kit – university of the state of baden-wuerttemberg and german national research center of the...
TRANSCRIPT
KIT – University of the State of Baden-Wuerttemberg and German National Research Center of the Helmholtz Association www.kit.edu
COMMUNICATIONS ENGINEERING LAB, INSTITUTE FOR TECHNLOGY ASSESSMENT AND SYSTEMS ANALYSIS
INSTITUTE FOR TECHNLOGY ASSESSMENT AND SYSTEMS ANALYSIS
Findings from the eProcurement study
Arnd Weber
Security of eGovernment, European Parliament, Brussels 2013
ITAS2 Arnd Weber
Public procurement in EU
19% of GDP
Prone to bid rigging, corruption
Source: Wikimedia
ITAS3 Arnd Weber
Electronic procurement
<10% is eProcurement
Confidential information, such as:Prices
Content
Passwords
ITAS4 Arnd Weber
Case study on security of eProcurement
Will present two over-arching issues
More available in report
ITAS5 Arnd Weber
Issue 1: Vulnerability of computer systems
Attacks such asZero-day attacks
Crafted attacks
We keep patching
Reuters on Commission report: Spyware in Chinese hardware
Issue also in eHealth etc.
= Not a solid foundation for eGovernment
ITAS6 Arnd Weber
Issue 1: Vulnerability of computer systems
Policy option:
Require computer systems with reliable isolationIsolate sensitive ones
Isolate risky applications
ITAS7 Arnd Weber
Issue 1: Vulnerability of computer systems
Use of isolation:
What security is technically feasible?
What is usable?
What is economic?
How can policy push for isolation?Require exhaustive analysis?
Require proven systems?
Topic of session on „Protecting against attacks“= A start of a debate on policies
ITAS8 Arnd Weber
Floris Ampe, http://de.slideshare.net/Nicolas_Loozen/golden-book-presentation-challenges-and-opportunities
Issue 2: Variety of systems & tools
ITAS9 Arnd Weber
Issue 2: Variety of systems & tools
Hundreds of platforms
Variety of tools used for authentication, encryption, non-repudiation
Reluctance to use platforms:50% of public authorities reject concept of mandatory eProcurement
ITAS10 Arnd Weber
Issue 2: Variety of systems & tools
Policy option: European lead
Processes not efficient, go back to 1990ies
Trans-border processes need to be identified, implemented, tested, their cost-efficiency estimated, and rolled-out
Topic of afternoon session on the variety in „27 Member States“
ITAS11 Arnd Weber
Thanks!
To interviewed experts
To co-author Christian Henrich of Forschungszentrum Informatik
ITAS13 Arnd Weber
Draft eProcurement Directive 896
Key content:
Make eProc mandatory
Commission can impose technical standards
Comments:
Consider that bidder submits decryption key after submission deadline
Reliance on central systems may lead to risks and costs
Have upgrade path if signatures get hacked