outlined by EU Agency ENISA
The EU’s cyber security Agency, ENISA, is publishing a series of new studies about the current security practices of Trust Service Providers (TSPs) and recommendations for improving cross-border trustworthiness and interoperability for the new regulated TSPs and for e-Government services using them.
Secure governmental e-services are critical for society, e.g. health, procurement, justice. Security is crucial for gaining the trust of the EU citizens on using these services. However, there are many security challenges to overcome in order to ensure their successful deployment.
The TSP study underlines that:
- A mutual assistance system between supervisory bodies in the Member States should be set up.
- Client applications need to guarantee end-to-end encrypted communication with TSPs and e-Government services in order to safeguard EU citizens’ privacy.
The e-Government document uses a few of the European Commission-funded Large Scale Pilots that integrate TSP (epSOS for health, e-CODEX for justice and PEPPOL for procurement) as case studies. These cases are used to analyse current practices and identify gaps and where improvements can be made. In this report, the Agency issues detailed technical security practices recommendations for TSP and e-Government Services using them, including time-stamping, e-delivery, long time preservation and e-signature validation.
The more general TSP reportfrom ENISA describes these services and the recommendations to improve their security in more detail.
Key recommendations identified to offer trustworthy e-Government services to EU citizens include:
The guidelines for Trust Service Providers give recommendations in the areas of legal and regulatory framework of TSPs, risk assessment for TSPs and mitigation of security incidents. The main points highlighted by the reports include:
The Executive Director of ENISA, Professor Udo Helmbrecht, stated: “It is vital for business and governments across Europe that citizens trust their online services and therefore implement the best technical e-signature solutions. These best practices need to be constantly reviewed through frequent risk analysis in order to keep up with the technical developments and overcome evolving cyber security challenges.”
For the full reports
Background: The proposed new Regulation on electronic identification and trust services for electronic transactions should supersede the current Directive 1999/93/EC.
Please contact firstname.lastname@example.org for all press inquiries.
The following files are available for download:
If you no longer wish to receive email from this sender, please clic