José Antonio Mañas receives the Prize for a Professional Career

By | Cybersecurity | No Comments

José Antonio Mañas, a member of TCAB Certification Committee, has received the Award for a Professional Career. The Vice-President of the Government, Soraya Sáenz de Santamaría, awarded this prize during the XI CCN-Cert Conference.

Our fellow worker has been a Systems Engineering Professor  at the Technical School of Telecommunications Engineers of Madrid (ETSIT) for over 35 years.

He has also worked as a consultant in different projects. Two fundamental milestones are the creation of the version 2 of the Magerit methodology for Risk Analysis and Management of Information System. He also collaborated in the development of the PILAR/EAR risk management tools in collaboration with the National Cryptological Center-CCN.

José Antonio also has a broad professional experience in the research field. He has written several books on the Telecommunications and Cybersecurity fields. Among others, he has written “Vademecum Java”, “Seguridad de las Tecnologías de la Información” and “Seguridad de las Tecnologías de la Información”.

 

 

About the XI STIC CCN-Cert Conference

XI STIC CCN-Cert Conference took place in Madrid in December 13th and 14th, 2017.  The National Cryptological Center organizes it and is is a major meeting point for experts in cybersecurity in the country, Public Administrations and strategic companies in the field.

Its main topic in this edition was “Cyber threats, the challenge of sharing“. The main figures have steadily grown in the last years. In this edition there were over 1,700 attendees and more than 700 companies from various fields. 55 professionals from the cybersecurity field presented their products and ideas, among 150 proposals.

The Conference also had 30 sponsors, among which, IBM, Minsait-Indra, Eulen Security, Nextway, Kaspersky, Telefónica and Isdefe; and also 13 collaborating entities, such as AMETIC, the Center for Industrial Cybersecurity (CCI), ISACA and ISMS Forum Spain.

First private sector eID scheme pre-notified by Italy under eIDAS

By | eID scheme | No Comments

On December 7th 2017, Italy took an important step by pre-notifying SPID (Sistema Pubblico per la gestione dell’Identità Digitale), its private sector led electronic identification (eID) scheme, to the European Commission. The pre-notification of SPID covers 8 eID service providers, including 3 providers that issue eID means up to level of assurance “high”.

This fact is a noteworthy event in a process that will enable Italian citizens and business to use their SPID credentials to access public services in other Member States.

Italy is the second Member State to pre-notify its national eID scheme, following Germany’s notification which was completed last September.

This notification is significant, because it is the first national eID scheme to be notified under the eIDAS regulation that is led by the private sector.

Next steps

Following the Italian pre-notification, the other Member States participating in the Cooperation Network will be able to peer-review SPID, if they wish so, and the actual notification of the eID scheme will then follow. After publication of the notification by the European Commission, other Member States have to recognise SPID eIDs at the latest 12 months after the publication.

eIDAS

eIDAS regulation aims to provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities along the EU. The regulation ensures that people and businesses can use their own eID to access public services in other EU countries where eIDs are available.

Please, click here to access the source.

EU improves the cross-border availability of e-Government services

By | e-Government | No Comments

The last eGovernment benchmark 2017 report shows a significant improvement in the cross-border availability of e-Government services and the accessibility of public websites from mobile devices in the EU Member States. This study also indicates a need for improvement in the transparency of the provision of public services and the use of support technology such as eID or eDocuments.

The countries that have obtained the highest scores in the availability of e-Government services have been Malta, Denmark, Sweden, Estonia and Norway. These countries lead the way towards the creation of a Digital Single Market.

 

Country performance: How do individual countries perform

Performance is measured as an average of scores for four top-level benchmarks:

  • User centricity (how fast and easy to use public information and services online),
  • Transparency (of government authorities’ operations, service delivery procedures and the level of control users have over their personal data),
  • Cross-border mobility (the extent to which people can use public services outside their country),
  • Key enablers (the availability of eID, eDocuments and Authentic Sources, etc).

Europe appears to be getting closer to the 100%-landmark with regard to user-centricity.  However, it scores less well on the other three benchmarks, especially in terms of exploiting the potential of Key Enablers  for public services.

User Centricity

This is the most advanced dimension of online public services in Europe in 2016, emphasising the focus of governments to bring more public information and services online. Europe records a 12 p.p. increase in online availability of services.  The gap between worst and best performing countries is also closing.

Transparency of government organizations

The transparency of government organizations’ service processes and citizens’ control of personal data averages at 59% for the EU in 2016. The study shows that the transparency of service delivery processes (e.g. informing users on how long the process will take, response times, etc.) is insufficient for 1 in 2 people.

Cross-border service delivery

This dimension is essential for the Digital Single Market and records solid improvements over the years (+25% since 2012). Information and even services are becoming increasingly available to EU citizens when starting up a business or studying in another country.

Key technological enablers

The study reveals that the deployment of key technological enablers  (i.e. eID, eDocuments and Authentic Sources) has the most room for improvement (at 52%; EU28+). The authentic sources indicator which facilitates pre-filling of online forms, progressed slower than other indicators, with only a 3% growth since 2012.

Click here to access the source.

Degree of EIDAS implementation within the European Union

By | #eIdAS | No Comments

Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014, on electronic identification and trust services in electronic transactions in the internal market (eIDAS), which entered into force on the 1st of July 2016, has experienced an uneven implementation in the different countries of the European Union.

We analyze below the degree of implementation of the eIDAS Regulation in the main countries of the EU:

 

  • France:

There is not a national law yet but there are different procedures and requirements based on ETSI regulations.

Supervisory Body: ANSSI (Agence nationale de la sécurité des systèmes d’information).

Link: www.ssi.gouv.fr

 

  • Germany:

There is not a national law yet either, but there are different procedures and requirements based on ETSI regulations.

Supervisory Body: BSI (Federal Office for Information Security).

Link: www.bsi.bund.de

 

  • Belgium:

The current national law is applied, without connection with the ETSI or CEN regulations.

The Conformity Assessment Bodies are accredited according to ISO / IEC 17065 + ETSI EN 319 403.

Supervisory Body: Service Publique fédéral Economie, PME, Moyennes Classes and Energie.

Link: economie.fgov.be/fr

 

  • Spain:

Current National Law 39/2015 applies. There are no specific procedures for Trust Service Providers.

Supervisory Body: Ministry of Energy, Tourism and Digital Agenda (MINETUR).

Link: https://sede.minetur.gob.es/

 

  • Italy:

There is no national law yet, but this country has a national accreditation system, based on EN 319 403, administered by ACCREDIA (2 CAB accredited – VERITAS and CSQA).

Supervisory Body: Agenzia per l’Italia Digitale.

Link: www.agid.gov.it/

 

  • Netherlands

There is no national law yet, but they have national procedures for notifications of non-compliance and accreditation of the CAB.

Supervisory Body: Authority for Consumers and Markets and Agentschap Telecom.

Links: https://www.acm.nl/en and https://www.agentschaptelecom.nl/

 

  • United Kingdom:

The national law for the eIDAS application defines the applicable procedures for each type of trust service in the UK.

Supervisory body: The Information Commissioner.

Link: https://ico.org.uk/

 

Please, click here to view the full chart.