Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help

EU counterterrorism strategy: value added or chimera?

Europe did not wake up to terrorism on 9/11; terrorism is solidly entrenched in Europe's past. The historical characteristics of Europe's counterterrorism approach have been first, to treat terrorism as a crime to be tackled through criminal law, and second, to emphasize the need for understanding the 'root causes' of terrorism in order to be able to prevent terrorist acts. The 9/11 attacks undoubtedly brought the EU into uncharted territory, boosting existing cooperation and furthering political integration-in particular in the field of justice and home affairs, where most of Europe's counterterrorism endeavours are situated-to a degree few would have imagined some years earlier. This development towards European counterterrorism arrangements was undoubtedly event-driven and periods of inertia and confusion alternated with moments of significant organizational breakthroughs. The 2005 London attacks contributed to a major shift of emphasis in European counterterrorism thinking. Instead of an external threat, terrorism now became a home-grown phenomenon. The London bombings firmly anchored deradicalization at the heart of EU counterterrorism endeavours

Interoperability, Trust Based Information Sharing Protocol and Security: Digital Government Key Issues

Improved interoperability between public and private organizations is of key significance to make digital government newest triumphant. Digital Government interoperability, information sharing protocol and security are measured the key issue for achieving a refined stage of digital government. Flawless interoperability is essential to share the information between diverse and merely dispersed organisations in several network environments by using computer based tools. Digital government must ensure security for its information systems, including computers and networks for providing better service to the citizens. Governments around the world are increasingly revolving to information sharing and integration for solving problems in programs and policy areas. Evils of global worry such as syndrome discovery and manage, terror campaign, immigration and border control, prohibited drug trafficking, and more demand information sharing, harmonization and cooperation amid government agencies within a country and across national borders. A number of daunting challenges survive to the progress of an efficient information sharing protocol. A secure and trusted information-sharing protocol is required to enable users to interact and share information easily and perfectly across many diverse networks and databases globally.Comment: 20 page

Privacy In The Smart Grid: An Information Flow Analysis

Project Final Report prepared for CIEE and California Energy Commissio

Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD

Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings

Regulator audit framework

Summary: The framework set out in this paper provides guidance for auditing the performance of regulators in regard to the compliance costs they impose on business and other regulated entities. It complements other frameworks that are used to assess the performance of regulators in regard to their efficiency and effectiveness, and processes for ex ante assessment of the impact of proposed regulations. The framework should be applied within institutional arrangements that establish the authority, resources, and mechanisms to hold regulators to account. For audits to improve regulator performance in this regard they need to: develop an audit plan in consultation with business and other stakeholders. This document should set out how the regulator will reduce compliance costs (good practice indicators), and how their achievement of this objective will be assessed (metrics) reward good performance and sanction poor performance comply with, and report against, the high level principles for good performance be public documents, with the audit plans and reports made available on the regulator\u27s website. In order for the audits to be undertaken in an effective and efficient way they should: focus on the principles and particular areas of regulator behaviour that have the greatest effect on the cost of compliance for businesses they regulate — these will differ across regulators select good practice indicators that best reflect regulator behaviour that minimises compliance costs while still achieving the objectives of the regulation provide metrics at the highest level possible to demonstrate the satisfaction of the principle or indicator, utilising data and information from existing sources where available require auditors to \u27triangulate\u27 information in forming a view of the satisfactory achievement of a principle be included as a separate module in external audits that examine broader areas of performance of the regulator and regulation. As part of the broader system that promotes regulation reform and reduces regulatory burden, oversight is needed to: ensure that audit plans are prepared and that both plans and audit reports are published coordinate the development of audit plans and audits to minimise the costs to business of participating in the process, and prioritise resources to where the potential for improvement is greatest facilitate feedback on the quality of the regulations and need for reform publish a report card facilitating comparison of the performance of regulators and lessons on approaches that have worked well in reducing compliance costs

An Evaluation Schema for the Ethical Use of Autonomous Robotic Systems in Security Applications

We propose a multi-step evaluation schema designed to help procurement agencies and others to examine the ethical dimensions of autonomous systems to be applied in the security sector, including autonomous weapons systems