Dr. Reinhard Posch, Federal Government of Austria, shares a sneak peek at his upcoming presentation. Click here to view his biography.
Dr. Posch is speaking at 10:15 on 5 March 2019 in the CNI Security theatre. Click here to view the agenda.
Sept. 29th 2018 was the magic date for eID in Europe. All Member States can profit from compulsory mutual recognition where Member States are liable for operation and quality of eID.
Numbers tell us that governments can set the scene and be the anchor of trust but usage is with the private sector. We have to be careful not to open this gap as both sides only could lose. The challenges are Google, Facebook & Co. Having very broad acceptance but at the end no trust that can be legally followed up.
Single sign on and Mobile is where we have to provide solutions.
Austria has counted on mobile since long the basis Handy-Signature is well accepted and by the legal framework eIDAS automatically compliant with the GDPR.
The next big step is MOBILE FIRST also promoted during the meeting of the European Government CIOs. With eID this is a major challenge starting from the necessity “single device” and – in case we are not very careful killing the cross border idea as each Member State might have a different approach excluding citizen and technologies from others.
With OEGV.at the new APP structure Austria is facing this challenge and would be glad to have as many as possible on board this discussion.
During the presidency events last October, Austria already pushed the Commission to think about Mobile First.
We will have to make clear who is responsible and who is in charge. With that Secure DNS, Qualified Website Authentication Certificates following the eIDAS regulation, assigning extended liability where Two Factor Authentication is not in place, providing an IoT communications and security policy including meta data thus assigning liability to the supply chain and certification with a clear benefit for the voluntary use are just the major elements.
We might have to undergo a change where attacking cloud like the exploitation of processor weaknesses Meltdown and Sceptre and social media play a predominant role. IT-security and data protection will need a clearer common approach.
There is a difference between administration and the private sector. However, the public sector can offer models and modules to foster wider use of eIDAS including the private sector. In total - we need a general shift to be ways more proactive in the field of IT-security.