5.9 Cybersecurity
The establishment of data spaces includes higher level of awareness related to cyber security by being online resources. The DSF from 2019 described a scenario where cyber security issues were left out, leaving it to the Data Provider to handle this issue. The proposed idea was to have a completely separated network handling these resources to reduce the number of attack surfaces and block intruders. This was a simplification, and many larger organizations deal with these challenges in their internal networks every day, having global presence and thus a large, distributed networks.
Leaning on firewalls and trusted IP networks might be impossible in FDS. These services will most likely be put on the Internet which open for different types of attack surfaces:
- DoS
- Certificate spoofing
- Data leakage or theft
- Malware (to get to other systems).
The trust mechanisms for authentication and authorization require a strict implementation to ensure that only authorized users and systems can access the data. This can include two-factor authentication, secure certificate handling and monitoring, password policies, and other access controls.
Data should be encrypted both at rest and in transit to protect it from unauthorized access or interception. Encryption algorithms and protocols should be carefully selected and configured to provide a high level of security.
Data Providers should only share the minimum amount of data necessary to achieve its goals. This can help reduce the risk of data breaches or unauthorized access to sensitive data. Access to shared data should be limited based on the principle of least privilege. This means that users should only have access to the data they need to perform their job functions.
Data Providers should implement continuous monitoring and auditing of data access and usage to detect and respond to any security incidents or breaches. Both Data Providers and Consumers should have a well-defined incident response plan in place to respond to any security incidents or data breaches. The plan should include procedures for identifying, containing, and mitigating the impact of a security incident.