Secure governmental e-services are critical for society, e.g. health, procurement, justice. Security is crucial for gaining the trust of the EU citizens on using these services. However, there are many security challenges to overcome in order to ensure their successful deployment.
The TSP study underlines that:
- A mutual assistance system between supervisory bodies in the Member States should be set up.
- Client applications need to guarantee end-to-end encrypted communication with TSPs and e-Government services in order to safeguard EU citizensí privacy.
In this report, the Agency issues detailed technical security practices recommendations for TSP and e-Government Services using them, including time-stamping, e-delivery, long time preservation and e-signature validation.
Key recommendations identified to offer trustworthy e-Government services to EU citizens include:
- Promote Trusted Marks assessed against eIDAS requirements that would be recognised across borders.
- Trust Services should be developed in a European scope, complying with both EU and local legislation.
- Specific Business Continuity Management standards should be adopted in the provision of trusted services (by TSPs) and required by e-Government customers./li>
- Based on the criticality of the e-government services, they should always assess three aspects:
- the strength of the authentication mechanisms to be used, encouraging the use of e-Signature.
- the need for end-to-end encryption and
- the need for audit trails to keep electronic evidence.
- legal acts in the EU and at the national level
- available standards applicable to trust services
- processes for effective risk management at TSPs
- handling of security incidents occurring at TSPs, such as impersonation, compromise of Certificate Authority, organisational failures, etc.
The full reports are available here.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.