Technical group

We are witnessing records amount of cyberattacks. Cybersecurity will be key to ensure the trust framework we wants for the Dataspace of Education and Skills.

Cyberattacks are now carried out by professional hackers organised in gangs. There are several types of cyber attacks to consider:

• ransomware
• Log4j
• SolarWinds
• Malware
• Emotet
• denial of service (DoS) 
• man-in-the-middle (MITM)
• Phishing
• SQL Injection
• Password Attacks

As some of the data exchanged within the dataspace may be personal data (eg learning traces), we will need to make sure those data are properly protected according to Art. 32 GDPR Security of processing. This article lists 4 actions:

• a) the pseudonymisation and encryption of personal data;
• b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
• d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

The questions we need to discuss are :

• What are the potential security issues associated to our dataspace?
• What barriers we can set up to avoid these issues?
• What are the priorities?
• What new or specific developments are required?
• How to fund these developments?