| Network
of Excellence |
CARiMan |
The
Internet Portal for Computer Aided Risk Management |
Responsible:
TUS
Assistance:
IPA,
PRO,
all
partners
As the wide area networked systems become more
widespread, advanced and accessible, there is a high risk of accidents, attacks, failures and malfunctions in such
systems. There is the challenge
to develop ways, approaches, algorithms,
and implementations to
identify, prevent, and presume the security flaws in networks
to limit the damage from
attacks, to decrease the range of vulnerabilities to malicious or hostile
activities, and to ensure that systems continue to provide their services in
spite of failures and injurious
human influences, intentional or not.
It is a complex scientific, technological, and
political task for nations, governments and commercial enterprises to protect
information assets and ensure that critical operations continue even if they are
under attacks. It is hard to prevent and respond to
attacks, and attackers often go unidentified. Without the activity aimed
at making wide area networks
more reliable, the operation of all critical infrastructures will remain
at risk. International efforts are
required to improve the reliability of information
systems and the computer system
security.
The need for an international forum to respond to
computer security incidents was recognised in the early 1990s and resulted in
establishing the FIRST Institution. Today, FIRST consists of more than 80
incident response and security teams (CERTs) from over 20 countries and provides
a closed forum for these teams to share experiences, exchange information
related to incidents, and to promote preventive activities.
It is
evident that the establishment of a
highly automated centre for co-ordinating supranational responses to computer
security incidents. The objective of the JPA is to develop and deploy a CER
centre for the risk assessment and management of emergency scenarios due to
attacks to networks and other potentially dangerous events. The automated CER
will collect data from intelligent agents, human observations, network traffic
and manually created warnings for generating knowledge contributing to the risk
and damage of data or loss of computer systems responsibility and reliability.