling with IP signals.

and other stakeholders when taking sensible risks and trying new things. Recommendation 10 Research area Encourage research on the implementation process of ICT-ELI,

taking into account intellectual property, security and data protection issues. 131 58.0 25. Supporting research on the perspectives of various actors and stakeholders such as policy-makers, school leaders, teachers, learners, parents, IT providers, educational content providers etc. 129 58.0 26.

security and legal issues related to ICT-ELI. 130 43.1 Relevance according to four groups of participants There were no differences between the four groups of participants

Supporting research on (physical and mental health, security and legal issues related to ICT-ELI. 3. 5 Area 5:

Research reveals that organisational risk aversion, conservative cultures and excessively hierarchical arrangements constitute key barriers for scaling up ICT-ELI (Kampylis, Law, et al.,

and risk taking (73.3%).%)Changing practices (i e. developing a culture of innovation) is a long and complex process that requires, among other conditions,

and other stakeholders when taking sensible risks and trying new things. 120 73.3 32. Developing long-term strategies to advance the capacity of school leaders to adopt

and other stakeholders when taking sensible risks and trying new things, while for policy/decision makers and others it is:

and other stakeholders when taking sensible risks and trying new things. 73.3 120 21. Encouraging research on the implementation process of ICT-ELI, focusing on the possible learning gains. 72.5 131 As can be seen from the table above,

taking into account intellectual property, security and data protection issues. Encouraging research on the implementation process of ICT-ELI, focusing on the possible learning gains.

Supporting research on (physical and mental health, security and legal issues related to ICT-ELI. Promoting research on the ICT-ELI that happen at micro-level

and other stakeholders when taking sensible risks and trying new things. Promoting diversity in ICT-ELI by funding a number of pilots in different contexts and with diverse implementation strategies.

taking into account intellectual property, security and data protection issues..8 4. 6 3. 8 11.5 21.4 22.9 35.1 58.0 Supporting research on the perspectives of various actors and stakeholders such as policy-makers, school leaders, teachers

and monitoring ICT-ELI. 1. 5 5. 4 4. 6 8. 5 33.1 21.5 25.4 46.9 Supporting research on (physical and mental health, security and legal

and other stakeholders when taking sensible risks and trying new things..8. 8 5. 0 5. 8 14.2 24.2 49 49.2 73.3 Developing long-term strategies to develop the capacity of school leaders to adopt

and other stakeholders when taking sensible risks and trying new things. 6. 12 52 6. 19 27 5. 67 24 5. 88 17

agriculture and food security; health and consumer protection; information society and digital agenda; safety and security including nuclear;

all supported through a crosscutting and multi-disciplinary approach. LB-NA-26601-EN-N doi:

In addition, there needs to be clear legislation governing patient privacy and protecting the security of health information for records in electronic format.

In addition, surveys and surveillance activities collect more data from and about individuals. The key to effective patient information systems is to retain the link between the individual

This includes resource management, monitoring and evaluation, disease surveillance, and operational research (as shown in the flow diagram below).

and public health disease surveillance and reporting. Furthermore, an EMR may contain clinical applications that can act on the data contained within its repository, for example, a clinical decision support system (CDSS), a computerized provider order entry system (CPOE), a controlled medical vocabulary,

Improvements in quality have been demonstrated by increased adherence to guideline-based care, enhanced surveillance and monitoring,

Most countries have developed fairly well systems for capturing aggregate health data from clinics for use in disease surveillance and health status. However,

and disease surveillance. By understanding disease status, trends, patterns and response to interventions, resources can be allocated better.

and security guidelines developed by UNAIDS/USG Protecting the privacy and security of health information should be a high priority for all countries.

However, the subject is complex and providing necessary access as well as confidentiality can be difficult in practice.

That is why the Joint United nations Programme on HIV/AIDS (UNAIDS) and the United states Government have provided a set of guidelines for the confidentiality and security of health information (30.

data structure, data interchange, semantic content, security, pharmacy and medicines business, devices, business requirements for electronic health records,

These include information models, terminology, security, and technology for interoperability. CEN TC 251 works closely with the ISO TC 215 to develop standards as well.

and device communication as well as privacy and security issues related to patient data. Fifteen per cent of the responding countries use this standard.

since there is a risk of losing compatibility with historical data. However, if the definitions in the standards are not clear,

and privacy of patient information and security (36). Conclusions 4 54 The resolution urges Member States to consider long-term strategic plans for the development

It calls on governments to form national ehealth bodies to provide guidance in policy and strategy, data security, legal and ethical issues, interoperability, cultural and linguistic issues,

The body should include a division responsible for the governance of ehealth data interoperability standards and patient data privacy and security.

Among the components covered related to the management of patient information are data privacy, security, and interoperability.

Individual patient clinical data can be standardized using the standards already covered in this publication WHO further recognizes the important need for the development of patient health data privacy and security standards.

Guidelines on protecting the confidentiality and security of HIV information: proceedings from a workshop. Geneva, UNAIDS, 2007.31.

SMES face a competitive disadvantage compared to larger companies in the participation in public procurement due to the difficult application procedures, a lack of awareness and the greater risk of investment in SMES.

The EIF, a first link in the risk-sharing chain, shares some of the risk with financial intermediaries in the participating countries.

A high risk of lending to SMES can emerge from the uncertainty of their investments in certain knowledge-related activities,

The EIF reduces its local partner's (financial intermediary) exposure to risk, in order to stimulate the provision of debt finance to SMES at local level.

environment and risk prevention and access to transport and telecommunications services of general economic interest. http://ec. europa. eu/regional policy/thefunds/regional/index en. cfm#http

Smart specialisation is based on the premise that spreading investment too thinly across several frontier technology fields risks limiting the impact in any one area. 5. 1. 2 Potential Regional Benefits Developing

Priority Area A-Future Networks & Communications Priority Area B-Data Analytics, Management, Security & Privacy Priority Area C-Digital Platforms, Content & Applications

as well as data related to online security and cybercrime, gender and youth, and cultural and environmental aspects.

Cybersecurity readiness should be improved by 40%by 2020d Target 3. 2: Volume of redundant e-waste to be reduced by 50%by 2020 Target 3. 3:

currently mobile-broadband signal coverage is considering in determining this target. d Data being compiled by the Global Cybersecurity Index (GCI).

What is the relationship between cloud computing and big data in view of security frameworks? Which techniques are needed for data anonymization for aggregated datasets such as mobile-phone records?

How does big data impact on the regulation of privacy, copyright and intellectual property rights (IPR), transparency and digital security issues?

ICTS can make a difference in many areas covered by the MDGS, such as poverty reduction and food security (MDG 1), education (MDG 2), gender equality (MDG 3), health (MDG

With regard to MDG 4, ICTS can contribute, for example, through improved monitoring and surveillance of infants and children,

In remote and rural areas, ICTS may be the main means of communicating during an emergency or of getting urgent medical attention remotely.

One application of such mobility data is for syndromic surveillance, especially to model the spread of vector-borne22 and 187 Measuring the Information Society Report 2014 Box 5. 4:

The Cignifi business model is founded on the idea that Mobile phone usage is not random it is highly predictive of an individual consumer's lifestyle and risk.

as well as with privacy and security. Addressing such privacy and other concerns with respect to data sharing and use is critical,

and the establishment of public-private partnerships to exploit fully the potential of big data for development.

Such a collaborative early-warning and earlyaction system shows how data sharing could be considered a business risk mitigation strategy for operators in emerging markets.

Privacy and security As social scientists look towards private data sources, privacy and security concerns become paramount.

To mitigate the potential risks, all stakeholders must see tangible benefits from such data sharing. These stakeholders include not just the public and private sectors

but also, significantly, the general public, who in many cases are the primary producers of such data through their activities.

with minimal (if any) associated registration Information security imperatives have prompted increasingly governments to require registration information, even for prepaid customers (GSMA, 2013b),

Encryption, virtual private networks (VPNS), firewalls, threat monitoring and auditing are some potential technical solutions that are employed currently,

Hence, a balanced risk-based approach may be required in the context of what is under discussion here,

Where data from mobile network operators are used for syndromic surveillance, as in the case of malaria in Kenya (Wesolowski et al.,

In return, data users would be permitted to reuse personal data for novel purposes where a privacy assessment indicates minimal privacy risks.

-11-Bigdata-E. pdf. 21 Syndromic surveillance refers to the collection and analysis of health data about a clinical syndrome that has a significant impact on public health,

and security techniques are very rich. For further information, see, for example, El Emam, K. 2013). 36 Based on author interviews and conversations with operators in South Asia. 37 See, for example,

For more information, see http://en. wikipedia. org/wiki/Sector antenna. 46 A media access control (MAC) address is a unique identifier that is assigned to network interfaces mostly by a hardware manufacturer.

http://www. ictqatar. qa/en/documents/download/Qatar's%20ict%20landscape%20report%202014-Household%20and%20individuals 12. pdf. ITU (2006), Security in Telecommunications

Report 2014 ITU GSR discussion paper (2014), Big data-Opportunity or Threat. Retrieved from: http://www. itu. int/en/ITU-D/Conferences/GSR/Documents/GSR2014/Discussion%20papers%20and%20presentations%20-%20gsr14/Session3 gsr14-Discussionpaper-Bigdata

Narayanan, A. and Shmatikov, V. 2008), Robust de-anonymization of large sparse datasets. 2008 IEEE Symposium on Security and Privacy (sp 2008)( pp. 111 125.

a comparison of traditional surveillance systems with Google Flu Trends. Plos One, 6 (4), e18687. doi:

. 2011), Out of sight out of Mind-How Our Mobile Social network Changes during Migration. 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int

Using New Data to Understand Emerging Vulnerability in Real-time. UN High-level Panel (2013), A new global Partnership:

Rewards and Risks of Big data (B. Bilbao-Osorio, S. Dutta and B. Lanvin, Eds..References 220 Wesolowski, A. and Eagle, N. 2010), Parameterizing the Dynamics of Slums.

and understand risks as rapidly as new markets emerged. The opportunity for digital technologies to create new businesses is real,

to do that Resistance to new approaches this is the way we've always done it Digital Transformation threatens current power structures I will lose influence in my organization Internal politics it doesn't have the right political support Risk aversion it's not worth the risk

Another said that the pace of digital transformation demanded such speed that it is at risk of diluting employee morale.

32 2 Field of Action I-egovernment, Interoperability, Cyber security, Cloud computing, Open Data, Big data and Social media...

37 2. 2 Cyber security Information systems and networks Security...45 2. 2. 1 Introduction...45 2. 2. 2 European context...

and social exclusion-at least 20 million fewer people in or at risk of poverty and social exclusion These goals are seen as strongly interrelated

) 10toe 33.6 toe (2012) Early school leaving in%<11.3%17.3%(2013) Tertiary education in%26.7%22 8%(2013) Reduction of population at risk of poverty or social

Field of action 1-egovernment, Interoperability, Cyber security, Cloud computing, Open Data, Big data and Social media increase efficiency

All strategies (including the Digital Agenda for Romania) will be reviewed after the Government Enterprise Architecture initiative that will take place in Romania according to Appendix 5 Implementation Methodology Field of Action 1. 2 Cyber security Romania

's Cyber security Strategy Field of Action 1. 5 Open Data National Anticorruption Strategy 2014 2016 Field of Action 2. 2 ICT in Health Romania

& Security increases the trust of web users in electronic services and online transactions in order to boost consumption of ICT services 4. Pillar IV Fast and ultra-fast Internet access targets investments

Field of action Objective Digital Agenda for Europe Pillars Europe 2020 Target Support DAE 2020 Target Support 1. egovernment, Interoperability, Cyber security, Cloud computing

using egovernment Returning completed forms Key cross-border public 1. 2. Raising cyber security networks and systems III-Trust and security Page 10 of 170 In order to reach the goal to reform the way how the government works,

shares information, engages citizens and delivers services to external and internal clients for the benefit of both government and the clients that they serve 1. 3. Increasing access to digitized public services VI-Enhancing digital literacy, skills and inclusion services,

of action Lines of action Entities responsible for implementation Indicators Field of action 1 egovernment, Interoperability, Cyber security, Cloud computing, Open Data,

and operationalization of the national cyber security system Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior Cyber security#of cyberattacks/threats registered by the Government on private

To be defined based on Appendix 5 Methodology IT Spending for Security Target: To be defined based on Appendix 5 Methodology#of training programs regarding cyber security Target:

To be defined based on Appendix 5 Methodology Improve legislation Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior Strengthening the partnership between public & private

sector Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior Data base Consolidation of Knowledge Operative Council for Cyber security (COSC)( responsible

) All Ministries offering public services Ministry of Interior Boost the Research & development capabilities in cyber security Operative Council for Cyber security (COSC)( responsible) Page 15 of 170 All Ministries

offering public services Ministry of Interior Cyber security Infrastructure Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior CERT-RO Operative

Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior Implementing security standards Operative Council for Cyber security (COSC)( responsible) All Ministries

offering public services Ministry of Interior Inter-institutional cooperation Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior Development of public

awareness programs in public administration and the private sector Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Development of educational programs Operative Council for Cyber security (COSC)( responsible) All Ministries

offering Page 16 of 170 public services Training Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Concluding agreements of international cooperation for improving the response

capacity in the event of major cyber attacks Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior Participation in international programs

and exercises in the cyber security field Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior Promote the

national security interests in the international cooperation formats in which Romania is a member Operative Council for Cyber security (COSC)( responsible) All Ministries offering public services Ministry of Interior Consolidation of the Acquisition Process for the Public Institutions IT Infrastructure Ministry

for Information Society (responsible) All Ministries offering public services Cloud computing, Data Management and Social media#of applications performed based on Governmental Cloud Target:

at least 2 per county by 2020#of applications performed based on Big data. Unique Point of Contact or Single Sign on Ministry for Information Society (responsible) All Ministries offering public services Procure

which is responsible with the cybernetic security in Romania, and the European Cybercrime Centre, within Europol (center instituted in 2013, at European level).

Ministry for Information Society (responsible) Ministry of Economy (support) Ministry of Public Finances (support) Ministry of Labor (support) Promotion of the competitiveness clusters and of the employees'specialization in this field especially in the excellence centers:

an investment should improve at least the security of a public service). All initiatives should describe tangible and quantifiable outcomes that can be measured

and monitoring its implementation in a timely manner 5. Protect security and privacy Ensuring a trusting environment for public services is crucial for a fast adoption of these in an online environment.

A small security flaw in one service can have a detrimental effect on the perceived benefits of all others services

All investments will take all the appropriate measures for ensuring security for services, data, and processes.

Security should cover all aspects of a service (financial security, operational security, transactional security. Security should not compromise usability of a service (for example entities should not impose a nonstandard way for authentication, registration, authorization;

entities should not issue a different token/card than the one marked as standard by the Romanian Government) 6. Encourage transparency and openness What,

and the sustainability and adequacy of Field of action 1 Field of action 4 Page 29 of 170 Issue Rationale Field of Action to Support the pension system is at medium risk

employment information availability, enhance social program efficiency to reduce the risk of poverty Field of action 1 Field of action 2 Field of action 4 Implementation Of The Precautionary Programme

31 of 170 The Digital Agenda Roadmap for the implementation of strategic initiatives Field of Action Iegovernment, Interoperability, Cyber security, Cloud computing, Open Data, Big data and Social Mediafield of Action

structures for ICTPROMOTE and implement better standardspromote and implement transparency and opennessdefine the National Interoperability Frameworkprepare E-Identityunique Portalbuild sustainable initiativesestablish the National Cyber security Systemboost R&d

X x X Page 34 of 170 2 FIELD OF ACTION I-EGOVERNMENT, INTEROPERABILITY, CYBER SECURITY, CLOUD COMPUTING, OPEN DATA

including the institutions directly involved in issues related to data security. All public bodies will adhere to this Line Action Portal (Operational) Implementation of the web portals goes through stages;

(which involves the implementation of new functionalities brought by SEAP All public bodies will adhere to this Line Action Implement a decommissioning model (Enabler) A decommission model will be implemented to safe guard against spending public funds for systems

All public bodies will adhere to this Line Action 2. 2 CYBER SECURITY INFORMATION SYSTEMS AND NETWORKS SECURITY 2. 2. 1 Introduction Preamble Trust and security in public services is national priority for the Romanian government

and is the underlying requirement for electronic infrastructure of data networks, electronic services and communications.

Thus, some of the incidents were identified as the main cause of the lack of consistent security policies to protect data that is collected,

Cyber security Definition Cyber security is defined as"the state of normality that results after provisioning proactive and reactive measures that ensure confidentiality, integrity, availability, authenticity and non-repudiation of electronic information, of private and public resources and services in the cybernetic environment.

These reactive and proactive measures can include policies, concepts, standards, security guides, risk management, training and awareness activities,

for border security and resilience of critical information and communications infrastructure by stimulating and supporting the development of national and multinational capabilities in this area.

At the beginning of 2013, published a proposal on European Cyber security Strategy was published, for a directive concerning measures to ensure a high common level of network and information security across the Union.

A new Cyber security Strategy was developed by the European commission which comprises internal market, justice and home affairs and foreign policy angles of the cyberspace issues.

The Strategy is accompanied by the technical legislative proposal by the European commission's Directorate General Connect to strengthen the security of information systems in the EU

and is comprised of 4 major priorities: 2 http://www. cert-ro. eu/files/doc/Strategiadesecuritateciberneticaaromaniei. pdf Page 46 of 170 Freedom and openness The laws, norms and EU's core values

Developing cyber security capacity building Fostering international cooperation in cyberspace issues To respond to EU cyber strategy,

to address cyber security in a comprehensive manner, the activity should be spread over three sub-key pillars-NIS network

and information security law enforcement defense, sub-pillars that already operate in various institutions in Romania horizontally and vertically as in the following scheme:

European commission Strategy http://ec. europa. eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedom-and-opportunity-cybersecurity In its Pillar III

"Security and Trust, "the Digital Agenda for Europe defines a series of cyber security initiatives at European level to ensure cyber security incident response capabilities and the protection of personal data.

In this context, the responsibility of the national cyber infrastructure protection, whose compromise would undermine national security

or prejudice the Romanian state, is equal to all institutions and companies that own such facilities,

primarily the state institutions constituting the Cyber security Operations Council in accordance with the Cyber security Strategy of Romania.

In order to achieve a strengthened network and information security policy cooperation is needed between EU governments, public institutions and private companies to improve the exchange of information

and to ensure that security issues will be addressed effectively and solved. ENISA will provide the exchange and collaboration.

A real-time response to threats is required, implementing and improving the CERT network in Europe, including the European institutions.

In fighting against cyberattacks on the information systems Member States must amend the existing criminal law on attacks against information systems.

The main purpose is to provide greater authority to the European legislation on cybercrime. The initiative will improve the security of citizens and businesses,

and it is expected to have a positive effect on companies, as information systems repair costs are very high.

and information gathering on Page 47 of 170 cyber security incidents either in an automated manner or secured through direct communication as appropriate.

analyze and classify security incidents in the cyber infrastructure, as per the area of competence.

CERT-RO will develop proposals to amend the legislative framework to foster the development of cyber security infrastructure that provides public utility functionality or information society services.

To achieve a European platform on cybercrime, Europol in cooperation with the European commission has called for the integration of all relevant EU platforms in only one.

and storing information about cyberattacks. It will be the major element in the European Centre Cybercrime. At the national level it will be carried out the analysis and optimization of existing security platforms,

eventually merging and consolidating their national platform and access to Europol and staff training in fighting against cybercrime.

The implementation, monitoring and interconnection between the European and national platforms will be achieved. In order to intensify the fight against cybercrime at international and European level it will be enhanced the cooperation between EU Member States in the fight against cyberattacks.

In this respect, in the EU we will need to create a European forum for discussion between the national government to integrate risk management

and to create a public-private partnership. Regarding the transatlantic cooperation it is necessary to improve the EU-US relations for the application of the European commission's cyber security plan

and to have an ongoing dialogue and exchange of information with the U s. In this matter, at national level,

we will consider implementing processes of security risk management in the public administration. At the same time, we will aim at enhancing consultations with similar bodies in the EU and U s,

. and at exchanging specialists with the U s. and other EU countries for 1-2 years,

and their active involvement when they return home. 2. 2. 3 National context Cyber security Approach in Romania Risks of cyber incidents occurrence are caused by human or procedural reasons.

Thus, some of the incidents were identified as the main cause of the lack of consistent security policies to protect data that are taken,

A positive development in the field of cyber security is the setting up of CERT-RO (http://www. cert-ro. eu),

Romania's cyber security strategy adopted by Decision no. 271/2013 sets out the objectives, principles and main directions of action for understanding, preventing

and deterring threats, vulnerabilities and cyber security risks and promotes Romania's interests, values and national objectives in cyberspace.

The strategy and action plan aim at setting targets for cyber security and lines of action for the coming years.

The Romanian approach is aligned to the guidelines proposed by the European commission in the Digital Agenda and its Pillar III-Trust and Security as well as to the progress of other European union Member States.

The topic"Network Information security"is a real priority of both the European commission and national structures.

Raising cybersecurity awareness issues such as viruses and malware, how to use passwords, social engineering-blogging,

how to use your computer at home, how to use"social media, "how to work Page 48 of 170 outside the office,

The National Cyber security System (NSCC) is the general framework for cooperation that brings together public authorities and institutions with responsibilities and capabilities in the field,

in order to coordinate national actions for cyberspace security, including the cooperation with academia and business trade associations and nongovernmental organizations-NGOS.

The National Center for Response to Cyber security Incidents-CERT-RO is a structure of expertise and research and development in the cyber infrastructure protection, under the coordination of the Ministry for Information Society,

analyze, identify and respond to cyber security incidents of information systems. Developing cooperation between the public and private sectors in order to ensure cyber security represents a priority for action at the national level,

given that cyberspace include cyber infrastructure owned and managed by both the State and private entities.

institutions within the National Cyber security System creates, at the level of public institutions, the technical and operational framework in order to ensure interoperability between computer security components

in order to protect the cyber infrastructure within the public and increase the availability and level of confidence in the specialized public services provided to citizens, businesses and government.

Romanian Indicators pertaining to Cyber security According to a Eurostat survey on ICT3 usage by individuals and households:

or online banking 33%of Romanian users are concerned about misuse of the their personal information online 37%of Romanian users are concerned about security related aspects of online payments. 2. 2. 4

Strategic Lines of Development Strategic Lines of Development for Cyber security in Romania Strategic Lines of Development Lines of Actions Description Establishing the necessary conceptual and organizational framework for cyber security Establishing

and operationalization of the national cyber security system (Strategic) Setting up the platform for cooperation and harmonization of the existing CERT capabilities at national level that should capitalize the tools,

will work to strengthen expertise in cyber risk, by fostering synergies between different action plans on cyber security (military and civil, public-private, government, non-government;

Operative Council for Cyber security (COSC) 3 http://ec. europa. eu/public opinion/archives/ebs/ebs 404 en. pdf Page 49 of 170 Improve legislation (Enabler) Completing

including the establishment and enforcement of minimum national security requirements in cyber infrastructure Responsible: Operative Council for Cyber security (COSC) Strengthening the partnership between public & private sector (Operational) Developing cooperation between the public and private sectors, including by fostering the exchange of information on threats, vulnerabilities, risks,

and those related to cyber incidents and attacks Responsible: Operative Council for Cyber security (COSC) Developing national capacities for risk management in cyber security and cyber incident response under a national program Construction of Data base with relevant information (Operational) Consolidating, at the level of the competent

authorities, the potential for knowledge, prevention and counteracting of threats and minimizing risks related to the use of cyberspace Responsible:

Operative Council for Cyber security (COSC) Boost the Research & development capabilities in cyber security (Enabler) Fostering national R & D capabilities and innovation in cyber security Responsible:

Operative Council for Cyber security (COSC) Cyber security Infrastructure (Enabler) Increasing the resilience of cyber infrastructure Responsible:

Operative Council for Cyber security (COSC) CERT-RO (Strategic) Developing CERT entities, in both public sector and private sector Responsible:

Operative Council for Cyber security (COSC) Implementing security standards (Strategic) Increase cyber security by reducing vulnerabilities and implement minimum procedural and security standards for cyber public and private infrastructures Responsible:

Operative Council for Page 50 of 170 Cyber security (COSC) Inter-institutional cooperation (Operational) Coordination of inter-institutional response in case of cyber security incidents Responsible:

Operative Council for Cyber security (COSC) Promoting and consolidating the security culture in cyber field Development of public awareness programs in public administration

and the private sector (Operational) Development of public awareness programs related with threats, vulnerabilities and risks of using cyberspace Responsible:

Operative Council for Cyber security (COSC) Development of educational programs (Enabler) Educational programs in the forms of compulsory education on the safe use of the Internet and computing equipment Responsible:

Operative Council for Cyber security (COSC) Training (Operational) Appropriate training to people working in cyber security and promoting widespread professional certifications in the field Responsible:

Operative Council for Cyber security (COSC) Developing international cooperation in the field of cyber security Concluding agreements of international cooperation for improving the response capacity in the event of major cyber attacks (Strategic) Responsible:

Operative Council for Cyber security (COSC) Participation in international programs and exercises in the cyber security field (Operational) Responsible:

Operative Council for Cyber security (COSC) Promote the national security interests in the international cooperation formats in

which Romania is a member (Enabler) Responsible: Operative Council for Cyber security (COSC) Page 51 of 170 2. 3 CLOUD COMPUTING 2. 3. 1 Introduction Preamble Cloud computing is offering several potential benefits to public bodies,

including scalability, elasticity, high performance, resilience and security together with cost efficiency. Understanding and managing risks related to the adoption

and integration of cloud computing capabilities into public bodies is a key challenge. Effectively managing the security

and resilience issues related to cloud computing capabilities is prompting many public bodies to innovate, and some cases to rethink, their processes for assessing risk

and making informed decisions related to this new service delivering model. Currently a range of issues faced by public authorities in terms of managing the infrastructure of informational systems entails a careful analysis of the organization strategy.

Among these, some of the more important issues are: IT infrastructures existing on the level of different governmental organizations have problems of scalability, effectiveness of costs,

and are updated often not to the current standards Updating technical skills for the staff serving applications in different governmental organizations becomes a less efficient process due to heterogeneous and/or old technology,

not complying with standards, insulation of IT infrastructure and people in different institutions, etc. Heterogeneous security solutions which reflect in greater security risk Granular purchase of hardware

and software solutions does not provide transparency on governmental level. Cloud computing can address all these issues by:

Enabling rapid and cost-effective procurement of information systems/services for all state agencies Eliminating the duplication of effort Reducing risk management costs Cloud computing Definition Cloud computing relies on sharing of resources to achieve coherence and economies of scale

, over a network. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. 2. 3. 2 European context On European level,

Similarly, the pattern of infrastructure proposed allows the use by all public institutions of common elements of IT infrastructure such as the courier services, the collaboration platforms, the data connections, the security platforms (on the level of data centers.

or the size of data centers will be the centralization within a sole data center with a high level of availability, security, redundancy for protection in case of disasters, protection to data loss, etc.

decommissioning of redundant services and purchase of"green"systems with regards to energy consumption Increase of security on the level of data center by implementation of up-to-date, standard and proved security solutions.

in the absence of financial resources for advertising and communication, have higher risks of becoming insolvent o Enabling the SME's to:

and overcome national challenges (such as rising health care costs, job creation, natural disasters and nationals security). At the European level, the improvement of the analytics and data processing, especially Big data, will allow to:

-Culture-ecommerce-Security (Enabler) produce and require massive amounts of data, often unstructured and increasingly in real-time The benefits of leveraging Big data concepts include:

Personal lifestyle and environmental impact factors are the most significant risk factors influencing health status. ICT ehealth Definition ehealth is a relatively recent term for healthcare practice supported by electronic processes and communication.

decreasing the risk of fraud and preventing inappropriate medication (electronic prescription). Responsible: Ministry of Health with support from Ministry for Information Society Effective management of information generated by the IT system Analysis of a significant volume of data generated in the healthcare informatics systems

in the field of Social welfare, employment, education, health, information and communications, mobility, security, justice and culture,

National Indicators pertaining to einclusion In 201110,40. 3%of the Romanian population was facing the risk poverty

%)To a total of 8. 63 million people at risk of poverty or social exclusion in 2011,4. 74 million people were facing the risk of poverty.%

Ministry for Information Society The main informatics risks and threats can be classified based on several criteria.

So, a first criterion highlights the risks and the threats related to the following: Data integrity intended alteration of the stored data

All the risks and threats mentioned above represent critical situations which can affect in a first instance citizen trust in the utilization of the electronic commerce systems.

Improvement of communication and collaboration between CERT-RO, the institution which is responsible with the cybernetic security in Romania,

and the European Cybercrime Centre, within Europol (center instituted in 2013, at European level).(Operational) Responsible:

major operation failures, security incidents, operations & maintenance. Financial monitoring and Claw-back mechanisms The Entrustment Act will mandatory include provisions concerning the effective modality to calculate the level of compensation,

which plays the role of a general coordinator of the ICT strategies at governmental level The establishment of CERT-RO with respect to the cybernetic security The existence of certain developed strategies with respect to the cybernetic security

investment programmes with a unitary vision in the public sector The lack of coordination with respect to adequate security measures The lack of a long term strategy for the training of the ICT personnel in the public sector The absence of an electronic authentication system

and software does not provide transparency at governmental level Opportunities Threats and constraints The development of an infrastructure for the egovernment of the public services The increase of the public services utilisation degree which are available in the online media The preparation of the coordinated implementation of intra-communitarian projects,

or the achievement of the proposed objectives The activities of the organised groups for criminal informatics The absence of the population's trust in the cybernetic security of the online systems Our conclusion after the SWOT analysis is that the following measures will remediate

and for the improvement of cybernetic security Support for the use of open sources and standards for future facilitation and assurance of interoperability of the informatics systems Introducing technologies such as Cloud computing

The existence of very few e-learning projects dedicated to the adult population The lack of a coherent approach for the continuous formation also during the adult life Opportunities Threats and constraints National and international financing

availability of the medical practitioners'with increased ICT competencies Opportunities Threats and constraints The development of the informatics infrastructure in Romania

and support of the development of digital competencies among the users The degree of provision of the cultural institutions with ICT equipment Opportunities Threats and constraints

by the clients The impossibility to establish the quality of the purchased product prior to its physical delivery Increased costs with the product shipment/delivery Opportunities Threats

which are not available at national level The security of information, low confidence of a certain part of the citizens The continuous change of the environment and of the legal framework and the absence of a consistent development strategy in this field

and technological transfer The fragmentation of the Romanian research system the existence of an increased number of research institutes specialised on different fields of activity Page 133 of 170 Opportunities Threats

Opportunities Threats and constraints RONET project laying backhaul will harmoniously complete the NGN developments into an overall NGN Plan for Romania;

depending on needs 2. Applying for funding 3. Evidence of ability to pay back the amount borrowed-securities 4. Client authenticity is verified by the bank 5. Decision 5. 1 Approval,

stating that it wants to complete the real personal securities with the guarantee fund in order to grant the loan 2. If the loan application meets its conditions own financing,

the Bank requests the Fund to grant the security (standard/cap amount) Medium Terminating a business Bankruptcy 2013-27.145 insolvency Page 139 of 170 proceedings

Public Finance Ministry of Public education Ministry of European Funds Romanian Intelligence service National Authority for Public Acquisitions Regulation and Monitoring Tactical Level Operational Level Indicators

in order to assess the feasibility of the initiative Adherence to National Strategy of the Digital Agenda and Guiding Principles and Ministry Strategy Adherence to National Standards (security, interoperability,

along with a list of risks and mitigation actions Evaluate This phase will assess the effectiveness of an initiative and its efficiency during and after implementation.

Page 158 of 170 C5-Be safe The services should protect all the information provided by the Public security should cover all the requirements for safety, privacy, confidentiality,

Ministry of Agriculture Intermediary body for Information Society Promotion Competition Council National Registrar of Companies Ministry of Justice National Centre for Response on Cybernetic Security Incidents

indirect indirect#of cyberattacks/threats registered by the Government on private data indirect indirect indirect direct direct direct direct direct indirect direct direct Achieve a Cluster 3 rating for Maturity based on EU

indirect indirect direct direct direct direct direct direct direct IT Spending for Security indirect indirect indirect direct indirect indirect direct indirect indirect direct direct#of training programs regarding cyber security indirect

< Back - Next >

Overtext Web Module V3.0 Alpha
Copyright Semantic-Knowledge, 1994-2011