FORWARD Threat Report
Bok, 2009

This document is the compilation of the three threat reports that were produced independently by the three FORWARD working groups during the second phase of the project. These working groups were established after the first FORWARD workshop that was held in Goteborg, Sweden in April 2008. They are briefly described in the following paragraphs: The Malware and Fraud working group is concerned with the malware and fraud-related threats on the Internet. It covers topics that range from novel malware developments over botnets to cyber crime and Internet fraud. The Smart Environments working group is concerned with ordinary environments that have been enhanced by interconnected computer equipment. There is general expectation that a large number of small devices such as sensors and mobile phones will be interconnected. The group aims to identify emerging trends with respect to security in this domain. The Critical Systems working group focuses on critical systems whose disruption of operation can lead to significant material loss or threaten human life. It attempts to identify emerging threats in this area. For our work, we introduce the following definition of threat: Threat - Definition : A threat is any indication, circumstance, or event with the potential to cause harm to an ICT infrastructure and the assets that depend on this infrastructure. Our version is related to a variety of other definitions that exist in the literature, such as the ones provided by ISO/IEC and the EU Green Paper for Critical infrastructure protection, 2005 [20]. In both cases, a threat is described as a event, circumstance, or incident that has the potential to cause destruction or, more general, harm to the system or organization that is exposed to the threat. We adapt our definition to explicitly refer to ICT infrastructures and assets, as this is the scope of the project. However, we observe that the definition is reasonably general to accommodate a wide range of possible threats and scenarios. This is necessary to allow different working groups to identify interesting threats without being constrained by an overly narrow, initial definition. Creating a list of emerging and future threats is a challenging endeavor. The past has witnessed many stunning scientific and technical advances, and these advances have transformed society and the way people use and rely on information technology. Of course, also attackers are creative and constantly invent new ways of abusing technologies and applications for financial profit or simply because they enjoy virtual vandalism. Thus, trying to imagine potential developments is always at risk of failing to accurately predict the future. Nevertheless, it is important to actively think about the potential risks and threats that emerging technologies and their applications entail. Otherwise, one would simply concede to the adversaries and, at most, react to their new attacks. One way to think about emerging and future threats is to bring together a group of domain experts and let them enter a dialogue in which they will (hopefully) come up with a set of possible threats. This is one possible way, and in part an approach that FORWARD leverages through its working groups. However, it would be desirable to introduce a more systematic methodology to think about emerging threats. In FORWARD, we attempt to do this by introducing a number of “axes” along which developments can happen (or are currently unfolding). These axes serve as the main drivers of development in general, and allow us to set a framework in which each working group can systematically explore threats. [...]

dependable and trusted Infrastructures



Christoffer Kruegel

Magnus Almgren

Chalmers, Data- och informationsteknik, Nätverk och system

Herbert Bos

Kiril Dimitrov

Edita Djambazova

Sotiris Ioannidis

Erland Jonsson

Chalmers, Data- och informationsteknik, Nätverk och system

Engin Kirda

K Marakomihelaki

Evangelos Markatos


Data- och informationsvetenskap