1 / 11

Security – a central issue of the future EU Digital Agenda

Security – a central issue of the future EU Digital Agenda. Silvia-Adriana Ticau Member of the European Parliament Service Oriented Architecture in e-Government 17 February 2010, Bruxelles. European Framework for e-Government.

velma-alexander
Télécharger la présentation

Security – a central issue of the future EU Digital Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security – a central issue of the future EU Digital Agenda Silvia-Adriana Ticau Member of the European Parliament Service Oriented Architecture in e-Government 17 February 2010, Bruxelles

  2. European Framework for e-Government • eEurope Action Plan / i2010 Initiative/e-Government Action Plan (2005) • Strategy for a secure information society – COM(2006)251 • Services Directive/Telecom package/e-Commerce and e-signature Directives • Cybercrime Convention • Council Framework Decision on attacks against information systems • Communication on Critical Information Infrastructure Protection (MARCH 2009)/ Directiveon Identification and Designation of European Critical Infrastructures (2008) • Council Resolution 2007/068/01 • ENISA –established in 2004, extended mandate until 2012 • Action Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single Market (NOV 2008) • Programs – IDABCD->ISA(Interoperability Solutions for European Public Administrations) , FP7, eSafe/SaferInternet

  3. e-Government interoperability- state of play and barriers • eGovernment – 20 basis public services (12 citizens, 8 businesses) • 5 leading Member States on full online availability and regarding online sophistication of 20 basic public e-Government services: Malta, Portugal, Sweden, Austria, Slovenia • Lack of interoperability at the national and European level between egovernment/eAdministration systems • Lack of EU PKIs’ Interoperability IDABCD studies: • Member States use • a single centralized legal framework consisting of a single e-Signature law(17) • a holistic e-Government policy implemented in a homogeneous manner throughout all affected sectors (6). • a decentralized legal base for e-signature, based on a suitable legal framework an a sector basis(2) • an ad hoc legal framework based on e-signature specifically designed for a single application(3) • Member States use different models for e-Government applications using electronic signatures: • the one-stop shop model • the common e-Signature framework model • generic CSP model (applications are planned to move to a shared service approach) • application specific CSP model.

  4. EU Digital Agenda • By end 2010 – 100% broadband coverage ( European Economic Recovery Plan) • E-Government Interoperability • Interoperability of PKIs – European Federation of Validation Authorities based on a European Validation Authority Gateway • Commission Decision 2009/767/EC - Community framework requirements on Trusted Lists for supervised/accredited CSP (issuing Qualified Certificates) • Mandate (2009) to the European Standardization Organizations to update and rationalize the European e-Signature standardization framework,including implementation guidelines • E-Procurement (50% of all public procurements until 2015) • E-invoice broadly adoppted at EU level (consultation open until 26 February 2010) • National Electronic Registers for Transport Operators (2012) • Since 2010 - a unique national point of single contact for the interaction between service providers and public authorities and the completion through electronic means and at a distance of all procedures and formalities necessary to provide a service activity in another Member State ( Services Directive) • Inteligent Transport System Directive and Action Plan • Electronic Tall Collection Directive • Energy Efficiency Directive (smart mettering) • Exhanced( new competencies) and extended (after 2012) role of ENISA

  5. Action Plan on e-signatures and e-identification COM(2008)798 • By 2ndQ 2009 – EC – Trusted List of Supervised qualified Certification Service Providers • By 2ndQ 2009 – EC – update IDABCD country profile • By 2ndQ 2009 – EC – deasibility study on European federated validation service • By 3rdQ 2009 - EC update Decision 2003/51/EC – list of generally recognized standards for e-signature products • By 3rdQ 2009 - EC – guidelines and guidance on common requirements for QES qnd AES based on QC (interoperable) • by 2010 – EC: report on further actions to facilitate the cross-border use of QES and AES based on QC • by 2010 – EC: update country profile on « e-ID Interoperability for Pan European e-Government Services » • By 2010 – EC: specific surveys on the use of e-ID in Member States • By 2012 – MS are invited to demonstrate solutions for cross-border use of e-ID in the STORK pilot project

  6. Critical Information Infrastructure Protection CIIP – COM(2009)149 • Preparedness and prevention • By 2010 – European Forum for information sharing between Member States • By 2010 – Roadmap and Plan for European Public Private Partnership for Resilience (EP3R) • By mid 2010 – establishment of EP3R • by 2011 – minimum standards for National CERTS/ incident response operations • By 2012 – well funstioning National/Governmental CERTS in all Member States • Detection and response • By 2011 – prototyping projects for European Information Sharing and Alert System (EISAS) • By 2011 – roadmap towards a European Information Sharing and Alert System • Mitigation and recovery • By 2011 – running at least one national contingency planning excercise in each Member State • By 2011 – design and run of the First pan-European excercise • By 2011 – pan-European participation in international exercises • By 2011 – doubling the number of national bodies in ECG • By 2011 – ENISA to develop reference materials to support pan-European cooperation

  7. Service Oriented Architecture in eGovernment • SOA is not a technology, but a loosely-coupled architecture designed to meet the business needs • EU - a definite trend towards the creation of a single centralized e-signature infrastructure, which allows specific applications to simply ‘plug in’ • SOA facilitates the cross-border interoperability of e-Government Systems. through a very modular architecture • SOA can help public authorties to be interconnected easily • SOA facilitates eParticipation • SOA elements in eGovernment: • Integrated, demand-driven e-government services, created from sub-services delivered by the various government organizations involved • Cross-organizational sub-services and processes, to realize integrated end-user services • A virtual shared information space • an infrastructure for exchanging information between organizations and with citizens • A federated identity management infrastructure for safely accessing this information • End-user applications with which to access all of the aforementioned

  8. Service Oriented Architecture in eGovernment • The need for a problem solving perspective - reusability of services and information/ wide-information sharing • eGovt interoperability – how data is used or exhanged by different Public Authorities, how data is presented to different users, how the system is built • Secure Web Service e-Government (Security+Web Services+eGovt applications) • In eGovernment security systems must be application independent and scalable • SOA – separation of services from their interfaces/ applications communicate through standard interfaces/ workflow eGovernment systems and the involvement of multiple service providers • SOA – conceptual architecture and layered design to enhance security mechanism in plug-in concept • EU - a definite trend towards the creation of a single centralized e-signature infrastructure, which allows specific applications to simply ‘plug in’

  9. Service Oriented Architecture in eGovernment • « pluggable » security services: auditing, access control and authorization, identification and authentication, security management (create, update, storage of users, access rights, certificates, services), criptografic services (encryption, decription, hashing) • « pre-packaged » services – user-friendly secure e-government services • Administrators should be able to select one or multiple authentication technologies without modifying application or utilities • SOA – commonly accepted interfaces, formats or communication channels • SOA layers in eGovernment: session, workflow, service and communication layers • SOA service layers: • citizen interface services (process integration, presentation) • Shared infrastructure services (Directory, Authentication, Authorization, Payment, Certification) • Individual service providers (information, subscription, adaptation, transaction, archive)

  10. Service Oriented Architecture in eGovernment • To be considered further: • Standardization ( technical and safety standards) • Competition policy • Regulation (soft policies, code of practice, standardized publishing content management, e-Authentication, e-Identification – federated solutions, use of Web services standards)

  11. Security – a central issue of the future EU Digital Agenda Thank You! silviaadriana.ticau@europarl.europa.eu TRAN and ITRE Committees STOA Panel of the European Parliament

More Related