Plotting a safe course for Europe’s digital future
Date: Fri, 06/22/2012 - 13:54
Leading figures from the Smart Security Industry gathered in Brussels under the banner of Eurosmart (the Voice of the Smart Security Industry) in an effort to plot a safe and solid course for the future of Europe’s digital economy.
With a keynote speech by Megan Richards - European Commission, DG INFSO, Acting Deputy Director General, the conference, “Security and Privacy in the Digital World: Solutions from the Smart Security Industry”, took place at the Bibliothèque Solvay in an atmosphere of growing concern across the continent with regard to the security of data in the areas of cloud computing, mobile transactions and “machine to machine” (or the “Internet of Things).
“In our digital society, securing digital information and transactions is an important and growing challenge for governments, businesses and individuals alike,” said Oyvind Rastad, Chairman of Eurosmart. “Fostering economic growth in Europe will depend on our capacity to develop innovative solutions that will enhance the usability of digital services while protecting privacy and combating fraud. Smart Secure Devices, solutions and services have these exact characteristics.”
In the context of intense discussions around the European Commission’s proposals to reform the EU data protection framework, he added, “I am convinced that while security necessarily comes at a cost, fostering trust and avoiding fraud have an excellent return on investment.”
Presentations from Eurosmart Members
- Security of Mobile Devices, Applications and Transactions – Mr. Jan Eichholz
- Smart Embedded Security for the Internet of Things – Mr. Jean-Pierre Delesse
- Digital Identity and Access management as a Subset for Security & Privacy in Cloud-Based Services – Mr. Detlef Houdeau
Panel discussion - Debate around Security and Privacy in the Digital World
- Mrs. Megan Richards, Acting Deputy Director General, DG INFSO
- Mr. Peter Hustinx, European Data Protection Supervisor
- Mr. Paolo Balboni, Scientific Director, European Privacy Association
- Mrs. Ruth Milligan, Legal advisor on Payment Systems, Eurocommerce
- Mr. Cédric Sarazin, Chairman of the Card Fraud Prevention Task Force, European Payment Council
(Moderator: Richard Barnes – Editor in Chief, Cleverdis)
Under the spotlight were such questions as, “Do you feel confident when you make a payment with your smartphone? Are you concerned that your digital identity could be stolen and that illegal use could be made in your name? Do you worry about who could access your personal data stored in the Cloud?”
There is, according to Eurosmart, a long list of potential threats. Among them, Eurosmart highlighted:
• Identity theft and forgery of private data for illegal immigration, terrorism or financial gain;
• Fraud in financial transactions or commercial transactions, for financial gain;
• Infringement of intellectual property rights and copyrights, to obtain social benefit;
• Confidentiality breaches, for gaining competitive advantage or commercial exploitation;
• Intrusion in digital systems, introduction of viruses, Trojan horses, malware and botnets aiming to destabilise an organisation;
• Destruction of data, theft of data or malicious modification of data for fun or vandalism.
Mobile Security Issues: The world is going mobile... But how safe is it?
Mobile devices such as smartphones and tablets have been conquering the market over the past 5 years. Consequently, a large amount of user transactions have been moved from PC-based environments to mobile devices. This includes banking, trading, shopping, data storage, eGovernment as well as other security sensitive procedures.
The usage of online services and e-Commerce opens up a huge business potential... but only if it’s secure! The European Commission is well aware of these challenges which were raised in the recent eCommerce Action Plan and in the Green Paper on a European market for card, Internet and mobile payments, both presented on 11 January 2012. According to Eurosmart, security and interoperability are key factors in deploying those services successfully.
Smart Embedded Security for the Internet of Things
A coffee machine that is able to order itself capsules… A diagnostic of your car that can be done while you are driving on your holidays… An eco-system, the so-called Smart Grid, helping us to optimise the use of energy… A car sending an emergency call to a rescue centre without any human intervention… These scenes are not science fiction, this is reality. And behind this reality is technology known as Machine-to-Machine (M2M).
While M2M and IoT (Internet of Things) technologies mean more convenience, there is also a real need to ensure that this rapid development will not take place at the expense of security, privacy and lack of standardisation. Europe is currently leading in “smart device” technologies (such as smart cards or ePassports); however, to keep this position, research into ways of handling the increasing complexity of distributed systems from the security perspective is required.
Dark clouds on horizon?
Cloud computing is increasingly becoming a solution for small to medium sized businesses in Europe as they look for ways to increase efficiency and reduce costs. However, citizens in Europe have three valid questions regarding cloud computing:
(1) Where is my data stored?
(2) Is the data centre really secure?
(3) Who has access to this data?
The European Commission wishes to maximise the benefits from the cloud, while allowing organisations to respect their obligations under EU law. But potential users still hesitate. They worry about the service they will be receiving, about risks of lock-in and whether they can trust the provider with their data. The EC has decided to work on a European Cloud Strategy for mid-2012. The strategy will set out how different actions can serve this goal, how to make Europe not just Cloud-friendly – but Cloud-active. In this sense, it is evident that self-regulation among service providers, when it comes to security, can tend towards solutions that are “cheaper” due to the competitive nature of the market. This being the case, in order for European citizens and businesses to be protected from numerous and real threats, solid and well thought out regulatory guidelines must clearly outline the kinds of security measures that have been suggested today by Eurosmart.
The issue at hand is not that solutions are hard to find. The issue being dealt with today by Eurosmart lies in implementing, in the correct fashion, the solutions that exist, in order to avoid possible catastrophe. Indeed, the digital security industry has developed solutions for identification, authentication, access control and digital signature, used for services like mobile telephony and electronic payments. Smart secure solutions use in addition features such as tamper resistant hardware, secure embedded software, cryptography and security protocols that address challenging concerns such as data confidentiality and integrity, authentication, privacy, non denial of service, non repudiation and digital content protection.