Taking giant steps towards cybersecurity
Networks of Excellence such as ÉGIDA, in which the Vicomtech technology center participates, brings together capabilities to meet the current challenges of cybersecurity.
Concern about cybersecurity in the world is growing with each passing day. The number of attacks and their variety is increasing, causing a greater economic impact and even affecting the services provided to citizens. In this context, the question arises as to how society can deal with this problem. In this scenario, there are already specialized companies that try to protect the information and social values that underpin global human and economic development. They do a great job, but the numbers indicate that the work they do is not enough.
Actualmente varias propuestas tecnológicas intentan resolver estos problemas, ofreciendo sistemas de identificación federados o totalmente descentralizados. Vicomtech, centro tecnológico especializado en Artificial Intelligence, Visual Computing & Interaction, trabaja activamente en la ciberseguridad. Además, participa en La red Cervera de Excelencia EGIDA que se encarga de enfrentar colaborativamente retos tecnológicos para dar cumplimiento a la estrategia nacional. En este proyecto se tratan problemas detectados en RENIC y su trabajo se alinea con la red de competencias europea definida a partir de sus cuatro pilotos: ECHO, CONCORDIA, CYBERSEC4EUROPE y SPARTA.
The work involved is not easy. To avoid major problems, identification systems present the user with more complex mechanisms to confirm identity, but then manage that the user has not changed, making it easier not to continually ask for authentication of people throughout a work session. The tools developed from the FIWARE platform, the use of Blockchain as a mechanism to give control of identity to the users themselves, and the needs highlighted in initiatives such as GAIA-X define the security measures that are going to be needed and for which solutions are required that currently have only been tested in laboratories or pilot projects. Meeting these challenges requires the collaboration of many actors and the creation of networks of excellence that generate a multi-level working community.
Increased Threats. But what is really happening, and why so many threats? As the economic or political benefit of these illicit activities increases, the amount of technical resources they move is growing, making them one of the most active sectors of the illegal underground economy. The promise of money and the challenge of overcoming established security measures are causing cyberattackers to demonstrate more sophisticated approaches, taking advantage of the potential of new data analysis and artificial intelligence technologies, and extending their targets to industrial-type information systems that were previously less exposed. This situation forces protection systems to evolve in order to face these new types of attacks.
At present, the only technologies that are up to this level of complexity are those based on data-driven learning, and even in these cases the quantity and variability of data means that new technologies need to be developed beyond the state of the art, which is already a huge technological challenge. In addition, the constraints of embedded and real-time systems increase the difficulty of responding effectively to these new attacks. On the other side of the spectrum, another major focus of attacks is the impersonation of legitimate users through identity theft.
While it is true that in recent years systems based on biometrics or multi-factor authentication have made it possible to increase trust in the person behind the screen, the remote work resulting from the management of the pandemic has highlighted the current weaknesses of identity management on the Internet. Except in sectors such as banking or cloud services, these measures are not yet widely used. Even when they are used, their interoperability is low, forcing citizens to manage a large number of credentials or to repeat those they already know, increasing the risk of compromise in seemingly unrelated applications.