Hosting de 3 Euro egal securitate de 3 Euro ?

Am dat si ieri pe facebook aceasta stire Massive Security Flaw Found In Most Hosting Providers. Dar vreau sa spun cateva lucruri si aici, ca un atehnic ce sunt. Stirea este despre o mare bresa de securitate in serverele sharuite, unde cineva cu un simplu cont de 2-3 euroi putea sa monitorizeze si sa fure din orice cont de pe acelasi server pentru securitate ioc. Deci imi iau eu frumos, ca un mare expert ce sunt, multe multe abonamente dastea sheruite de 2-3 euro bucata pe la firmele astea mari, ca primele firme de hosting din lume si care erau ferfenita si vad la greu tot ce vreau si fur tot ce imi place. Morala ar fi ca la hosting de 3 euro egal securitate de 3 euro. Bine, vor sari acum toti sa spune ca nu este asa, ca se poate detecta, stirea insa vorbeste despre bresa majora, mii si mii de conturi. Intrebarea este daca la abonamente de 3 euro este asa, cum este la abonamentul de 300 de euro ? o fi securitate de 300 de euro sau tot de 3 euro ?

Ce vreau sa spun este ca putem sa investim cat vrem noi in actualul concept de securitate cibernetica ca nu vom progresa satisfacator. Imbunatatim partial dar pe ansamblu capitolul de incredere este cel care nu poate fi rezolvat. Si am impresia ca atunci cand cineva vinde hosting de 3 euro sau de 3000 de euro uita sa se intrebe daca la pachet vinde si securitate la un anumit pret. Vrem sa vindem multe abonamente de 3 euro ca daia sunt de 3 euro si nu de 300, dar de cati euro vindem securitate cibernetica ? Vor fi si din cei care vor spune ca securitatea nu este prioritara pentru beneficiarii de servicii de 3 euro insa acceasi beneficiari sunt foarte sensibili cand vad ca performantele serviciului cumparat pe 3 euro scad invers proportional cu problemele de securitate.

Eu cred ca si din stire reiese ca la abonamentele ieftine de hosting trebuie sa aplici o politica de securitate mai costisitoare, asta daca esti un provider responsabil. Concluzia mea este ca actualul concept de securitate cibernetica si-a cam atins limitele, in mare toate eforturile sunt pentru a perfectiona parti si subcapitole si ar cam trebui sa schimbam paradigma de securitatea cibernetica. Sau nu ? Adica nu mai este nimic de inventat in acest domeniu ?

Securitatea cibernetica europeana

Vreau sa semnalez o decizie recenta importanta pentru politica europeana in domeniul securitatii cibernetice. In cadrul programului UE Horizon 2020  (programul dispune de 80 mild. Euro pe perioada 2014-2020), dedicat cercetarii si inovarii, au fost selectate 4 mari proiecte prin care va fi dezvoltatat conceptul pilot operational pentru viitoarea retea europeana pentru competente in domeniul secuirtatii cibernetice. Decizia contribuie si la European Cybersecurity Research & Innovation Roadmap, un obiectiv inportant al programului Horizon 2020.

Pare foarte tehnic tot ce am scris mai sus, mai simplu spus se urmareste stabilirea unui cadru comun de competente pentru orice responsabil pe domeniul securitate cibernetica din Europa. Acest obiectiv va contribui la o aplicare uniforma a bunelor practici in domeniu, la interoperabilitatea dintre tari si la stabilirea unor programe de educatie si formare cu standarde europene agreate de catre toti memebri UE.

Cele 4 proiecte sunt importante si recomand sa le urmariti.

CONCORDIA

„CONCORDIA is a four-year multi-disciplinary research and innovation project, and will play a leadership role in boosting the effectiveness of EU’s security union. The project, started in January 2019, is coordinated by the Research Institute CODE from the Bundeswehr University Munich and involves 46 partners in total.”

CONCORDIA will help Europe strengthen its security capabilities and to secure its digital society, economy and the fundamental data society’s principles for both security and privacy.
CONCORDIA adopts an inclusive approach, fostering a wide alliance spanning Europe’s research, industry and public sectors, and including key professionals from a variety of fields. By developing innovative, marketable solutions to protect Europe against cyber attacks, CONCORDIA will capitalize on Europe’s unique pool of skills and talents in the area of ICT and cybersecurity to also establish an European Education Ecosystem for Cybersecurity. The project will be a fundamental instrument for promoting excellent research, market innovation, skill building, and a research roadmap for cybersecurity in Europe. In this context, the vision of CONCORDIA is to create a community, building bridges and setting the foundations for strong cooperation between all stakeholders. The EU budget contribution is 16 M€ with a 7 M€ additional funding contributed by national authorities and industry.

ECHO

The ECHO project (European network of Cybersecurity centres and competence Hub for innovation and Operations) is one of four Pilot projects, launched by the European Commission, to establish and operate a Cybersecurity Competence Network. Amid keynote presentations from supporting representatives of EU agencies and industry, the project was officially launched at the Conference Hall of the Royal Military Academy of Belgium, on February 25th, 2019.

The ECHO project will deliver an organized and coordinated approach to strengthen proactive cyber defence in the European Union, through effective and efficient multi-sector collaboration. The project already involves 30 partners from the East to the West of Europe, and is actively engaging new partners interested to contribute to the cybersecurity resilience of the EU and in reaching the collaboration goals.
Through the project, the ECHO partners will develop, model and demonstrate a network of cybersecurity research and competence, with a centre of research and competence at the hub. While technology companies struggle with a fragmented view of security requirements across industrial sectors and fragmented national policies for security test and certification, the ECHO project will contribute an adaptive model for information sharing and collaboration among the network of partners and related agencies.

SPARTA

SPARTA is a novel Cybersecurity Competence Network, supported by the EU’s H2020 program, with the objective to develop and implement top-tier research and innovation collaborative actions.
Strongly guided by concrete challenges forming an ambitious Cybersecurity Research & Innovation Roadmap, SPARTA will setup unique collaboration means, leading the way in building transformative capabilities and forming a world-leading Cybersecurity Competence Network across the EU. From basic human needs (health) to economic activities (energy, finance, and transport) to technologies (ICT and industry) to sovereignty (eGovernment, public administration), four research and innovation programs will push the boundaries to deliver advanced solutions to cover emerging challenges.
The SPARTA consortium, led by CEA, assembles a balanced set of 44 actors from 14 EU Member States at the intersection of scientific excellence, technological innovation, and societal sciences in cybersecurity. Together, along with SPARTA Associates, they aim at re-imagining the way cybersecurity research, innovation, and training are performed in Europe across domains and expertise, from foundations to applications, in academia and industry.

CyberSec4Europe

CyberSec4Europe will align and interconnect a vast pool of research excellence in existing centres and research facilities, bringing together cybersecurity expertise in an interdisciplinary manner while developing a governance model for the future European Cybersecurity Competence Network. The 43 consortium partners will consolidate and reinforce cooperation and synergies between the research and industrial communities, including SMEs. The 42-month project will strengthen the research and innovation competence and cybersecurity capacities of Member States to meet the increasing number of cybersecurity challenges in the future.

The project has identified key demonstration cases in different industrial domains, including finance, healthcare, transportation and smart cities. These address prominent research areas in both the public and private sectors that correspond closely with real-world issues, cyber threats and security problems. Another important outcome will be the development of a cybersecurity skills framework model to be used as a reference by education providers, employers and citizens.

Lead Co-ordinator, Professor Dr. Kai Rannenberg, Goethe University Frankfurt, says: “On behalf of the CyberSec4Europe consortium of partners, we are extremely grateful to the European Commission for this opportunity to explore one of the most exciting initiatives in the area of multi-disciplinary, cross-sector cybersecurity research and innovation in Europe. We are very excited to be at the forefront of efforts to address the challenges in developing a common European approach to cybersecurity while protecting core European values such as privacy and the rights of smaller market players such as consumers and SMEs.”

The CyberSec4Europe contract starts with immediate effect and will last until July 2022 at a total cost of 16 MEUR.