Security  – a central issue of  the future  EU Digital Agenda Silvia-Adriana Ticau Member of the European Parliament Ser...
  European Framework for e-Government <ul><li>eEurope Action Plan / i2010 Initiative/e-Government Action Plan (2005) </li>...
<ul><li>eGovernment – 20 basis public services (12 citizens, 8 businesses) </li></ul><ul><li>5 leading Member States on fu...
<ul><li>By end 2010 – 100% broadband coverage ( European Economic Recovery Plan) </li></ul><ul><li>E-Government Interopera...
<ul><ul><li>By 2ndQ 2009 – EC – Trusted List of Supervised qualified Certification Service Providers </li></ul></ul><ul><u...
<ul><li>Preparedness and prevention  </li></ul><ul><ul><li>By 2010 – European Forum for information sharing between Member...
Service Oriented Architecture in  eGovernment <ul><li>SOA is not a technology, but  a loosely-coupled architecture designe...
Service Oriented Architecture in  eGovernment <ul><li>The need for a problem solving perspective  -  reusability of servic...
Service Oriented Architecture in  eGovernment <ul><li>«  pluggable » security services : auditing, access control and auth...
Service Oriented Architecture in  eGovernment <ul><li>To be considered further: </li></ul><ul><ul><li>Standardization ( te...
Security  – a central issue of  the future  EU Digital Agenda <ul><li>Thank You! </li></ul><ul><li>[email_address] </li></...
Upcoming SlideShare
Loading in …5
×

Security – a central issue of

442 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
442
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security – a central issue of

  1. 1. Security – a central issue of the future EU Digital Agenda Silvia-Adriana Ticau Member of the European Parliament Service Oriented Architecture in e-Government 17 February 2010, Bruxelles
  2. 2. European Framework for e-Government <ul><li>eEurope Action Plan / i2010 Initiative/e-Government Action Plan (2005) </li></ul><ul><li>Strategy for a secure information society – COM(2006)251 </li></ul><ul><li>Services Directive/Telecom package/e-Commerce and e-signature Directives </li></ul><ul><li>Cybercrime Convention </li></ul><ul><li>Council Framework Decision on attacks against information systems </li></ul><ul><li>Communication on Critical Information Infrastructure Protection (MARCH 2009)/ Directive on Identification and Designation of European Critical Infrastructures (2008) </li></ul><ul><li>Council Resolution 2007/068/01 </li></ul><ul><li>ENISA – established in 2004, extended mandate until 2012 </li></ul><ul><li>Action Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single Market (NOV 2008) </li></ul><ul><li>Programs – IDABCD->ISA( Interoperability Solutions for European Public Administrations) , FP7, eSafe/SaferInternet </li></ul>
  3. 3. <ul><li>eGovernment – 20 basis public services (12 citizens, 8 businesses) </li></ul><ul><li>5 leading Member States on full online availability and regarding online sophistication of 20 basic public e-Government services: Malta, Portugal, Sweden, Austria, Slovenia </li></ul><ul><li>Lack of interoperability at the national and European level between egovernment/eAdministration systems </li></ul><ul><li>Lack of EU PKIs’ Interoperability </li></ul><ul><li>IDABCD studies: </li></ul><ul><li>Member States use </li></ul><ul><ul><li>a single centralized legal framework consisting of a single e-Signature law(17) </li></ul></ul><ul><ul><li>a holistic e-Government policy implemented in a homogeneous manner throughout all affected sectors (6). </li></ul></ul><ul><ul><li>a decentralized legal base for e-signature, based on a suitable legal framework an a sector basis(2) </li></ul></ul><ul><ul><li>an ad hoc legal framework based on e-signature specifically designed for a single application(3) </li></ul></ul><ul><li>Member States use different models for e-Government applications using electronic signatures: </li></ul><ul><ul><li>the one-stop shop model </li></ul></ul><ul><ul><li>the common e-Signature framework model </li></ul></ul><ul><ul><li>generic CSP model (applications are planned to move to a shared service approach) </li></ul></ul><ul><ul><li>application specific CSP model. </li></ul></ul>e-Government interoperability- state of play and barriers
  4. 4. <ul><li>By end 2010 – 100% broadband coverage ( European Economic Recovery Plan) </li></ul><ul><li>E-Government Interoperability </li></ul><ul><li>Interoperability of PKIs – European Federation of Validation Authorities based on a European Validation Authority Gateway </li></ul><ul><ul><li>Commission Decision 2009/767/EC - Community framework requirements on Trusted Lists for supervised/accredited CSP (issuing Qualified Certificates) </li></ul></ul><ul><ul><li>Mandate (2009) to the European Standardization Organizations to update and rationalize the European e-Signature standardization framework,including implementation guidelines </li></ul></ul><ul><li>E-Procurement (50% of all public procurements until 2015) </li></ul><ul><li>E-invoice broadly adoppted at EU level (consultation open until 26 February 2010) </li></ul><ul><li>National Electronic Registers for Transport Operators (2012) </li></ul><ul><li>Since 2010 - a unique national point of single contact for the interaction between service providers and public authorities and the completion through electronic means and at a distance of all procedures and formalities necessary to provide a service activity in another Member State ( Services Directive) </li></ul><ul><li>Inteligent Transport System Directive and Action Plan </li></ul><ul><li>Electronic Tall Collection Directive </li></ul><ul><li>Energy Efficiency Directive (smart mettering) </li></ul><ul><li>Exhanced( new competencies) and extended (after 2012) role of ENISA </li></ul>EU Digital Agenda
  5. 5. <ul><ul><li>By 2ndQ 2009 – EC – Trusted List of Supervised qualified Certification Service Providers </li></ul></ul><ul><ul><li>By 2ndQ 2009 – EC – update IDABCD country profile </li></ul></ul><ul><ul><li>By 2ndQ 2009 – EC – deasibility study on European federated validation service </li></ul></ul><ul><ul><li>By 3rdQ 2009 - EC update Decision 2003/51/EC – list of generally recognized standards for e-signature products </li></ul></ul><ul><ul><li>By 3rdQ 2009 - EC – guidelines and guidance on common requirements for QES qnd AES based on QC (interoperable) </li></ul></ul><ul><ul><li>by 2010 – EC: report on further actions to facilitate the cross-border use of QES and AES based on QC </li></ul></ul><ul><ul><li>by 2010 – EC: update country profile on « e-ID Interoperability for Pan European e-Government Services » </li></ul></ul><ul><ul><li>By 2010 – EC: specific surveys on the use of e-ID in Member States </li></ul></ul><ul><ul><li>By 2012 – MS are invited to demonstrate solutions for cross-border use of e-ID in the STORK pilot project </li></ul></ul>Action Plan on e-signatures and e-identification COM(2008)798
  6. 6. <ul><li>Preparedness and prevention </li></ul><ul><ul><li>By 2010 – European Forum for information sharing between Member States </li></ul></ul><ul><ul><li>By 2010 – Roadmap and Plan for European Public Private Partnership for Resilience (EP3R) </li></ul></ul><ul><ul><li>By mid 2010 – establishment of EP3R </li></ul></ul><ul><ul><li>by 2011 – minimum standards for National CERTS/ incident response operations </li></ul></ul><ul><ul><li>By 2012 – well funstioning National/Governmental CERTS in all Member States </li></ul></ul><ul><li>Detection and response </li></ul><ul><ul><li>By 2011 – prototyping projects for European Information Sharing and Alert System (EISAS) </li></ul></ul><ul><ul><li>By 2011 – roadmap towards a European Information Sharing and Alert System </li></ul></ul><ul><li>Mitigation and recovery </li></ul><ul><ul><li>By 2011 – running at least one national contingency planning excercise in each Member State </li></ul></ul><ul><ul><li>By 2011 – design and run of the First pan-European excercise </li></ul></ul><ul><ul><li>By 2011 – pan-European participation in international exercises </li></ul></ul><ul><ul><li>By 2011 – doubling the number of national bodies in ECG </li></ul></ul><ul><ul><li>By 2011 – ENISA to develop reference materials to support pan-European cooperation </li></ul></ul>Critical Information Infrastructure Protection CIIP – COM(2009)149
  7. 7. Service Oriented Architecture in eGovernment <ul><li>SOA is not a technology, but a loosely-coupled architecture designed to meet the business needs </li></ul><ul><li>EU - a definite trend towards the creation of a single centralized e-signature infrastructure, which allows specific applications to simply ‘plug in ’ </li></ul><ul><li>SOA facilitates the cross-border interoperability of e-Government Systems. through a very modular architecture </li></ul><ul><li>SOA can help public authorties to be interconnected easily </li></ul><ul><li>SOA facilitates eParticipation </li></ul><ul><li>SOA elements in eGovernment : </li></ul><ul><ul><li>Integrated, demand-driven e-government services, created from sub-services delivered by the various government organizations involved </li></ul></ul><ul><ul><li>Cross-organizational sub-services and processes, to realize integrated end-user services </li></ul></ul><ul><ul><li>A virtual shared information space </li></ul></ul><ul><ul><li>an infrastructure for exchanging information between organizations and with citizens </li></ul></ul><ul><ul><li>A federated identity management infrastructure for safely accessing this information </li></ul></ul><ul><ul><li>End-user applications with which to access all of the aforementioned </li></ul></ul>
  8. 8. Service Oriented Architecture in eGovernment <ul><li>The need for a problem solving perspective - reusability of services and information/ wide-information sharing </li></ul><ul><li>eGovt interoperability – how data is used or exhanged by different Public Authorities, how data is presented to different users, how the system is built </li></ul><ul><li>Secure Web Service e-Government (Security+Web Services+eGovt applications) </li></ul><ul><li>In eGovernment security systems must be application independent and scalable </li></ul><ul><li>SOA – separation of services from their interfaces / applications communicate through standard interfaces / workflow eGovernment systems and the involvement of multiple service providers </li></ul><ul><li>SOA – conceptual architecture and layered design to enhance security mechanism in plug-in concept </li></ul><ul><li>EU - a definite trend towards the creation of a single centralized e-signature infrastructure , which allows specific applications to simply ‘plug in’ </li></ul>
  9. 9. Service Oriented Architecture in eGovernment <ul><li>«  pluggable » security services : auditing, access control and authorization, identification and authentication, security management (create, update, storage of users, access rights, certificates, services), criptografic services (encryption, decription, hashing) </li></ul><ul><li>«  pre-packaged » services – user-friendly secure e-government services </li></ul><ul><li>Administrators should be able to select one or multiple authentication technologies without modifying application or utilities </li></ul><ul><li>SOA – commonly accepted interfaces, formats or communication channels </li></ul><ul><li>SOA layers in eGovernment: session, workflow, service and communication layers </li></ul><ul><li>SOA service layers: </li></ul><ul><ul><li>citizen interface services (process integration, presentation) </li></ul></ul><ul><ul><li>Shared infrastructure services (Directory, Authentication, Authorization, Payment, Certification) </li></ul></ul><ul><ul><li>Individual service providers (information, subscription, adaptation, transaction, archive) </li></ul></ul>
  10. 10. Service Oriented Architecture in eGovernment <ul><li>To be considered further: </li></ul><ul><ul><li>Standardization ( technical and safety standards) </li></ul></ul><ul><ul><li>Competition policy </li></ul></ul><ul><ul><li>Regulation (soft policies, code of practice, standardized publishing content management, e-Authentication, e-Identification – federated solutions, use of Web services standards) </li></ul></ul>
  11. 11. Security – a central issue of the future EU Digital Agenda <ul><li>Thank You! </li></ul><ul><li>[email_address] </li></ul><ul><ul><ul><li>TRAN and ITRE Committees </li></ul></ul></ul><ul><ul><ul><li>STOA Panel </li></ul></ul></ul><ul><ul><ul><li>of the European Parliament </li></ul></ul></ul>

×