ICT-Innovation How digital sovereignty and it-security can help - - PowerPoint PPT Presentation

ict innovation
SMART_READER_LITE
LIVE PREVIEW

ICT-Innovation How digital sovereignty and it-security can help - - PowerPoint PPT Presentation

Apr 03, 2023 272 likes •536 views

ICT-Innovation How digital sovereignty and it-security can help pushing Europe forward Prof. Reinhard POSCH reinhard.posch@cio.gv.at DIGIT GITAL AL SO SOVERE EREIG IGNTY NTY HOW IS S IT EN ENDAGE GERED RED juri risdi sdiction

slide-1
SLIDE 1

ICT-Innovation

How digital sovereignty and it-security can help pushing Europe forward

  • Prof. Reinhard POSCH

reinhard.posch@cio.gv.at

slide-2
SLIDE 2
slide-3
SLIDE 3

DIGIT GITAL AL SO SOVERE EREIG IGNTY NTY – HOW IS S IT EN ENDAGE GERED RED juri risdi sdiction ction awar are e IT and d communica unication tion switc tching ing mobile le connections nections – floating ting cros

  • ss

s jurisdiction isdiction to redu duce ce cost push h noti tifica ication tion – always s on a leash sh cloud ud stor

  • rage

e – do we have e to fear ar about ut IPR docume cument nt colla labor boration tion – in the e cloud ud as you type certif tific icates tes and upda dates tes – who

  • contr

trols s what t you use DEMOCRA OCRATIC TIC MODE ODEL L – GO GOVERA ERANCE NCE BY HUGE GE COM OMPANIES ANIES

slide-4
SLIDE 4

SA SAFE FE HA HARB RBOR OR SAFE HARB RBOR OR

slide-5
SLIDE 5

EID

ID – SECURITY – MOBILE DEVICES

DIGITAL:AUSTRIA

storage documents - collaboration WEB SERVICES

security services

Tablet Handy Laptop PC ... identification signature encryption

CLOUD

  • future
  • challenge

eID ID – BASIS IS OF SOVEREIG IGNT NTY

slide-6
SLIDE 6

DIGITAL:AUSTRIA

BIG PLAYER IN THE CLOUD – EU LEGISLATION

  • eIDaS assigns control on electronic identity and

supervision to member states not to cloud provider

  • technical and legal schemes with big PUBLIC

CLOUDs need adjustments to comply with technical and legal requirements

CLOUD

slide-7
SLIDE 7

no se securit ity wit ithout id identit ity

DIGITAL:AUSTRIA

 before defending interests we need to know and identify the partners

  • multi factor identification
  • crypto based identification
  • robust against replay
  • simple for users
  • broad acceptance
slide-8
SLIDE 8

STORK – the root of f EU eID ID

DIGITAL:AUSTRIA

  • assuming minimum security
  • mutual recognition – technology, legal
  • Interoperability – protocol
  • for administration and private sector

model for eIDaS

slide-9
SLIDE 9

NO O SECURITY RITY WITHOUT THOUT HRDWAR WARE NO O SO SOVEREI EREIGNTY GNTY W/O O HW W SU SUPP PPOR ORT

slide-10
SLIDE 10

DIGITAL:AUSTRIA

BASIC NEEDS MUST NOT FADE AWAY WITH CLOUD

  • user and services need to know about jurisdictions for

data in rest and in transit

 NOT YET EVIDENT IN PRACTICAL SITUATIONS

  • user and services need to make sure that they are the
  • nly ones having access to content

 IMPORTANCE BECAME EVIDENT ALONG WITH RECENT SITUATIONS

  • law enforcement and interception may be needed on

a national level

 STILL UNSOLVED AND HARDLY EVER DISCUSSED FOR GOVERNMENT DATA CROSS BORDER

slide-11
SLIDE 11

DIGITAL:AUSTRIA

JURISDICTION MATTERS WITH LIABILITY

  • users need to keep control and possibly choice
  • relevant jurisdictions to be known at the time of

communication

  • availability at all services to allow taking advantage
  • needed to assign responsibilities

COMPULRORY SECURITY SUITES DNSSEC + TLS w CLIENT CERTIFICATE PROVIDER INFRASTRUCTURE ENHANCEMENTS

slide-12
SLIDE 12
slide-13
SLIDE 13

CLOUD : COMMUNICATION AND TRUST

DIGITAL:AUSTRIA

ADMINISTRATION SMEs EDUCATION

BYOD = existing devices, PCs, laptops, tablets... HTML5

AVOID LOCAL PROCESSING AND STORAGE MINIMUM FOCUS ON DEVICE PROPERTIES

e.g: SAP DOCS MAIL/CAL ... Specific APPS SECURITY SERVICES ...

(GOV) CLOUD SSO

WEBSERVICES Open DATA WEBAPPS STORAGE

slide-14
SLIDE 14

CRYPTO and CLOUD

DIGITAL:AUSTRIA

CRYPTO FOR CLOUD

HNDLING COMPLEXITY USABILITY AND CONVENIENCE NATIONAL INTERESTS RESEARCH OPEN PROBLEMS COST/EFFICIENCY

EUROPE COULD PLAY A COMPETENT ROLE

CRYPTO UNDER NATIONAL / COMPANY CONTROL

slide-15
SLIDE 15

TECHNOLOGY – PRODUCTS – RULE LES

DIGITAL:AUSTRIA

implementation – cycle

innovation product regulation standards

}

Industry to care for an as short as possible interval

}

industry pushing to avoid hurdles who empowers users to be able to minimize the time to standards??

slide-16
SLIDE 16

CLOUD

USER

PROVISIONING

attack potential

damage = probability * value protection

CLOUD AND RISK

DIGITAL:AUSTRIA

slide-17
SLIDE 17

in inno novatio tion n and nd dig igit ital al sover ereign eignty ty in indust ustry ry taking ing in inno novati tion

  • n to
  • product
  • ducts

avoidi

  • iding

ng the he sell lling ing to

  • over

erseas seas in indus ustry try 4.0 .0

slide-18
SLIDE 18

HARDWARE SOFTWARE

Data protection? Security? Applications? Sovereignty?

slide-19
SLIDE 19

THE FUTURE OF DOCUMENTS

WHAT DOES THIS MEAN TO OTHER SYSTEMS?

EDITING DOCUMENTS THE CHANGE IS ON THE WAY

DIGITAL:AUSTRIA

slide-20
SLIDE 20

documents – coll llaboration

DIGITAL:AUSTRIA

documents group security - service

CLOUD

key(doc)

slide-21
SLIDE 21

USE

SER – GOVERNANCE – CONTROL

DIGITAL:AUSTRIA

security - service

mobility

CLOUD

identity

Reduced Risk Content

slide-22
SLIDE 22

REDUCED RISK

ISK CONTENT

DIGITAL:AUSTRIA

CONTENT REDUCED RISK CONTENT

security - service

key per document

document per key

key(Doci) ≠ key(Docj) falls i ≠ j

slide-23
SLIDE 23

REDUCED RISK

ISK CONTENT

DIGITAL:AUSTRIA

calendar ( … tasks) SMIME mail SMIME documents SMIME collaboration ??????

identity

security has to be bound to identity in all cases!

slide-24
SLIDE 24

TTIP IP – SAFE HARBOR

DIGITAL:AUSTRIA

TTIP – WILL THE PUZZLE FIT? we certainly need a closer look WHAT NOW chaos or chance?

slide-25
SLIDE 25

SECURITY= STRENGTH * TAKE-UP

If we miss out on one – we loose If we loose this formula – we loose the game