Embed Size (px)
DESCRIPTION
Findings from the eProcurement study. Arnd Weber Security of eGovernment , European Parliament, Brussels 2013. Public p rocurement in EU. 19% of GDP Prone to bid rigging , corruption. Source: Wikimedia. Electronic p rocurement. < 10% is e Procurement - PowerPoint PPT Presentation
Citation preview
KIT – University of the State of Baden-Wuerttemberg and German National Research Center of the Helmholtz Association www.kit.edu
COMMUNICATIONS ENGINEERING LAB, INSTITUTE FOR TECHNLOGY ASSESSMENT AND SYSTEMS ANALYSIS
INSTITUTE FOR TECHNLOGY ASSESSMENT AND SYSTEMS ANALYSIS
Findings from the eProcurement study
Arnd Weber
Security of eGovernment, European Parliament, Brussels 2013
ITAS2 Arnd Weber
Public procurement in EU
19% of GDP
Prone to bid rigging, corruption
Source: Wikimedia
ITAS3 Arnd Weber
Electronic procurement
<10% is eProcurement
Confidential information, such as:PricesContentPasswords
ITAS4 Arnd Weber
Case study on security of eProcurement
Will present two over-arching issues
More available in report
ITAS5 Arnd Weber
Issue 1: Vulnerability of computer systems
Attacks such asZero-day attacksCrafted attacks
We keep patching
Reuters on Commission report: Spyware in Chinese hardware
Issue also in eHealth etc.
= Not a solid foundation for eGovernment
ITAS6 Arnd Weber
Issue 1: Vulnerability of computer systems
Policy option:
Require computer systems with reliable isolationIsolate sensitive onesIsolate risky applications
ITAS7 Arnd Weber
Issue 1: Vulnerability of computer systems
Use of isolation:
What security is technically feasible?What is usable?What is economic?
How can policy push for isolation?Require exhaustive analysis?Require proven systems?
Topic of session on „Protecting against attacks“= A start of a debate on policies
ITAS8 Arnd Weber
Floris Ampe, http://de.slideshare.net/Nicolas_Loozen/golden-book-presentation-challenges-and-opportunities
Issue 2: Variety of systems & tools
ITAS9 Arnd Weber
Issue 2: Variety of systems & tools
Hundreds of platforms
Variety of tools used for authentication, encryption, non-repudiation
Reluctance to use platforms:50% of public authorities reject concept of mandatory eProcurement
ITAS10 Arnd Weber
Issue 2: Variety of systems & tools
Policy option: European lead
Processes not efficient, go back to 1990ies
Trans-border processes need to be identified, implemented, tested, their cost-efficiency estimated, and rolled-out
Topic of afternoon session on the variety in „27 Member States“
ITAS11 Arnd Weber
Thanks!
To interviewed experts
To co-author Christian Henrich of Forschungszentrum Informatik
ITAS12 Arnd Weber
BACKUP
ITAS13 Arnd Weber
Draft eProcurement Directive 896
Key content:
Make eProc mandatoryCommission can impose technical standards
Comments:
Consider that bidder submits decryption key after submission deadlineReliance on central systems may lead to risks and costsHave upgrade path if signatures get hacked
ITAS14 Arnd Weber
Source: PEPPOL project
