c3l-logo-300dpi (2)

Description

Cadzow Communication Consulting Ltd is a privately owned consulting company specialising in standards development to address privacy protection and security protocols. The company is a micro-SME and is a member of ETSI (the European Telecommunications Standards Institute) in this category.

www.cadzow.com

Main tasks attributed in the project

C3L will lead activities related to the protection of privacy of users as identified in a Privacy Impact Assessment of the project and its technical and organisational elements, to the provision of reasonable security mechanisms in order to manage the risk identified from the conducting of a Threat-VulnerabilityRisk-Analysis. In addition C3L will lead an ethics board to ensure that whilst privacy and security are managed in part through technical means the ethical dimension of operation of machines alongside humans in a health environment are considered. Lastly, C3L will be involved in dissemination and exploitation activities towards the standardisation community with particular regard to ETSI.

How the profile matches with the tasks assigned and previous experience in relevant projects

C3L’s director, Mr Cadzow, has served as chairman of several technical committees within the security standardization context, is an expert on security policy and mechanisms, as well as an experienced risk analyst and penetration tester.

Risk assessment and security analysis: Performed a number of risk assessment of communications solutions, network and infrastructure, protocol specifications and radio communication solutions.

Security protocols: Developer of several security protocols for telecommunications networks. Security standards and certification: Developer and leader of the expert group addressing the role of ISO 15408 Common Criteria in standards development.

TETRA and radio communications: Prime developer and rapporteur of the TETRA security standards for the European Telecommunications Standards Institute (ETSI).
Intelligent Transport Systems and Ad-Hoc Vehicle Networks: Chair and contributor to the security work area in Intelligent Transport Systems (ITS) for the European Telecommunications Standards Institute (ETSI) covering both application and transport domains.

Identity Management (IDM): Leader of the group that introduced the Universal Communications Identifier to mobile and integrated telecommunication networks.

In addition C3L has been involved in the following EC-funded projects

• FP7 i-Tour: Within the i-Tour project C3L has been responsible for the development of the TVRA  and PIA analyses and from these development of the policy based protection measures. This is ongoing work that is developing extensions of SAML and XACML like languages for implementation of Consent Based Access Control (CBAC) and Trust Based Access Control (TBAC) models as part of a privacy by design model bounded by and secured using digital signature approaches.

• ICT-PSP i-SCOPE: As per the i-Tour project C3L has responsibility in this project for the PIA and TVRA analyses and will develop models stressing temporal and locational privacy on large geoNet databases and the applications built on them (developing extensions in this case to GityGML).

• ENISA Resilience: This project was directed through ENISA (the European Network Information Security Agency) to EU Member States on achieving resilience in critical infrastructures (i.e.
telecommunications, transport, utilities, power). It was further developed in 2010 to develop an ontology and taxonomy for resilience modeling in Member States.

• ENISA SCI: This project was directed to EU Member States to direct policy on achieving integrity and resilience of Supply Chains. The project was completed in Autumn 2012 with future work
expected on development of metrics and methods of Supply Chain assurance.

• ICT-PSP SUNSHINE: As per the i-Tour project and i-SCOPE project C3L has responsibility in this project for the PIA and TVRA analyses and will develop models stressing temporal and locational privacy on large geoNet databases and the applications built on them. In this case building PKI structures and pushing the cryptographic models to support broad based access control.

• ICT-PSP i-locate: As per previous projects, C3L has been responsible for the development of the TVRA and PIA analyses and from these development of the policy based protection measures.