1 / 14

Enhancing Security in eProcurement: Insights from Arnd Weber’s 2013 Study

This report by Arnd Weber discusses the security challenges faced in eProcurement systems, with a focus on vulnerabilities in computer systems that can lead to bid rigging and corruption. It highlights findings from the European Parliament and emphasizes the importance of reliable isolation for sensitive data. The report outlines the need for uniform technical standards and mandatory eProcurement processes while addressing the variety of systems and tools used across Europe. Key policy options and ongoing discussions are presented to enhance eGovernment procurement security.

shae
Télécharger la présentation

Enhancing Security in eProcurement: Insights from Arnd Weber’s 2013 Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Findings from the eProcurement study Arnd Weber Security of eGovernment, European Parliament, Brussels 2013

  2. Public procurement in EU • 19% of GDP • Pronetobidrigging, corruption Source: Wikimedia Arnd Weber

  3. Electronic procurement • <10% iseProcurement • Confidentialinformation, such as: • Prices • Content • Passwords Arnd Weber

  4. Case study on securityofeProcurement • Will presenttwoover-archingissues • More available in report Arnd Weber

  5. Issue 1: Vulnerabilityofcomputersystems • Attacks such as • Zero-dayattacks • Craftedattacks • Wekeeppatching • Reuters on Commissionreport: Spyware in Chinese hardware • Issue also in eHealth etc. = Not a solid foundationforeGovernment Arnd Weber

  6. Issue 1: Vulnerabilityofcomputersystems Policy option: • Requirecomputersystemswithreliableisolation • Isolate sensitive ones • Isolate riskyapplications Arnd Weber

  7. Issue 1: Vulnerabilityofcomputersystems Useofisolation: • Whatsecurityistechnicallyfeasible? • Whatisusable? • Whatiseconomic? • Howcanpolicy push forisolation? • Require exhaustive analysis? • Requireprovensystems? • Topic ofsession on „Protectingagainstattacks“ = A startof a debate on policies Arnd Weber

  8. Issue 2: Varietyofsystems & tools FlorisAmpe, http://de.slideshare.net/Nicolas_Loozen/golden-book-presentation-challenges-and-opportunities Arnd Weber

  9. Issue 2: Varietyofsystems & tools • Hundredsofplatforms • Varietyoftoolsusedforauthentication, encryption, non-repudiation • Reluctancetouseplatforms: 50% ofpublicauthoritiesrejectconceptofmandatoryeProcurement Arnd Weber

  10. Issue 2: Varietyofsystems & tools • Policy option: European lead • Processes not efficient, go back to1990ies • Trans-borderprocessesneedtobeidentified, implemented, tested, theircost-efficiency estimated, androlled-out • Topic ofafternoonsession on thevariety in „27 Member States“ Arnd Weber

  11. Thanks! Tointerviewedexperts Toco-author Christian Henrich of Forschungszentrum Informatik Arnd Weber

  12. Backup Arnd Weber

  13. DrafteProcurementDirective 896 Key content: • MakeeProcmandatory • Commissioncanimposetechnicalstandards Comments: • Considerthatbiddersubmitsdecryptionkey after submissiondeadline • Reliance on centralsystemsmayleadtorisksandcosts • Have upgrade pathifsignaturesgethacked Arnd Weber

  14. Source: PEPPOL project Arnd Weber

More Related