Speaker Interview: Federal Government of Austria

Speaker Interview: Federal Government of Austria

You will be speaking at the CNI Security conference at SCTX 2019. Can you give us a brief insight into the areas you will be covering in your address?

Sept. 29th 2018 was the magic date for eID in Europe. All Member States can profit from compulsory mutual recognition where Member States are liable for operation and quality of eID.

Numbers tell us that governments can set the scene and be the anchor of trust but usage is with the private sector. We have to be careful not to open this gap as both sides only could lose. The challenges are Google, Facebook & Co. Having very broad acceptance but at the end no trust that can be legally followed up.

Single sign on and Mobile is where we have to provide solutions.

Austria has counted on mobile since long the basis Handy-Signature is well accepted and by the legal framework eIDAS automatically compliant with the GDPR.

The next big step is MOBILE FIRST also promoted during the meeting of the European Government CIOs. With eID this is a major challenge starting from the necessity “single device” and – in case we are not very careful killing the cross border idea as each Member State might have a different approach excluding citizen and technologies from others.

With the new APP structure Austria is facing this challenge and would be glad to have as many as possible on board this discussion.

During the presidency events last October, Austria already pushed the Commission to think about Mobile First.

The conference theme is ‘Developing resilient critical infrastructure in a networked world’. What do you believe are the major challenges in maintaining secure critical infrastructure in today's interconnected world?

We will have to make clear who is responsible and who is in charge. With that Secure DNS, Qualified Website Authentication Certificates following the eIDAS regulation, assigning extended liability where Two Factor Authentication is not in place, providing an IoT communications and security policy including meta data thus assigning liability to the supply chain and certification with a clear benefit for the voluntary use are just the major elements.

How has the threat landscape evolved over the past few years and in what ways do you expect it to change in the near future?

We might have to undergo a change where attacking cloud like the exploitation of processor weaknesses Meltdown and Sceptre and social media play a predominant role. IT-security and data protection will need a clearer common approach.

With regards to your own address, what measures need to be taken by CNI and essential business operators to better secure their services, businesses and facilities against the evolving threat landscape?

  • Taking into account that businesses will compose their services out of a variety of building blocks – and this is even more true for the mobile sector – a standard way to approach security – especially eID and signature needs to be in place. Such strategy needs to include mobile.

What can delegates expect to take away from your session?

There is a difference between administration and the private sector. However, the public sector can offer models and modules to foster wider use of eIDAS including the private sector. In total - we need a general shift to be ways more proactive in the field of IT-security.