Prof. Paulo Esteves Veríssimo Information Infrastructure Security and Dependability [email protected] – University of Luxembourg Inaugural lecture Open to the public – Wednesday, 15 October 2014 14h30 Weicker Building • Room B001 4 rue Alphonse Weicker L-2721 Luxembourg ICT (Information and Communication Technology) became so important in our lives that a great deal of society’s stakes is today placed on the cyber sphere. The pillars of this new environment are critical information infrastructures (CII), both classical ones (cyber-physical systems such as energy grids or telecom networks), and emerging infrastructures relying on the InternetCloud complex (finance, public administration, or e-biobanks). Their progressive convergence creates a challenging scenario: extremely large-scale and extremely complex and decentralised computer and network systems. This scenario may create enormous opportunities, but also bring about similarly extreme security and dependability risks, such as sophisticated targeted attacks, or advanced persistent threats (APT), from powerful adversaries, be it from organised crime and cyber-terrorism, cyber-hacktivism organisations or militias, or nation-state armies or agencies. We have been arguing, as well as some other colleagues, for the need of a paradigm shift that may result in a comprehensive approach to all those threats, from first principles: “architecting and designing for resilience”, which in a nutshell, means: simultaneously coping with accidental and malicious faults; providing protection in an incremental way and automatically adapting to a dynamic range of severity and persistence of threats, some of which maybe a priori unknown. This talk illustrates the problem, the fascinating research challenges it places, and some avenues for solutions, laying out the general lines that will guide the research of the CritiX group (Critical and Extreme Security and Dependability) at SnT, the Interdisciplinary Centre for Security, Reliability and Trust at the University of Luxembourg, within the strategic PEARL-FNR programme on Information Infrastructure Security and Dependability. Paulo Veríssimo is a Professor of the University of Luxembourg Faculty of Science, Technology and Communication (FSTC), since fall 2014, and head of the CritiX group (Critical and Extreme Security and Dependability) at SnT, the Interdisciplinary Centre for Security, Reliability and Trust at the same University (http://wwwen.uni.lu/snt). He is adjunct Professor of the ECE Dept., Carnegie Mellon University. Previously, he has been a Professor of the Univ. of Lisbon, member of the Board of the same university and Director of LaSIGE (http://lasige.di.fc.ul.pt). He is currently Chair of the IFIP WG 10.4 on Dependable Computing and Fault-Tolerance and vice-Chair of the Steering Committee of the IEEE/IFIP DSN conference. PJV is Fellow of the IEEE and Fellow of the ACM. He is associate editor of the Elsevier Int’l Journal on Critical Infrastructure Protection. Veríssimo is currently interested in secure and dependable distributed architectures, middleware and algorithms for: adaptability and safety of real-time networked embedded systems; and resilience of large-scale systems and critical infrastructures. He is author of over 170 peer-refereed publications and co-author of 5 books. A reception will be held after the conference.